[SmartcardServices-Users] OS X 10.11 and SmartCard Services

Ludovic Rousseau ludovic.rousseau at gmail.com
Wed Sep 30 03:20:33 PDT 2015 

Hello,

Le 29/09/2015 22:12, Lamb, John (NIH/NCI) [C] a écrit :
> All,
>
> I am supporting a large install base of users (roughly 1000 users for 2000 computers) with:
>
> Identiv SCR3500 A Contact Reader
> Product ID: 0x5814
> Vendor ID: 0x04e6 (Shuttle Technology)
> Version: 2.02
>
> Which are nearly physically identical to
>
> SMC Microsystems SCx35xx v2.0 USB SC Reader
> Product ID: 0x5410
> Vendor ID: 0x04e6 (Shuttle Technology)
> Version: 3.04
>
> In OS X 10.7 -> OS X 10.10 the SCx35xx automatically works, the SCR3500 needs a “driver” ( http://support.identive-group.com/show_faq.php?f_kz=1065&lang=EN##) which adds a new bundle at /usr/libexec/SmartCardServices/Drivers/smccid.bundle
>
> [ “by works” I mean in /var/logsystem.log the OS will log the insertion/removal of a reader. Be assured that I am not troubleshooting card/user/certificate issues here. ]
>
> Alternatively, you can use the provided script in that FAQ article to modify the existing ifs-ccid.bundle.
>
> Therefore, as far as I understand it these are functionally identical, and the issue is properly identifying the card reader to the OS so drivers that already exist can do their job
>
> In order to be able to support upgrades to OS X 10.11, I will need to provide support for these card readers.
>
> Due to /usr/libexec being off limits to SIP, i see the following options:
>
>  1. When I create a new OS X 10.11 image, temporarily disable SIP during creation to place the drivers. Should I have a later “driver” conflict I will need to disable SIP to remove the smccid.bundle, which presents challenges at this scale.
>  2. Ask the developers of smartcardservices if a new release will support these card readers (and I have delayed close as I can to the release of OS X 10.11 so that I can say its “Sept 30th somewhere.”
>  3. Ask the developers if there is a better way to reference a non-SIP location for a driver (for instance, with 10.11 lacking pcscd (or at the very least, which pcscd coming up with nothing), is /etc/reader.conf still honored? In which case I simply need to identify the right CHANNELID and i can place the driver at /usr/local/pcsc/drivers/smccid.bundle) or a writeable location somewhere in /Library/ that smart card services already looks for drivers
>  4. File a bug report to Apple, asking for /usr/libexec/smartcardservices/drivers to be exempted from SIP (I am aware that this strays into unsupported territory and I will be correspondingly courteous and understanding.)
>

Option 5: ask Idendiv to provide a driver for El Capitan?

> I will be prepared for 1, and this email is asking politely for 2 or 3. I’ll pursue 4 if warranted.

The CCID driver (binaries) has never been provided by the SmartCardServices project.

Regards,

-- 
  Dr. Ludovic Rousseau

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20150930/1db89035/attachment.html>

More information about the SmartcardServices-Users mailing list