[Spice-devel] smartcard usage

william kc at cobradevil.org
Thu Feb 24 08:46:33 PST 2011 

On 02/24/2011 05:09 PM, Alon Levy wrote:
> On Thu, Feb 24, 2011 at 04:28:13PM +0100, william wrote:
>> On 02/24/2011 12:09 PM, Alon Levy wrote:
>>> On Thu, Feb 24, 2011 at 10:17:21AM +0100, kc at cobradevil.org wrote:
>>>> Dear list,
>>>>
>>>> i have tried to get smartcard support running but i'm a bit lost :)
>>>> probably because it's not finished yet.
>>>>
>>>> we have smartcards with certificates like us dod and i would like to use
>>>> those from a client on a remote server for authentication and such.
>>>> I have followed the build instructions:
>>>> http://spice-space.org/page/Building_Instructions on a ubuntu system and
>>>> have managed to get those compiled.
>>>>
>>>> But when i try to start a vm with smartcard passthrough it asks me to give
>>>> a driver name?
>>>>
>>>> ./x86_64-softmmu/qemu-system-x86_64 -chardev
>>>> socket,server,host=0.0.0.0,port=2001,id=ccid,nowait -device
>>>> ccid-card-passthru,chardev=ccid -drive
>>>> file=/var/lib/libvirt/images/test.img,if=ide -soundhw ac97 -L pc-bios
>>>> -nographic -vga qxl -spice port=5930,disable-ticketing  -usbdevice tablet
>>>> -enable-kvm -m 512
>>>>
>>>> do_spice_init: starting 0.6.3
>>>> spice_server_add_interface: SPICE_INTERFACE_KEYBOARD
>>>> spice_server_add_interface: SPICE_INTERFACE_MOUSE
>>>> spice_server_add_interface: SPICE_INTERFACE_QXL
>>>> red_worker_main: begin
>>>> spice_server_add_interface: SPICE_INTERFACE_RECORD
>>>> spice_server_add_interface: SPICE_INTERFACE_PLAYBACK
>>>> qemu-system-x86_64: -device ccid-card-passthru,chardev=ccid: Parameter
>>>> 'driver' expects a driver name
>>>> Try with argument '?' for a list.
>>>>
>>>> Am i starting the vm the right way or am i missing something?
>>> You are doing the right steps with the wrong qemu. To be explicit: qemu hasn't
>>> accepted the patches for the smartcard devices yet, so I don't know where you
>>> got the qemu executable but unless you built it by hand and applied the patches
>>> on the list, or easier used the pull url I provide in the patches I sent (like v20
>>> git://anongit.freedesktop.org/~alon/qemu usb_ccid.v20) you won't have them.
>>>
>>> Alon
>>>
>> Sorry for the priv mail :(
>> i can start the vm now with the usb_ccid.v19  git 20 gives me compile errors
>>
>> ./x86_64-softmmu/qemu-system-x86_64 -chardev
>> socket,server,host=0.0.0.0,port=2001,id=ccid,nowait -device usb-ccid
>> -device ccid-card-passthru,chardev=ccid -drive
>> file=/var/lib/libvirt/images/test.img,if=ide  -soundhw ac97 -L
>> pc-bios -nographic -spice port=5930,disable-ticketing -usbdevice
>> tablet -enable-kvm -m 512 -device
>> virtio-net-pci,vlan=0,id=net0,mac=52:54:00:f4:f5:0b -net user
>> do_spice_init: starting 0.7.3
>> spice_server_add_interface: SPICE_INTERFACE_KEYBOARD
>> spice_server_add_interface: SPICE_INTERFACE_MOUSE
>> spice_server_add_interface: SPICE_INTERFACE_RECORD
>> spice_server_add_interface: SPICE_INTERFACE_PLAYBACK
>> spice_server_add_interface: SPICE_INTERFACE_QXL
>> red_worker_main: begin
>> handle_dev_input: start
>>
>> I also installed spice 0.7.3
>>
>> When starting the spicec client i can connect but how can i share
>> say a local device now through spicec to the guest?
>> On the local client i can run pcsc_scan and it returns my reader and
>> detects my card, would that also be possible on the guest?
>>
> about v20 if you can run make V=1 and post the output?
Nah forget this
i did not switch to v20 that was the problem.
> about the rest, yes, the guest should show the card too using pcsc_scan.
>
> you shouldn't need to be root on the client, but possibly it will work then -
> could you try that? in that case I don't remember exactly what the solution was :(
> but there is one!
ok here is what i see now

- on my local system i have:
#lsusb
Bus 007 Device 008: ID 04e6:5410 SCM Microsystems, Inc. SCR35xx Smart 
Card Reader
#pcsc_scan
PC/SC device scanner
V 1.4.16 (c) 2001-2009, Ludovic Rousseau <ludovic.rousseau at free.fr>
Compiled with PC/SC lite version: 1.5.3
Scanning present readers...
0: SCM SCR 355 00 00

Thu Feb 24 17:36:04 2011
  Reader 0: SCM SCR 355 00 00
   Card state: Card inserted,
   ATR: 3B F9 18 00 00 81 31 FE 45xxxxxxxxxxx

- Now when i start qemu like the following
#./x86_64-softmmu/qemu-system-x86_64 -chardev 
socket,server,host=0.0.0.0,port=2001,id=ccid,nowait -device usb-ccid 
-device ccid-card-passthru,chardev=ccid -drive 
file=/var/lib/libvirt/images/test.img,if=ide  -soundhw ac97 -L pc-bios 
-nographic -spice port=5930,disable-ticketing -usbdevice tablet 
-enable-kvm -m 512 -device 
virtio-net-pci,vlan=0,id=net0,mac=52:54:00:f4:f5:0b -net user

- i see this in my vm after starting spicec with the following options
#spicec -h localhost -p 5930
#lsusb
Bus 001 Device 004: ID 08e6:4433 Gemplus GemPC433-Swap
#pcsc_scan
PC/SC device scanner
V 1.4.16 (c) 2001-2009, Ludovic Rousseau <ludovic.rousseau at free.fr>
Compiled with PC/SC lite version: 1.5.3
Scanning present readers...
0: Gemplus GemPC4433 SL (1) 00 00

Thu Feb 24 17:42:05 2011
  Reader 0: Gemplus GemPC4433 SL (1) 00 00
   Card state: Card removed,


After removing the device from my local machine and starting the vm 
again with the above options it still shows me the gemplus smartcard reader

Any hints from here?

With kind regards

William van de Velde



>> With kind regards
>>
>> William
>>
>>
>>>> With kind regards
>>>>
>>>> William
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Spice-devel mailing list
>>>> Spice-devel at lists.freedesktop.org
>>>> http://lists.freedesktop.org/mailman/listinfo/spice-devel
>> _______________________________________________
>> Spice-devel mailing list
>> Spice-devel at lists.freedesktop.org
>> http://lists.freedesktop.org/mailman/listinfo/spice-devel

More information about the Spice-devel mailing list