search

Yubico / yubikey-piv-manager

Tool for configuring your PIV-enabled YubiKey
https://developers.yubico.com/yubikey-piv-manager/
GNU General Public License v3.0
39 stars 7 forks source link

PIV Manager: VMWare - Windows 10 Apr '18 Guest on Ubuntu 18.04LTS YubiKey Not Recognized by Default #41

Closed chrisarm closed 6 years ago

chrisarm commented 6 years ago

The YubiKey was being seen as a Smart Card and marked as WUDF in Device Manager rather than as a YubiKey device like normal. The changes to make YubiKey Work in VMWare Linux Host with Windows Guest took me a few hours to find and required solutions for smaller issues along the way from multiple sources:

  1. Create a snapshot and save the settings for your VM! Then Start the Windows 10 VM
  2. Open Device Manager -> View Hidden Devices
  3. Uninstall ALL USB devices in Device Manager
  4. Uninstall all smart card devices
  5. Uninstall all Smart card readers
  6. Uninstall all smart card filters
  7. Pick option 'a' or 'b' /////////////////////////////// a) Open Regedit a) Keep exisitng rights, and add 'SeLoadDriverPrivilege' to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr\RequiredPrivileges ///////////////////////////// b) Run this one-liner in Admin Powershell $v = (gp "HKLM:\System\CurrentControlSet\Services\ScDeviceEnum" RequiredPrivileges).RequiredPrivileges; if (-not ($v -contains "SeLoadDriverPrivilege")) { $v += "SeLoadDriverPrivilege"; sp "HKLM:\System\CurrentControlSet\Services\ScDeviceEnum" RequiredPrivileges $v } //////////////////////////////
  8. Open Windows Services Console - Enable Smart Card and make sure it's set to automatic start
  9. Shutdown the Windows VM and create a new snapshot
  10. Save a copy of your VM's vmx file
  11. Unencrypt the VM if it's encrypted
  12. Edit the "*.vmx" for the VM by adding the following lines:

usb.generic.allowHID = "TRUE" usb.generic.allowLastHID = "TRUE" usb.quirks.device0 = "0x1050:0x0407 allow"

  1. Remove any lines from the vmx file that start with usb.autoConnect.device0 = ...

  2. Re-enable encryption if you want

  3. Start the VM

  4. When you go to "connect" the in VM Settings, Chose the YubiKey option without "Shared..." in the name.

That's it. When I connected the YubiKey, the key was installed by windows properly and PIV Manager was able to read and write certificates as expected. Is there an easier way to make this thing work by default though?

emlun commented 6 years ago

Hi, sorry for the late response.

PIV Manager release 1.4.2d works fine for me in a VirtualBox VM with both YubiKey 4 and NEO with no additional setup required other than installing PIV Manager. I don't know why it took so much work to get it working in your setup.

chrisarm commented 6 years ago

I was using VMware Workstation, not Virtual box. Key difference here.

emlun commented 6 years ago

Yes. I'm afraid I don't know why it works so differently in your case.