[SmartcardServices-Users] OS X 10.11 and SmartCard Services

Lamb, John (NIH/NCI) [C] john.lamb2 at nih.gov
Wed Sep 30 06:14:59 PDT 2015 

Ludovic,

My apologies for confusion. They provide a driver, but the reader is also a generic one. Their alternate install method is to modify the plist that associates vendor/product id with generic readers. As you’ll see in my next reply, this is wonderfully moot at this point.


John Lamb (Contractor)

SRA International

National Cancer Institute

Center for Biomedical Informatics and Information Technology

9609 Medical Center Drive

Rockville, MD 20850


lambje2 at mail.nih.gov<http://lambje2@mail.nih.gov>

From: Ludovic Rousseau
Date: Wednesday, September 30, 2015 at 6:20 AM
To: "smartcardservices-users at lists.macosforge.org<mailto:smartcardservices-users at lists.macosforge.org>"
Cc: "Lamb, John (NIH/NCI) [C]"
Subject: Re: [SmartcardServices-Users] OS X 10.11 and SmartCard Services

Hello,

Le 29/09/2015 22:12, Lamb, John (NIH/NCI) [C] a écrit :
All,

I am supporting a large install base of users (roughly 1000 users for 2000 computers) with:

Identiv SCR3500 A Contact Reader
Product ID: 0x5814
Vendor ID: 0x04e6 (Shuttle Technology)
Version: 2.02

Which are nearly physically identical to

SMC Microsystems SCx35xx v2.0 USB SC Reader
Product ID: 0x5410
Vendor ID: 0x04e6 (Shuttle Technology)
Version: 3.04

In OS X 10.7 -> OS X 10.10 the SCx35xx automatically works, the SCR3500 needs a “driver” ( http://support.identive-group.com/show_faq.php?f_kz=1065&lang=EN##) which adds a new bundle at /usr/libexec/SmartCardServices/Drivers/smccid.bundle

[ “by works” I mean in /var/logsystem.log the OS will log the insertion/removal of a reader. Be assured that I am not troubleshooting card/user/certificate issues here. ]

Alternatively, you can use the provided script in that FAQ article to modify the existing ifs-ccid.bundle.

Therefore, as far as I understand it these are functionally identical, and the issue is properly identifying the card reader to the OS so drivers that already exist can do their job

In order to be able to support upgrades to OS X 10.11, I will need to provide support for these card readers.

Due to /usr/libexec being off limits to SIP, i see the following options:


  1.  When I create a new OS X 10.11 image, temporarily disable SIP during creation to place the drivers. Should I have a later “driver” conflict I will need to disable SIP to remove the smccid.bundle, which presents challenges at this scale.
  2.  Ask the developers of smartcardservices if a new release will support these card readers (and I have delayed close as I can to the release of OS X 10.11 so that I can say its “Sept 30th somewhere.”
  3.  Ask the developers if there is a better way to reference a non-SIP location for a driver (for instance, with 10.11 lacking pcscd (or at the very least, which pcscd coming up with nothing), is /etc/reader.conf still honored? In which case I simply need to identify the right CHANNELID and i can place the driver at /usr/local/pcsc/drivers/smccid.bundle) or a writeable location somewhere in /Library/ that smart card services already looks for drivers
  4.  File a bug report to Apple, asking for /usr/libexec/smartcardservices/drivers to be exempted from SIP (I am aware that this strays into unsupported territory and I will be correspondingly courteous and understanding.)

Option 5: ask Idendiv to provide a driver for El Capitan?

I will be prepared for 1, and this email is asking politely for 2 or 3. I’ll pursue 4 if warranted.

The CCID driver (binaries) has never been provided by the SmartCardServices project.

Regards,


--
 Dr. Ludovic Rousseau

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20150930/5eb8a6e6/attachment.html>

More information about the SmartcardServices-Users mailing list