Description

These are steps taken to help enable a SteamDeck for use in conferencing where a modern web browser, Zoom, and a Smart Card are required.

Setup user password

  • If no user level password has been set yet, configure one now. By default, there is no password
passwd

https://www.reddit.com/r/SteamDeck/comments/tdggrm/comment/i0kaskz/?utm_source=share&utm_medium=web2x&context=3

Switch Firefox to community maintained

  • Firefox as provided in SteamOS is locked down and limited on execution. For enabling use with Smart Card libraries, a version installed and managed at the OS level (outside of a jail or sandbox) is required.

Allow Read-Write filesystem

  • Set filesystem to read-write so packages can be installed
sudo steamos-readonly disable

https://www.reddit.com/r/SteamDeck/comments/t6w9at/how_to_get_rid_of_read_only_filesystem_folders/

Enable pacman

  • This allows us to install Arch Linux packages

https://www.reddit.com/r/SteamOS/comments/x6pcfd/comment/in8ckyr/?utm_source=share&utm_medium=web2x&context=3

sudo pacman-key --init
sudo pacman-key --populate archlinux

Switch Firefox providers

  1. In packages, uninstall the Firefox installation as provided as however it’s sandboxed doesn’t allow for use of modules from the OS.
  2. Install Firefox via pacman
pacman -Sy firefox

Trust Organization Certificates

  • The following steps provide how a smart card can be setup for use in an organization. Below DoD is used as an example as their certificate authorities are published publicly. Please replace any references and instructions of DoD certificates with what your organization uses.

Trust DoD Certificates

  • These steps assume using a CAC from the US DoD (Department of Defense) as their CAs are public examples of CAs that could be imported. These commands instruct your system to trust the certificates.
cd Downloads
curl -sLO https://dl.dod.cyber.mil/wp-content/uploads/pki-pke/zip/unclass-certificates_pkcs7_DoD.zip
unzip unclass-certificates_pkcs7_DoD.zip 
openssl pkcs7 -in certificates_pkcs7_v5_11_dod/certificates_pkcs7_v5_11_dod_pem.p7b -print_certs | awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "dod." c ".crt"}'
sudo cp ~/Downloads/*.crt /etc/ca-certificates/trust-source/anchors/
sudo update-ca-trust

Install tools

  • Install required tools to use a smart card
pacman -Sy ccid
pacman -Sy opensc

Enable CAC Reader

  • Follow the steps in this guide as normal. These instructions apply agnostically to PIV, CAC, and Smart Cards. PIV and CACs are types of Smart Cards.

https://wiki.archlinux.org/title/Common_Access_Card

Set Filesystem to Read-Only

  • Revert filesystem to Read-Only for our security posture
sudo steamos-readonly enable

Profit!

Open Firefox. With certificates installed and the module enabled, you should be able to use your organizations smart card on the steam deck!

Recommmended additional software

OBS and Zoom as provided by Software Manager