macOS Sonoma and smart cards status

Sonoma (macOS 14.0) is now available since September 26th, 2023.

I will compare this version to the previous one, Ventura, I presented in macOS Ventura and smart cards status.

/images/2023/09/macOS-Sonoma.jpg

CCID

 % grep -A 1 CFBundleShortVersionString /usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/Info.plist
                 <key>CFBundleShortVersionString</key>
                 <string>1.5.1</string>

The CCID driver has been updated from 1.5.0 in Ventura to 1.5.1 in Sonoma.

The CCID version 1.5.2 was released in January 2023 but that version has not (yet) been included by Apple in macOS. That is a bit surprising.

Updated CCID driver

If you need a CCID driver more recent than the version 1.5.1 provided by Apple you can contact me.

Apple Open Source

The Open Source components included in macOS are listed at https://opensource.apple.com/releases/

The Open Source components of Sonoma 14.0 are not yet listed. I will publish a new blog article once the Open Source page is updated to include Sonoma. It will be very informative to know what patches Apple applied regarding the bugs introduced in Sonoma.

Crypto Token Kit

My Objective-C sample "PC/SC" sample in Objective-C (synchronous) still builds and works fine.

Reader name dynamically generated

The smart card reader name returned by Crypto Token Kit API or PC/SC API is no more the name contained in the CCID driver configuration file /usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/Info.plist.

For example with my old Gemplus GemPC Key.

  • This device has an USB Product ID of 0x3438

  • The name in the CCID driver Info.plist file is: "Gemalto USB Shell Token V2"

 % grep 0x3438 ccid-1.5.2/readers/supported_readers.txt
 0x08E6:0x3438:Gemalto USB Shell Token V2
 #0x08E6:0x3438:Gemalto USB Shell Token V2 (GemPCKey.txt)
 #0x08E6:0x3438:Gemalto IDBridge K30 (Gemalto_IDBridge_K30.txt)

But the reader name returned by the PC/SC layer is: "Gemplus USB SmartCard Reader" and not the expected "Gemalto USB Shell Token V2".

I searched a bit to understand where this name comes from. And I found. This name comes from the reader itself. The USB specification defines 2 fields iManufacturer and iProduct. This information is visible using the parse tool included in the CCID driver archive.

 % ./ccid-1.5.2/src/parse
 Parsing USB bus/device: 08E6:3438 (bus 0, device 1)
  idVendor:  0x08E6  iManufacturer: Gemplus
  idProduct: 0x3438  iProduct: USB SmartCard Reader
   Found a CCID/ICCD device at interface 0
  idVendor: 0x08E6
   iManufacturer: Gemplus
  idProduct: 0x3438
   iProduct: USB SmartCard Reader
  bcdDevice: 1.00 (firmware release?)
 [...]

I have this behavior only with the CCID driver provided by Apple with macOS Sonoma. I do not get this behavior if I use a custom driver.

The reader name is not generated by the CCID driver, but by the smart card layer above the drivers (it would be pcscd on GNU/Linux).

Know bugs

I found smart card related bugs in Sonoma.

I will open an new blog page to list and track them. The same kind of page I made for macOS High Sierra and smart cards: known bugs in 2018.

[UPDATE Nov 2023] the page listing the bugs I found in Sonoma is now available at macOS Sonoma and smart cards: known bugs.

Conclusion

Apple made changes in the smart card layer in Sonoma, and introduced some bugs.

I hope the bugs will be fixed soon.