About the Dell security solution
The Dell Latitude machines I use, E7240 and an E6530, show an icon on the palm rest indicating there's an contactless reader (NFC/RFID) device present. However, in the OS there's no sign of this is. PCSC does recognize the 'Contacted' reader, yet not the 'Contactless'.
# pcsc_scan [...] Scanning present readers... 0: Broadcom Corp 5880 [Contacted SmartCard] (0123456789ABCD) 00 00
In this article I will show the steps on how to include...
1: Broadcom Corp 5880 [Contactless SmartCard] (0123456789ABCD) 01 00
It appears that Dell cooperated with Broadcom and created a security solution known as ControlVault for the Broadcom Unified Security Hub (USH). It may offer some nice pre-boot authentication solutions I can't seem to enable in the BIOS setup anyway. Also online not much is telling me how to actually use it. As I don't find any official Broadcom documentation and all points to Dell, I think this is a Dell-only offered OEM solution.
Some success on older Latitudes
Some first googling brought me to the blog of bibuweb. It shows how to disable the "CV-only" mode to enable CCID support. Nice! But... downloading a very old - 2008 - random binary from a Dell website still work on my 2014 E7240 machine? No, it didn't. Damn. But at least it gave a some hope to research on this further.
ControlVault support package DOS tools
Luckily, in some Dell ControlVault 'firmware upgrade' Windows-only support packages provided on the support page of the Latitude model I spotted some interesting document watermarked 'confidential' - about the use of this USH diagnostics tool, as well as a much newer
ushdiag.exe tool itself!
Some first preparation steps:
- Download the ControlVault upgrade package, e.g.
- Rename the file to have it the
- Unzip it.
- Notice a
DOS ├── DOS4GW.EXE ├── dosushdiag.pdf <-- "Broadcom USH Keyboard Architecture Document" ├── errlvl.exe ├── release.txt ├── sleep.exe ├── ushdiag.exe <-- there! └── ushfwumg.bat
Broadcom USH diagnostics tool
This PDF by Broadcom explains the usage of the
Most important is this part about the options to provide.
5.22 Device Enable (-de <devMask>) This command will enable the specified devices. <devMask>: 0: Smart Card: 1: Fingerprint: 2: RFID radio 3: CV Only Radio 5.23 Device Disable (-dd <devMask>) This command will disable the specified devices. <devMask>: 0: Smart Card: 1: Fingerprint: 2: RFID radio 3: CV Only Radio
Running it off a DOS USB flash drive
Let's continue on getting this DOS executable going.
- Create a DOS bootable USB flash drive. The easiest method I know is the SystemRescueCd for USB flash drives.
- Copy the whole
DOSfolder onto the drive.
- Boot your Latitude from the SystemRescueCd drive, in legacy (non-UEFI) mode. For my E7240 this means enabling Legacy Option ROMs and using F12 during POST to get the one-time boot menu to boot off the USB flash drive.
- In the boot choice option menu of SystemRescueCd, choose the floppy disk images, option FreeDOS.
- During boot of FreeDOS it will ask about which memory manager; I chose none.
- Go to the 'C' drive, so type:
- Go to the DOS folder:
Check the current status of the USH device:
FreeDOS C:\DOS>ushdiag.exe -u -stat [...] Smart Card: Present; Enabled Fingerprint: Present; Enabled RFID Radio: Present; Enabled RFID Lock: Disabled CV Only Radio: Enabled RFID AutoDetect Set RFID Present Not Forced WBDI: Enabled RFID Block Mode: Unknown (CV Only Radio Mode Enabled)
As you can see the CV-only mode is enabled.
Now disable the CV-only device to actually enable regular CCID RFID access by providing hexadecimal mask
8. This comes from the document found earlier by sending a disable command on bit field 3.
FreeDOS C:\DOS>ushdiag.exe -u -dd 8 [...] Disabled CV Only Radio Mode. waiting for USH to reset [...] RFID Lock: Disabled CV Only Radio: Disabled [...]
Reboot your system and enjoy your RFID/NFC device!
Confirmed working is my Yubikey NEO (PIV applet). It appears the device lacks support in libnfc, so I haven't successfully managed to talk with MiFare cards for example.
Any thoughts? Or issues? Confirmed working for another Dell machine? Leave a comment below!