arneanka96
Contributor
Contributor

VmWare Workstation Pro - Give sole/direct access to built-in SmartCard reader

Hi!

In VmWare Workstation, a VmWare machine can be given sole/direct access to USB-connected SmartCard readers.

For built-in SmartCard readers, is there any way of giving the VmWare machine sole/direct access to the built-in SmartCard reader?

Note: I work for a large tech company with many employees interested in this question.

Background information: When sharing a SmartCard reader between the physical machine and VmWare, the smartcard software being used 'freeze' in the vmware, causing a delay up to 10 minutes before the inserted smartcard can be read. The same behaviour was noted when connecting an external USB-connected SmartCard reader in shared mode. However, if VmWare was given sole access to the USB-connected SmartCard reader, the freeze disappeard. If VmWare can be given sole access to an internal SmartCard reader, it would solve the problem without using an external SmartCard reader for all affected users.

/Arne

Labels (5)
0 Kudos
3 Replies
bluefirestorm
Champion
Champion

The following lines need to be added to the vmx configuration file.

usb.generic.allowCCID = "TRUE"
usb.ccid.disable = "TRUE"

That will make the SmartCard reader device not shareable between host and VM(s) and between VMs. The Removable devices menu will no longer show the (Shared) device (depending on the reader brand/model, some show the "shared" some don't before the lines are added).

If you don't want the setting to be repeated in every VM, need to put in %PROGRAMDATA%\VMware\VMware Workstation\config.ini for Windows hosts and /etc/vmware/config for Linux hosts.

0 Kudos
arneanka96
Contributor
Contributor

Hi bluefirestorm!

I tried the parameters you mentioned, and although it is true that the built-in SmartCard reader is unable to be shared any longer, it also means that the SmartCard reader disappears completely from within VmWare. Previously it was Shared, but now there is no mention of the device.

My guess is that VmWare is only able to take control of USB-devices, not built-in PCI-devices inside (in my case) a laptop.

It might be that the only way of solving it might be to give VmWare sole access to a PCI-device, but I am unsure if that is possible in VmWare Workstation.

/ Arne

0 Kudos
bluefirestorm
Champion
Champion

Question is whether the smart card reader built-in to the laptop connected through USB? Because those lines will disable the sharing between host and VM.

The Removable Devices menu only show USB devices.

Just an example, with the MacBook Pro 2016 and newer the Bluetooth module is no longer connected via USB but via UART and therefore the Bluetooth module does not show up anymore in Removable Device in VMware Fusion.

I don't know if there are other possible hardware connection for Smart Card readers. Assuming, that your laptop is running Windows you can check from Device Manager and view by connections and see whether the Smart Card reader is connected via USB. If it is Linux, you can probably check with lsusb -t and you may have to stop the Smartcard daemon (pcscd)

 

 

 

0 Kudos