dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

DKEK Key Check Value Shows 0000000000000000 After Import, Fails to Update #94

New Issue
Closed
opened 2025-05-22 15:53:10 +08:00 by yuyulazybones · 2 comments
yuyulazybones commented 2025-05-22 15:53:10 +08:00 (Migrated from https://github.com/polhenarejos/pico-hsm)
Copy Link

Problem Description
When using sc-hsm-tool to initialize and import a DKEK key, the DKEK key check value remains 0000000000000000 even after successfully importing the DKEK share.

Environment Information

OpenSC Version: 0.26.1, 0.25.1
Hardward Board Model: RPi Pico 2040, waveshare 2350 one, xiao 2350
Operating System: Windows10 LTSC 2021, Linux(Ubuntu 24.04.2 LTS)

Steps to Reproduce

  1. Create a single share DKEK
    sc-hsm-tool --create-dkek-share dkek.pbe

  2. Initialize with DKEK:
    sc-hsm-tool.exe --initialize --so-pin 3537363231383830 --pin 648219 --dkek-shares 1

  3. Check status (shows pending import):
    sc-hsm-tool.exe
    Output:
    DKEK shares : 1
    DKEK import pending, 1 share(s) still missing

  4. Import DKEK share:
    sc-hsm-tool.exe --import-dkek-share dkek.pbe

  5. Enter correct password, shows successful import

  6. Check status again:
    sc-hsm-tool.exe
    Output:
    DKEK shares : 1
    DKEK key check value : 0000000000000000

Problem Description When using sc-hsm-tool to initialize and import a DKEK key, the DKEK key check value remains 0000000000000000 even after successfully importing the DKEK share. Environment Information OpenSC Version: 0.26.1, 0.25.1 Hardward Board Model: RPi Pico 2040, waveshare 2350 one, xiao 2350 Operating System: Windows10 LTSC 2021, Linux(Ubuntu 24.04.2 LTS) Steps to Reproduce 1. Create a single share DKEK `sc-hsm-tool --create-dkek-share dkek.pbe` 2. Initialize with DKEK: `sc-hsm-tool.exe --initialize --so-pin 3537363231383830 --pin 648219 --dkek-shares 1` 3. Check status (shows pending import): `sc-hsm-tool.exe` Output: DKEK shares : 1 DKEK import pending, 1 share(s) still missing 4. Import DKEK share: `sc-hsm-tool.exe --import-dkek-share dkek.pbe` 5. Enter correct password, shows successful import 6. Check status again: `sc-hsm-tool.exe` Output: DKEK shares : 1 DKEK key check value : 0000000000000000
IsayIsee commented 2025-05-22 15:56:10 +08:00 (Migrated from https://github.com/polhenarejos/pico-hsm)
Copy Link

is also 0000000000000000, but using scsh after login, the value is ok

Image

is also 0000000000000000, but using scsh after login, the value is ok ![Image](https://github.com/user-attachments/assets/d69d99df-4538-477e-9b2a-97848ca964bd)
polhenarejos commented 2025-05-24 01:38:20 +08:00 (Migrated from https://github.com/polhenarejos/pico-hsm)
Copy Link

This is intended. DKEK is unlocked only when the PIN succeeds.

This is intended. DKEK is unlocked only when the PIN succeeds.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
Something isn't working
 bug
Something isn't working
 dependencies
Pull requests that update a dependency file
 dependencies
Pull requests that update a dependency file
 documentation
Improvements or additions to documentation
 documentation
Improvements or additions to documentation
 duplicate
This issue or pull request already exists
 duplicate
This issue or pull request already exists
 enhancement
New feature or request
 enhancement
New feature or request
 good first issue
Good for newcomers
 good first issue
Good for newcomers
 help wanted
Extra attention is needed
 help wanted
Extra attention is needed
 invalid
This doesn't seem right
 invalid
This doesn't seem right
 question
Further information is requested
 question
Further information is requested
 wontfix
This will not be worked on
 wontfix
This will not be worked on
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
dearsky
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: dearsky/pico-hsm#94
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?