Page MenuHomeFreeBSD

Add u2f(4), a HID driver for FIDO/U2F security keys
AbandonedPublic

Authored by wulf on Aug 29 2023, 10:21 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Oct 1, 10:36 AM
Unknown Object (File)
Wed, Oct 1, 9:37 AM
Unknown Object (File)
Mon, Sep 29, 11:16 PM
Unknown Object (File)
Sat, Sep 20, 10:47 PM
Unknown Object (File)
Sep 13 2025, 9:21 AM
Unknown Object (File)
Sep 13 2025, 2:58 AM
Unknown Object (File)
Sep 12 2025, 10:41 PM
Unknown Object (File)
Sep 8 2025, 2:37 PM

Details

Summary

This driver is a stripped-down version of hidraw(4). It implements subset of commands required for FIDO/U2F keys only.

User-visible changes are:
It attaches to FIDO/U2F top level collection. So it can be automagically loaded with devd
It sets 660 root:u2f mode to device node. No need in special devd scripts
It emulates USB_GET_DEVICEINFO ioctl

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

wulf requested review of this revision.Aug 29 2023, 10:21 PM
manu requested changes to this revision.Nov 24 2023, 9:31 AM

I guess this review should be splitted in multiple ones.
There is the addition of u2f(4) yes but a lot of stuff is changed in the hid code too.

This revision now requires changes to proceed.Nov 24 2023, 9:31 AM
share/man/man4/u2f.4
90
sys/amd64/conf/GENERIC
397

We need a more descriptive description -- both HIDRAW_MAKE_UHID_ALIAS and U2F_MAKE_UHID_ALIAS have the description # install /dev/uhid alias right now

Are there some test plan to verify that this will not break both Yubikey and Nitrokey support ?

Like for instance, upgrading the firmware on Nitrokey will require having hidraw attaching to the device.
And of course is there a test plan for firefox and chromium derivative to see if that will still work without enabling new usbhid ?

Depending on which FIDO version we are talking about, does webauth test with both enabling and disabling new usbhid ?