I am trying to use pkcs11 within my application to access smart cards. Here is the output of the 'list-slots' commands -
root#penguin:~/src/tools$ pkcs11-tool -L
Available slots:
Slot 0 (0xffffffffffffffff): Virtual hotplug slot
(empty)
I have 2 questions
How can I simulate a fake card so Slot 0 has a token/device in it which I can access.
Can I create additional slots and add tokens/devices to it ?
If not, what can I do to add a token/device to the available Slot 0 ?
You'll need a "module," a dynamically loaded library that interfaces with a specific smart card. If your smart card works with OpenSC (for instance, a Yubikey in PIV mode), you'd use the OpenSC module, which is commonly at /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so on Linux systems, or /Library/OpenSC/lib/opensc-pkcs11.dylib on macOS systems. If you don't have a physical smart card and just want to work with the PKCS#11 APIs, you can install and use SoftHSM, which emulates a PKCS#11 device in software. You'll need to configure SoftHSM a little bit before using it, to create the necessary slots. The SoftHSM module is commonly at /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so on Linux systems. You'll need to specify --module with each execution of pkcs11-tool.
Here's an example of how to set up and use SoftHSMv2:
mkdir softhsm
cd softhsm
echo "directories.tokendir = $PWD/" > softhsm2.conf
export SOFTHSM2_CONF=$PWD/softhsm2.conf
pkcs11-tool -L --module /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so
SoftHSMv2 will have one slot by default. Once you initialize a token in the first slot, it will automatically add a second slot, and so on.
$ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so -L
Available slots:
Slot 0 (0x0): SoftHSM slot 0
token state: uninitialized
$ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --init-token --label my_token
Using slot 0 with a present token (0x0)
Please enter the new SO PIN:
Please enter the new SO PIN (again):
Token successfully initialized
membrane:~ $ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so -L
Available slots:
Slot 0 (0x0): SoftHSM slot 0
token label : my_token
token manufacturer : SoftHSM project
token model : SoftHSM v2
token flags : rng, login required, token initialized, other flags=0x20
hardware version : 2.0
firmware version : 2.0
serial num : 5bed215e0df0d1f1
Slot 1 (0x1): SoftHSM slot 1
token state: uninitialized
If you're working with a hardware smart card, generally you will have a fixed set of slots.
Related
I am using ubuntu 18:04 with an lxc / lxd steam container. It works great, I followed this tutorial and did some changes to the network stuff.
https://blog.simos.info/running-steam-in-a-lxd-system-container/
Steam works for opengl games but not for vulkan games. Same for lutris.
Host side:
===========
VULKAN INFO
===========
Vulkan Instance Version: 1.1.70
Instance Extensions:
====================
Instance Extensions count = 16
Container side:
ubuntu#steam:~$ vulkaninfo
===========
VULKAN INFO
===========
Vulkan Instance Version: 1.1.70
ERROR: setupLoaderTermPhysDevs: Failed to detect any valid GPUs in the current config
ERROR: setupLoaderTrampPhysDevs: Failed during dispatch call of 'vkEnumeratePhysicalDevices' to lower layers or loader to get count.
/build/vulkan-UL09PJ/vulkan-1.1.70+dfsg1/demos/vulkaninfo.c:2700: failed with VK_ERROR_INITIALIZATION_FAILED
OpenGL works just fine, games run fast, so it must find my only gpu in the system. Do I have to separately enable vulkan for the container?
The host has no problems with the vulkan smoketest either:
user#host:~$ vulkan-smoketest
7223 presents in 5.00039 seconds (FPS: 1444.49)
That guide adds manually the necessary OpenGL shared libraries in the LXD container, and by doing so, does not add the Vulkan shared libraries.
LXD now supports the NVidia container runtime (provided by NVidia), therefore you can use it instead. Follow the more recent guide at https://blog.simos.info/running-x11-software-in-lxd-containers/
A reddit user named zakk wrote a solution in the comments of https://blog.simos.info/running-steam-in-a-lxd-system-container/.
After doing some traces, I noticed it is failing to open files in
/dev/dri The container has the wrong permissions; on the host those
files have an ACL set that lets the current user access them, the
container does not. So to fix: in the container run
sudo setfacl -m "u:ubuntu:rw-" /dev/dri/*
You have to execute the setfacl command every time you start lxc.
on Ubuntu 16.04, I compiled the spinnaker SDK src/Acquisition/make, I got the "Acquisition" under bin/
When I run it, I got the error:
Number of cameras detected: 1
Running example for camera 0...
* DEVICE INFORMATION *
DeviceID: 18073382
DeviceSerialNumber: 18073382
DeviceVendorName: Point Grey Research
DeviceModelName: Grasshopper3 GS3-U3-32S4M
DeviceType: U3V
DeviceDisplayName: Point Grey Research
DeviceAccessStatus: OpenReadWrite
DeviceVersion: FW:v2.25.3.00 FPGA:v2.02
DeviceDriverVersion: none : 0.0.0.0
DeviceUserID:
DeviceIsUpdater: 0
DeviceInstanceId: 0113C726
DeviceLocation:
DeviceCurrentSpeed: HighSpeed
GUIXMLLocation: Device
GUIXMLPath: Input.xml
GenICamXMLLocation: Device
GenICamXMLPath:
DeviceU3VProtocol: 1
* IMAGE ACQUISITION *
Acquisition mode set to continuous...
Unable to begin image acquisition. Aborting with error -1010...
Camera 0 example complete...
Done! Press Enter to exit...
Acquisition_C: /softwarelib/Boost/boost_1_60_0/GCC_5_3_1/linux_cpp11/release/amd64/include/boost/thread/pthread/mutex.hpp:111: boost::mutex::~mutex(): Assertion `!res' failed
The sample code itself doesn't use mutex at all.
This error is due to insufficient usbfs memory allocation. Please refer to section 3 of the spinnaker readme as follows for info on how to increase the value to 1000:
===============================================================================
3. USB RELATED NOTES
On Linux systems, the USB-FS memory is restricted to 16 MB or less by default. To
increase this limit to make use of the imaging hardware's full capabilities, a
minor change needs to be made to the system.
To PERMANENTLY modify the USB-FS memory:
1. Open the /etc/default/grub file in any text editor. Find and replace:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
with this:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash usbcore.usbfs_memory_mb=1000"
2. Update grub with these settings:
$ sudo update-grub
3. Reboot and test a USB 3.1 camera.
If this method fails to set the memory limit, to TEMPORARILY modify the USB-FS
memory until the next reboot, run the following command:
$ sudo sh -c 'echo 1000 > /sys/module/usbcore/parameters/usbfs_memory_mb'
To confirm that the memory limit has been successfully updated, run the following command:
$ cat /sys/module/usbcore/parameters/usbfs_memory_mb
If using multiple USB3 cameras, the USB-FS memory limit may need to exceed 1000.
More information on these changes can be found at:
https://www.flir.com/support-center/iis/machine-vision/application-note/understanding-usbfs-on-linux
I have my sandbox created using vboxmanage cli tool which created vmdk file.
I converted it from .vmdk to .vdi, as i wanted to compress it. then i attached this newly created .vdi file.
Now i want to detach the vmdk file as i don't want it any more.
Can you please suggest me what should be the command for the same?
List of my HDDs are:
$ vboxmanage list hdds
UUID: f3b90783-abe7-4549-91aa-39aa6161f103
Parent UUID: base
State: created
Type: normal (base)
Location: /home/ankit/VirtualBox VMs/asr-vm/asr-sandbox-3.5.0-lb1404x64-disk1.vmdk
Storage format: VMDK
Capacity: 65536 MBytes
UUID: 1b9a4eff-f1bd-4c4e-ae48-8f11b8003244
Parent UUID: base
State: created
Type: normal (base)
Location: /home/ankit/VirtualBox VMs/asr-vm/asr-sandbox-3.5.0-lb1404x64-disk1.vdi
Storage format: VDI
Capacity: 65536 MBytes
the solution for this is to attach that medium with emptydrive or none. that means for that particular port and device you are attaching an emptydrive or none.
vboxmanage storageattach "asr-vm" --storagectl "SATA" --port 1 --medium none
or
vboxmanage storageattach "asr-vm" --storagectl "SATA" --port 1 --medium emptydrive
As per docs medium none is a better option.
For anyone wondering why none is a better option than emptydrive for the --medium flag, the VboxManage docs have this to say:
--medium
Specifies what is to be attached. The following values are supported:
none: Any existing device should be removed from the given slot.
emptydrive: For a virtual DVD or floppy drive only, this makes the device slot behave like a removeable drive into which no media has been inserted.
So given we want to detach (or "remove" it), none seems like the correct option.
Source:
https://www.virtualbox.org/manual/ch08.html#vboxmanage-storageattach
This is a reponse to Mehrdad Hedayati comment to the accepted answer.
I have an odroid-U3, and I don't know how to install a linux on it, can anyone tell me how to do it? and I have another question, can odroid-U3 powered by USB port?
Grab the appropriate linux distro from:
http://os.archlinuxarm.org/os/
or follow the steps below which will use the U2 image which is the same for U3:
SD Card Creation
Replace sdX in the following instructions with the device name for the SD card as it appears on your computer.
Zero the beginning of the SD card:
dd if=/dev/zero of=/dev/sdX bs=1M count=8
Start fdisk to partition the SD card:
fdisk /dev/sdX
At the fdisk prompt, create the new partitions:
Type o. This will clear out any partitions on the drive.
Type p to list partitions. There should be no partitions left.
Type n, then p for primary, 1 for the first partition on the drive, and enter twice to accept the default starting and ending sectors.
Write the partition table and exit by typing w.
Create and mount the ext4 filesystem:
mkfs.ext4 /dev/sdX1
mkdir root
mount /dev/sdX1 root
Download and extract the root filesystem (as root, not via sudo):
wget http://archlinuxarm.org/os/ArchLinuxARM-odroid-u2-latest.tar.gz
bsdtar -xpf ArchLinuxARM-odroid-u2-latest.tar.gz -C root
Flash the bootloader files:
cd root/boot
./sd_fusing.sh /dev/sdX
cd ../..
Unmount the partition:
umount root
Insert the SD card into the board, connect ethernet, and apply 5V power.
Use the serial console (with a null-modem adapter if needed) or SSH to the IP address given to the board by your router.
Login as the default user alarm with the password alarm.
The default root password is root.
eMMC Module Creation
Attach the eMMC module to the micro SD adapter, and plug that into your computer.
Follow the above steps to install Arch Linux ARM, and boot the board with the eMMC still attached to micro SD adapter, plugged into the SD slot in the board.
Re-flash the bootloader to the protected boot area of the eMMC module:
cd /boot
./sd_fusing.sh /dev/mmcblk0
Power off the board:
poweroff
Remove the micro SD adapter, detach the eMMC module, and connect the eMMC module to its connector on the board.
Re-apply power the board.
Use the serial console (with a null-modem adapter if needed) or SSH to the IP address given to the board by your router.
Login as the default user alarm with the password alarm.
The default root password is root.
You can follow the official guide at archlinuxarm.org/platforms/armv7/samsung/odroid-u3
Note: If you stuck at step 7 when performed
cd root/boot
./sd_fusing.sh /dev/sdX
cd ../..
you can open the file sd_fusing.sh, change the line
#!/usr/bin/bash
into
#!/bin/bash
I have a repository workspace which has a default flow target. I want to edit the flow target and make it scoped only for few components. This is possible from RTC Eclipse Client. How can I achieve the same from RTC command line Interface. Please tell with reference to RTC 3.0.1.3.
I am not sure if that API works for 3.x, or only for 4.x, but this sequence of lscm commands seems to produced a scoped flow target:
# Set a component as the flow target
$ lscm workspace flowtarget TestWorkspace1 TestStream1 -C TestComp2 -r lo
Successfully updated the flow target.
# View workspace flow target that was scoped to specific components
$ lscm workspace flowtarget TestWorkspace1 TestStream1 -r <repo>
(1352) "TestStream1" (scoped) (current)
The following components flow from/to this flow target:
(1351) "TestComp2"
You can see that command introduced in the Rational Team Concert 4.0.1 M4 Milestone, so it is possible isn't available in RTC3.x.