[Bug 588830] [NEW] Lenovo X201, T410, T410s, W510: After suspend/resume any pkcs11 operation on the TPM token requiring the User PIN fails with CKR_USER_PIN_NOT_INITIALIZED

Jeremy Zimmer jeremyz at google.com
Wed Jun 2 17:07:59 UTC 2010 

Public bug reported:

This seems similar to the USB issues after suspend resume
(https://bugs.launchpad.net/oem-priority/+bug/566149), and is fixed by
either reboot, or a hibernate/thaw cycle.  However, unlike the USB
issue, this is not fixed in the 2.6.32.14 kernel branch.

jeremy at ubuntu-t410s:~$ uname -a
Linux ubuntu-t410s 2.6.32-02063214-generic #02063214 SMP Thu May 27 09:11:03 UTC 2010 x86_64 GNU/Linux

Steps to reproduce:

Cold boot into the BIOS utility, under "security", activate and clear
the security chip

install opensc, opencryptoki, tpm-tools

$ sudo tpm_takeownership (enter anything for the owner password, leave the SRK password blank)
$ sudo pkcs11-tool --module /usr/lib/opencryptoki/libopencryptoki.so.0 --init-token --label "Test TPM Token" --so-pin 87654321
$ sudo pkcsconf -c 0 -P -S 87654321 -n <choose a new SO PIN>
$ sudo pkcsconf -c 0 -p -U 12345678 -n <choose a new User PIN>
$ sudo pkcs11-tool --module /usr/lib/opencryptoki/libopencryptoki.so.0 -L -l
(Enter the user PIN you chose above when prompted, which won't produce additional output, but the command will exit 0)
...suspend/resume the laptop...
$ sudo pkcs11-tool --module /usr/lib/opencryptoki/libopencryptoki.so.0 -L -l
(Enter the user PIN again, this time it will exit 1, showing "CKR_USER_PIN_NOT_INITIALIZED")
...hibernate/thaw the laptop...
$ sudo pkcs11-tool --module /usr/lib/opencryptoki/libopencryptoki.so.0 -L -l
(Enter the user PIN, and it works again, exiting 0)

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: glucid

-- 
Lenovo X201, T410, T410s, W510: After suspend/resume any pkcs11 operation on the TPM token requiring the User PIN fails with CKR_USER_PIN_NOT_INITIALIZED
https://bugs.launchpad.net/bugs/588830
You received this bug notification because you are a member of Kernel
Bugs, which is subscribed to linux in ubuntu.

More information about the kernel-bugs mailing list