You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Smart Card Connector app should monitor the Chrome OS session state and, if it's running in-session and the session becomes locked, it should stop talking to the smart card readers. If we don't do this, then the users that use smart cards for logging into Chrome OS won't be able to unlock their session, since the Lock Screen implementation talks to another instance of the app that runs in the sign-in profile context, but only one app can talk to a single USB device at a time.
Fix bug #100: Previously, smartcard users could not unlock the lock screen since
the user space smartcard connector app would still own the smartcard reader.
This makes the app show no available devices when the user is locking the
screen. PCSC automatically releases devices that it used to own but no longer
show as present.
This alone is not sufficient to solve the problem. PCSC scans devices only once
every second. When locking the screen, the login-space app might already try to
access the reader before the user-space app releases it. This race condition is
fixed by issue #90: When connecting to a reader fails, we retry connecting
later. This is done by showing another Bus number for the device.
We need to fake Bus numbers anyway as chrome.usb does not let us retrieve them.
PCSC then views it as a different device from the previous one and attempts
to connect to it once a smartcard reader needs to be accessed.
For the reference, the chrome.loginState API was enabled for the Smart Card Connector app on the Chrome side in the issue https://crbug.com/1034927. The minimum Chrome version is 81.0.4028.0.
The Smart Card Connector app should monitor the Chrome OS session state and, if it's running in-session and the session becomes locked, it should stop talking to the smart card readers. If we don't do this, then the users that use smart cards for logging into Chrome OS won't be able to unlock their session, since the Lock Screen implementation talks to another instance of the app that runs in the sign-in profile context, but only one app can talk to a single USB device at a time.
The chrome.loginState API can be used for getting all the needed information: https://cs.chromium.org/chromium/src/chrome/common/extensions/api/login_state.idl
The text was updated successfully, but these errors were encountered: