-
Bug
-
Resolution: Done-Errata
-
Normal
-
rhel-9.4
-
pcsc-lite-1.9.4-2.el9
-
None
-
Critical
-
Rebase
-
1
-
rhel-security-crypto
-
ssg_security
-
13
-
20
-
1
-
QE ack, Dev ack
-
False
-
False
-
-
Yes
-
Red Hat Enterprise Linux
-
Crypto24Q4
-
-
Pass
-
Not Needed
-
Automated
-
Enhancement
-
-
Done
-
None
In order to provide a new feature for PKCS#11 unlocking in Clevis, we need to start pcscd without policy-kit at boot time. At this moment, RHEL9 version of pcsc-lite does not include this option.
We need `--disable-polkit` option to have access to PKCS#11 device at boot time.
The following needs to be verified in order for this epic to be considered complete:
1 - Execute pcscd with --disable-polkit option
2 - pcscd does not dump any error when using --disable-polkit option
3 - Verify pcscd is indeed not using the Policy Kit when using --disable-polkit, and PKCS#11 device can be accessed correctly even though Policy Kit is not available.
- links to
-
RHBA-2024:140385 pcsc-lite bug fix and enhancement update