[systemd-devel] Supporting U2F over HID on Linux?
Tom Gundersen
teg at jklm.no
Sun Nov 2 12:47:20 PST 2014
Hi Andy,
On Sun, Nov 2, 2014 at 7:57 PM, Andy Lutomirski <luto at amacapital.net> wrote:
> I want to get U2F (universal second factor, sometimes called "security
> key" or even "gnubby") working on Linux. U2F tokens are HID devices
> that speak a custom protocol. The intent is that user code will speak
> to then using something like HIDAPI.
>
> The trick is that, for HIDAPI to work, something needs to recognize
> these devices and get udev to set appropriate device permissions.
>
> My question is: how should this be done? The official way to
> enumerate U2F devices is to look for a HID usage page 0xf1d0
> containing usage 0x1.
>
> Options include:
>
> - A builtin udev helper that reads the sysfs report_descriptor for
> hid or hidraw devices and sets attributes accordingly (either
> ID_SECURITY_TOKEN or something more general).
I don't think we should have such special-purpose logic in the udev core.
[...]
> - HID core code in the kernel to add
> HID_USAGES=f1d00001:lots:of:other:things to the uevent (or udev code
> to do the same). This might end up producing a rather long string or
> some devices.
This makes the most sense to me. We could put this logic (adapting the
patch you posted) in src/udev/udev-builtin-usb_id.c.
I'll comment on the patch separately.
Cheers,
Tom
More information about the systemd-devel
mailing list