marc-gizmo
commented
1 year ago Hello,
I've successfully managed to track the issue down to a problem with concurrent access to the tpmpkcs11 module which behave differently on this specific test scenario. I've fixed the issue by making sure to manually lock/unlock access to the module with the /tmp/tpmpkcs11.lock file between each commands to ensure smooth operation.
I feel like the lock feature could use more emphasis in the documentation/examples and the error message :
ERROR: Failed to add public object to db
could be improved for this specific case.
That sais this is now working fine, and I'll mark the issue closed
Regards, Marc
When trying to generate a private RSA key "inside" the TPM using the PKCS11 API, I get the following error :
The error is not systematic, but the command fails about 9 out of 10 tries. On a strange side note, generating a ecc private key works about half the time.
The "TPM2_PKCS#11" module is successfully initialized with the command :
pkcs11-tool --module /usr/lib64/pkcs11/libtpm2_pkcs11.so --slot-index=0 --label="tpm2-token" --init-token --so-pin="<my-so-pin> --init-pin --pin="0000"So far, I have tried using pkcs11-tool instead of p11tool, with the same behaviour.
I've update all tpm2 packages to the following version :
The environnement is a real TPM2 on a HP G9 laptop, and I wasn't able to reproduce the error on different laptop models from HP.
I'm not sure of how to process to investigate further on this issue, or get a detailed error message regarding the db error. I'll be happy to provides further information if needed.
Regards, Marc