Resolved: The command '/usr/local/sbin/ping-auth -s > /etc/thoth/thothid 2>/dev/null' returned exit code '127', the output was ''

JonathanLee · Dec 17, 2023, 7:02 AM

It use to be listed under "System" right in there with Negate Device ID and Serial Number. How do I get it to add it again? If I install my 32GB SSD with 23.05.01 I have my cryptoID listed in "System". My new fresh firmware of 23.09.01 on a new KingSpec SSD does not list the cryptoID. Should I reinstall the 23.09.01 again? I am also having issues with my layer 2 rules they are acting as if it is now required to have layer 2 communication from opt1 guest wifi (ath0 wifi) 10.0.0.0/24 subnet to my secure LAN (WLAN AP) 192.168.1.0/27 subnet.

I do like the experimental layer 2 rules, I have used them for a while now, they also seem to have issues with the latest firmware. Does the cryptoID need a specific SSD? If I do a fresh firmware shouldn't it load that cryptoID still? I assume this like a TPM (trusted platform module) chip right?

Side Note: My new KingSpec SSD has a tiny blue LED that is on when it's running, I had 23.09.01 running all day with that SSD it's working great. I couldn't find the led info on their website. But what is the cryptoID used for outside of VPN use? It should still work right?

Side Side Note: I had an epic Toshiba system that ran a TPM 1.0, it was a living nightmare to update it with the already encrypted drive, but I did it successfully. The TPM 2.0 chips and beyond don't have to deal with that level of risk durring TPM firmware updates now as the built on software has made it more accessible to update without all the risk that the TPM 1.0 had when you updated one.

Does the crypto ID work on the same principle as TPM?

stephenw10 · Dec 17, 2023, 7:13 PM

First thing I would try here is a full power cycle. I haven't seen it in a while but the cryptochip can become stuck in a mode where it's unreadable.

JonathanLee · Dec 17, 2023, 7:21 PM

@stephenw10 with my 23.05.01 SSD it still shows it. I will do a fresh firmware on the 23.09.01 with the good config where it has GUI access and see if that resolves it. I wish I knew what the tiny led on the KingSpec drive means.

stephenw10 · Dec 17, 2023, 7:57 PM

It's probably just power to the card.

JonathanLee · Dec 17, 2023, 8:45 PM

@stephenw10 it's the Netgate official Blue led color matches perfectly

jrey · Dec 17, 2023, 9:04 PM

@JonathanLee

for Reference

and long shot. what's your build date?

JonathanLee · Dec 18, 2023, 9:15 PM

It's still gone after fresh firmware at setup wizard.

JonathanLee · Dec 18, 2023, 9:22 PM

@stephenw10

How do I fix this??

It was gone right after the new firmware was installed? So is my cryptID having issues with 23.09.01??

stephenw10 · Dec 18, 2023, 9:29 PM

Fix what exactly? The missing cryptoID?

Did you do a full power cycle?

JonathanLee · Dec 18, 2023, 9:30 PM

@stephenw10 yes full power cycle and after fresh firmware again once I get to setup wizard I have no cyptoID listed and the log errors

JonathanLee · Dec 18, 2023, 9:35 PM

Any ideas??

JonathanLee · Dec 18, 2023, 9:40 PM

I opened a TAC they just send me firmware again and closed it. Does it need a different build?

stephenw10 · Dec 18, 2023, 10:09 PM

Are you sure it ever showed a CryptoID? The later 2100s didn't have the chip as we moved away from that.

Mmm, this looks like bug. Harmless but a bug.

stephenw10 · Dec 18, 2023, 10:15 PM

Opened an internal bug report to investigate.

JonathanLee · Dec 18, 2023, 10:16 PM

@stephenw10

Here is it showing in 23.05.01

Yes my SG-2100 has one, is this the same as a TPM chip for encrypting drives?

JonathanLee · Dec 18, 2023, 10:18 PM

@stephenw10 could it be my bios that is showing? I don't know could a new SSD cause this? The cyptoID is on the pcb mainboard right?

JonathanLee · Dec 18, 2023, 10:19 PM

@stephenw10 Thanks for looking into this. I opened a TAC ticket but they just sent me firmware, when I said I installed it and it did not fix it the ticket was closed. I think he got mixed up with my ticket.

stephenw10 · Dec 18, 2023, 10:24 PM

It's not a TPM device, it doesn't have anything to do with drive encryption.

I wouldn't expect a driver to make any difference here. I could just about imagine causing problems communicating with the chip but that would be the same in 23.05.1.

I assume running ping-auth -s correctly returns the crypto ID there?

JonathanLee · Dec 18, 2023, 10:31 PM

@stephenw10 said in The command '/usr/local/sbin/ping-auth -s > /etc/thoth/thothid 2>/dev/null' returned exit code '127', the output was '':

ping-auth -s

in 23.05.01

So its something with that build? I also have issues with experimental ethernet rules and compex ath0 driver they no longer separate the layer 2 broadcast domains for ARP requests from LAN to Compex card, this version is prone to ARP broadcast storms across different interfaces before it broke them up I never showed traffic between the two interfaces.

https://forum.netgate.com/topic/184894/ethernet-rules-on-two-networks

JonathanLee · Dec 18, 2023, 10:39 PM

https://redmine.pfsense.org/issues/15103