Registration client build is not TPM enabled hence initialization fails
Problem
A new registration client build was created and we tried to launch the registration client. The launch it self failed with the error message mentioned below.
# Registration Client Logs
2020-12-07T18:11:25+05:30 - [io.mosip.registration.cipher.ClientJarDecryption] - INFO -
REGISTRATION - CLIENT_JAR_DECRYPTION - - REGISTRATION - REG - 2020-12-07 18:11:25,399
[main] INFO [i.m.k.l.l.i.Slf4jLoggerImpl].info.32 : ccSessionID -
NON-TPM - - Getting the instance of NON_TPM Security
2020-12-07T18:11:25+05:30 - [io.mosip.registration.cipher.ClientJarDecryption] - INFO -
REGISTRATION - CLIENT_JAR_DECRYPTION - - REGISTRATION - REG - 2020-12-07 18:11:25,400
[main] INFO [i.m.k.l.l.i.Slf4jLoggerImpl].info.32 : ccSessionID -
NON-TPM - - Completed initializing Local Security Impl
io.mosip.kernel.clientcrypto.exception.ClientCryptoException:
KER-CC-004 --> Failed crypto operation;
2020-12-07T16:49:55+05:30 - [io.mosip.registration.cipher.ClientJarDecryption] -
INFO - REGISTRATION - CLIENT_JAR_DECRYPTION - - REGISTRATION - REG -
Terminating the application
Solution
This issue basically arises when there is mismatch in configuration for enabling or disabling TPM when the registration client build is generated and the flag for sending encrypted data using TPM key during sync.
If TPM enabled registration client build is generated (i.e. in the value mosip-infra/deployment/sandbox-v2/helm/charts/reg-client-downloader/values.template.j2 is set as,
tpm: "Y"
), then the property in kernel-mz.properties should set as,mosip.syncdata.tpm.required=true
If TPM disabled registration client build is generated (i.e. in the value mosip-infra/deployment/sandbox-v2/helm/charts/reg-client-downloader/values.template.j2 is set as,
tpm: "N"
), then the property in kernel-mz.properties should set as,mosip.syncdata.tpm.required=false
The below pods should be restarted if any changes are made in the configurations mentioned above,
reg-client-downloader
kernel-syncdata-service