I have noticed that Linux firefox does not start anymore if I add "Windows Hello".
(The same is true for thunderbird)
Setup:
- rhel 7.9 Agent version: 8.6
- win10 vmware-view version: 2206/8.6
Under Linux the smartcard slots looks like:
[vogt]$ pkcs11-tool -L
Available slots:
Slot 0 (0x0): Alcor Micro USB Smart Card Reader 0
(empty)
Slot 1 (0x4): Microsoft IFD 0
(empty)
Slot 2 (0x8): Windows Hello for Business 1
token label : UserPIN (GIDS card)
token manufacturer : www.mysmartlogon.com
token model : PKCS#15 emulated
token flags : login required, token initialized, PIN initialized
hardware version : 0.0
firmware version : 0.0
serial num : 4d8e5bbcf2badc3b
pin min/max : 4/15
If I remove smartcard support from Linux firefox, or remove "Windows Hello" from
Windows, my Linux firefox starts as expected.
This can be reproduced with:
- create "Windows Hello" slot
- check that its exported with "pkcs11-tool -L"
- start firefox and verify that its not working
- stop firefox (CTRL-C)
- Keep Horizon session open
- Open cmd.exe and type:
- certutil.exe -DeleteHelloContainer
After that you can verify on Linux that slot2 ist gone.
Now start Linux firefox.
==> firefox works again
It's unclear if it's firefox or the VMware Virtual channel extension which
causes this behaviour.
When I enable pcscd logging I see countless SC_CARD_TRANSMIT but no replies,
so it may be helpfull do enable IRP smartcard debugging, but this changed in
vmware horizon from the last time I had a problem with it:
https://communities.vmware.com/t5/Horizon-for-Linux/Smartcard-on-Linux-clients-firefox-does-not-star...
