You are not logged in.
Hi,
I just had an ordeal with my Dell Latitude 7490 which has a built-in Broadcom Corp 5880 NFC reader which can act as a smart card.
Apparently the device is disabled by a firmware setting by default. After enabling it using [1], my yubikey stopped working with gpg-agent (for ssh).
journalctl --user-unit=gpg-agent
gpg-agent[23578]: scdaemon[23578]: ccid open error: skip
gpg-agent[23578]: scdaemon[23578]: ccid open error: skip
gpg-agent[23578]: scdaemon[23578]: ccid open error: skip
gpg-agent[23578]: scdaemon[23578]: detected reader 'Broadcom Corp 5880 [Contacted SmartCard] (0123456789ABCD) 00 00'
gpg-agent[23578]: scdaemon[23578]: detected reader 'Broadcom Corp 5880 [Contactless SmartCard] (0123456789ABCD) 01 00'
gpg-agent[23578]: scdaemon[23578]: detected reader 'Yubico Yubikey NEO OTP+CCID 02 00'It seems like gpg-agent stumbles over the Broadcom Corp 5880 NFC reader.
In my case I could fix this by pointing GnuPG to the yubikey "reader" in ~/.gnupg/scdaemon.conf.
For that, find the id of the yubikey: in the snipped below it is the last line of the response with the leading "D " removed ("Yubico Yubikey NEO OTP+CCID 02 00").
$ echo scd getinfo reader_list | gpg-connect-agent --decode
D 1050:0111:X:0
D 0A5C:5834:0123456789ABCD:0
D 0A5C:5834:0123456789ABCD:0
D
D Broadcom Corp 5880 [Contacted SmartCard] (0123456789ABCD) 00 00
D Broadcom Corp 5880 [Contactless SmartCard] (0123456789ABCD) 01 00
D Yubico Yubikey NEO OTP+CCID 02 00
OKThis scdaemon.conf works for me:
~/.gnupg/scdaemon.conf
disable-ccid
pcsc-driver /usr/lib/libpcsclite.so
card-timeout 5
reader-port Yubico Yubikey NEO OTP+CCID 02 00After
gpgconf --kill all
systemctl --user restart gpg-agent"gpg --card-status" should work.
See also [2].
[1] https://github.com/jacekkow/controlvault2-nfc-enable
[2] https://github.com/Yubico/yubioath-flutter/issues/766
Last edited by georgnix (2023-03-07 17:38:56)
Offline
Well, not really solved.
After system suspend/awake, I get "journalctl --user-unit=gpg-agent" :
gpg-agent[160464]: scdaemon[160464]: pcsc_transmit failed: not transacted (0x80100016)
gpg-agent[160464]: scdaemon[160464]: apdu_send_simple(0) failed: general error
gpg-agent[160464]: scdaemon[160464]: pcsc_transmit failed: not transacted (0x80100016)
gpg-agent[160464]: scdaemon[160464]: apdu_send_simple(0) failed: general error
gpg-agent[160464]: scdaemon[160464]: pcsc_transmit failed: not transacted (0x80100016)
gpg-agent[160464]: scdaemon[160464]: apdu_send_simple(0) failed: general error
gpg-agent[160464]: scdaemon[160464]: pcsc_transmit failed: not transacted (0x80100016)
gpg-agent[160464]: scdaemon[160464]: apdu_send_simple(0) failed: general error
gpg-agent[160464]: scdaemon[160464]: pcsc_transmit failed: not transacted (0x80100016)
gpg-agent[160464]: scdaemon[160464]: apdu_send_simple(0) failed: general error
gpg-agent[160464]: scdaemon[160464]: no supported card application found: General error"systemctl --user restart gpg-agent" and/or re-insterting the yubikey fixes this. Anybody else having this problem?
Offline
I resorted to the ugly hack of restarting pcscd.service after suspend, which works for now.
/etc/systemd/system/pcscd-restart.service :
[Unit]
Description=Restart pcscd.service after wakeup from suspend/hibernate
After=suspend.target hibernate.target systemd-hybrid-sleep.service hybrid-sleep.target suspend-then-hibernate.target
[Service]
Type=simple
ExecStart=sh -c 'sleep 5; /usr/bin/systemctl restart pcscd.service'
[Install]
WantedBy=suspend.target hibernate.target systemd-hybrid-sleep.service hybrid-sleep.target suspend-then-hibernate.targetNote the sleep. Without this it seems to fire to early, probably while the yubikey is not back from suspend.
There might be a better way, triggering the reload using udev rules or so. udev does not provide anything like "usb device waking up" -- does it?
Don't forget to
sudo systemctl daemon-reload
sudo systemctl enable pcscd-restart.serviceafter creating the unit file.
Offline