Hi there,
I’m facing this same issue.
These are the zkpkcs11 packages currently installed:
zkpkcs11-dbgsym/unknown 1.0-4 arm64
zkpkcs11/unknown,now 1.0-4 arm64 [installed]
I can see the slots using both p11tool and pkcs11-tool but when I try to list the objects with p11tool I get No matching objects found while trying to list them with pkcs11-tool outputs an infinite stream of either
Private Key Object; EC
label: iotkey
ID: 0000
Usage: sign
Access: sensitive
or
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 044104a5d279a290b82bf0f0ba5123fef7769e94583cf1a69c0f57eb5321cd7e2ced2352752ebb7c0d20a1743a4602f99abe2d22c6b96cae68d15fe5b4731376cb31cc
EC_PARAMS: 06082a8648ce3d030107
label: mylabel
ID: 0000
Usage: verify
Access: none
I couldn’t manage to pinpoint which condition causes which key to gets print an indefinite number of times, seems pretty random but very consistent for the same object.
I believe this issue also influences Greengrass since their PKCS11 provider runs in a out of memory error when trying to list the objects.
com.aws.greengrass.security.provider.pkcs11.exceptions.ProviderInstantiationException: Failed to instantiate Provider
at com.aws.greengrass.security.provider.pkcs11.PKCS11CryptoKeyService.createNewProvider(PKCS11CryptoKeyService.java:139)
at com.aws.greengrass.security.provider.pkcs11.PKCS11CryptoKeyService.getNewProvider(PKCS11CryptoKeyService.java:249)
at com.aws.greengrass.security.provider.pkcs11.PKCS11CryptoKeyService.initializePkcs11Provider(PKCS11CryptoKeyService.java:237)
at com.aws.greengrass.security.provider.pkcs11.PKCS11CryptoKeyService.startup(PKCS11CryptoKeyService.java:174)
at com.aws.greengrass.lifecyclemanager.Lifecycle.lambda$handleStateTransitionStartingToRunningAsync$9(Lifecycle.java:601)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: java.lang.reflect.InvocationTargetException
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:118)
at java.base/java.lang.reflect.Method.invoke(Method.java:580)
at com.aws.greengrass.security.provider.pkcs11.PKCS11CryptoKeyService.createNewProvider(PKCS11CryptoKeyService.java:131)
... 9 more
Caused by: java.lang.OutOfMemoryError <---- HERE
at jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11.C_GetMechanismList(Native Method)
at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.initToken(SunPKCS11.java:1239)
at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:382)
at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$1.run(SunPKCS11.java:126)
at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$1.run(SunPKCS11.java:123)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:571)
at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.configure(SunPKCS11.java:123)
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
... 11 more
Any help would be much appreciated.
A
Edit:
Currently using a Zymkey 4i on a Raspberry PI 4, running official Raspberry OS 64 bit.