2065770 – Smart Cards not visible under RHEL 9 / Stream 9 VMs

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2065770 - Smart Cards not visible under RHEL 9 / Stream 9 VMs

Summary: Smart Cards not visible under RHEL 9 / Stream 9 VMs

Keywords:
Status:	CLOSED DUPLICATE of bug 2058730
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	libusbx
Sub Component:
Version:	CentOS Stream
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Benjamin Berg
QA Contact:	Kernel-QE - Hardware
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-03-18 17:10 UTC by James T
Modified:	2022-03-31 09:00 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-03-31 09:00:01 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:
Flags:	pm-rhel: mirror+

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-116149	0	None	None	None	2022-03-18 17:16:59 UTC

Description James T 2022-03-18 17:10:08 UTC

Description of problem:

Smart Cards / Yubikeys are not available for use in RHEL 9 Beta / CentOS 9 Stream VMs (tested under VMWare Fusion 10, VMWare Fusion 12, and KVM). They work fine under RHEL 8 and Ubuntu VMs.


dmesg output:

--- snip ---
[  174.007027] usb 2-2.2: new full-speed USB device number 5 using uhci_hcd
[  174.100357] usb 2-2.2: New USB device found, idVendor=0e0f, idProduct=0004, bcdDevice= 1.00
[  174.100363] usb 2-2.2: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[  174.100365] usb 2-2.2: Product: Virtual USB CCID
[  174.100367] usb 2-2.2: Manufacturer: VMware
[  175.346406] usb 2-2.2: USB disconnect, device number 5
[  179.452113] usb 2-2.2: new full-speed USB device number 6 using uhci_hcd
[  179.547462] usb 2-2.2: New USB device found, idVendor=1050, idProduct=0404, bcdDevice= 4.42
[  179.547467] usb 2-2.2: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[  179.547469] usb 2-2.2: Product: Yubikey 4 CCID
[  179.547471] usb 2-2.2: Manufacturer: Yubico


lsusb output:

Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 006: ID 1050:0404 Yubico.com Yubikey 4/5 CCID
Bus 002 Device 004: ID 0e0f:0008 VMware, Inc. Virtual Bluetooth Adapter
Bus 002 Device 003: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
Bus 002 Device 002: ID 0e0f:0003 VMware, Inc. Virtual Mouse
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub


opensc-tool output:

[root@cent9s ~]# opensc-tool -n
No smart card readers found.
Failed to connect to reader: No readers found


pcscd status:

● pcscd.service - PC/SC Smart Card Daemon
     Loaded: loaded (/usr/lib/systemd/system/pcscd.service; indirect; vendor preset: disabled)
     Active: active (running) since Fri 2022-03-18 12:57:14 EDT; 6min ago
TriggeredBy: ● pcscd.socket
       Docs: man:pcscd(8)
   Main PID: 1362 (pcscd)
      Tasks: 7 (limit: 24500)
     Memory: 2.0M
        CPU: 18ms
     CGroup: /system.slice/pcscd.service
             └─1362 /usr/sbin/pcscd --foreground --auto-exit

Mar 18 12:57:14 cent9s systemd[1]: Started PC/SC Smart Card Daemon.
Mar 18 13:00:02 cent9s pcscd[1362]: 00000000 ccid_usb.c:863:WriteUSB() write failed (2/5): -4 LIBUSB_ERROR_NO_DEVICE
Mar 18 13:00:07 cent9s pcscd[1362]: 05532588 ccid_usb.c:863:WriteUSB() write failed (2/6): -4 LIBUSB_ERROR_NO_DEVICE





Version-Release number of selected component (if applicable):

pcsc-lite-1.9.4-1.el9.x86_64
pcsc-lite-ccid-1.4.36-1.el9.x86_64
opensc-0.22.0-2.el9.x86_64

Linux cent9s 5.14.0-71.el9.x86_64 #1 SMP PREEMPT Tue Mar 8 20:35:50 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux




How reproducible: Always


Steps to Reproduce:
1. Start with a fully patched CentOS 9 Stream / RHEL 9 Beta host running as a VM
2. Connect a Smart Card reader or USB Yubikey
3. Verify that the device is seen with lsusb or dmesg
4. Attempt to access the card with opensc-tool -n


Actual results:


No smart card readers found.
Failed to connect to reader: No readers found


Expected results:

opensc-tool should print additional information about the card and certificates.


Additional info:

I have not been able to test this on physical hardware, but we have many users that run Virtual Machines. Smartcards have worked in the past under VMs.

Comment 1 Jakub Jelen 2022-03-21 09:21:17 UTC

We test various smart cards on RHEL9 and I did not see any issues before locally nor in VM (qemu). Can you run the pcscd in debug mode to collect more logs as suggested in the following KBA:

https://access.redhat.com/articles/4253861

We did not test with VMWare though, As far as I know so just to rule out its effect, can you retry on some different VM platform or physical hw?

Comment 2 James T 2022-03-21 18:30:03 UTC

I had a coworker try with a RHEl 9 VM running under KVM, and he reported the same issue. A RHEL 8 VM works fine on that same system. I did not see an obvious way to attach a file to the big report, so I have copied and pasted it here. Note that I disconnected and reconnected the Yubikey one time while this was running:


00000000 debuglog.c:299:DebugLogSetLevel() debug level=debug
00000349 debuglog.c:320:DebugLogSetCategory() Debug options: APDU
00000264 [140076867731840] pcscdaemon.c:353:main() Force colored logs
00000378 [140076867731840] utils.c:82:GetDaemonPid() Can't open /run/pcscd/pcscd.pid: No such file or directory
00000274 [140076867731840] configfile.l:293:DBGetReaderListDir() Parsing conf directory: /etc/reader.conf.d
00000179 [140076867731840] configfile.l:329:DBGetReaderListDir() Skipping non regular file: .
00000286 [140076867731840] configfile.l:329:DBGetReaderListDir() Skipping non regular file: ..
00000184 [140076867731840] configfile.l:369:DBGetReaderList() Parsing conf file: /etc/reader.conf.d/libccidtwin
00000211 [140076867731840] pcscdaemon.c:663:main() pcsc-lite 1.9.4 daemon ready.
00002329 [140076867731840] hotplug_libudev.c:300:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0001, path: /dev/bus/usb/002/001
00000306 [140076867731840] hotplug_libudev.c:300:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0001, path: /dev/bus/usb/002/001
00000300 [140076867731840] hotplug_libudev.c:300:get_driver() Looking for a driver for VID: 0x0E0F, PID: 0x0003, path: /dev/bus/usb/002/002
00000250 [140076867731840] hotplug_libudev.c:300:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0001, path: /dev/bus/usb/002/001
00000252 [140076867731840] hotplug_libudev.c:300:get_driver() Looking for a driver for VID: 0x0E0F, PID: 0x0002, path: /dev/bus/usb/002/003
00000316 [140076867731840] hotplug_libudev.c:300:get_driver() Looking for a driver for VID: 0x0E0F, PID: 0x0008, path: /dev/bus/usb/002/004
00000296 [140076867731840] hotplug_libudev.c:300:get_driver() Looking for a driver for VID: 0x0E0F, PID: 0x0008, path: /dev/bus/usb/002/004
00000375 [140076867731840] hotplug_libudev.c:300:get_driver() Looking for a driver for VID: 0x0E0F, PID: 0x0002, path: /dev/bus/usb/002/003
00000305 [140076867731840] hotplug_libudev.c:300:get_driver() Looking for a driver for VID: 0x1050, PID: 0x0404, path: /dev/bus/usb/002/005
00000207 [140076867731840] hotplug_libudev.c:441:HPAddDevice() Adding USB device: Yubico YubiKey CCID
00000303 [140076867731840] readerfactory.c:1079:RFInitializeReader() Attempting startup of Yubico YubiKey CCID 00 00 using /usr/lib64/pcsc/drivers/ifd-ccid.bundle/Contents/Linux/libccid.so
00000624 [140076867731840] readerfactory.c:954:RFBindFunctions() Loading IFD Handler 3.0
00000387 [140076867731840] ifdhandler.c:2026:init_driver() Driver version: 1.4.36
00000731 [140076867731840] ifdhandler.c:2043:init_driver() LogLevel: 0x0003
00000319 [140076867731840] ifdhandler.c:2054:init_driver() DriverOptions: 0x0000
00000422 [140076867731840] ifdhandler.c:2067:init_driver() LogLevel from LIBCCID_ifdLogLevel: 0x000F
00000189 [140076867731840] ifdhandler.c:110:CreateChannelByNameOrChannel() Lun: 0, device: usb:1050/0404:libudev:0:/dev/bus/usb/002/005
00000244 [140076867731840] ccid_usb.c:237:OpenUSBByName() Reader index: 0, Device: usb:1050/0404:libudev:0:/dev/bus/usb/002/005
00000217 [140076867731840] ccid_usb.c:269:OpenUSBByName() interface_number: 0
00000233 [140076867731840] ccid_usb.c:270:OpenUSBByName() usb bus/device: 2/5
00000215 [140076867731840] ccid_usb.c:302:OpenUSBByName() Using: /usr/lib64/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist
00000561 [140076867731840] ccid_usb.c:320:OpenUSBByName() ifdManufacturerString: Ludovic Rousseau (ludovic.rousseau)
00000228 [140076867731840] ccid_usb.c:321:OpenUSBByName() ifdProductString: Generic CCID driver
00000005 [140076867731840] ccid_usb.c:322:OpenUSBByName() Copyright: This driver is protected by terms of the GNU Lesser General Public License version 2.1, or (at your option) any later version.
00001836 [140076867731840] ccid_usb.c:406:OpenUSBByName() Try device: 2/5
00000016 [140076867731840] ccid_usb.c:416:OpenUSBByName() vid/pid : 1050/0404
00000002 [140076867731840] ccid_usb.c:487:OpenUSBByName() Checking device: 2/5
00000002 [140076867731840] ccid_usb.c:558:OpenUSBByName() Trying to open USB bus/device: 2/5
00000064 [140076867731840] ccid_usb.c:664:OpenUSBByName() Found Vendor/Product: 1050/0404 (Yubico YubiKey CCID)
00000003 [140076867731840] ccid_usb.c:666:OpenUSBByName() Using USB bus/device: 2/5
00000005 [140076867731840] ccid_usb.c:727:OpenUSBByName() bNumDataRatesSupported is 0
00931787 [140076867731840] ccid_usb.c:1340:InterruptRead() before (0), timeout: 100 ms
00100902 [140076867731840] ccid_usb.c:1386:InterruptRead() after (0) (2)
00000033 [140076867731840] -> 000000 65 00 00 00 00 00 00 00 00 00
00001061 [140076867731840] ccid_usb.c:863:WriteUSB() write failed (2/5): -4 LIBUSB_ERROR_NO_DEVICE
00000014 [140076867731840] ccid_usb.c:945:CloseUSB() Closing USB device: 2/5
00000002 [140076867731840] ccid_usb.c:957:CloseUSB() Last slot closed. Release resources
00000017 [140076867731840] ccid_usb.c:189:close_libusb_if_needed() libusb_exit
00000085 [140076867731840] readerfactory.c:1120:RFInitializeReader() Open Port 0x200000 Failed (usb:1050/0404:libudev:0:/dev/bus/usb/002/005)
00000019 [140076867731840] readerfactory.c:380:RFAddReader() Yubico YubiKey CCID init failed.
00000028 [140076867731840] readerfactory.c:614:RFRemoveReader() UnrefReader() count was: 1
00000026 [140076867731840] readerfactory.c:1133:RFUnInitializeReader() Attempting shutdown of Yubico YubiKey CCID 00 00.
00000071 [140076867731840] readerfactory.c:991:RFUnloadReader() Unloading reader driver.
00000291 [140076867731840] hotplug_libudev.c:300:get_driver() Looking for a driver for VID: 0x0E0F, PID: 0x0002, path: /dev/bus/usb/002/003
00000330 [140076867731840] hotplug_libudev.c:300:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/001/001
15427079 [140076859086400] hotplug_libudev.c:661:HPEstablishUSBNotifications() USB Device removed
08203853 [140076859086400] hotplug_libudev.c:667:HPEstablishUSBNotifications() USB Device add
00000102 [140076859086400] hotplug_libudev.c:300:get_driver() Looking for a driver for VID: 0x1050, PID: 0x0404, path: /dev/bus/usb/002/006
00000021 [140076859086400] hotplug_libudev.c:441:HPAddDevice() Adding USB device: Yubico YubiKey CCID
00000028 [140076859086400] readerfactory.c:1079:RFInitializeReader() Attempting startup of Yubico YubiKey CCID 00 00 using /usr/lib64/pcsc/drivers/ifd-ccid.bundle/Contents/Linux/libccid.so
00000214 [140076859086400] readerfactory.c:954:RFBindFunctions() Loading IFD Handler 3.0
00000051 [140076859086400] ifdhandler.c:2026:init_driver() Driver version: 1.4.36
00000540 [140076859086400] ifdhandler.c:2043:init_driver() LogLevel: 0x0003
00000022 [140076859086400] ifdhandler.c:2054:init_driver() DriverOptions: 0x0000
00000118 [140076859086400] ifdhandler.c:2067:init_driver() LogLevel from LIBCCID_ifdLogLevel: 0x000F
00000015 [140076859086400] ifdhandler.c:110:CreateChannelByNameOrChannel() Lun: 0, device: usb:1050/0404:libudev:0:/dev/bus/usb/002/006
00000007 [140076859086400] ccid_usb.c:237:OpenUSBByName() Reader index: 0, Device: usb:1050/0404:libudev:0:/dev/bus/usb/002/006
00000016 [140076859086400] ccid_usb.c:269:OpenUSBByName() interface_number: 0
00000013 [140076859086400] ccid_usb.c:270:OpenUSBByName() usb bus/device: 2/6
00000007 [140076859086400] ccid_usb.c:302:OpenUSBByName() Using: /usr/lib64/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist
00000368 [140076859086400] ccid_usb.c:320:OpenUSBByName() ifdManufacturerString: Ludovic Rousseau (ludovic.rousseau)
00000021 [140076859086400] ccid_usb.c:321:OpenUSBByName() ifdProductString: Generic CCID driver
00000007 [140076859086400] ccid_usb.c:322:OpenUSBByName() Copyright: This driver is protected by terms of the GNU Lesser General Public License version 2.1, or (at your option) any later version.
00001520 [140076859086400] ccid_usb.c:406:OpenUSBByName() Try device: 2/6
00000111 [140076859086400] ccid_usb.c:416:OpenUSBByName() vid/pid : 1050/0404
00000015 [140076859086400] ccid_usb.c:487:OpenUSBByName() Checking device: 2/6
00000008 [140076859086400] ccid_usb.c:558:OpenUSBByName() Trying to open USB bus/device: 2/6
00000059 [140076859086400] ccid_usb.c:664:OpenUSBByName() Found Vendor/Product: 1050/0404 (Yubico YubiKey CCID)
00000015 [140076859086400] ccid_usb.c:666:OpenUSBByName() Using USB bus/device: 2/6
00000017 [140076859086400] ccid_usb.c:727:OpenUSBByName() bNumDataRatesSupported is 0
00000763 [140076859086400] ccid_usb.c:1340:InterruptRead() before (0), timeout: 100 ms
00101727 [140076859086400] ccid_usb.c:1386:InterruptRead() after (0) (2)
00000069 [140076859086400] -> 000000 65 00 00 00 00 00 00 00 00 00
00001244 [140076859086400] ccid_usb.c:863:WriteUSB() write failed (2/6): -4 LIBUSB_ERROR_NO_DEVICE
00000023 [140076859086400] ccid_usb.c:945:CloseUSB() Closing USB device: 2/6
00000007 [140076859086400] ccid_usb.c:957:CloseUSB() Last slot closed. Release resources
00000021 [140076859086400] ccid_usb.c:189:close_libusb_if_needed() libusb_exit
00000062 [140076859086400] readerfactory.c:1120:RFInitializeReader() Open Port 0x200000 Failed (usb:1050/0404:libudev:0:/dev/bus/usb/002/006)
00000008 [140076859086400] readerfactory.c:380:RFAddReader() Yubico YubiKey CCID init failed.
00000005 [140076859086400] readerfactory.c:614:RFRemoveReader() UnrefReader() count was: 1
00000005 [140076859086400] readerfactory.c:1133:RFUnInitializeReader() Attempting shutdown of Yubico YubiKey CCID 00 00.
00000005 [140076859086400] readerfactory.c:991:RFUnloadReader() Unloading reader driver.




These lines were highlighted in red on the screen:

00001061 [140076867731840] ccid_usb.c:863:WriteUSB() write failed (2/5): -4 LIBUSB_ERROR_NO_DEVICE
00001244 [140076859086400] ccid_usb.c:863:WriteUSB() write failed (2/6): -4 LIBUSB_ERROR_NO_DEVICE



It will be a few days before I can test on physical hardware.

Comment 3 Pavel Yadlouski 2022-03-22 12:25:40 UTC

Hello,

I have tried Yubikey on the update RHEL 9.0 Beta KVM with the following commands:

[root@ipa-client-reg-90 ~]# lsusb
...
Bus 002 Device 002: ID 1050:0407 Yubico.com Yubikey 4/5 OTP+U2F+CCID
...
[root@ipa-client-reg-90 ~]# opensc-tool -n
Using reader with a card: Yubico YubiKey OTP+FIDO+CCID 00 00
Personal Identity Verification Card

So, it seems that everything is working as expected.

Comment 4 James T 2022-03-30 18:50:39 UTC

I did some additional testing and installed Fedora 34 on the same hardware, with the same version of VMWare Fusion. It worked perfectly. I believe this is less a problem with pcsc and more of an issue with USB devices. It's possible that the problem is 100% with VMWare, but I struggle to understand why it works with some guest OS versions and not others... the settings for the VM seem to be the same.


The one clue that I see is this line in the output of `lsusb -v` on the CentOS 9 guest:

cannot read device status, Resource temporarily unavailable (11)



The Fedora 34 guest output shows:

Device Status:     0x0000
  (Bus Powered)

Comment 5 James T 2022-03-30 19:51:07 UTC

I did more testing today and cerated a new CentOS 9 Stream VM from scratch, using an ISO I had downloaded on 3/17/2022. To my surprise, opensc-tool -n worked with no issues. I then patched and rebooted the system and it broke again. I rolled back to my 'clean' snapshot and tried to isolate the problematic patch / package.

When I upgraded libusbx from 1.0.24-4.el9.x86_64 to 1.0.25-2.el9.x86_64, that is when it broke. I went back and applied all of the updates except that one and it was completely fine. I then installed the libusbx update, rebooted again, and opensc-tool stopped reading my card.

I noticed that both Fedora 34 and 35 seem to have the 1.0.24 version of that package in their tree.

Comment 6 Jakub Jelen 2022-03-31 08:34:40 UTC

So do I read it correctly that the change of libusbx from 1.0.24-4.el9.x86_64 to 1.0.25-2.el9.x86_64 breaks this in your VMWare environment?

I just reassigned it to this package so lets see if the libusbx developers will be able to help here.

Comment 7 Benjamin Berg 2022-03-31 09:00:01 UTC

Ugh, sorry. I really need to push out the corresponding update (again) to C9S and RHEL 9.1. RHEL 9.0 is fine as I backed it out again.

*** This bug has been marked as a duplicate of bug 2058730 ***

Note You need to log in before you can comment on or make changes to this bug.