FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

why slot configurations are disappearing after power cycle in PKCS11 (via OPTEE) in imx93/imx8mp?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

why slot configurations are disappearing after power cycle in PKCS11 (via OPTEE) in imx93/imx8mp?

Thursday
45 Views
vikki
Contributor I

Hi,

I am trying pkcs11 via optee in imx93 board as described in https://www.nxp.com/design/training/unraveling-the-mysteries-of-securing-keys-leveraging-pkcs11-with... . I have just tried with basic token init and setup label and set user pin operation. After system reboot or power cycle all the changes are disappearing.

 

imx93-fs2-ls:~# pkcs11-tool --list-slots --module /usr/lib/libckteec.so.0
Available slots:
Slot 0 (0x0): OP-TEE PKCS11 TA - TEE UUID f9ea3659-a6fc-503c-bc69-4e61d1c41902
token state: uninitialized
Slot 1 (0x1): OP-TEE PKCS11 TA - TEE UUID f9ea3659-a6fc-503c-bc69-4e61d1c41902
token state: uninitialized
Slot 2 (0x2): OP-TEE PKCS11 TA - TEE UUID f9ea3659-a6fc-503c-bc69-4e61d1c41902
token state: uninitialized

imx93-fs2-ls:~#

imx93-fs2-ls:~# pkcs11-tool --module /usr/lib/libckteec.so.0 --init-token --label TEST --so-pin 1234
pkcs11-tool --module /usr/lib/libckteec.so.0 --label TEST --login --so-pin 1234 --iUsing slot 0 with a present token (0x0)
nit-pin --pin 5678Token successfully initialized
imx93-fs2-ls:~# pkcs11-tool --module /usr/lib/libckteec.so.0 --label TEST --login --so-pin 1234 --init-pin --pin 5678
Using slot 0 with a present token (0x0)
User PIN successfully initialized
root@schoelly-avnet-imx93-fs2-ls:~#
root@schoelly-avnet-imx93-fs2-ls:~# pkcs11-tool --list-slots --module /usr/lib/libckteec.so.0
Available slots:
Slot 0 (0x0): OP-TEE PKCS11 TA - TEE UUID f9ea3659-a6fc-503c-bc69-4e61d1c41902
token label : TEST
token manufacturer : Linaro
token model : OP-TEE TA
token flags : login required, rng, token initialized, PIN initialized
hardware version : 0.0
firmware version : 0.1
serial num : 0000000000000000
pin min/max : 4/128
Slot 1 (0x1): OP-TEE PKCS11 TA - TEE UUID f9ea3659-a6fc-503c-bc69-4e61d1c41902
token state: uninitialized
Slot 2 (0x2): OP-TEE PKCS11 TA - TEE UUID f9ea3659-a6fc-503c-bc69-4e61d1c41902
token state: uninitialized
imx93-fs2-ls:~#

but after reboot it is changing back to old state.

imx93-fs2-ls:~# pkcs11-tool --list-slots --module /usr/lib/libckteec.so.0
Available slots:
Slot 0 (0x0): OP-TEE PKCS11 TA - TEE UUID f9ea3659-a6fc-503c-bc69-4e61d1c41902
token state: uninitialized
Slot 1 (0x1): OP-TEE PKCS11 TA - TEE UUID f9ea3659-a6fc-503c-bc69-4e61d1c41902
token state: uninitialized
Slot 2 (0x2): OP-TEE PKCS11 TA - TEE UUID f9ea3659-a6fc-503c-bc69-4e61d1c41902
token state: uninitialized

But very rarely changes are kept (once it is available between cycles then it is continuing its state.)

SW: optee version: 3.19.0 (based on lf-6.1.1_1.0.0)

 

0 Kudos
Reply
0 Replies