Skip to content

Latest commit

 

History

History
61 lines (51 loc) · 13.5 KB

Removal-of-Old-Card-Drivers.md

File metadata and controls

61 lines (51 loc) · 13.5 KB
Raw

Many of the internal card drivers have not been modified or used in years (card-*.c and their pkcs15-*.c counterpart). Although they may have gotten touched due to general security fixes, these changes are mostly untested with these card drivers. Most likely these cards are not in use anymore. To reduce the overall attack surface, we are planning to remove the old card drivers.

Card Driver Overview

Driver Support Added To be Deactivated Removed User Activity Developer Activity
card-akis.c 2007 yes no 2007
card-asepcos.c 2007 yes no 2014 2010
card-authentic.c 2010 no no 2018 2018
card-atrust-acos.c 2005 yes no 2008
card-belpic.c 2005 no no 2021 2018
card-cac.c 2017 no no 2017 2020
card-cac1.c 2018 no no
card-cardos.c 2006 no no 2021 2021
card-coolkey.c 2016 no no 2018
card-dnie.c 2013 no no 2020 2020
card-entersafe.c 2008 no no 2017
card-epass2003.c 2012 no no 2020 2020
card-flex.c 2002 yes no 2010
card-gemsafeV1.c 2007 no no 2019 2019
card-gids.c 2016 no no 2020 2019
card-gpk.c 2002 yes no 2007
card-iasecc.c 2011 no no 2021 2021
card-idprime.c 2020 no no 2021
card-incrypto34.c 2005 yes no 2007
card-isoApplet.c 2015 no no 2019 2019
card-itacns.c 2010 no no 2021 2014
card-jcop.c 2003 yes 2003
card-jpki.c 2016 no no 2017
card-masktech.c 2015 no no 2015
card-mcrd.c 2002 no no 2017 2020
card-miocos.c 2002 yes 2003
card-muscle.c 2006 no no 2015
card-myeid.c 2009 no no 2021 2021
card-npa.c 2017 no no 2018 2018
card-oberthur.c 2004 no no 2020 2016
card-openpgp.c 2003 no no 2020 2021
card-piv.c 2006 no no 2021 2020
card-rtecp.c 2009 no no 2017 2021
card-rutoken.c 2007 no no 2019
card-sc-hsm.c 2012 no no 2021 2019
card-setcos.c 2001 no no 2017 2016
card-starcos.c 2003 no no 2020 2019
card-tcos.c 2002 no no 2019 2019
card-westcos.c 2009 yes no 2010

To be Deactivated: The card driver will be removed from the default OpenSC configuration. It will be neccessary to enable the card driver in opensc.conf

Removed: The card driver will be removed from the default OpenSC binaries. If the card driver is still present, it will be neccessary to enable it via ./configure --enable-old-drivers

User Activity: Indicates if someone is actively using the card. This may be a bug report, feature request, a question on the mailing list.

Developer Activity: Indicates if someone is actively developing and maintaining a card driver. This doesn't include generic fixes, which are untested with the card in question, e.g. fixes for issues that are reported by coverity scan.

Rationale for Removing a card driver

  • A card driver will be deactivated if there was no activity for 7 years or more
  • A card driver will be removed if there was no activity for 10 years or more
  • Removing a card driver will take at least two release cycles (i.e. one release that deactivates the card driver and a second to remove it)