pcscd fails to read CAC card data, errors out
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| pcsc-lite (Ubuntu) |
Undecided
|
Unassigned |
Bug Description
When I use Firefox to try and access a website using my CAC card, with a Broadcom Corp 5880 [Contacted SmartCard] smart card reader on a Dell Precision 7510 and libcackey, my web browser hangs for a bit, then fails, and looking at pcscd's log shows the following (note the lines:
"00000026 ifdwrapper.
00000002 winscard.
Ubuntu 14.04.4, kernel 4.2.0-38-generic.
See below:
winscard.
00000003 winscard_
00000039 winscard_
00000008 readerfactory.
00000003 winscard.
00000003 APDU: 00 C0 00 00 BA
00000003 ifdhandler.
00014006 commands.
00000012 SW:
00000003 ifdwrapper.
00000003 winscard.
00000002 winscard.
00000003 winscard_
00000038 winscard_
00000007 winscard.
00000003 readerfactory.
00230568 ccid_usb.
00000026 ifdwrapper.
00000002 winscard.
00000002 winscard.
00000003 winscard_
00000049 winscard_
00000007 readerfactory.
00000002 winscard.
00000001 winscard_
00000014 winscard_
00000004 readerfactory.
00000002 winscard.
00000002 winscard.
00000001 winscard.
00000003 ifdhandler.
00000002 winscard.
00000014 ifdhandler.
00000147 winscard.
00000007 winscard_
00000049 winscard_
00000024 winscard.
00000002 readerfactory.
00000002 winscard.
Zach La Celle (zlacelle) wrote : | #2 |
The versions I were using before (from the Trusty repositories) are pcscd 1.8.10 and libccid 1.4.15.
I've installed PCSC version 1.8.17 and libccid 1.4.24:
$ /usr/local/
pcsc-lite version 1.8.17.
Copyright (C) 1999-2002 by David Corcoran <email address hidden>.
Copyright (C) 2001-2015 by Ludovic Rousseau <email address hidden>.
Copyright (C) 2003-2004 by Damien Sauveron <email address hidden>.
Report bugs to <email address hidden>.
Enabled features: Linux x86_64-pc-linux-gnu serial usb libudev usbdropdir=
Both configurations cause the same errors, where it seems that it fails to read the card. I've attached the lsusb of the broadcom device, as well as the complete log.
Zach La Celle (zlacelle) wrote : | #3 |
Zach La Celle (zlacelle) wrote : | #4 |
The problem is:
00000003 APDU: 00 C0 00 00 BA
00000002 ifdhandler.
00000002 commands.
00000003 -> 000000 6F 05 00 00 00 00 17 00 00 00 00 C0 00 00 BA
00014454 <- 000000 80 BC 00 00 00 00 17 00 00 00 A0 00 00 00 79 03 02 40 70 50 72 47 67 00 ED CB C7 00 ED CB C7 21 21 A0 00 00 00 79 01 02 00 01 00 00 00 00 00 00 00 A0 00 00 00 79 01 02 01 01 00 00 00 00 00 00
00000013 commands.
00000003 SW:
00000002 ifdwrapper.
00000001 winscard.
Maybe you can find a BIOS upgrade or something similar on the Dell and/or Broadcom website.
I moved the reader in the "Unsupported or partly supported CCID readers" list
https:/
I have no solution for now.
alberto fiaschi (alberto-fiaschi) wrote : | #7 |
may it be similar to the following poblema http://
The link propose a patch to remove a sequence of NULL
Quote:
After some debugging at opensc level, it seems that the reader returns (via openct) some APDU with leading NULL bytes (more precisely, 252 of those NULL bytes). I wrote a small temporary fix (below) for opensc package but the problem should probably be corrected at a lower level level.
Index: opensc-
=======
--- opensc-
+++ opensc-
@@ -455,6 +455,25 @@
}
+#define BROADCOM_
+ if (apdu->resplen >= BROADCOM_
+ int i, allzero=1;
+ u8 *tmp = apdu->resp;
+
+ for (i=0; i < BROADCOM_
+ if (tmp[i] != 0) {
+ allzero = 0;
+ break;
+ }
+ }
+
+ if (allzero) {
+ memmove(tmp, tmp + BROADCOM_
+ apdu->resplen - BROADCOM_
+ apdu->resplen -= BROADCOM_
+ }
+ }
+
/* if the command already returned some data
* append the new data to the end of the buffer
*/
Launchpad Janitor (janitor) wrote : | #8 |
Status changed to 'Confirmed' because the bug affects multiple users.
Changed in pcsc-lite (Ubuntu): | |
status: | New → Confirmed |
nunojpg (nunojpg) wrote : | #9 |
My reader 0a5c:5800 was today automatically "converted" to a 0a5c:5832 via a Broadcom firmware upgrade, made available by Dell, and delivered trough Windows 10 update.
0a5c:5832 is supported by Ludovic Rousseau CCID driver.
I am not aware it the firmware upgrade can be applied without Windows.
It seems to work fine, but I do get a huge amount of this warnings when I'm reading a card:
kernel: xhci_hcd 0000:00:14.0: WARN Event TRB for slot 6 ep 4 with no TDs queued?
It looks like the problem is now fixed. A new bug may be created about the kernel warnings.
I wrote about the firmware upgrade at https:/
Zach La Celle (zlacelle) wrote : | #11 |
I'm confirming that the info from @nunojpg seems to hold for my reader as well. It updated from 0a5c:5800 to 0a5c:5832, using the Dell ControlVault2 update you listed above.
This firmware seems to work correctly (although now my security devices in the browser aren't working, but that's another matter):
00000000 debuglog.
00000012 debuglog.
^[[36m00000006^[[0m ^[[34mpcscdaemo
^[[36m00000312^[[0m configfile.
^[[36m00000019^[[0m ^[[34mpcscdaemo
^[[36m00002333^[[0m hotplug_
^[[36m00000041^[[0m hotplug_
^[[36m00000035^[[0m hotplug_
^[[36m00000033^[[0m hotplug_
^[[36m00000030^[[0m hotplug_
^[[36m00000035^[[0m hotplug_
^[[36m00000030^[[0m hotplug_
^[[36m00000032^[[0m hotplug_
^[[36m00000032^[[0m hotplug_
^[[36m00000033^[[0m hotplug_
^[[36m00000033^[[0m hotplug_
^[[36m00000030^[[0m hotplug_
^[[36m00000034^[[0m hotplug_
^[[36m00000032^[[0m hotplug_
^[[36m00000030^[[0m hotplug_
^[[36m00000033^[[0m hotplug_
^[[36m00000031^[[0m hotplug_
^[[36m00000031^[[0m hotplug_
^[[36m00000031^[[0m hotplug_
carloslp (carloslp) wrote : | #12 |
I was able to upgrade the firmware of the reader from a virtual machine running windows with virt-manager/qemu.
But I don't recommend this method of upgrade.
You have to attach the broadcom usb device to the machine, then execute the dell control vault2 firmware upgrade.
The thing is that once it starts the USB device will disappear, and it will appear again with a 0a5c:5831 ID. You have to be quick to reatach this new usb device (in live) on the machine so the upadate can continue. And it will disappear again and appear again. Like 8 times. If you fail to be quick in attaching the device the updater will abort and will tell you to reboot.
If the device don't completes the update it will be unusable. It will not identify itself as a smart card reader and will have the 0a5c:5831 ID.
You can however retry the update.
Once the upgrade completes the USB ID will change to 0a5c:5832 and it will identify itself as a smart card reader.
Another important thing is that you have to enable the TPM and set it to disable. And also attach the TPM as a passthrough device on the qemu/kvm machine for it to work.
I finally was able to upgrade the firmware correctly using this dirty method.
So, meanwhile I achieved to upgrade the firmware from a windows virtual machine, I don't recommend it.
I think in the end is simple and less risky to run the upgrade from windows directly.
Its a shame that dell or broadcom don't provide a way of updating this firmware without requiring windows.
carloslp (carloslp) wrote : | #13 |
@zlacelle.. what you are missing is an updated libccid. You need version 1.25 which is still unreleased. What I did was rebuilt the libccid 1.24 package after applying manually this patch https:/
Changed in pcsc-lite (Ubuntu): | |
status: | Confirmed → Won't Fix |
Mario Limonciello (superm1) wrote : | #14 |
Just to add clarity to this issue:
The ID's in the old FW release are not supported by CCID and have been removed in git:
https:/
https:/
After performing a FW upgrade new device ID's will be created which are compliant.
If you're seeing the old ID's you'll have to upgrade the FW (which there unfortunately isn't currently a way to do this on Linux).
Please follow https:/ /pcsclite. alioth. debian. org/ccid. html#CCID_ compliant