8.5.1 Troubleshooting
If the device does not appear at all:
# p11tool –list-all pkcs11:token=0123EE p11-kit: ateccx08: module failed to initialize: An error occurred on the device pkcs11_init: PKCS #11 initialization error. warning: no token URL was provided for this operation; the available tokens are:
Probe the bus and obtain the actual device address:
# i2cdetect -y 0 0 1 2 3 4 5 6 7 8 9 a b c d e f 00: -- -- -- -- -- -- -- -- -- -- -- -- -- 10: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 20: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 30: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 40: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 50: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 60: 60 -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 70: -- -- -- -- -- -- -- --
Remember the expected format for the device address is shifted left 1 bit from the value returned from i2cdetect. Thus edit /var/lib/cryptoauthlib/0.conf with the probed value (0x60 becomes 0xC0 when shifted):
# Reserved Configuration for a device # The objects in this file will be created and marked as undeletable # These are processed in order. Configuration parameters must be comma # delimited and may not contain spaces interface = i2c,0xC0 freeslots = 1,2,3 # Slot 0 is the primary private key object = private,device,0 # Slot 10 is the certificate data for the device's public key #object = certificate,device,10 # Slot 12 is the intermedate/signer certificate data #object = certificate,signer,12 # Slot 15 is a public key object = public,root,15
To initialize the device with a basic configuration (known as the standard TLS configuration) using p11tool:
# p11tool --initialize "pkcs11:serial=BF2EE438E462" --label greengrass Enter Security Officer's PIN: Initializing token... done Token was successfully initialized; use --initialize-pin and --initialize-so-pin to set or reset PINs