smart card can't be seen by mac os x guest

[oldmacdude]

Greetings,
I'm running both an El Capitan and a Sierra VM on an El Capitan host and trying to get smart card to work.
All of my searches on the forums show me people having trouble getting the reader to be seen, and that's not my problem. My reader is seen by the VM with no difficulty on both OSes, but the inserted smart card is not seen.
I'm using Thursby Pkard as a driver for the smart card in El Capitan, and Sierra has built in support for smart cards.
The reader has been tested and functions on the host El Capitan with no trouble, and on a Sierra machine with no trouble, so both the smart card and the reader are good.
They also work in a VMware VM trial. Just not in VirtualBox.
Is there some limitation with VirtualBox?

Thank you,
John

[socratis]

Is the card reader an external or an internal one? If external, how does it connect to your Mac?

[oldmacdude]

The card reader is external USB connected.
The VM OS sees the card reader. It will not see the card in the reader.
I've verified that the card and reader are both functional in the host OS, and in a VMware VM.
just not sure why it won't work in the virtual box VM.

[mpack]

Please post a VM log file. With the VM fully shut down, right click and "Show Log" in the GUI, save "VBox.log" (ONLY) to a zip, and attach the zip here.

[oldmacdude]

Log file attached as requested.
Thank you,

[mpack]

I don't see anything wrong in the log. Rather than fight with USB, why not simply access the drive as a shared folder (you need to disable the USB filter if you do this: you can't do both).

[socratis]

A couple of things from the log:

00:00:01.292583 Guest OS type: 'MacOS_64'

You've selected the "generic" OSX option. You should change that to OSX 10.11. VM Settings, General, Basic, Version.

00:00:01.324760 File system of '/Volumes/macinsquash/systemshared/dalyj/VirtualBox VMs/OS X 10.12/OS X 10.10-client2-disk1.vmdk' is hfs

It seems that you've upgraded from a 10.10 guest (no problem). You're using a VMDK file, which makes me wonder; why?
You're running from an external HD. That's OK, but be aware of the data transfer rates, i.e. have at least a USB3 connection. NAS is preferred, but not always available. Or cheap...

00:00:01.509455   VBoxInternal2/EfiGopMode="4"

Nice! I see you've done your homework

00:00:01.282126 Host RAM: 8192MB total, 3300MB available
00:00:01.509999   RamSize           <integer> = 0x0000000080000000 (2 147 483 648, 2 048 MB)

OSX 10.11, 10.12 is going to have a hard time with 2 GB of RAM, but on the other hand, if you take it to 3 GB (3072 MB) you're going to have a hard time with your host. If you can afford it, another 8 GB on your host would work miracles.

00:00:01.827471 SharedFolders host service: Adding host mapping
00:00:01.827484     Host path '/Users/Shared/virtualshared', map name 'virtualshared', writable, automount=true, create_symlinks=false, missing=true

You've added a shared folder (non-existent BTW) to your VM settings. It's useless. OSX guests do not have guest additions, which makes shared folders moot. That goes for sharing the USB reader as well. You can't go that route.

00:00:01.510311 [/Devices/pci/] (level 2)

Any particular reason for using the "PIIX3" chipset vs. the required "ICH9"? Coupled with the use of VMDK, it leads me to believe that you followed some guide/blog somewhere. I would change it to the recommended ICH9. Mainly for future VirtualBox compatibility.

Now, to your USB card reader problem. You have two options:

1. Network shares: You enable file sharing in your host. You add the USB card reader. From the guest you browse the network and connect to the USB share. You can use this method for simple file transfers only.
2. USB filters: You enable a USB filter in your VM settings (if you haven't done so already). This mode maybe required if whatever program needs access to the card reader, has to see a card reader.
   With the USB device plugged in and the VM not running, open the Terminal (/Applications/Utilities/) and post the output of the following commands:

       VBoxManage list usbhost
       VBoxManage showvminfo "Your_Virtual_Machine_Name"

[oldmacdude]

Thank you for the responses.
I've adjusted the settings as requested, but it did not fix the issue.

I need to clarify, the smart card reader is not for reading a camera card, but for reading a smartcard for authentication, like a yubikey or a gemalto smartcard. I can't share it like a hard drive.

The SCM Microsystems Inc. SCR35xx v2.0 USB SC Reader [0204] is the one that gets used by the VM.

The results of the commands:

Code: Select all

siriuscybernetics:~ dalyj$ VBoxManage list usbhost
Host USB Devices:

UUID:               e160d2ea-b9bb-4cbf-a22b-d9e599b806e4
VendorId:           0x09eb (09EB)
ProductId:          0x0131 (0131)
Revision:           1.16 (0116)
Port:               1
USB version/speed:  0/Low
Manufacturer:       Generic
Product:            USB
Address:            p=0x0131;v=0x09eb;s=0x0000000060574ece;l=0xfa210000
Current State:      Busy

UUID:               1d90c107-6a84-493e-84af-22581ba57bad
VendorId:           0x05ac (05AC)
ProductId:          0x921c (921C)
Revision:           1.21 (0121)
Port:               2
USB version/speed:  0/Full
Manufacturer:       Apple Computer, Inc.
Product:            Apple Cinema HD Display
Address:            p=0x921c;v=0x05ac;s=0x000049cb8a6a5f67;l=0xfa222000
Current State:      Busy

UUID:               30bdfc98-1ecf-4b8a-a788-aaf7827ec38d
VendorId:           0x05ac (05AC)
ProductId:          0x8215 (8215)
Revision:           2.8 (0208)
Port:               1
USB version/speed:  0/Full
Manufacturer:       Apple Inc.
Product:            Bluetooth USB Host Controller
SerialNumber:       B8F6B13A9BB3
Address:            p=0x8215;v=0x05ac;s=0x000000007abde402;l=0x5a110000
Current State:      Available

UUID:               d3eff662-745f-48a0-804d-53e455bd0201
VendorId:           0x04e6 (04E6)
ProductId:          0xe001 (E001)
Revision:           5.24 (0524)
Port:               3
USB version/speed:  0/Full
Manufacturer:       SCM Microsystems Inc.
Product:            SCRx31 USB Smart Card Reader
SerialNumber:       21120650222609
Address:            p=0xe001;v=0x04e6;s=0x000049cb7de7fb68;l=0xfa230000
Current State:      Available

UUID:               c05c2e70-7059-4e20-9747-82443557a2dc
VendorId:           0x04e6 (04E6)
ProductId:          0x5410 (5410)
Revision:           2.4 (0204)
Port:               1
USB version/speed:  0/Full
Manufacturer:       SCM Microsystems Inc.
Product:            SCR35xx v2.0 USB SC Reader
Address:            p=0x5410;v=0x04e6;s=0x000052aa5b19eda2;l=0x5d100000
Current State:      Available

UUID:               eae46305-9a35-4a38-81b7-c66862160fbb
VendorId:           0x04e6 (04E6)
ProductId:          0x5116 (5116)
Revision:           3.4 (0304)
Port:               2
USB version/speed:  0/Full
Manufacturer:       SCM Microsystems
Product:            SCR33xx v2.0 USB SC Reader
Address:            p=0x5116;v=0x04e6;s=0x00000e85e82842f5;l=0x3a200000
Current State:      Available

Code: Select all

siriuscybernetics:~ dalyj$ VBoxManage showvminfo "OS X 10.12"
Name:            OS X 10.12
Groups:          /
Guest OS:        Mac OS X 10.11 El Capitan (64-bit)
UUID:            eb67945a-3db5-471d-932b-9d0a31fb7161
Config file:     /Volumes/macinsquash/systemshared/dalyj/VirtualBox VMs/OS X 10.12/OS X 10.12.vbox
Snapshot folder: /Volumes/macinsquash/systemshared/dalyj/VirtualBox VMs/OS X 10.12/Snapshots
Log folder:      /Volumes/macinsquash/systemshared/dalyj/VirtualBox VMs/OS X 10.12/Logs
Hardware UUID:   eb67945a-3db5-471d-932b-9d0a31fb7161
Memory size:     2048MB
Page Fusion:     off
VRAM size:       128MB
CPU exec cap:    100%
HPET:            on
Chipset:         ich9
Firmware:        EFI
Number of CPUs:  2
PAE:             on
Long Mode:       on
Triple Fault Reset: off
APIC:            on
X2APIC:          off
CPUID Portability Level: 0
CPUID overrides: None
Boot menu mode:  message and menu
Boot Device (1): DVD
Boot Device (2): HardDisk
Boot Device (3): Not Assigned
Boot Device (4): Not Assigned
ACPI:            on
IOAPIC:          on
BIOS APIC mode:  APIC
Time offset:     0ms
RTC:             UTC
Hardw. virt.ext: on
Nested Paging:   on
Large Pages:     on
VT-x VPID:       on
VT-x unr. exec.: on
Paravirt. Provider: Legacy
Effective Paravirt. Provider: Minimal
State:           powered off (since 2016-10-13T21:35:46.124000000)
Monitor count:   1
3D Acceleration: on
2D Video Acceleration: off
Teleporter Enabled: off
Teleporter Port: 0
Teleporter Address: 
Teleporter Password: 
Tracing Enabled: off
Allow Tracing to Access VM: off
Tracing Configuration: 
Autostart Enabled: off
Autostart Delay: 0
Default Frontend: 
Storage Controller Name (0):            SATA
Storage Controller Type (0):            IntelAhci
Storage Controller Instance Number (0): 0
Storage Controller Max Port Count (0):  30
Storage Controller Port Count (0):      2
Storage Controller Bootable (0):        on
SATA (0, 0): /Volumes/macinsquash/systemshared/dalyj/VirtualBox VMs/OS X 10.12/OS X 10.10-client2-disk1.vmdk (UUID: 1494838f-b24a-492e-8e47-4896363cd657)
SATA (1, 0): Empty
NIC 1:           MAC: 08002799F15A, Attachment: NAT Network 'internalnet', Cable connected: on, Trace: off (file: none), Type: 82545EM, Reported speed: 0 Mbps, Boot priority: 0, Promisc Policy: deny, Bandwidth group: none
NIC 2:           MAC: 0800270BBA41, Attachment: NAT, Cable connected: off, Trace: off (file: none), Type: 82545EM, Reported speed: 0 Mbps, Boot priority: 0, Promisc Policy: deny, Bandwidth group: none
NIC 2 Settings:  MTU: 0, Socket (send: 64, receive: 64), TCP Window (send:64, receive: 64)
NIC 3:           disabled
NIC 4:           disabled
NIC 5:           disabled
NIC 6:           disabled
NIC 7:           disabled
NIC 8:           disabled
NIC 9:           disabled
NIC 10:           disabled
NIC 11:           disabled
NIC 12:           disabled
NIC 13:           disabled
NIC 14:           disabled
NIC 15:           disabled
NIC 16:           disabled
NIC 17:           disabled
NIC 18:           disabled
NIC 19:           disabled
NIC 20:           disabled
NIC 21:           disabled
NIC 22:           disabled
NIC 23:           disabled
NIC 24:           disabled
NIC 25:           disabled
NIC 26:           disabled
NIC 27:           disabled
NIC 28:           disabled
NIC 29:           disabled
NIC 30:           disabled
NIC 31:           disabled
NIC 32:           disabled
NIC 33:           disabled
NIC 34:           disabled
NIC 35:           disabled
NIC 36:           disabled
Pointing Device: USB Tablet
Keyboard Device: USB Keyboard
UART 1:          disabled
UART 2:          disabled
UART 3:          disabled
UART 4:          disabled
LPT 1:           disabled
LPT 2:           disabled
Audio:           enabled (Driver: CoreAudio, Controller: HDA, Codec: STAC9221)
Clipboard Mode:  disabled
Drag and drop Mode: disabled
VRDE:            disabled
USB:             enabled
EHCI:            enabled
XHCI:            disabled

USB Device Filters:

Index:            0
Active:           yes
Name:             SCM Microsystems Inc. SCRx31 USB Smart Card Reader [0518]
VendorId:         04e6
ProductId:        e001
Revision:         
Manufacturer:     
Product:          
Remote:           
Serial Number:    

Index:            1
Active:           yes
Name:             SCM Microsystems Inc. SCR35xx v2.0 USB SC Reader [0204]
VendorId:         04e6
ProductId:        5410
Revision:         0204
Manufacturer:     SCM Microsystems Inc.
Product:          SCR35xx v2.0 USB SC Reader
Remote:           0
Serial Number:    

Bandwidth groups:  <none>

Shared folders:  

Name: 'virtualshared', Host path: '/Users/Shared/virtualshared' (machine mapping), writable

Video capturing:    not active
Capture screens:    0
Capture file:       /Volumes/macinsquash/systemshared/dalyj/VirtualBox VMs/OS X 10.12/OS X 10.12.webm
Capture dimensions: 1024x768
Capture rate:       512 kbps
Capture FPS:        25

Guest:

Configured memory balloon size:      0 MB

Thank you,
John

[socratis]

OK, you're close, we're getting there. Filter looks (almost) OK. The procedure, I'm not sure:

• Edit your filter and delete all the values except Name, VendorID, ProductID. Make sure there is no residual "spaces" (" ") in the remaining fields.
• Unplug the card reader. Start the VM. Log in. Plug the card reader.

[oldmacdude]

Ok,
Thank you,
I went ahead and set the filter as mentioned, with the same results.

it tells me the token in the reader cannot be used due to an error 229 (which is apparently a pretty generic "something isn't working." error)

Thank you again,
John

[socratis]

You talked only about the filters. I will assume that you plugged the USB after you logged in the VM. This is vital.

Can you post the exact error message? Attach a screenshot if you have to...

[oldmacdude]

Thank you again,
Yes, I plugged it in after the VM was launched. Otherwise, the host OS captures it and the VM can't see it.
the exact messages are from the guest OS logs.

client1:MacOS user$ security export-smartcard
security: SecItemCopyMatching: ffff9d2c (-24300) - The specified item could not be found in the keychain.

from the logs:
securityd CSSM Exception: 229 CSSM_ERRCODE_DEVICE_FAILED
securityd token in reader SCM Microsystems Inc. SCR 355 cannot be used (error 229)

I would think it was a problem with the guest OS, since the reader is seen, and it's just the smartcard that isn't working, but it seems to work when running an identical VM on the VMware trial version.
I am still hunting up possible solutions down that avenue as well though.

Thanks again,
John

[socratis]

Can you do me a favor and enable the xHCI controller in the VM settings, Ports, USB?

[oldmacdude]

woohoo!
Socratis, you are a genius. That worked.

Thank you!
John

Now to figure out how to get freeipa in VM to use smartcard authentication with my VM mac client.

[socratis]

I remember reading a developer's comments that even if you have a USB2 device, even if your host supports only USB2, enabling the USB3 controller (if your guest supports it) might actually be better. I thought you'd give it a shot. Glad it worked!