Can’t access Manager PIV Application on MacOS intel but on Apple Silicon always returns unable to connect

[aalmenar]

• YubiKey Manager (ykman) version: ykman: 5.0.1
• How was it installed?: https://www.yubico.com/support/download/yubikey-manager/
• Operating system and version: MacOS Ventura 13.2.1
• YubiKey model and version: 5C NFC
• Bug description summary:

Tried this with 4 macs, 2 intel and 2 apple silicon. On intel versions you can access piv application, on apple silicon one i always get unable to connect

Steps to reproduce:

As described before.

Expected result

Being able to manage piv certificates

Actual results and logs

DEBUG 19:59:44.441 [ykman.logging_setup.log_sys_info:44] ykman: 5.0.1
DEBUG 19:59:44.441 [ykman.logging_setup.log_sys_info:45] Python: 3.11.1 (main, Feb 2 2023, 14:26:00) [Clang 14.0.0 (clang-1400.0.29.202)]
DEBUG 19:59:44.441 [ykman.logging_setup.log_sys_info:46] Platform: darwin
DEBUG 19:59:44.441 [ykman.logging_setup.log_sys_info:47] Arch: x86_64
DEBUG 19:59:44.442 [ykman.logging_setup.log_sys_info:53] Running as admin: False
DEBUG 19:59:44.442 [ykman.logging_setup.log_sys_info:54] System date: 2023-03-28
DEBUG 19:59:44.457 [ykman.device.add:162] Add device for <class 'yubikit.core.otp.OtpConnection'>: OtpYubiKeyDevice(pid=0407, fingerprint='4295243352')
DEBUG 19:59:44.501 [yubikit.support.read_info:261] Attempting to read device info, using MacHidOtpConnection
DEBUG 19:59:44.502 [yubikit.management.init:443] Management session initialized for connection=MacHidOtpConnection, version=5.4.3
DEBUG 19:59:44.535 [yubikit.support.read_info:289] Read info: DeviceInfo(config=DeviceConfig(enabled_capabilities={<TRANSPORT.USB: 'usb'>: <CAPABILITY.OTP|U2F|FIDO2|OATH|PIV|OPENPGP: 571>, <TRANSPORT.NFC: 'nfc'>: <CAPABILITY.OTP|U2F|FIDO2|OATH|PIV|OPENPGP: 571>}, auto_eject_timeout=0, challenge_response_timeout=15, device_flags=<DEVICE_FLAG: 0>), serial=23509739, version=Version(major=5, minor=4, patch=3), form_factor=<FORM_FACTOR.USB_C_KEYCHAIN: 3>, supported_capabilities={<TRANSPORT.USB: 'usb'>: <CAPABILITY.OTP|U2F|FIDO2|OATH|PIV|OPENPGP|HSMAUTH|4: 831>, <TRANSPORT.NFC: 'nfc'>: <CAPABILITY.OTP|U2F|FIDO2|OATH|PIV|OPENPGP|HSMAUTH|4: 831>}, is_locked=False, is_fips=False, is_sky=False)
DEBUG 19:59:44.536 [yubikit.support.read_info:348] Device info, after tweaks: DeviceInfo(config=DeviceConfig(enabled_capabilities={<TRANSPORT.USB: 'usb'>: <CAPABILITY.OTP|U2F|FIDO2|OATH|PIV|OPENPGP: 571>, <TRANSPORT.NFC: 'nfc'>: <CAPABILITY.OTP|U2F|FIDO2|OATH|PIV|OPENPGP: 571>}, auto_eject_timeout=0, challenge_response_timeout=15, device_flags=<DEVICE_FLAG: 0>), serial=23509739, version=Version(major=5, minor=4, patch=3), form_factor=<FORM_FACTOR.USB_C_KEYCHAIN: 3>, supported_capabilities={<TRANSPORT.USB: 'usb'>: <CAPABILITY.OTP|U2F|FIDO2|OATH|PIV|OPENPGP|HSMAUTH|4: 831>, <TRANSPORT.NFC: 'nfc'>: <CAPABILITY.OTP|U2F|FIDO2|OATH|PIV|OPENPGP|HSMAUTH|4: 831>}, is_locked=False, is_fips=False, is_sky=False)
DEBUG 19:59:44.536 [ykman.device.add:173] Resolved device 23509739
DEBUG 19:59:44.537 [ykman.device.add:162] Add device for <class 'fido2.ctap.CtapDevice'>: CtapYubiKeyDevice(pid=0407, fingerprint='4295243356')
DEBUG 19:59:47.201 [yubikey._open_device:135] Failed connecting to the YubiKey over <class 'yubikit.core.smartcard.SmartCardConnection'>
Traceback (most recent call last):
File "qrc:///py/yubikey.py", line 133, in _open_device
return self._dev.open_connection(conn_type)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Applications/YubiKey Manager.app/Contents/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/ykman/device.py", line 254, in open_connection
raise ValueError("Unsupported Connection type")
ValueError: Unsupported Connection type
ERROR 19:59:47.202 [yubikey.wrapped:88] Failed to open device
Traceback (most recent call last):
File "qrc:///py/yubikey.py", line 78, in wrapped
return f(*args, **kwargs)
^^^^^^^^^^^^^^^^^^
File "qrc:///py/yubikey.py", line 300, in refresh_piv
with self._open_device([SmartCardConnection]) as conn:
TypeError: 'NoneType' object does not support the context manager protocol

[fdennis]

I have tested version 1.2.5 on a M1 macOS Ventura 13.2.1 and cannot reproduce this issue. I would suggest that you contact support, they will most likely be able to provide the best help for you. You can submit a ticket at yubi.co/support.

[dainnilsson]

I'd also suggest that if you want to run the CLI ykman tool, that you install it using our installer here https://developers.yubico.com/yubikey-manager/Releases/ or via Homebrew, rather than using the embedded executable in the YubiKey Manager GUI app.

[benzoo]

I have the same issue, please look at debug log and screenshot of GUI error:

$ sudo "/Applications/YubiKey Manager.app/Contents/MacOS/ykman-gui" --log-level DEBUG &> ~/Desktop/ykman-gui.txt
$ less ~/Desktop/ykman-gui.txt
INFO 15:21:24.558 [ykman.logging.set_log_level:60] Logging at level: DEBUG
WARNING 15:21:24.558 [ykman.logging.set_log_level:64]
#############################################################################
#                                                                           #
# WARNING: Sensitive data may be logged!                                    #
# Some personally identifying information may be logged, such as usernames! #
#                                                                           #
#############################################################################
DEBUG 15:21:24.558 [ykman.logging_setup.log_sys_info:44] ykman: 5.0.1
DEBUG 15:21:24.558 [ykman.logging_setup.log_sys_info:45] Python: 3.11.1 (main, Feb  2 2023, 14:26:00) [Clang 14.0.0 (clang-1400.0.29.202)]
DEBUG 15:21:24.558 [ykman.logging_setup.log_sys_info:46] Platform: darwin
DEBUG 15:21:24.558 [ykman.logging_setup.log_sys_info:47] Arch: x86_64
DEBUG 15:21:24.558 [ykman.logging_setup.log_sys_info:53] Running as admin: True
DEBUG 15:21:24.558 [ykman.logging_setup.log_sys_info:54] System date: 2023-04-22
DEBUG 15:21:24.573 [ykman.device.add:162] Add device for <class 'yubikit.core.otp.OtpConnection'>: OtpYubiKeyDevice(pid=0407, fingerprint='<removed>')
WARNING 15:21:24.580 [ykman.device.add:176] Failed opening device
Traceback (most recent call last):
  File "/Applications/YubiKey Manager.app/Contents/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/ykman/device.py", line 168, in add
    with dev.open_connection(conn_type) as conn:
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Applications/YubiKey Manager.app/Contents/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/ykman/hid/base.py", line 50, in open_connection
    return self._connection_cls(self.path)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Applications/YubiKey Manager.app/Contents/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/ykman/hid/macos.py", line 186, in __init__
    raise OSError(f"Failed to open device for communication: {result}")
OSError: Failed to open device for communication: -536870174
DEBUG 15:21:24.582 [ykman.device.add:162] Add device for <class 'fido2.ctap.CtapDevice'>: CtapYubiKeyDevice(pid=0407, fingerprint='4294972847')
DEBUG 15:21:24.586 [yubikit.support.read_info:261] Attempting to read device info, using CtapHidDevice
DEBUG 15:21:24.586 [yubikit.management.__init__:443] Management session initialized for connection=CtapHidDevice, version=4.3.7
DEBUG 15:21:24.588 [yubikit.support.read_info:289] Read info: DeviceInfo(config=DeviceConfig(enabled_capabilities={}, auto_eject_timeout=0, challenge_response_timeout=0, device_flags=<DEVICE_FLAG: 0>), serial=<removed>, version=Version(major=4, minor=3, patch=7), form_factor=<FORM_FACTOR.UNKNOWN: 0>, supported_capabilities={<TRANSPORT.USB: 'usb'>: <CAPABILITY.OTP|U2F|OATH|PIV|OPENPGP|196: 255>}, is_locked=False, is_fips=False, is_sk>
DEBUG 15:21:24.589 [yubikit.support.read_info:348] Device info, after tweaks: DeviceInfo(config=DeviceConfig(enabled_capabilities={<TRANSPORT.USB: 'usb'>: <CAPABILITY.OTP|U2F|OATH|PIV|OPENPGP|196: 255>}, auto_eject_timeout=0, challenge_response_timeout=0, device_flags=<DEVICE_FLAG: 0>), serial=<removed>, version=Version(major=4, minor=3, patch=7), form_factor=<FORM_FACTOR.UNKNOWN: 0>, supported_capabilities={<TRANSPORT.USB: 'usb'>: >
DEBUG 15:21:24.589 [ykman.device.add:173] Resolved device <removed>
DEBUG 15:21:27.590 [yubikey._open_device:135] Failed connecting to the YubiKey over <class 'yubikit.core.smartcard.SmartCardConnection'>
Traceback (most recent call last):
  File "qrc:///py/yubikey.py", line 133, in _open_device
    return self._dev.open_connection(conn_type)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Applications/YubiKey Manager.app/Contents/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/ykman/device.py", line 254, in open_connection
    raise ValueError("Unsupported Connection type")
ValueError: Unsupported Connection type
ERROR 15:21:27.591 [yubikey.wrapped:88] Failed to open device
Traceback (most recent call last):
  File "qrc:///py/yubikey.py", line 78, in wrapped
    return f(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^
  File "qrc:///py/yubikey.py", line 300, in refresh_piv
    with self._open_device([SmartCardConnection]) as conn:
TypeError: 'NoneType' object does not support the context manager protocol