When cloning AIX 6.1 TL7 SP4 from mksysb receiving error message during first boot and boot process takes too long:
0 Method error (/usr/lib/methods/cfgpkcs11 -l pkcs11 ):
0 0514-040 Error initializing a device into the kernel.
When running cfgmgr receiving this error:
cfgmgr
Method error (/usr/lib/methods/cfgpkcs11 -l pkcs11 ):
0514-040 Error initializing a device into the kernel.
cfgmgr -v
----------------
attempting to configure device 'pkcs11'
Time: 1 LEDS: 0x7fff
invoking /usr/lib/methods/cfgpkcs11 -l pkcs11 Number of
running methods: 1
----------------
Completed method for: pkcs11, Elapsed time = 3 return
code = 40
****************** no stdout ***********
****************** stderr ***********
cfgpkcs11: configure driver
cfgpkcs11: retrieving CuAt and PdAt attributes
cfgpkcs11: Failed to query Y4 device, driver is NOT
loaded (pci/y4cryptdd)
cfgpkcs11: errno = 109
cfgpkcs11: kernel module id = 50c73000
cfgpkcs11: Calling genmajor()
cfgpkcs11: Returned major number: 42
cfgpkcs11: Calling getminor()
cfgpkcs11: Calling genminor()
cfgpkcs11: Returned from genminor()
cfgpkcs11: minor number: 0
cfgpkcs11: Calling mk_sp_file()
cfgpkcs11: Returned from mk_sp_file()
cfgpkcs11: Pass DDS to driver via sysconfig()
cfgpkcs11: configuring device, errno =22
Listing defined devices shows pkcs11 device:
asrv01lpar12:/ # lsdev -Cc adapter | grep Defined
pkcs11 Defined
PKCS#11 Device
These steps helps to resolve problem with cfgmgr:
cfgmgr
Method error (/usr/lib/methods/cfgpkcs11 -l pkcs11 ):
0514-040 Error initializing a device into the kernel.
rmdev -l pkcs11
pkcs11 Defined
mv /var/security/pkcs11/meta /tmp/pkcs11_meta
ll /var/security/pkcs11/tokens
total 0
dr-x------ 2 root system 256 Jan 28 2012 .
dr-x------ 3 root system 256 Aug 14 19:55 ..
mkdev -l pkcs11
pkcs11 Available
cfgmgr
Method error (/usr/lib/methods/cfgpkcs11 -l pkcs11 ):
0514-040 Error initializing a device into the kernel.
rmdev -l pkcs11
pkcs11 Defined
mv /var/security/pkcs11/meta /tmp/pkcs11_meta
ll /var/security/pkcs11/tokens
total 0
dr-x------ 2 root system 256 Jan 28 2012 .
dr-x------ 3 root system 256 Aug 14 19:55 ..
mkdev -l pkcs11
pkcs11 Available
cfgmgr
Conclusion:
Seem to be bug in AIX because the file /var/security/pkcs11/meta file is host-specific after pkcs11 is initialized and it should not be restored during mksysb restore with option recover device set to no.
The meta file from one host will be totally invalid on other hosts.
The meta file shouldn't be existed in a NEW complete system installation.
It is created when pkcs11 device driver is loaded and configured very first time on that host.
Solution:
So in order to ensure NIM mksysb image works on installing hosts, we need exclude /var/security/pkcs11/meta and /var/security/pkcs11/tokens when creating mksysb image for NIM installation.
But /var/security/pkcs11/meta and /var/security/pkcs11/tokens should be included in mksysb when it is used for backup purpose only.
But /var/security/pkcs11/meta and /var/security/pkcs11/tokens should be included in mksysb when it is used for backup purpose only.
No comments:
Post a Comment