HSM not found on Manjaro

Heya!

I just received my Nirtokey HSM 2 today but I failed at initializing it.
opensc 0.21.0-1 is installed as stated in the getting started section.

But when I do a “opensc-tool -l” I get “No smart card readers found”.
So I switched to root in case there are some permission problems.
Same result.

The HSM shows up with “lsusb” as “Clay Logic Nitrokey HSM”.
When I connect it the red LED gives a single red flash.

The initialization fails with “Failed to connect to card:Success”.
So my mission so far has failed successfully.

Any suggestions are appreciated!

The recommended way to diagnose problems on Linux is

1. Make sure the token shows up in sudo lsusb
2. Stop the pcscd and restart with pcscd -a -d -f in the foreground. That way you can follow, if there are errors when interfacing with the token via CCID
3. Run sc-hsm-tool to show details. You should then see activity in the pcscd output.

Quite often the problem is a missing pcscd install. pcscd is the smart card reader daemon that makes access to user processes possible, without direct access to USB.

Hey, thanks for the answer.

1. ‘sudo lsusb’ shows ‘Bus 001 Device 011: ID 20a0:4230 Clay Logic Nitrokey HSM’

2. stopped and started in foreground, so far so good but

3. sc-hsm-tool does generate an output on pcscd but it’s not helpful to me

   34217786 [140008252804096] winscard_msg_srv.c:256:ProcessEventsServer() Common channel packet arrival
   00000041 [140008252804096] winscard_msg_srv.c:267:ProcessEventsServer() ProcessCommonChannelRequest detects: 7
   00000011 [140008252804096] pcscdaemon.c:133:SVCServiceRunLoop() A new context thread creation is requested: 7
   00000104 [140008244405824] winscard_svc.c:340:ContextThread() Authorized PC/SC client
   00000014 [140008244405824] winscard_svc.c:343:ContextThread() Thread is started: dwClientID=7, threadContext @0x55b9a1fb2570
   00000016 [140008244405824] winscard_svc.c:361:ContextThread() Received command: CMD_VERSION from client 7
   00000016 [140008244405824] winscard_svc.c:373:ContextThread() Client is protocol version 4:4
   00000010 [140008244405824] winscard_svc.c:396:ContextThread() CMD_VERSION rv=0x0 for client 7
   00000073 [140008244405824] winscard_svc.c:361:ContextThread() Received command: ESTABLISH_CONTEXT from client 7
   00000015 [140008244405824] winscard.c:215:SCardEstablishContext() Establishing Context: 0x15B9DE76
   00000005 [140008244405824] winscard_svc.c:461:ContextThread() ESTABLISH_CONTEXT rv=0x0 for client 7
   00000054 [140008244405824] winscard_svc.c:361:ContextThread() Received command: CMD_GET_READERS_STATE from client 7
   00010698 [140008244405824] winscard_svc.c:361:ContextThread() Received command: RELEASE_CONTEXT from client 7
   00000032 [140008244405824] winscard.c:229:SCardReleaseContext() Releasing Context: 0x15B9DE76
   00000014 [140008244405824] winscard_svc.c:476:ContextThread() RELEASE_CONTEXT rv=0x0 for client 7
   00000113 [140008244405824] winscard_svc.c:354:ContextThread() Client die: 7
   00000095 [140008244405824] winscard_svc.c:1061:MSGCleanupClient() Thread is stopping: dwClientID=7, threadContext @0x55b9a1fb2570
   00000016 [140008244405824] winscard_svc.c:1069:MSGCleanupClient() Freeing SCONTEXT @0x55b9a1fb2570

   sudo sc-hsm-tool
   No smart card readers found.
   Failed to connect to card: Success

It doesn’t seem to interact with the HSM at all

Are you trying this as root or a normal user? If it works as root but not as a normal user - it is possible that your pcscd is compiled with policy kit support and you have to create a policy to allow non-root users to use HSM.

I tried as both already

Seems that PCSC does not detect the device.

1. Make sure libccid is installed
2. Locate libccid.so on your system. There should be a Info.plist anywhere close (directory up or in etc/libccid_Info.plist.
3. Make sure that the USB vendor and product id is listed in Info.plist

Maybe installing Udev rules will help? This should be possible automatically with installing libnitrokey3 package.
Related:

• https://docs.nitrokey.com/fido2/linux/index.html#troubleshooting
• https://www.nitrokey.com/documentation/frequently-asked-questions-faq#latest-device-driver-missing-on-older-linux-distribution

Can you start pcscd -adf and post the output of it when you are inserting the device?