On Mon, Oct 27, 2014 at 4:32 PM, Greg KH <gre...@linuxfoundation.org> wrote: > On Mon, Oct 27, 2014 at 04:12:30PM -0700, Andy Lutomirski wrote: >> Hi- >> >> I'd like to write a generic udev rule for U2F security tokens and to >> possibly get it integrated into systemd / udev, but I'm not sure how >> to write it in the first place. >> >> U2F tokens are USB HID devices that have a usage page 0xF1D0 that >> contains usage 0x01. The rule should match any hidraw device with >> that property. Can this be done without a user helper? Is there an >> existing helper in which it would make sense to add such a check? >> >> Here's the draft USB forum allocation: >> >> http://www.usb.org/developers/hidpage/HUTRR48.pdf >> >> Here's the draft spec from the FIDO Alliance: >> >> https://fidoalliance.org/specs/fido-u2f-HID-protocol-v1.0-rd-20141008.pdf >> >> In practice, I expect little change between the draft and final specs, >> since these devices are already for sale and Chromium supports them. > > I don't understand, what would a udev rule do with these devices? > Shouldn't they be exported automatically using the hid "raw" interface > so that userspace can talk to them? What else needs to be done?
Wow, I clearly failed to transfer my thoughts into email... I want to set ID_SECURITY_TOKEN=1 or, more generally, cause the uaccess tag to be set so that users have permission to use the token. This rule works in Fedora for the existing tokens by Yubico: KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120", ENV{ID_SECURITY_TOKEN}="1" but it won't work for other brands of U2F token. --Andy _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel