Add u2f(4), a HID driver for FIDO/U2F security keys
AbandonedPublic
Actions

Authored by wulf on Aug 29 2023, 10:21 PM.

Details

Reviewers

grembo
andrew
manu

Summary

This driver is a stripped-down version of hidraw(4). It implements subset of commands required for FIDO/U2F keys only.

User-visible changes are:
It attaches to FIDO/U2F top level collection. So it can be automagically loaded with devd
It sets 660 root:u2f mode to device node. No need in special devd scripts
It emulates USB_GET_DEVICEINFO ioctl

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

wulf created this revision.Aug 29 2023, 10:21 PM

Herald added a reviewer: andrew. · View Herald TranscriptAug 29 2023, 10:21 PM

Herald added a reviewer: andrew. · View Herald Transcript

Herald added a reviewer: manu. · View Herald Transcript

Herald added subscribers: jhibbits, emaste, imp. · View Herald Transcript

wulf requested review of this revision.Aug 29 2023, 10:21 PM

lwhsu added a subscriber: lwhsu.Aug 30 2023, 3:36 AM

valdemar_erk.io added a subscriber: valdemar_erk.io.Nov 12 2023, 1:51 PM

I guess this review should be splitted in multiple ones.
There is the addition of u2f(4) yes but a lot of stuff is changed in the hid code too.

This revision now requires changes to proceed.Nov 24 2023, 9:31 AM

wulf mentioned this in D45659: Enable usbhid by default.Jun 21 2024, 4:17 PM

emaste added a parent revision: D50549: hid.h: Add U2F usage tables constants.May 27 2025, 6:06 PM

emaste added a parent revision: D50550: usb: Make ugen_fill_deviceinfo public.May 27 2025, 6:14 PM

Herald added subscribers: riscv, ziaee. · View Herald TranscriptMay 27 2025, 6:14 PM

emaste added inline comments.May 27 2025, 6:31 PM

share/man/man4/u2f.4
90
sys/amd64/conf/GENERIC
397	We need a more descriptive description -- both `HIDRAW_MAKE_UHID_ALIAS` and `U2F_MAKE_UHID_ALIAS` have the description `# install /dev/uhid alias` right now

wulf added a child revision: D51605: hid: Add HQ_NO_READAHEAD quirk and implement it in usbhid(4).Jul 28 2025, 9:29 PM

wulf added a child revision: D51606: hid: Allow serial execution of HID_INTR_START method..

wulf added a child revision: D51607: sys/conf.h: Add u2f group id to use in coming FIDO/U2F driver.

wulf added a child revision: D51611: NOTES: improve HIDRAW_MAKE_UHID_ALIAS description.Jul 28 2025, 9:36 PM

wulf added a child revision: D51612: u2f(4): a HID driver for FIDO/U2F security keys.Jul 28 2025, 9:38 PM

Are there some test plan to verify that this will not break both Yubikey and Nitrokey support ?

Like for instance, upgrading the firmware on Nitrokey will require having hidraw attaching to the device.
And of course is there a test plan for firefox and chromium derivative to see if that will still work without enabling new usbhid ?

Depending on which FIDO version we are talking about, does webauth test with both enabling and disabling new usbhid ?

trueos_norwegianrockcat.com added a subscriber: trueos_norwegianrockcat.com.Mon, Aug 11, 7:50 AM

Committed as 4a04e0a6