[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] PKCS#11 passthrough for Smartcards

On Tue, May 17, 2011 at 11:38:56AM +0200, J.Witvliet@xxxxxxxxx wrote:
> Hi all,
> As advised, i'll put the message on the devel-list

How is KVM doing the pass-through? Is it in QEMU? If so, when we switch
over to upstream QEMU  (which we are doing now), we should get it
automatically I would think.

> Kind regards, Hans
> -----Original Message-----
> From: Joseph Glanville [mailto:joseph.glanville@xxxxxxxxxxxxxx]
> Sent: woensdag 11 mei 2011 18:01
> To: Witvliet, J, CDC/IVENT/OPS/I&S/HIN
> Cc: xen-users@xxxxxxxxxxxxxxxxxxx; hwit@xxxxxxxxxxx
> Subject: Re: [Xen-users] PKCS#11 passthrough for Smartcards
> Hi,
> As far as I am aware this isn't supported - it would require a 
> paravirtualised backend to be possible. I think I have seen you request it a 
> few times and noone is yet to reply. You could try the xen-devel list to see 
> if anyone has been working on one but once again, I doubt it.
> Have you had any luck with KVM or the other hypervisors? This seems like a 
> much more "desktop" feature so you might be better off looking at a less 
> server consolidation oriented hypervisor if that makes sense.
> Joseph.
> On 11 May 2011 23:34,  <J.Witvliet@xxxxxxxxx> wrote:
> >
> > Hi all,
> >
> > Someone mentioned today to me, that the "competing virtualisation product"
> > is capable of doing PKCS-forwarding towards a virtual client.
> >
> > So, my question here, does XEN supports PKCS-passthrough?
> > As i also need my smartcard locally (on the hypervisor), i can not use 
> > neither pci nor usb-forwarding....
> >
> >
> > Hans
> >
> Hi Joseph,
> It's strange that in a world that is "conceived as" more insecure, devices 
> like tokens and smartcard are not becoming mainstream.
> RedHat can currently do virtualisation af an (USA) CAC-card for their KVM.

What is that?

> And it looks like a business-case is being made to alter their code to 
> support generic smartcards.

Uhhh, so not in the upstream kernel then.

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.