macOS Sequoia and smart cards status

Ludovic Rousseau

2024-10-16 15:38

I will compare this version to the previous one, Sonoma, I presented in macOS Sonoma and smart cards status.

CCID

% grep -A 1 CFBundleShortVersionString /usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/Info.plist
        <key>CFBundleShortVersionString</key>
        <string>1.5.1</string>

My CCID driver has not been updated in macOS since Sonoma. It is still version 1.5.1.

The CCID version 1.5.2 was released in January 2023 but that version was not included by Apple in macOS Sonoma. That was a bit surprising when Sonoma was released in 2023. It is now worrying.

The current/latest version is 1.6.1 released in July 2024. I guess Apple provides my CCID driver as a backup only. They do not plan to invest much time and update to the latest version.

Updated CCID driver

If you need a CCID driver more recent than the version 1.5.1 provided by Apple you can contact me.

Apple Open Source

The Open Source components included in macOS are listed at <https://opensource.apple.com/releases/>

The Open Source components of Sequoia 15.0 are already available.

The component SmartcardCCID-55036 points to the GitHub project apple-oss-distributions/SmartcardCCID. The patch for version 55036 released on September 24th, 2024 for Sequoia compared to version 55033 released on September 22th, 2023 for Sonoma is limited to changes in the way the software is patched by Apple. You can see the difference at SmartcardCCID-55036.

I note that this project on GitHub has 2 forks <https://github.com/apple-oss-distributions/SmartcardCCID/forks>:

classicvalues/SmartcardCCID

One patch applied in the whitesource/configure branch to Add .whitesource configuration file. I do not know what whitesource is. It may be related to an Atlassian service called Mend for Jira Data Center (formerly WhiteSource).

The repository owner is Classic Values described as "Software Development and Design Corporation built by Freelancing Solo-entrepreneur" with more than 5000 projects.
swissbit-eis/SmartcardCCID

This fork is more interesting. Some minor patches have been applied.

One patch is slow down ccid communication and it adds a delay of 10ms on each USB write. I have no idea why. Maybe to allow a slow/bogus swissbit reader to correctly interact with the driver.

The repository owner is Swissbit AG (EIS Division).

This company sells CCID tokens. I already have one in my "should work" list <https://ccid.apdu.fr/select_readers/?idVendor=4976>

Apple CCID driver

As with Sonoma, the driver used by default for CCID smart card readers is a driver written by Apple.

See the chapter "Reader name dynamically generated" from macOS Sonoma and smart cards status to know how I know that. It is related to the reader name reported by PC/SC, for example by pcsctest installed by default on macOS.

If I compare the Info.plist of the usbsmartcardreaderd.slotd with the latest macOS Sonoma I get:

% diff -u /Volumes/Sonoma/System/Library/CryptoTokenKit/usbsmartcardreaderd.slotd//Contents/Info.plist /System/Library/CryptoTokenKit/usbsmartcardreaderd.slotd//Contents/Info.plist
--- /Volumes/Macintosh HD/System/Library/CryptoTokenKit/usbsmartcardreaderd.slotd//Contents/Info.plist      2024-09-05 11:17:41
+++ /System/Library/CryptoTokenKit/usbsmartcardreaderd.slotd//Contents/Info.plist   2024-10-01 06:10:49
@@ -3,7 +3,7 @@
 <plist version="1.0">
 <dict>
    <key>BuildMachineOSBuild</key>
-   <string>22A380019</string>
+   <string>22A380021</string>
    <key>CFBundleDevelopmentRegion</key>
    <string>en</string>
    <key>CFBundleExecutable</key>
@@ -27,21 +27,21 @@
    <key>DTCompiler</key>
    <string>[com.apple](http://com.apple).compilers.llvm.clang.1_0</string>
    <key>DTPlatformBuild</key>
-   <string></string>
+   <string>24A318</string>
    <key>DTPlatformName</key>
    <string>macosx</string>
    <key>DTPlatformVersion</key>
-   <string>14.7</string>
+   <string>15.0</string>
    <key>DTSDKBuild</key>
-   <string>23G1000s</string>
+   <string>24A318</string>
    <key>DTSDKName</key>
-   <string>macosx14.7.internal</string>
+   <string>macosx15.0.internal</string>
    <key>DTXcode</key>
-   <string>1500</string>
+   <string>1600</string>
    <key>DTXcodeBuild</key>
-   <string>15E6079e</string>
+   <string>16A6170g</string>
    <key>LSMinimumSystemVersion</key>
-   <string>14.7</string>
+   <string>15.0</string>
    <key>NSHumanReadableCopyright</key>
    <string>Copyright © 2020 Apple. All rights reserved.</string>
 </dict>

Not very interesting nor informative.

Known bugs

The page listing the bugs I found in Sonoma is available at macOS Sonoma and smart cards: known bugs.

I have not been notified by Apple that a bug has been fixed in Sequoia. So I guess the bugs are still present.

I discovered a new problem with Apple driver: the error returned by SCardConnect() call is "Card is unresponsive."

    % pcsctest
    MUSCLE PC/SC Lite Test Program
    Testing SCardEstablishContext    : Command successful.
    Testing SCardGetStatusChange
    Please insert a working reader   : Command successful.
    Testing SCardListReaders         : Command successful.
    Reader 01: Gemplus USB SmartCard Reader
    Enter the reader number          : 1
    Waiting for card insertion
                                     : Command successful.
    Testing SCardConnect             : Card is unresponsive.

I get this result even if the card is correctly powered. The reader LED is fixed, indicating the card is powered.

I was able to sometimes get the card ATR. Very strange to have such a simple bug unnoticed by QA.

After enabling my CCID driver (see Enable my CCID driver), of course, the problem is fixed.

Conclusion

If you have a smart card issue on macOS Sequoia, my first suggestion is to switch from the Apple driver to my CCID driver and check again.