8.5.1 Troubleshooting

If the device does not appear at all:

# p11tool –list-all pkcs11:token=0123EE
p11-kit: ateccx08: module failed to initialize: An error occurred on the device
pkcs11_init: PKCS #11 initialization error.
warning: no token URL was provided for this operation; the available tokens are:

Probe the bus and obtain the actual device address:

# i2cdetect -y 0
     0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f
00:          -- -- -- -- -- -- -- -- -- -- -- -- --
10: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
20: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
30: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
40: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
50: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
60: 60 -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
70: -- -- -- -- -- -- -- --

Remember the expected format for the device address is shifted left 1 bit from the value returned from i2cdetect. Thus edit /var/lib/cryptoauthlib/0.conf with the probed value (0x60 becomes 0xC0 when shifted):

# Reserved Configuration for a device
# The objects in this file will be created and marked as undeletable
# These are processed in order. Configuration parameters must be comma
# delimited and may not contain spaces

interface = i2c,0xC0
freeslots = 1,2,3

# Slot 0 is the primary private key
object = private,device,0

# Slot 10 is the certificate data for the device's public key
#object = certificate,device,10

# Slot 12 is the intermedate/signer certificate data
#object = certificate,signer,12

# Slot 15 is a public key
object = public,root,15

To initialize the device with a basic configuration (known as the standard TLS configuration) using p11tool:

# p11tool --initialize "pkcs11:serial=BF2EE438E462" --label greengrass
Enter Security Officer's PIN:
Initializing token...
done

Token was successfully initialized; use --initialize-pin and --initialize-so-pin to set or reset PINs