You are not logged in.
- Topics: Active | Unanswered
#1 2024-01-28 13:47:36
- ssr
- Member
- Registered: 2022-03-13
- Posts: 5
[SOLVED] Yubikey doesn't work after reboot system (GnuPG function)
Hi here, I post in this topic because I don't know where this problem should be.
I have a Yubikey 5 NFC, and it worked fine before. But my laptop broke three months ago, so I didn't deal with it for the past three months. Now it has finally been repaired. It is a screen problem and should not be related to other hardware.
After completely upgrade the system, I encountered the current problem. The problem is: Although yubikey can read normally before restarting the system, but after reboot, it will become unavailable.
$ gpg --card-edit
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
gpg/card> Fido 2 and u2f function still working, and even pcsc_scan
$ pcsc_scan
PC/SC device scanner
V 1.7.1 (c) 2001-2022, Ludovic Rousseau <ludovic.rousseau@free.fr>
Using reader plug'n play mechanism
Scanning present readers...
0: Yubico YubiKey OTP+FIDO+CCID 00 00
Sun Jan 28 21:36:40 2024
Reader 0: Yubico YubiKey OTP+FIDO+CCID 00 00
Event number: 0
Card state: Card inserted,
...Re-plugging and unplugging has no effect. I have tried this many times.
But I find a temporary solution:
Stop any gpg rated socket under user space, restart pcscd service, kill any gpg-agent somehow start in my progress tree and with some random re-plugging and unplugging.
After many times, it may will work correctly.
Sometimes it will work properly after reboot, even without any action with pcscd gpg-agent or re-plugging.
$ gpg --edit-card
Reader ...........: 1050:0407:X:0
Application ID ...: D2760001240100000006145482110000
Application type .: OpenPGP
Version ..........: 3.4
...journalctl log:
Jan 28 21:36:35 archlinux kernel: usb 3-1.3: new full-speed USB device number 9 using xhci_hcd
Jan 28 21:36:35 archlinux kernel: usb 3-1.3: New USB device found, idVendor=1050, idProduct=0407, bcdDevice= 5.27
Jan 28 21:36:35 archlinux kernel: usb 3-1.3: New USB device strings: Mfr=1, Product=2, SerialNumber=0
Jan 28 21:36:35 archlinux kernel: usb 3-1.3: Product: YubiKey OTP+FIDO+CCID
Jan 28 21:36:35 archlinux kernel: usb 3-1.3: Manufacturer: Yubico
Jan 28 21:36:35 archlinux kernel: input: Yubico YubiKey OTP+FIDO+CCID as /devices/pci0000:00/0000:00:14.0/usb3/3-1/3-1.3/3-1.3:1.0/0003:1050:0407.0009/input/input36
Jan 28 21:36:35 archlinux kernel: hid-generic 0003:1050:0407.0009: input,hidraw4: USB HID v1.10 Keyboard [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:00:14.0-1.3/input0
Jan 28 21:36:35 archlinux kernel: hid-generic 0003:1050:0407.000A: hiddev99,hidraw5: USB HID v1.10 Device [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:00:14.0-1.3/input1
Jan 28 21:36:35 archlinux mtp-probe[4493]: checking bus 3, device 9: "/sys/devices/pci0000:00/0000:00:14.0/usb3/3-1/3-1.3"
Jan 28 21:36:35 archlinux mtp-probe[4493]: bus: 3, device: 9 was not an MTP device
Jan 28 21:36:35 archlinux systemd[1]: Reached target Smart Card.
Jan 28 21:36:35 archlinux systemd[1421]: Reached target Smart Card.
Jan 28 21:36:35 archlinux (udev-worker)[4480]: input36: Process '/bin/input-remapper-control --command autoload --device ' failed with exit code 2.
Jan 28 21:36:36 archlinux gpg-agent[2267]: scdaemon[2267]: ccid open error: skip
Jan 28 21:36:36 archlinux (udev-worker)[4511]: event6: Process '/bin/input-remapper-control --command autoload --device /dev/input/event6' failed with exit code 4.
Jan 28 21:36:36 archlinux mtp-probe[4524]: checking bus 3, device 9: "/sys/devices/pci0000:00/0000:00:14.0/usb3/3-1/3-1.3"
Jan 28 21:36:36 archlinux mtp-probe[4524]: bus: 3, device: 9 was not an MTP device
Jan 28 21:37:40 archlinux chronyd[1075]: Selected source 139.199.215.251 (2.arch.pool.ntp.org)
Jan 28 21:40:26 archlinux gpg-agent[2267]: scdaemon[2267]: ccid open error: skip
Jan 28 21:40:26 archlinux gpg-agent[2267]: scdaemon[2267]: ccid open error: skip
Jan 28 21:40:27 archlinux gpg-agent[2267]: scdaemon[2267]: ccid open error: skip
Jan 28 21:40:27 archlinux gpg-agent[2267]: scdaemon[2267]: ccid open error: skip
Jan 28 21:40:29 archlinux gpg-agent[2267]: scdaemon[2267]: ccid open error: skip
Jan 28 21:40:36 archlinux gpg-agent[2265]: SIGTERM received - shutting down ...
Jan 28 21:40:36 archlinux gpg-agent[2265]: gpg-agent (GnuPG) 2.4.4 stopped
Jan 28 21:40:36 archlinux gpg-agent[2267]: scdaemon[2267]: scdaemon (GnuPG) 2.4.4 stopped
Jan 28 21:40:38 archlinux systemd[1421]: Started GnuPG cryptographic agent and passphrase cache.
Jan 28 21:40:38 archlinux gpg-agent[4603]: gpg-agent (GnuPG) 2.4.4 starting in supervised mode.
Jan 28 21:40:38 archlinux gpg-agent[4603]: using fd 3 for extra socket (/run/user/1000/gnupg/S.gpg-agent.extra)
Jan 28 21:40:38 archlinux gpg-agent[4603]: using fd 4 for browser socket (/run/user/1000/gnupg/S.gpg-agent.browser)
Jan 28 21:40:38 archlinux gpg-agent[4603]: using fd 5 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh)
Jan 28 21:40:38 archlinux gpg-agent[4603]: using fd 6 for std socket (/run/user/1000/gnupg/S.gpg-agent)
Jan 28 21:40:38 archlinux gpg-agent[4603]: listening on: std=6 extra=3 browser=4 ssh=5
Jan 28 21:40:38 archlinux gpg-agent[4605]: scdaemon[4605]: ccid open error: skip
Jan 28 21:40:42 archlinux systemd[1421]: Closed GnuPG cryptographic agent and passphrase cache (restricted).
Jan 28 21:40:46 archlinux gpg-agent[4603]: SIGTERM received - shutting down ...
Jan 28 21:40:46 archlinux systemd[1421]: Stopping GnuPG cryptographic agent and passphrase cache...
Jan 28 21:40:46 archlinux gpg-agent[4605]: scdaemon[4605]: DBG: SIGCONT received - breaking select
Jan 28 21:40:46 archlinux gpg-agent[4605]: scdaemon[4605]: SIGTERM received - shutting down ...
Jan 28 21:40:46 archlinux gpg-agent[4603]: gpg-agent (GnuPG) 2.4.4 stopped
Jan 28 21:40:46 archlinux gpg-agent[4605]: scdaemon[4605]: scdaemon (GnuPG) 2.4.4 stopped
Jan 28 21:40:46 archlinux systemd[1421]: Stopped GnuPG cryptographic agent and passphrase cache.
Jan 28 21:40:46 archlinux systemd[1421]: Closed GnuPG cryptographic agent and passphrase cache.
Jan 28 21:40:48 archlinux systemd[1421]: Closed GnuPG cryptographic agent (ssh-agent emulation).
Jan 28 21:40:53 archlinux systemd[1421]: Closed GnuPG cryptographic agent and passphrase cache (access for web browsers).
Jan 28 21:41:07 archlinux sudo[4683]: user : TTY=pts/1 ; PWD=/home/ssr ; USER=root ; COMMAND=/usr/bin/systemctl restart pcscd.service
Jan 28 21:41:07 archlinux sudo[4683]: pam_unix(sudo:session): session opened for user root(uid=0) by user(uid=1000)
Jan 28 21:41:07 archlinux systemd[1]: Stopping PC/SC Smart Card Daemon...
Jan 28 21:41:07 archlinux systemd[1]: pcscd.service: Deactivated successfully.
Jan 28 21:41:07 archlinux systemd[1]: Stopped PC/SC Smart Card Daemon.
Jan 28 21:41:07 archlinux (pcscd)[4689]: pcscd.service: Referenced but unset environment variable evaluates to an empty string: PCSCD_ARGS
Jan 28 21:41:07 archlinux systemd[1]: Started PC/SC Smart Card Daemon.
Jan 28 21:41:07 archlinux sudo[4683]: pam_unix(sudo:session): session closed for user root
Jan 28 21:41:16 archlinux kernel: usb 3-1.3: USB disconnect, device number 9
Jan 28 21:41:17 archlinux pcscd[4689]: 00000000 ccid_usb.c:961:WriteUSB() write failed (3/9): LIBUSB_ERROR_NO_DEVICE
Jan 28 21:41:17 archlinux pcscd[4689]: 00000113 ccid_usb.c:1574:InterruptRead() libusb_submit_transfer failed: LIBUSB_ERROR_NO_DEVICE
Jan 28 21:41:17 archlinux systemd[1421]: Stopped target Smart Card.
Jan 28 21:41:17 archlinux systemd[1]: Stopped target Smart Card.
Jan 28 21:41:18 archlinux kernel: usb 3-1.3: new full-speed USB device number 10 using xhci_hcd
Jan 28 21:41:18 archlinux kernel: usb 3-1.3: New USB device found, idVendor=1050, idProduct=0407, bcdDevice= 5.27
Jan 28 21:41:18 archlinux kernel: usb 3-1.3: New USB device strings: Mfr=1, Product=2, SerialNumber=0
Jan 28 21:41:18 archlinux kernel: usb 3-1.3: Product: YubiKey OTP+FIDO+CCID
Jan 28 21:41:18 archlinux kernel: usb 3-1.3: Manufacturer: Yubico
Jan 28 21:41:18 archlinux kernel: input: Yubico YubiKey OTP+FIDO+CCID as /devices/pci0000:00/0000:00:14.0/usb3/3-1/3-1.3/3-1.3:1.0/0003:1050:0407.000B/input/input37
Jan 28 21:41:18 archlinux kernel: hid-generic 0003:1050:0407.000B: input,hidraw4: USB HID v1.10 Keyboard [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:00:14.0-1.3/input0
Jan 28 21:41:18 archlinux kernel: hid-generic 0003:1050:0407.000C: hiddev99,hidraw5: USB HID v1.10 Device [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:00:14.0-1.3/input1
Jan 28 21:41:18 archlinux mtp-probe[4728]: checking bus 3, device 10: "/sys/devices/pci0000:00/0000:00:14.0/usb3/3-1/3-1.3"
Jan 28 21:41:18 archlinux mtp-probe[4728]: bus: 3, device: 10 was not an MTP device
Jan 28 21:41:18 archlinux systemd[1]: Reached target Smart Card.
Jan 28 21:41:18 archlinux systemd[1421]: Reached target Smart Card.I don't know why and what happened, can anyone tell me how to debug this things?
Kind regards
Last edited by ssr (2024-01-28 15:58:43)
Offline
#2 2024-01-28 14:36:51
- ssr
- Member
- Registered: 2022-03-13
- Posts: 5
Re: [SOLVED] Yubikey doesn't work after reboot system (GnuPG function)
I found some interstring things: after restart pcscd.service, then re-plugging. If it deactivated, gpg can work properly, even without restart gpg services.
Last edited by ssr (2024-01-28 14:46:09)
Offline
#3 2024-01-28 14:50:06
- Coelacanthus
- Member
- Registered: 2022-03-01
- Posts: 2
- Website
Re: [SOLVED] Yubikey doesn't work after reboot system (GnuPG function)
I see "ccid open error" in log. It is only produced when scdaemon tries to use the built-in ccid driver to access the smartcard. So it will be the situation where both scdaemon and pcscd preempt to access smartcard. When you restart pcscd, scdaemon can got and keep access to smart card, so it will works. When system boot, pcscd is a system service but gpg-agent.service is a user service (it even use socket activation), so the former started before the latter.
In gpg 2.4, they changed the default behavior. When you doesn't set "disable-ccid" option in scdaemon, scdaemon won't try pcsc when built-in ccid driver failed. In pre-2.4, it will do. So you need add this option to make scdaemon use pcsc to avoid prempttion.
And there is another preemption: gpg will request exclusive access to pcsc, so it can't access card with fido/piv together at the same time. See also: https://docs.canokeys.org/userguide/ope … on-problem
Offline
#4 2024-01-28 15:27:44
- ssr
- Member
- Registered: 2022-03-13
- Posts: 5
Re: [SOLVED] Yubikey doesn't work after reboot system (GnuPG function)
Thanks Coelacanthus, I tried "disable-ccid" in scdaemon but seems doesn't effect anything.
After 2 hours of debug, I realize that this is how it happened.
After finish boot, pcscd somehow will start, and stay at background. It should auto exit after 60s, but it doesn't. Then, if I stop pcscd services manually after boot, everything will work fine.
But this shouldn't be a solution, I also tried "pcsc-shared" and it's weird, because it seems let me type my password everytime.
Last edited by ssr (2024-01-28 15:30:02)
Offline
#5 2024-01-28 15:56:37
- ssr
- Member
- Registered: 2022-03-13
- Posts: 5
Re: [SOLVED] Yubikey doesn't work after reboot system (GnuPG function)
Ok, I found that I missed a small line in Coelacanthus posts link, after deleting opensc, the problem was solved.
Thanks Coelacanthus again
Offline