TPM PKCS#11 Errors in Red Hat Enterprise Linux 8.6

Hello,
Running RHEL 8.6 on a Dell laptop with a STMicro TPM chip. I'm able to successfully initialize the TPM and create tokens and objects using the 'tpm2_ptool' command.
I have the following variables set:

TPM2TOOLS_TCTI=device:/dev/tpmrm0
TPM2_PKCS11_TCTI=device:/dev/tpmrm0

I have the following packages installed:

tpm2-abrmd.x86_64                             2.3.3-2.el8                                   @dvd-BaseOS-rhel8dot6
tpm2-abrmd-selinux.noarch                     2.3.1-1.el8                                   @dvd-BaseOS-rhel8dot6
tpm2-pkcs11.x86_64                            1.6.0-1.el8                                   @@commandline
tpm2-pkcs11-tools.x86_64                   1.6.0-1.el8                                   @@commandline
tpm2-tools.x86_64                             4.1.1-5.el8                                   @anaconda
tpm2-tss.x86_64                               2.3.2-4.el8                                   @anaconda
p11-kit.x86_64                                0.23.22-1.el8                                 @anaconda
p11-kit-trust.x86_64                          0.23.22-1.el8                                 @anaconda


Created the this file: /etc/pkcs11/modules/tpm2_pkcs11.module
-rw-r--r--. 1 root root 39 Nov  1 16:23 /etc/pkcs11/modules/tpm2_pkcs11.module

Which has: 
module: libtpm2_pkcs11.so
critical: no

Also, the TPM2 PKCS11 library is in this location:

# ls -al /usr/lib64/pkcs11/
total 644
drwxr-xr-x.  2 root root    144 Nov  1 10:01 .
dr-xr-xr-x. 62 root root  49152 Nov  1 13:41 ..
lrwxrwxrwx.  1 root root     23 Nov 22  2022 libtpm2_pkcs11.so -> libtpm2_pkcs11.so.0.0.0
lrwxrwxrwx.  1 root root     23 Nov 22  2022 libtpm2_pkcs11.so.0 -> libtpm2_pkcs11.so.0.0.0
-rwxr-xr-x.  1 root root 245304 Nov 22  2022 libtpm2_pkcs11.so.0.0.0
-rwxr-xr-x.  1 root root 247568 Jan 11  2021 p11-kit-trust.so


But none of the 'p11tool' or the 'p11-kit' commands work. For example, doing a `p11-kit list-modules` shows these errors:

]$ p11-kit list-modules
WARNING:esys:src/tss2-esys/api/Esys_TestParms.c:269:Esys_TestParms_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_TestParms.c:95:Esys_TestParms() Esys Finish ErrorCode (0x000001c4)
WARNING:esys:src/tss2-esys/api/Esys_TestParms.c:269:Esys_TestParms_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_TestParms.c:95:Esys_TestParms() Esys Finish ErrorCode (0x000001c4)
WARNING:esys:src/tss2-esys/api/Esys_TestParms.c:269:Esys_TestParms_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_TestParms.c:95:Esys_TestParms() Esys Finish ErrorCode (0x000001e6)
WARNING:esys:src/tss2-esys/api/Esys_TestParms.c:269:Esys_TestParms_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_TestParms.c:95:Esys_TestParms() Esys Finish ErrorCode (0x000001e6)
WARNING:esys:src/tss2-esys/api/Esys_TestParms.c:269:Esys_TestParms_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_TestParms.c:95:Esys_TestParms() Esys Finish ErrorCode (0x000001e6)
p11-kit-trust: p11-kit-trust.so
    library-description: PKCS#11 Kit Trust Module
    library-manufacturer: PKCS#11 Kit
    library-version: 0.23
    token: System Trust
        manufacturer: PKCS#11 Kit
        model: p11-kit-trust
        serial-number: 1
        hardware-version: 0.23
        flags:
               write-protected
               token-initialized
    token: Default Trust
        manufacturer: PKCS#11 Kit
        model: p11-kit-trust
        serial-number: 1
        hardware-version: 0.23
        flags:
               write-protected
               token-initialized
tpm2_pkcs11: libtpm2_pkcs11.so
    library-description: TPM2.0 Cryptoki
    library-manufacturer: tpm2-software.github.io
    library-version: 0.0
    token:
        manufacturer: STMicro
        model:
        serial-number: 0000000000000000
        hardware-version: 1.38
        firmware-version: 74.8
        flags:
               rng
               login-required


Or, running the `p11tool` shows these errors:

$  p11tool --list-all --provider /usr/lib64/pkcs11/libtpm2_pkcs11.so
WARNING:esys:src/tss2-esys/api/Esys_TestParms.c:269:Esys_TestParms_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_TestParms.c:95:Esys_TestParms() Esys Finish ErrorCode (0x000001c4)
WARNING:esys:src/tss2-esys/api/Esys_TestParms.c:269:Esys_TestParms_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_TestParms.c:95:Esys_TestParms() Esys Finish ErrorCode (0x000001c4)
WARNING:esys:src/tss2-esys/api/Esys_TestParms.c:269:Esys_TestParms_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_TestParms.c:95:Esys_TestParms() Esys Finish ErrorCode (0x000001e6)
WARNING:esys:src/tss2-esys/api/Esys_TestParms.c:269:Esys_TestParms_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_TestParms.c:95:Esys_TestParms() Esys Finish ErrorCode (0x000001e6)
WARNING:esys:src/tss2-esys/api/Esys_TestParms.c:269:Esys_TestParms_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_TestParms.c:95:Esys_TestParms() Esys Finish ErrorCode (0x000001e6)
No matching objects found

Any help would be greatly appreciated!

TIA.

Best,
potequity

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

TPM PKCS#11 Errors in Red Hat Enterprise Linux 8.6 #879

ls -al /usr/lib64/pkcs11/

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

TPM PKCS#11 Errors in Red Hat Enterprise Linux 8.6 #879

Description

ls -al /usr/lib64/pkcs11/

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions