HSM2 unresponsive

Nitrokeys HSM
1

Hello:

I’ve owned an HSM 2 for the past 2 weeks. Over that time, I’ve noticed that it periodically becomes unresponsive, and I have to remove and plug it back in.
My host is a Raspberry Pi 4 2GB running Ubuntu 24.04 with kernel 6.8.0-1008-raspi.
I recently noticed my CA was having issues and checked the HSM, and this is usually what I get from hsmwiz:

$ sudo hsmwiz id
[sudo] password for originaltrini0:
Using reader with a card: Nitrokey Nitrokey HSM (DENK03018290000         ) 00 00
Failed to select application: Transmit failed

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Default SO-PIN: 3537363231383830    Default PIN: 648219
Now executing: pkcs15-tool --dump
Using reader with a card: Nitrokey Nitrokey HSM (DENK03018290000         ) 00 00
PKCS#15 binding failed: Transmit failed
Traceback (most recent call last):
  File "/usr/bin/hsmwiz", line 33, in <module>
    sys.exit(load_entry_point('hsmwiz==0.0.2', 'console_scripts', 'hsmwiz')())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/hsmwiz/__main__.py", line 149, in main
    mc.run(sys.argv[1:])
  File "/usr/lib/python3/dist-packages/hsmwiz/MultiCommand.py", line 120, in run
    parseresult.cmd.action(parseresult.cmd.name, parseresult.args)
  File "/usr/lib/python3/dist-packages/hsmwiz/ActionIdentify.py", line 28, in __init__
    hsm = HardwareSecurityModule(verbose = True).list()
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/hsmwiz/HardwareSecurityModule.py", line 79, in list
    self._call([ "pkcs15-tool", "--dump" ])
  File "/usr/lib/python3/dist-packages/hsmwiz/HardwareSecurityModule.py", line 65, in _call
    subprocess.check_call(cmd)
  File "/usr/lib/python3.12/subprocess.py", line 413, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['pkcs15-tool', '--dump']' returned non-zero exit status 1.

Are there any known issues with the HSM 2? Is there anything I can try regarding USB connectivity?
In the meantime, I’m going to try to get Java running so that I can get the PKI as a service portal operational and see if there are any firmware updates that I can update.

2

I am now using a MacBook Pro M3 with a Caldigit dock.
I cannot log into the PKI as a service portal. According to the Card Updater log:

Daemon waiting on port 27001...
GET /8102927.png?url=https://www.pki-as-a-service.net/rt&sessionId=node0w3s68h5rbi0z1b9wfhbombhx53174&pinrequired=1 HTTP/1.1
Host: 127.0.0.1:27001
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br, zstd
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Priority: u=4, i
Verify URL https://www.pki-as-a-service.net/rt
No card in reader
Daemon waiting on port 27001...

If I query pkcs11-tool back to back, it will see the HSM, then fail on consecutive attempts until I unplug and plug it back in.

pkcs11-tool --module /Library/OpenSC/lib/opensc-pkcs11.so -L
Available slots:
Slot 0 (0x0): Nitrokey Nitrokey HSM
  (empty)

pkcs11-tool --module /Library/OpenSC/lib/opensc-pkcs11.so -L
Available slots:
Slot 0 (0x0): (GetSlotInfo failed, CKR_DEVICE_ERROR)

Are these signs of a bad unit???

3

I finally managed to get the firmware site working on an HP laptop.
It is currently at version 4.1, which is the latest.

4

This indeed looks like a hardware issue, which is pretty uncommon for the HSM. Nevertheless this might happen, please write support (at) nitrokey (dot) com together with your order number (SOxxxxxxx) - I would suggest to try a re-init (using OpenSC) once and see if the error persists.