This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] PKCS#11 passthrough for Smartcards

To: J.Witvliet@xxxxxxxxx
Subject: Re: [Xen-devel] PKCS#11 passthrough for Smartcards
From: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
Date: Tue, 17 May 2011 10:06:04 -0400
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 17 May 2011 07:07:01 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20110517093912.B853321DCB7@xxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <20110517093912.B853321DCB7@xxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.21 (2010-09-15)
On Tue, May 17, 2011 at 11:38:56AM +0200, J.Witvliet@xxxxxxxxx wrote:
> Hi all,
> As advised, i'll put the message on the devel-list

How is KVM doing the pass-through? Is it in QEMU? If so, when we switch
over to upstream QEMU  (which we are doing now), we should get it
automatically I would think.

> Kind regards, Hans
> -----Original Message-----
> From: Joseph Glanville [mailto:joseph.glanville@xxxxxxxxxxxxxx]
> Sent: woensdag 11 mei 2011 18:01
> To: Witvliet, J, CDC/IVENT/OPS/I&S/HIN
> Cc: xen-users@xxxxxxxxxxxxxxxxxxx; hwit@xxxxxxxxxxx
> Subject: Re: [Xen-users] PKCS#11 passthrough for Smartcards
> Hi,
> As far as I am aware this isn't supported - it would require a 
> paravirtualised backend to be possible. I think I have seen you request it a 
> few times and noone is yet to reply. You could try the xen-devel list to see 
> if anyone has been working on one but once again, I doubt it.
> Have you had any luck with KVM or the other hypervisors? This seems like a 
> much more "desktop" feature so you might be better off looking at a less 
> server consolidation oriented hypervisor if that makes sense.
> Joseph.
> On 11 May 2011 23:34,  <J.Witvliet@xxxxxxxxx> wrote:
> >
> > Hi all,
> >
> > Someone mentioned today to me, that the "competing virtualisation product"
> > is capable of doing PKCS-forwarding towards a virtual client.
> >
> > So, my question here, does XEN supports PKCS-passthrough?
> > As i also need my smartcard locally (on the hypervisor), i can not use 
> > neither pci nor usb-forwarding....
> >
> >
> > Hans
> >
> Hi Joseph,
> It's strange that in a world that is "conceived as" more insecure, devices 
> like tokens and smartcard are not becoming mainstream.
> RedHat can currently do virtualisation af an (USA) CAC-card for their KVM.

What is that?

> And it looks like a business-case is being made to alter their code to 
> support generic smartcards.

Uhhh, so not in the upstream kernel then.

Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>