If the call to apdu_send_direct in cmd_apdu (scd/commands.rs) fails, the return code is logged using gpg_strerror. But apdu_send_direct returns an ISO-7816 status code, not a GnuPG error code, so a misleading error message is shown in the logs. Instead, apdu_strerror should be used to log the error.
For example, a “Host busy” (0x10007) APDU error is mapped to GnuPG error code 7 and leads to this log entry:
2023-04-19 14:23:34 scdaemon[578] apdu_send_direct failed: Bad secret key
We found this issue with GnuPG 2.2.12 but as far as I see, it is still present in newer versions.