|
Dell M65
 |
Dell-M65 /
TPMDell M65 - Security HardwareOne major point in looking at this machine was to investigate the integration of fingerprint reader, smartcard reader and TPM chip for Linux compatibility. It is hoped that at some point this system can be used as a test system connected to the new NHS IT framework. The smartcard reader is therefore essential, and the other two facilities highly desirable. At present, however, we have failed to make much progress. Broadcom TPMDescription: Broadcom TPM Device Device ID: ACPI\BCM0102\4&25E2FF18&0 This is supported by the current kernel. TODO: Describe what this is, what it can do, and how we might be able to use it. Things to do with /dev/tpm0
TrouSerS compiles cleanly. Have not yet managed to get the daemon to run, though!
This then provides you with the following tools:
O2-Micro Oz776 SmartCard ReaderAs far as I can tell, there are THREE methods to get your smartcard working under Linux : So far, I have PARTIALLY got things to work.
* Compile > ./compile --enable-udev > make > make install > ./src/parse > ccid.txt the driver source code for the O2 Micro Card Reader v1.2.1 or higher. 2. Install your choice of SmartCard daemon * libpcsclite v1.4.0 /etc/reader.conf * libchipcard v3 Not Configured Yet! * OpenCT Not Configured Yet! 3. Use your new hardware with a smartcard! pcsc will give you a log message along the lines of May 3 23:52:42 [pcscd] Card ATR: 0C 88 65 36 5C 65 14 8D B5 3E 47 D9 20 11 9F 90 What we do next - I havent worked out yet! Sorry. :-) 4. HOWEVER, there I do have an ongoing page about using NHS-Smartcards.Index. > lsusb -v Bus 003 Device 004: ID 0b97:7762 O2 Micro, Inc. Oz776 SmartCard Reader Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 1.10 bDeviceClass 0 (Defined at Interface level) bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 64 idVendor 0x0b97 O2 Micro, Inc. idProduct 0x7762 Oz776 SmartCard Reader bcdDevice 1.10 iManufacturer 1 O2 iProduct 2 O2Micro CCID SC Reader iSerial 0 bNumConfigurations 1 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 93 bNumInterfaces 1 bConfigurationValue 1 iConfiguration 0 bmAttributes 0xe0 Self Powered Remote Wakeup MaxPower 0mA Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 0 bAlternateSetting 0 bNumEndpoints 3 bInterfaceClass 11 Chip/SmartCard bInterfaceSubClass 0 bInterfaceProtocol 0 iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x03 EP 3 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0040 1x 64 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x82 EP 2 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0040 1x 64 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x81 EP 1 IN bmAttributes 3 Transfer Type Interrupt Synch Type None Usage Type Data wMaxPacketSize 0x0003 1x 3 bytes bInterval 255 UNRECOGNIZED: 36 21 00 01 00 07 03 00 00 00 a0 0f 00 00 a0 0f 00 00 00 80 25 00 00 00 b0 04 00 00 fe 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 0f 01 00 00 00 00 00 00 00 01 cannot read device status, Protocol error (71) Fingerprint Reader UPEK/SGS Thompson Microelectronics TouchChip TFM/ESS Fingerprint BSP > lsusb -v Bus 003 Device 003: ID 0483:2016 SGS Thomson Microelectronics Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 1.00 bDeviceClass 0 (Defined at Interface level) bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 8 idVendor 0x0483 SGS Thomson Microelectronics idProduct 0x2016 bcdDevice 0.01 iManufacturer 1 STMicroelectronics iProduct 2 Biometric Coprocessor iSerial 0 bNumConfigurations 1 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 39 bNumInterfaces 1 bConfigurationValue 1 iConfiguration 0 bmAttributes 0xa0 Remote Wakeup MaxPower 100mA Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 0 bAlternateSetting 0 bNumEndpoints 3 bInterfaceClass 255 Vendor Specific Class bInterfaceSubClass 0 bInterfaceProtocol 0 iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x81 EP 1 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0040 1x 64 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x02 EP 2 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0040 1x 64 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x83 EP 3 IN bmAttributes 3 Transfer Type Interrupt Synch Type None Usage Type Data wMaxPacketSize 0x0004 1x 4 bytes bInterval 20 There have been recorded instances, under both Linux and Windows, of the TouchChip overheating - and when it did so, I could not reboot and log in with a finger swipe. Turning off the machine and allowing to cool before a reboot worked. So did an unknown update I did later, as I no longer get this problem...[1] So far, I have only got first stage booting to work. In theory, it should be possible to pass the authentication token to Linux, as you can under Windows. Not played with this yet - I do not yet know how to access it under Linux. Help would be appreciated. Fortunately, there is a UPEK Linux driver for this device. * Install the Official BioAPI or the patched BioAPI framework. * Obtain the TFM/ESS BSP for Linux (Biometric Service Provider). Install. Closed Source. * ThinkFinger is an OpenSource suite for utilising the TouchChip, and integrated with PAM. So, what's the point? More pages will appear, linked from here, as I get time to work out how to do things! Recipies, hints, tips and suggestions gratefully received. * Encrypted Home Directory (or part of).
* Integration with Grub / Lilo / Other. - to be put in the Grimoire.Index
* Smartcards with gpg - scdaemon
1. TouchChip still overheating on an intermittant basis. I can find no pattern to the occurrances. There also seems to be an issue with the device being recognised/registered as a USB device, as it appears/disappears all the time.
       |