[Bug]: Broadcom Corp 58200 picked up by go-piv as "yubikey" KMS

[tashian]

Steps to Reproduce

• Buy a device with a Broadcom Corp 58200 fingerprint sensor.
• Insert a YubiKey
• Follow the instructions in https://smallstep.com/blog/build-a-tiny-ca-with-raspberry-pi-yubikey/

Your Environment

• OS - Ubuntu 20.04
• step-ca Version - 0.28.1 HSM

In ca.json:

        "key": "yubikey:slot-id=9c",
        "kms": {
            "type": "yubikey",
            "pin": "123456"
        },

Expected Behavior

The server should start up.

Actual Behavior

$ sudo -u step step-ca /etc/step-ca/config/ca.json
badger 2024/12/09 22:34:45 INFO: All 1 tables opened in 0s 
badger 2024/12/09 22:34:45 INFO: Replaying file id: 0 at offset: 2974 
badger 2024/12/09 22:34:45 INFO: Replay took: 256.085µs 
error opening yubikey: connecting to smart card: the operation requires a Smart Card, but no Smart Card is currently in the device

Additional Context

step-ca attempts to use the Broadcom device because it is the first Smart Card and it presumably has PIV support.

A workaround is to provide the YubiKey's serial number in the URI:

        "kms": {
            "type": "yubikey",
            "pin": "123456",
            "uri": "yubikey:serial=XXXXXXXXX"
        },

The error comes from here:
https://github.com/smallstep/crypto/blob/master/kms/yubikey/yubikey.go#L160

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

[tashian]

Added docs in smallstep/docs#365