pkcs#11 CKR_DEVICE_REMOVED error logging in to HSM - pkcs#11

I have the SmartCard HSM usb plugged in to my laptop. I can see it when I run a command thru an application using the PKCS#11 API:
Slot 0
Slot info:
Description: Identiv uTrust 3512 SAM slot Token [CCID Interface] (55511725602
Manufacturer ID: Identiv
Hardware version: 2.2
Firmware version: 0.0
Token present: yes
Token info:
Manufacturer ID: www.CardContact.de
Model: PKCS#15 emulated
Hardware version: 24.13
Firmware version: 2.5
Serial number: DECC0300697
Initialized: yes
User PIN init.: yes
Label: UserPIN (SmartCard-HSM)
Its been initialized with a SO-PIN and USER-PIN.
When I try to login in to the HSM using C_Login, I get a CKR_DEVICE_REMOVED error back. The usb HSM is still plugged in. I have googled the error but nothing fruitful came up.
login_token -LOGIN user -SLOT 0 -UPIN user-pin
EROR: rv=0x00000032: Could not log in on the token.
How can I login to the HSM ?

Following text is the description of CKR_DEVICE_REMOVED error from PKCS#11 v2.20 specification:
CKR_DEVICE_REMOVED: The token was removed from its slot during the
execution of the function.
If you did not attach/detach new reader and did not insert/remove smartcard once the PKCS#11 library was loaded then I don't see any obvious reason why you are receiving this error.
However you are using PKCS#11 library provided by OpenSC project so you can enable its debugging via environment variable or configuration file. You may be able to find the cause of the error by exploring the debug output yourself. If not, then your best bet is to open new OpenSC issue and discuss your problem with OpenSC project members.

Related

Can't flash CM0+ Core in NUCLEO STM32WL

In a wireless project, I'm using en Nucleo STM32WLJC1 in dual core configuration.
I take DualCore Ping Pong ST code example, that I rework to make my own application.
I didn't touch anything of the CMO+ project, I only work on the applicative layer in CM4.
I've some problems about flashing the CM0+ Core.
The first time I flashed the board it works and now I've most of the times the folowing error when I try to flash the CM0+. It sometimes work one time for no reason.
Pop-up Problem Occurred Windows :
Error in final launch sequence:
Failed to start GDB server Failed to start GDB server Error in
initializing ST-LINK device. Reason: (255) Unknown. Please check power
and cabling to target.
Console informations
STMicroelectronics ST-LINK GDB server. Version 6.0.0 Copyright (c)
2021, STMicroelectronics. All rights reserved.
Starting server with the following options:
Persistent Mode : Disabled
Logging Level : 1
Listen Port Number : 61234
Status Refresh Delay : 15s
Verbose Mode : Disabled
SWD Debug : Enabled
Target unknown error 32
Error in initializing ST-LINK device. Reason: Unknown. Please check
power and cabling to target.
It looks like the STlink can't reach the core...
Someone may know what is happening ?
Is there a flashing configuration that has to be done? (to chose which core we want to flash)

How to disable Tensorflow js error log for my server host?

As if right now I am in a bit of a rush to get an answer to my problem. The model has been trained and the server works locally with the NN running in the background, but on the server we get the following error message:
2020-04-08 11:54:15.787274: I tensorflow/core/platform/profile_utils/cpu_utils.cc:94] CPU Frequency: 2799865000 Hz
2020-04-08 11:54:15.787801: I tensorflow/compiler/xla/service/service.cc:168] XLA service 0x4b5ca00 initialized for platform Host (this does not guarantee that XLA will be used). Devices:
2020-04-08 11:54:15.787830: I tensorflow/compiler/xla/service/service.cc:176] StreamExecutor device (0): Host, Default Version
terminate called after throwing an instance of 'std::system_error'
what(): Resource temporarily unavailable
It seems that the server host doesn't like the fact that Tensorflow is trying to log the following error/warning message:
2020-04-08 11:53:42.453164: I tensorflow/core/platform/cpu_feature_guard.cc:142] Your CPU supports instructions that this TensorFlow binary was not compiled to
use: AVX2
Is there a way in JS to disable these error logs so we can run the trained model on the server? Thanks in advance!

My usb HSM came initialized and now I do not know how to use it

I am new to HSM and seems like working with pkcs11 is the most popular approach.
I plugged in a USB HSM and when I listed it, it shows it was already initialized. How can I log into it without knowing the user and SO pins ?
Slot 18446744073709551610
Slot info:
Description: Virtual hotplug slot
Manufacturer ID: OpenSC (www.opensc-project.org)
Hardware version: 0.0
Firmware version: 0.0
Token present: no
Slot 1
Slot info:
Description: Identiv uTrust 3512 SAM slot Token [CCID Interface] (55511725602
Manufacturer ID: OpenSC (www.opensc-project.org)
Hardware version: 0.0
Firmware version: 0.0
Token present: yes
Token info:
Manufacturer ID: www.CardContact.de
Model: PKCS#15 emulated
Hardware version: 24.13
Firmware version: 2.5
Serial number: DECC0300697
Initialized: yes
User PIN init.: yes
Label: SmartCard-HSM (UserPIN)
Can I get help for this ?
You need to contact your HSM supplier and ask him to provide you PIN values.

HSM: Error while opening connection to the HSM

Receiving the CKR_GENERAL_ERROR when the application tries to open a connection to the H/W HSM.
The error in detail is:
50004-Crypto API could not be open.
Caused by: xxx.xxx.xxx.cryptoapi.CryptoApiSysException: Error opening session!!
Caused by: iaik.pkcs.pkcs11.wrapper.PKCS11Exception: CKR_GENERAL_ERROR
at iaik.pkcs.pkcs11.wrapper.PKCS11Implementation.C_Initialize(Native Method) ~[pkcs11Wrapper-1.2.18.jar:1.2.18]
at iaik.pkcs.pkcs11.Module.initialize(Module.java:307) ~[pkcs11Wrapper-1.2.18.jar:1.2.18]
Could anyone please tell what might be the reason for this error? The application works fine with the software HSM.
H/W HSM details:
ProtectToolkit C Key management utility : 4.2.0 (even tried with 4.3.0)
Manufacturer : Eracom
Hardware version : 66.00
Firmware version : 2.02
CKR_GENERAL_ERROR is the general error message thrown by most of the PKCS#11 complaint API. Since you have the error while connecting to the HSM hardware Please make sure you do the following things:
You have successfully done the client (you app) to h/w hsm NTL configuration. Here's a link!
Verify that you have a valid slot number and partition password (PIN) while opening the session and login to the hsm.
Also, you can check HSM logs (usually residing on your hsm client installation directory in your application) to know what is the exact cause for the problem. Here's You can refer to my previous response on finding luna safenet client logs!

ATG Commerce v11 CRS install Error:

I have installed Oracle ATG v11 with the commerce reference store, when I startup the production server and go to the url domain/crs/storeus I see the blank white page, and have the following error in the console:
Oct 13, 2014 1:56:37 PM com.endeca.infront.site.SiteManager getSite
SEVERE: Unable to retrieve site definition for site id: /storeSiteUS
com.endeca.store.exceptions.PathNotFoundException: No node found at
path: [pages].
at com.endeca.store.configuration.InternalNode.getNode(InternalNode.java:153)
at com.endeca.store.configuration.InternalNode.getNodeInfo(InternalNode.java:221)
at com.endeca.store.configuration.InternalNode.getNode(InternalNode.java:150)
at com.endeca.store.configuration.InternalNode.getNode(InternalNode.java:61)
........................................
**** Error Mon Oct 13 13:00:47 +00:00 2014 1413205247448 /atg/endeca/assembler/droplet/InvokeAssembler A problem occurred
assembling the content for content item /content/Web/Home Pages. The
response received was {#type=ContentSlot,
atg:currentSiteProductionURL=/crs/storeus,
canonicalLink=com.endeca.infront.cartridge.model.NavigationAction#2b35e9c6,
ruleLimit=1, #error=com.endeca.infront.content.ContentException:
com.endeca.navigation.ENEConnectionException: Error establishing
connection to retrieve Navigation Engine request
http://localhost:15000/graph?node=0&profiles=sitegroup.siteGroupUS|NoPriceRange|site.storeSiteUS&offset=0&nbins=0&irversion=640'.
Tried all: '2' addresses, but could not connect over HTTP to server:
'localhost', port: '15000' Check MDEX Logs and specified query
parameters. , contentCollection=/content/Web/Home Pages}. Servicing
the error open parameter.
I am assuming this error is related to endeca? I have downloaded CAS, Tools And Frameworks with experience manager and MDX, and Platform Services. Do I need to start these or have I missed a part of the endeca install?
The value of the configurationPath attribute in the DefaultFileStoreFactory.properties located at \localconfig\atg\endeca\assembler\cartridge\manager may be incorrect.
In OOTB CRS, we normally provide the following value for configurationPath attribute :
/ToolsAndFrameworks/11.1.0/server/workspace/state/repository/CRS
Could you please verify the .zip is present at path provided in DefaultFileStoreFactory.properties.
Just check if you are able to connect the below url:
host:15000/admin?op=stats
If you are able to connect this URL, then MDEX is running. Also, you can login to the experience manager and check if the dgraphs and dgidx are running.
If you are not able to connect then check all the services are(tools and http) running and accessible. You can check the endeca logs to debug further.
Your DGraph is not (yet) started.
(Hit this URL in your browser and verify: http://localhost:15000/graph?node=0&profiles=sitegroup.siteGroupUS|NoPriceRange|site.storeSiteUS&offset=0&nbins=0&irversion=640&format=xml)
Possible reasons are:
You did not run baseline update from ATG (from
ProductCatalogSimpleIndexingAdmin dyn/admin component).
You did not run promote content (from your Endeca App's control folder).
Your Services are not working properly (or not started at all). Check that Platform Services and Tools And Frameworks are started.
The solution is to properly define the value for the property configurationPath=E:/Endeca/Apps/CRS/data/workbench/application_export_archive/CRS in "DefaultFileStoreFactory.properties"
If you are using the OS as Windows then define this path as Unix style as shown above.