Hi On Sun, Nov 2, 2014 at 7:57 PM, Andy Lutomirski <l...@amacapital.net> wrote: > I want to get U2F (universal second factor, sometimes called "security > key" or even "gnubby") working on Linux. U2F tokens are HID devices > that speak a custom protocol. The intent is that user code will speak > to then using something like HIDAPI. > > The trick is that, for HIDAPI to work, something needs to recognize > these devices and get udev to set appropriate device permissions.
[snip] > - An actual kernel driver for U2F devices using the hid group > mechanism for enumeration. This seems overcomplicated. Imho, this is the way to go. Create a proper char-dev for U2F, create an API and make it work. We had this discussion earlier about vendor-extensions that should be writable via hidraw from user-space. This turned out to be really messy.. and was discussed for several weeks straight. hidraw just wasn't designed as unprivileged user-space API. For instance, what happens if a device provides U2F plus something else? Both will be on the same hidraw device. We could split hidraw per usage, but I don't see how that is superior to a proper U2F API. And once one usage can affect a device as a whole (like power-off), you're screwed. Just look at the libusb mess where some devices are handled in the kernel and some in user-space (eg., see Gnome cheese, media devices, ...). I don't think we should repeat that with HID. Thanks David _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
