Passport readout on phyflex i.MX6 using pr533 jmrtd and pcsc-lite fails

We are currently working with this setup:

Hardware:

• phyFlex i.MX6 (Fsl ARM) board.
• LCD
• PR533 Usb eval board (ccid compat)

Software:

• yocto poky/oe 1.7, current dizzy fsl layer
• pcsc-lite (1.8.6 also tested with 1.8.13)
• ccid (1.4.8 also tested with 1.4.18
• fsl community 3.18
• matchbox-sato as x11 session manager
• JMRTD 0.4.9 (using the jar application to test)

We want to read a passport using pcsc-lite and JMRTD (to test the dongle). The setup works using a standard linux (Mint) workstation, but it fails to read the passport using the embedded version (maybe due to timeouts?)

It looks like it looses the connection to the passport (status words 0x6600 or 0x6F01 and 0x6F00), whereas on the workstation this only happens once or twice until it successfully connects. We also tried newer version of pcsc or ccid, but nothing changed.

Below you can find a detailed log of the host and target.

Any suggestion why this might be happening?

Host Log:

00000004 Card ATR: 3B 80 80 01 01 
00000003 ifdhandler.c:291:IFDHPolling() usb:1fc9/010b:libudev:0:/dev/bus/usb/003/009 (lun: 0) 5000 ms
00000003 ccid_usb.c:1202:InterruptRead() before (0)
00052371 winscard_svc.c:319:ContextThread() Received command: CMD_GET_READERS_STATE from client 14
00001788 winscard_svc.c:319:ContextThread() Received command: CMD_GET_READERS_STATE from client 14
00000056 winscard_svc.c:319:ContextThread() Received command: STATUS from client 14
00000014 readerfactory.c:772:RFReaderInfoById() RefReader() count was: 1
00000004 winscard.c:1291:SCardStatus() UnrefReader() count was: 2
00000003 winscard_svc.c:561:ContextThread() STATUS rv=0x80100069 for client 14
00000121 winscard_svc.c:319:ContextThread() Received command: CONNECT from client 14
00000018 winscard.c:235:SCardConnect() Attempting Connect to NXP PR533 (3.60) 00 00 using protocol: 3
00000004 readerfactory.c:745:RFReaderInfo() RefReader() count was: 1
00000003 winscard.c:330:SCardConnect() powerState: POWER_STATE_INUSE
00000003 prothandler.c:87:PHSetProtocol() Attempting PTS to T=1
00000005 ifdhandler.c:668:IFDHSetProtocolParameters() protocol T=1, usb:1fc9/010b:libudev:0:/dev/bus/usb/003/009 (lun: 0)
00000002 ifdhandler.c:682:IFDHSetProtocolParameters() Timeout: 3000 ms
00000002 winscard.c:409:SCardConnect() Active Protocol: T=1
00000004 winscard.c:429:SCardConnect() hCard Identity: 64aa6fd3
00000004 winscard.c:490:SCardConnect() UnrefReader() count was: 2
00000004 winscard_svc.c:453:ContextThread() CONNECT rv=0x0 for client 14
00000053 winscard_svc.c:319:ContextThread() Received command: CMD_GET_READERS_STATE from client 14
00000037 winscard_svc.c:319:ContextThread() Received command: STATUS from client 14
00000011 readerfactory.c:772:RFReaderInfoById() RefReader() count was: 1
00000003 winscard.c:1291:SCardStatus() UnrefReader() count was: 2
00000003 winscard_svc.c:561:ContextThread() STATUS rv=0x0 for client 14
00000096 winscard_svc.c:319:ContextThread() Received command: TRANSMIT from client 14
00000020 readerfactory.c:772:RFReaderInfoById() RefReader() count was: 1
00000005 winscard.c:1587:SCardTransmit() Send Protocol: T=1
00000006 APDU: 00 A4 04 0C 07 A0 00 00 02 47 10 01 
00000003 ifdhandler.c:1266:IFDHTransmitToICC() usb:1fc9/010b:libudev:0:/dev/bus/usb/003/009 (lun: 0)
00000004 commands.c:1513:CmdXfrBlockAPDU_extended() T=0 (extended): 12 bytes
00000007 -> 000000 6F 0C 00 00 00 00 1B 00 00 00 00 A4 04 0C 07 A0 00 00 02 47 10 01 
00078174 <- 000000 80 02 00 00 00 00 1B 00 00 00 90 00 
00000020 SW: 90 00 
00000006 winscard.c:1632:SCardTransmit() UnrefReader() count was: 2
00000006 winscard_svc.c:608:ContextThread() TRANSMIT rv=0x0 for client 14
00000169 winscard_svc.c:319:ContextThread() Received command: TRANSMIT from client 14
00000018 readerfactory.c:772:RFReaderInfoById() RefReader() count was: 1
00000005 winscard.c:1587:SCardTransmit() Send Protocol: T=1
00000004 APDU: 00 A4 02 0C 02 01 1E 
00000004 ifdhandler.c:1266:IFDHTransmitToICC() usb:1fc9/010b:libudev:0:/dev/bus/usb/003/009 (lun: 0)
00000002 commands.c:1513:CmdXfrBlockAPDU_extended() T=0 (extended): 7 bytes
00000006 -> 000000 6F 07 00 00 00 00 1C 00 00 00 00 A4 02 0C 02 01 1E 
00017077 <- 000000 80 02 00 00 00 00 1C 00 00 00 69 82 
00000019 SW: 69 82

Target Log:

00000140 readerfactory.c:795:RFReaderInfoById() RefReader() count was: 1
00000042 winscard.c:1314:SCardStatus() UnrefReader() count was: 2
00000034 winscard_svc.c:606:ContextThread() STATUS rv=0x80100069 for client 14
00000483 winscard_svc.c:353:ContextThread() Received command: CONNECT from client 14
00000141 winscard_svc.c:484:ContextThread() Authorized client for 'NXP PR533 (3.60) 00 00'
00000038 winscard.c:258:SCardConnect() Attempting Connect to NXP PR533 (3.60) 00 00 using protocol: 3
00000033 readerfactory.c:768:RFReaderInfo() RefReader() count was: 1
00000028 winscard.c:353:SCardConnect() powerState: POWER_STATE_INUSE
00000029 prothandler.c:110:PHSetProtocol() Attempting PTS to T=1
00000039 ifdhandler.c:682:IFDHSetProtocolParameters() protocol T=1, usb:1fc9/010b:libudev:0:/dev/bus/usb/001/003 (lun: 0)
00000028 ifdhandler.c:696:IFDHSetProtocolParameters() Timeout: 3000 ms
00000022 winscard.c:432:SCardConnect() Active Protocol: T=1
00000039 winscard.c:452:SCardConnect() hCard Identity: 31739a24
00000036 winscard.c:513:SCardConnect() UnrefReader() count was: 2
00000035 winscard_svc.c:498:ContextThread() CONNECT rv=0x0 for client 14
00000232 winscard_svc.c:353:ContextThread() Received command: CMD_GET_READERS_STATE from client 14
00000202 winscard_svc.c:353:ContextThread() Received command: STATUS from client 14
00000132 readerfactory.c:795:RFReaderInfoById() RefReader() count was: 1
00000040 winscard.c:1314:SCardStatus() UnrefReader() count was: 2
00000031 winscard_svc.c:606:ContextThread() STATUS rv=0x0 for client 14
00000450 winscard_svc.c:353:ContextThread() Received command: TRANSMIT from client 14
00000222 readerfactory.c:795:RFReaderInfoById() RefReader() count was: 1
00000042 winscard.c:1610:SCardTransmit() Send Protocol: T=1
00000050 APDU: 00 A4 04 0C 07 A0 00 00 02 47 10 01 
00000031 ifdhandler.c:1283:IFDHTransmitToICC() usb:1fc9/010b:libudev:0:/dev/bus/usb/001/003 (lun: 0)
00000028 commands.c:1590:CmdXfrBlockAPDU_extended() T=0 (extended): 12 bytes
00000066 -> 000000 6F 0C 00 00 00 00 35 00 00 00 00 A4 04 0C 07 A0 00 00 02 47 10 01 
02712060 <- 000000 80 02 00 00 00 00 35 01 00 00 6F 01 
00000058 SW: 6F 01 
00000030 winscard.c:1655:SCardTransmit() UnrefReader() count was: 2
00000033 winscard_svc.c:653:ContextThread() TRANSMIT rv=0x0 for client 14
00004692 winscard_svc.c:353:ContextThread() Received command: CMD_GET_READERS_STATE from client 14
00000241 winscard_svc.c:353:ContextThread() Received command: CMD_GET_READERS_STATE from client 14
00000287 winscard_svc.c:353:ContextThread() Received command: CMD_GET_READERS_STATE from client 14
00115382 ccid_usb.c:1254:InterruptRead() after (0) (0)
00000060 NotifySlotChange: 50 02 
00000039 ifdhandler.c:1787:IFDHICCPresence() usb:1fc9/010b:libudev:0:/dev/bus/usb/001/003 (lun: 0)
00000046 -> 000000 65 00 00 00 00 00 36 00 00 00 
00001206 <- 000000 81 00 00 00 00 00 36 02 00 00 
00000040 ifdhandler.c:1908:IFDHICCPresence() Card absent
00000056 eventhandler.c:358:EHStatusHandlerThread() Card Removed From NXP PR533 (3.60) 00 00
00000043 ifdhandler.c:304:IFDHPolling() usb:1fc9/010b:libudev:0:/dev/bus/usb/001/003 (lun: 0) 600000 ms
00000027 ccid_usb.c:1210:InterruptRead() before (0)

You have not posted any code so I cannot be sure of the exact cause of the error. It might simply have to do with a timeout which is set too short or with a brownout on the chip you are reading but the status word in your logs which caught my eye is 0x6982.

What does 0x6982 mean?

Basically 0x6982 means that there is some kind of unauthorized access. From the documentation:

An MRtd’s contactless IC that supports Basic Access Control MUST respond to unauthenticated read attempts (including selection of (protected) files in the LDS) with “Security status not satisfied” (0x6982) once the Secure Channel is established. Sending an unsecured SELECT in the Secure Channel will result in abortion of the Secure Channel. When an unsecured SELECT is sent before the Secure Channel is established, or when the Secure Channel has been aborted, both 6982 and 9000 are ICAO compliant responses.

0x6982 is used as response to many commands and it has slightly different meanings depending on the exact context in which you receive the status word but the basic meaning remains the same: There is some kind of security issue. For example here are a few more specific definitions of 0x6982:

In the context of a General Authenticate command it means:

Security status not satisfied.
The terminal is not authorized to perform the protocol (e.g. the password is blocked, deactivated, or suspended).

In the context of the Verify command it means:

Security status not satisfied
The terminal is not authorized to perform verification.

In the context of an Activate or Deactivate command it means:

Security status not satisfied
The terminal is not authorized to change the PIN state.

I cannot tell from the logs you posted in which context the error is occurring but as you can see the general theme is always the same.

What about 0x6F01, 0x6F00 and 0x6600?

The status words which you highlight in your question are in my opinion irrelevant. Both 0x6600 and 0x6F01 are not used in the official documentation which means that they are operating system dependent errors. In most cases such errors simply indicate that a protocol step has failed. In other words those are most likely just returned because there is an error and they are not supposed to indicate any specific error.

0x6F00 on the other hand simply indicates an unknown error. This kind of lends more credence to the possibility that there is a brownout on the MRTD chip, but if you use the same reader hardware with the board as you do with the workstation a brownout would be very unlikely.

What can you do about it?

My suggestion is simple: Try to read different MRTDs to check if there really is a problem with the board or the hardware in general or if there simply is something wrong with the MRTD itself.
Until you post any code or give more information or context I cannot give you a more specific answer.