From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: J.Witvliet@mindef.nl
Cc: xen-devel@lists.xensource.com
Subject: Re: PKCS#11 passthrough for Smartcards
Date: Tue, 17 May 2011 10:06:04 -0400 [thread overview]
Message-ID: <20110517140604.GB6816@dumpdata.com> (raw)
In-Reply-To: <20110517093912.B853321DCB7@mx4-out.mindef.nl>
On Tue, May 17, 2011 at 11:38:56AM +0200, J.Witvliet@mindef.nl wrote:
> Hi all,
>
> As advised, i'll put the message on the devel-list
How is KVM doing the pass-through? Is it in QEMU? If so, when we switch
over to upstream QEMU (which we are doing now), we should get it
automatically I would think.
>
> Kind regards, Hans
>
>
> -----Original Message-----
> From: Joseph Glanville [mailto:joseph.glanville@orionvm.com.au]
> Sent: woensdag 11 mei 2011 18:01
> To: Witvliet, J, CDC/IVENT/OPS/I&S/HIN
> Cc: xen-users@lists.xensource.com; hwit@a-domani.nl
> Subject: Re: [Xen-users] PKCS#11 passthrough for Smartcards
>
> Hi,
>
> As far as I am aware this isn't supported - it would require a paravirtualised backend to be possible. I think I have seen you request it a few times and noone is yet to reply. You could try the xen-devel list to see if anyone has been working on one but once again, I doubt it.
> Have you had any luck with KVM or the other hypervisors? This seems like a much more "desktop" feature so you might be better off looking at a less server consolidation oriented hypervisor if that makes sense.
>
> Joseph.
>
> On 11 May 2011 23:34, <J.Witvliet@mindef.nl> wrote:
> >
> > Hi all,
> >
> > Someone mentioned today to me, that the "competing virtualisation product"
> > is capable of doing PKCS-forwarding towards a virtual client.
> >
> > So, my question here, does XEN supports PKCS-passthrough?
> > As i also need my smartcard locally (on the hypervisor), i can not use
> > neither pci nor usb-forwarding....
> >
> >
> > Hans
> >
>
> Hi Joseph,
>
> It's strange that in a world that is "conceived as" more insecure, devices like tokens and smartcard are not becoming mainstream.
> RedHat can currently do virtualisation af an (USA) CAC-card for their KVM.
What is that?
> And it looks like a business-case is being made to alter their code to support generic smartcards.
Uhhh, so not in the upstream kernel then.
prev parent reply other threads:[~2011-05-17 14:06 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-17 9:38 PKCS#11 passthrough for Smartcards J.Witvliet
2011-05-17 14:06 ` Konrad Rzeszutek Wilk [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110517140604.GB6816@dumpdata.com \
--to=konrad.wilk@oracle.com \
--cc=J.Witvliet@mindef.nl \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).