Displaying a GUI from tokend

Privacy & Security General
PolT OP
Created Jun ’15
Replies 1
Boosts 0
Views 404
Participants 2

Hello,

  1. Our tokend supports a PIN caching mechanism. On PIN caching expiry the user must be re-prompted for his/her PIN. We are currently unable to display a GUI from the tokend. This results in freeze or crash.
  2. We have tried several different approaches including:
    • On PIN caching expiry trying to force the tokend to reload the ACL so we can change the ACL on the PIN object to PwdPromptSubject so as to trigger a prompt by the caller. This fails as it looks like there is no way to change the ACLs on the PIN during the tokend lifecycle.
    • Invoking a different component (that would prompt for the GUI) from the tokend . The IPC mechanism using standard MACOS XPC. We have tried the following components:
      • XPC service
      • Launch Agent
      • Daemon.
    • In all cases the tokend either fails to connect to the external component and/ or the external component can’t display a GUI either.
  3. Our analysis is that the security context of the tokend prevents any possible architecture that would allow to prompt for a GUI. We’d like to confirm that statement from Apple.
Replies  1
Boosts  0
Views  404
Participants  2
DTS Engineer OP
Apple
Jul ’15

Our analysis is that the security context of the tokend prevents any possible architecture that would allow to prompt for a GUI. We’d like to confirm that statement from Apple.

If you want a formal response to this, you should open a DTS tech support incident.

Share and Enjoy

Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
Displaying a GUI from tokend
First post date Last post date
 
 
Q