Bug 879890 - qemu should not support the ccid-card-emulated device, should support ccid-card-passthru
qemu should not support the ccid-card-emulated device, should support ccid-ca...
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: qemu-kvm (Show other bugs)
Unspecified Unspecified
medium Severity medium
: pre-dev-freeze
: 7.1
Assigned To: Gerd Hoffmann
Virtualization Bugs
Depends On:
Blocks: 720747
  Show dependency treegraph
Reported: 2012-11-25 02:54 EST by Sibiao Luo
Modified: 2013-04-15 05:09 EDT (History)
16 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-04-15 05:09:47 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Sibiao Luo 2012-11-25 02:54:28 EST
Description of problem:
qemu only support the ccid-card-passthru with hardware and certificates for usb-ccid currently, but not support the ccid-card-emulated with hardware and certificates for usb-ccid device.

Version-Release number of selected component (if applicable):
host info:
# uname -r && rpm -q qemu-kvm

How reproducible:

Steps to Reproduce:
1.check the qemu that not support ccid-card-emulated.
# /usr/libexec/qemu-kvm -device ?
name "usb-ccid", bus USB, desc "CCID Rev 1.1 smartcard reader"
name "ccid-card-passthru", bus ccid-bus, desc "passthrough smartcard"
2.fail to boot with ccid-card-emulated with hardware and certificates for usb-ccid device.
- using ccid-card-emulated with hardware
<qemu-kvm-command-line>...-usb -device usb-ccid -device ccid-card-emualated...
- using ccid-card-emulated with certificates
<qemu-kvm-command-line>...-usb -device usb-ccid -device 
Actual results:

Expected results:
Qemu should also support the ccid-card-emulated with hardware and certificates for usb-ccid device, not only ccid-card-passthru.

Additional info:
Comment 1 Sibiao Luo 2012-11-25 02:58:19 EST
Hi Gerd,

   I donot check the rhel7 whether support the ccid-card-emulated with hardware and certificates for usb-ccid device. Should I need to clone this bug for rhel7 for tracing this issue to fix correctly ?

Best Regards.
Comment 3 Gerd Hoffmann 2012-11-26 03:38:23 EST
I think it has been left out intentionally because it is unsupported.  Alon?
Why do you want to have it in?  Are there Customer requests?

[ yes, rhel-6 and rhel-7 should be identical here, so if we decide to enable
  it on rhel-6 we should do the same on rhel-7 ]
Comment 4 Alon Levy 2012-11-26 03:54:10 EST
Yep, we don't want to support it, so we left it out. About why, I guess mainly less code = less qa, less bugs, etc. . I'm not aware of any customer requests.
Comment 7 Gerd Hoffmann 2013-03-20 09:29:56 EDT
Use case for ccid is single-sign-on, which needs ccid-card-passthru so smartcard can be shared between host and guest.

So I'd say ccid-card-emulated should stay disabled on RHEL-7 too (unless there is customer demand).

So, just close/wountfix?  Or do we have a tracker bug for device whitelist/blacklist?
Comment 8 Paolo Bonzini 2013-03-20 11:14:14 EDT
There is a small problem; --disable-smartcard-nss also disables libcacard/vscclient and RHEL7 needs that.

So unless we add a separate toggle for ccid-card-emulated, we need to carry the device.

Once that is added upstream, please reassign this bug to mrezanin.  If it's okay to keep ccid-card-emulated, close as WONTFIX.
Comment 9 Gerd Hoffmann 2013-04-05 09:12:41 EDT
Hmm.  The actual smartcard emulation is in libcacard anyway, ccid-card-emulated is "only" the glue between libcacard and usb-ccid.  So it might be not that bad after all to keep ccid-card-emulated, and it may be handy to have it for QE testing smardcard software in a virtual machine ...

Comment 10 Paolo Bonzini 2013-04-05 12:04:28 EDT
I think it is more of a question for QE so that they can allocate their resources.  Is there an actual usecase for ccid-card-emulated apart from testing?  Would we require separate testing for passthru and emulated?  Is it possible to do the bulk of the tests on emulated and little more than smoke-testing passthru?
Comment 11 Gerd Hoffmann 2013-04-15 02:43:29 EDT
I think the most interesting use case for ccid-card-emulated is to test the guest code without a physical card reader, which allows easy autotest integration for example.

Any, yes, I think we can reduce the passthru testing to guest-does-see-the-hardware level smoke testing (plus some hotplug tests) then.
Comment 12 Alon Levy 2013-04-15 03:49:46 EDT
Gerd, we already have support for hardware less tests, using file defined certificates:

ccid-card-passthru + remote-viewer --spice-smartcard-certificates cert1,cert2,cert3

There might be use cases for the emulated case - having certificates on the host and not the client.
Comment 13 Paolo Bonzini 2013-04-15 05:09:47 EDT
Closing as wontfix.

Note You need to log in before you can comment on or make changes to this bug.