Emil Ghitta, QA [:emilghitta] Reporter
	Description • 6 years ago

[Affected versions]:
Firefox 64.0a1 (BuildId:20181010235834)

[Affected platforms]:
Windows 10 64bit.
macOS 10.13.6

[Preconditions]
Windows:
Enable the "SecurittyDevices" policy and load the kpkcs11.dll:

Example:
{
"policies": {
 "SecurityDevices": {
  "arbitrary name":  ".....\\kpkcs11.dll"
}
}
}

You can download the kpkcs11.dll file from here:
https://drive.google.com/file/d/16qxHyTWwPLPd37kOUXvuYP7owg5g8C6R/view

Mac:
For macOS please use the following file: https://drive.google.com/drive/u/0/folders/1kYcrfJuu816wC9Nqj2L2eu4zqkMAN4if

[Steps to reproduce]:
1. Launch Firefox.
2. Access the about:preferences page.
3. Click the "Security Devices" button from the "Certificates" section.
4. Unload the security device that was added from the policy.
5. Restart Firefox.
6. Repeat steps 2 and 3.

[Expected result]:
The security device is loaded back. 

[Actual result]:
The security device is no longer loaded after being removed from the "Device Manager" by the user (even after restarting Firefox). 

[Notes]
For further information regarding this issue please observe the attached screencast.

	Mike Kaply [:mkaply] Assignee
	Comment 1 • 6 years ago

Side note, this is a 64-bit DLL so it has to be loaded in 64 bit Firefox for testing.

	:Felipe Gomes (needinfo for replies!)
	Comment 2 • 6 years ago

This is because this is a runOnce policy that requires some modification to be applied again (for example changing the name).

I wonder if we should instead list the modules and re-add any that are missing, instead of runOnce

	Mike Kaply [:mkaply] Assignee
	Comment 3 • 6 years ago

> I wonder if we should instead list the modules and re-add any that are missing, instead of runOnce

I'm looking at that now. I'm checking if we can query the modules easily.

	Pulsebot
	Comment 5 • 6 years ago

Pushed by mozilla@kaply.com:
https://hg.mozilla.org/integration/autoland/rev/4e01769b6baf
Always add security devices at startup if they aren't there. r=Felipe

	Andrei Ciure[:aciure]
	Comment 6 • 6 years ago
bugherder

https://hg.mozilla.org/mozilla-central/rev/4e01769b6baf

	Emil Ghitta, QA [:emilghitta] Reporter
	Comment 7 • 6 years ago

This issue is verified fixed using Firefox 64.0a1(BuildId:20181014223729)on Windows 10 64bit and macOS 10.13.6

	Mike Kaply [:mkaply] Assignee
	Comment 8 • 6 years ago

Comment on attachment 9016707 [details]
Bug 1498223 - Always add security devices at startup if they aren't there.

[ESR Uplift Approval Request]

If this is not a sec:{high,crit} bug, please state case for ESR consideration: Followup to bug 1493249. Change for policy to match Firefox 64

User impact if declined: Policy not available

Fix Landed on Version: 64

Risk to taking this patch: Low

Why is the change risky/not risky? (and alternatives if risky): Policy only.

String or UUID changes made by this patch:

	Liz Henry (:lizzard) (relman/hg->git project)
	Comment 9 • 6 years ago

Comment on attachment 9016707 [details]
Bug 1498223 - Always add security devices at startup if they aren't there.

New enterprise policy, verified by QA, let's uplift for ESR60.

	Liz Henry (:lizzard) (relman/hg->git project)
	Comment 10 • 6 years ago

Mike, looks like this also still needs to land.

	Mike Kaply [:mkaply] Assignee
	Comment 11 • 6 years ago

https://hg.mozilla.org/releases/mozilla-esr60/rev/2f5803eed692c7ccad159e1c297da5dd7461419f

	Emil Ghitta, QA [:emilghitta] Reporter
	Comment 12 • 5 years ago

This is verified fixed using Firefox 60.3.1esr (provided in comment 11) on Windows 10 64bit and macOS 10.14