Mac OSX Sonoma and higher

Smart Card Reader Issues Tracker for Sonoma

Issue installation after reboot

On MacOS we make use of the launcd service to automatically start the Trust1Connector upon startup of the machine. In some cases where users have installed certain antivirus or antimalware software it will prevent launchd services to startup immediately. The reason here being that the antimalware or antivirus software should be the first that start up so it can controll the launchd services.

In this case the Trust1Connector will not be started and will receive an error on the launchd.

This can be solved to add a KeepAlive flag in the launchd service.

Update the launchd plist file

Go to the LaunchAgents folder and unload the Trust1Connector service

cd ~/Library/LaunchAgents
launchctl unload com.t1t.t1c.api.plist

Then open this plist file in a text editor and add the keepalive flag under the RunAtLoad flag.

...
 <key>RunAtLoad</key>
 <true/>
 <key>KeepAlive</key>
 <true/>
...

Then save this and reload the service

launchctl load com.t1t.t1c.api.plist

after this you should restart your computer.

Smart-card issue

Quick fix

A short fix for Mac Sonoma, more details below in the section 'Overview'.

Execute the following steps:

1. Open a Mac Terminal

2. Execute command: sudo defaults write /Library/Preferences/com.apple.security.smartcard useIFDCCID -bool yes

3. Unplug smart card reader from USB port

4. Restart Mac

5. Plug smart card reader back in USB port

The fix has been applied and you should be able to sign a document or authenticate

Overview

Starting from OSX Sonoma, smart card readers for Mac can fail for the following use cases:

• detect card reader

• execute transaction (digital signature or authentication)

The general end-user experience is that the smart card communication fails (card reader disseappears or the transaction fails).

A very great shout-out to Ludovic Rousseau who initially did a follow-up on impact of smart card readers in Sonoma:

macOS Sonoma and smart cards statusLudovic Rousseau's blog

Reported Bug to Mac OSX:

macOS Sonoma bug: SCardControl() returns SCARD_E_NOT_TRANSACTEDLudovic Rousseau's blog

OSX Forum

MacOS 14 (Sonoma) Smart Card Reade… | Apple Developer Forums

Solution

The initial solution prior to 11/2023 was very elaborate, but was made easy by applying a single command in a MAC OSX terminal:

sudo defaults write /Library/Preferences/com.apple.security.smartcard useIFDCCID -bool yes

What does the command execute/change?

The command switches the MAC OSX implementation of the CCID drivers to the legacy version (the version working prior to Sonoma).

As MAC OSX defaults using a custom CCID implementation, which still have some issues, switching to the old version is a temporary stolution.

How to roll-back to MAC OSX CCID implementation?

Form a specific moment (not at the time of writing), switching back to the default CCID implementation can be done using the following commands (in a terminal):

Check if the built-in Apple CCID driver is active

defaults read /Library/Preferences/com.apple.security.smartcard.plist useIFDCCID

If the former command results in:

he domain/default pair of (/Library/Preferences/com.apple.security.smartcard.plist, useIFDCCID) does not exist

This means that the built-in Apple driver is active.

The result is 1 so the "external" (non-Apple) CCID driver is enabled.

Returning back to default, execute:

sudo defaults write /Library/Preferences/com.apple.security.smartcard useIFDCCID -bool no

After executing a driver switch, we have noticed that a restart is mandatory!

You need to unplug your smart card reader from the USB port, and plug it back in after restarting