Smart Card Utility: More Information
Configuring Smart Card Authentication
https://developer.apple.com/documentation/cryptotokenkit/configuring_smart_card_authentication
Configure macOS for smart card-only authentication
https://support.apple.com/en-us/HT208372
macOS Slot Requirements
Usage | Slot | PIN Required | Required for macOS |
PIN Authentication | 9A | Once | Yes |
Digital Signature | 9C | Always | Recommended |
Key Manageement (KMK) | 9D | Once | Yes |
Card Authentication | 9E | Never | No |
Retired Key Management | 82-95 | Once | No |
Retired Key Management | 8A-8F | Once | No |
PIV Secure Messaging | 4 | Always | No |
Man pages
man SmartCardServices man sc_auth man fdesetup
Presentations
Working with Smart Cards: macOS and Security
Slack
Logging
Turn on debug logging
sudo defaults write /Library/Preferences/com.apple.security.smartcard Logging -bool yes
View log as events happen:
log stream --predicate '(subsystem == "com.apple.CryptoTokenKit") && (category == "APDULog")'
iOS
macOS
watchOS
tvOS
T2 Firmware
Compliance
Configuration Profile Reference