From mboxrd@z Thu Jan 1 00:00:00 1970 From: Konrad Rzeszutek Wilk Subject: Re: PKCS#11 passthrough for Smartcards Date: Tue, 17 May 2011 10:06:04 -0400 Message-ID: <20110517140604.GB6816@dumpdata.com> References: <20110517093912.B853321DCB7@mx4-out.mindef.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: <20110517093912.B853321DCB7@mx4-out.mindef.nl> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: J.Witvliet@mindef.nl Cc: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org On Tue, May 17, 2011 at 11:38:56AM +0200, J.Witvliet@mindef.nl wrote: > Hi all, > > As advised, i'll put the message on the devel-list How is KVM doing the pass-through? Is it in QEMU? If so, when we switch over to upstream QEMU (which we are doing now), we should get it automatically I would think. > > Kind regards, Hans > > > -----Original Message----- > From: Joseph Glanville [mailto:joseph.glanville@orionvm.com.au] > Sent: woensdag 11 mei 2011 18:01 > To: Witvliet, J, CDC/IVENT/OPS/I&S/HIN > Cc: xen-users@lists.xensource.com; hwit@a-domani.nl > Subject: Re: [Xen-users] PKCS#11 passthrough for Smartcards > > Hi, > > As far as I am aware this isn't supported - it would require a paravirtualised backend to be possible. I think I have seen you request it a few times and noone is yet to reply. You could try the xen-devel list to see if anyone has been working on one but once again, I doubt it. > Have you had any luck with KVM or the other hypervisors? This seems like a much more "desktop" feature so you might be better off looking at a less server consolidation oriented hypervisor if that makes sense. > > Joseph. > > On 11 May 2011 23:34, wrote: > > > > Hi all, > > > > Someone mentioned today to me, that the "competing virtualisation product" > > is capable of doing PKCS-forwarding towards a virtual client. > > > > So, my question here, does XEN supports PKCS-passthrough? > > As i also need my smartcard locally (on the hypervisor), i can not use > > neither pci nor usb-forwarding.... > > > > > > Hans > > > > Hi Joseph, > > It's strange that in a world that is "conceived as" more insecure, devices like tokens and smartcard are not becoming mainstream. > RedHat can currently do virtualisation af an (USA) CAC-card for their KVM. What is that? > And it looks like a business-case is being made to alter their code to support generic smartcards. Uhhh, so not in the upstream kernel then.