API Differences between 10.12 and 10.13
The differences are listed in the developer page macOS Sierra 10.13. The page only documents big changes. No changes related to smart card are listed.PC/SC
Since Yosemite (10.10) the PC/SC layer is no more a fork of pcsc-lite. So comparing versions with pcsc-lite is useless.$ cat /System/Library/Frameworks/PCSC.framework/Versions/A/Resources/version.plist <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>BuildAliasOf</key> <string>CryptoTokenKit</string> <key>BuildVersion</key> <string>3</string> <key>CFBundleShortVersionString</key> <string>8.0</string> <key>CFBundleVersion</key> <string>1</string> <key>ProjectName</key> <string>SmartCardServices</string> <key>SourceVersion</key> <string>281001001000000</string> </dict> </plist>
The BuildVersion moved from 65 in Sierra 10.12.0 to 3 in High Sierra 10.13.0. I guess this number is not a good indicator since it is decreasing.
The SourceVersion moved from 196001003000000 in Sierra 10.12.0 to 281001001000000 in High Sierra 10.13.0. I have no idea how to parse or use this information.
PC/SC Bugs fixed
These bugs were found in El Capitan or latter and are now fixed in Sierra:- SCARD_W_RESET_CARD not returned by SCardTransmit()
- PC/SC SCardTransmit() silently truncates the smart card response (bug #30868184)
- Command "security smartcards token -d" command does not work as documented? (bug #31010575)
Some (minor) bugs reported on El Capitan are still present in High Sierra. I updated the page "OS X El Capitan and smart cards: known bugs".
CryptoTokenKit
CryptoTokenKit is the native smart card API since the complete rewrite in macOS Yosemite 10.10 (OS X Yosemite BETA and smart cards status).$ strings /System/Library/Frameworks/CryptoTokenKit.framework/CryptoTokenKit | grep BuildRoot
/BuildRoot/Library/Caches/com.apple.xbs/Sources/CryptoTokenKit/CryptoTokenKit-281.1.1/CryptoTokenKit/TKToken.m
/BuildRoot/Library/Caches/com.apple.xbs/Sources/CryptoTokenKit/CryptoTokenKit-281.1.1/CryptoTokenKit/TKSmartCard.m
/BuildRoot/Library/Caches/com.apple.xbs/Sources/CryptoTokenKit/CryptoTokenKit-281.1.1/CryptoTokenKit/TKTokenSession.m
In High Sierra CryptoTokenKit source code is at version 281.1.1. In Sierra it was at version 196.60.1. Since the source code is not available I can't write much more than that.
Card events
It is not easy to compare the state of CyptoTokenKit since the source code is not public. Nonetheless I could find changes in theIt looks like Apple has worked on moving from active polling to eventing to manage smart card events (card insertion and removal). I reported it as a feature request: OS X El Capitan missing feature: add support of TAG_IFD_POLLING_THREAD_WITH_TIMEOUT.
I compared the result of the
$ strings /System/Library/CryptoTokenKit/com.apple.ifdreader.slotd/Contents/MacOS/com.apple.ifdreader | grep -i Poll getPollingFunction: getStopPollingFunction: isPollingThreadKillable: setupPolling getPollingFunction polling: stopPolling _pollingStarted _pollingThread PollingTimeout Failed to create polling thread: %d 'IFDHPolling' failed %ld %{public}@: got sleep request, stop polling card, close the channel
They are all new strings in High Sierra except the last one that was already present in Sierra.
Since my bug #24009313 was closed as a duplicate of #17534485 I don't know if the bug is fixed, or not, in High Sierra. This will need some debug logs from a driver. The Terminal command "
log stream --debug | grep CryptoTokenKit
" gives a lot of details regarding the smart card activity but not enough to know how the card events are generated.CCID driver
Driver version 1.4.27. Sierra had: 1.4.24 in 10.12.0 and 1.4.25 in 10.12.6.$ grep -A 1 CFBundleShortVersionString /usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/Info.plist <key>CFBundleShortVersionString</key> <string>1.4.27</string>You can have a look at the CCID README file to know what changes between version 1.4.25 and version 1.4.27.
Note that the CCID driver version 1.4.27 provided in macOS High Sierra is the latest version available (as I write this blog). version 1.4.27 has been released in May 2017 (4 months ago only).
Conclusion
You can compare with the status I made for Sierra in "macOS Sierra and smart cards status".It looks like High Sierra has not seen many changes regarding smart card.