CVSROOT:        /cvs
Module name:    src
Changes by:     r...@cvs.openbsd.org    2019/12/17 06:08:56

Modified files:
        sys/dev/usb    : files.usb uhid.c 
        share/man/man4 : usb.4 
        sys/dev/hid    : hid.h 
        sys/sys        : conf.h 
        lib/libfido2   : Makefile 
        lib/libfido2/src: hid_openbsd.c 
        sys/arch/alpha/conf: GENERIC 
        sys/arch/alpha/alpha: conf.c 
        etc            : MAKEDEV.common 
        etc/etc.alpha  : MAKEDEV.md 
        sys/arch/amd64/conf: GENERIC 
        sys/arch/amd64/amd64: conf.c 
        etc/etc.amd64  : MAKEDEV.md 
        sys/arch/arm64/conf: GENERIC 
        sys/arch/arm64/arm64: conf.c 
        etc/etc.arm64  : MAKEDEV.md 
        sys/arch/arm/arm: conf.c 
        etc/etc.armv7  : MAKEDEV.md 
        sys/arch/armv7/conf: GENERIC 
        sys/arch/hppa/conf: GENERIC 
        sys/arch/hppa/hppa: conf.c 
        etc/etc.hppa   : MAKEDEV.md 
        sys/arch/i386/conf: GENERIC 
        sys/arch/i386/i386: conf.c 
        etc/etc.i386   : MAKEDEV.md 
        sys/arch/landisk/conf: GENERIC 
        sys/arch/landisk/landisk: conf.c 
        etc/etc.landisk: MAKEDEV.md 
        sys/arch/loongson/conf: GENERIC 
        sys/arch/loongson/loongson: conf.c 
        etc/etc.loongson: MAKEDEV.md 
        sys/arch/macppc/conf: GENERIC 
        sys/arch/macppc/macppc: conf.c 
        etc/etc.macppc : MAKEDEV.md 
        sys/arch/octeon/conf: GENERIC 
        sys/arch/octeon/octeon: conf.c 
        etc/etc.octeon : MAKEDEV.md 
        sys/arch/sgi/conf: GENERIC-IP27 GENERIC-IP30 GENERIC-IP32 
        sys/arch/sgi/sgi: conf.c 
        etc/etc.sgi    : MAKEDEV.md 
        sys/arch/sparc64/conf: GENERIC 
        sys/arch/sparc64/sparc64: conf.c 
        etc/etc.sparc64: MAKEDEV.md 
Added files:
        sys/dev/usb    : fido.c uhid.h 
        share/man/man4 : fido.4 

Log message:
Add fido(4), a HID driver for FIDO/U2F security keys

While FIDO/U2F keys were already supported by the generic uhid(4)
driver, this driver adds the first step to tighten the security of
FIDO/U2F access.  Specifically, users don't need read/write access to
all USB/HID devices anymore and the driver also improves integration
with pledge(2) and unveil(2): It is pledge-friendly because it doesn't
require any ioctls to discover the device and unveil-friendly because
it uses a single /dev/fido/* directory for its device nodes.

It also allows to support FIDO/U2F in firefox without further
weakening the "sandbox" of the browser.  Firefox does not have a
proper privsep design and many operations, such as U2F access, are
handled directly by the main process.  This means that the browser's
"fat" main process needs direct read/write access to all USB HID
devices, at least on other operating systems.  With fido(4) we can
support security keys in Firefox under OpenBSD without such a
compromise.

With this change, libfido2 stops using the ioctl to query the device
vendor/product and just assumes "OpenBSD" "fido(4)" instead.  The
ioctl is still supported but there was no benefit in obtaining the
vendor product or name; it also allows to use libfido2 under pledge.

With feedback from deraadt@ and many others
OK kettenis@ djm@ and jmc@ for the manpage bits

Reply via email to