Add support for hidg devices on Linux #131
Conversation
|
Please, |
|
Cool, thanks! This is a really neat idea. Will try it out. Maybe we can add a script to build the dummy_hcd kernel module, and general setup on Debian/Ubuntu? |
|
PIN is not asked, also no user presense check.
|
|
It is on the browser / platform that interfaces with the authenticator to get the pin from the user |
|
Why no user presense check like YES input? |
|
That could be easily added. The use case for running on PC generally is for development and testing, not using it as a software authenticator. Probably worth opening new issues for:
|
It was said that Firefox does not support it. Will Firefox support PIN authentication? When if yes? |
|
I'm not sure, you should follow up on one of their forums |
|
Looks like no browser support FIDO2 (Edge only partially). Why? |
@nickray, I have reworked your patch into a single Makefile which can build, install and uninstall the HID gadget. Tested on Ubuntu 18.04 |
|
There is no kernel source archive on Arch Linux, but there is directory. |
|
dummy_hcd MAY be already available, there must be check. |
|
Running main as root is required, otherwise permission denied. |
|
@rgerganov we've discussed this PR internally. We'd like to put it on hold for the time being:
In both cases, it seems it will mostly generate support requests for us, while developing/testing the fido2 library works equally well via the UDP transport. Are you OK if we leave this PR open for the time being? In the future we may want to modularize the code base and build system a bit more, so that this could fit in as a "third party extension". |
|
@nickray OK, thanks for the update. I am working with Linux developers to get this fixed in the mainline kernel and eventually backport to stable. I will ping you when the fix is merged. |
|
The kernel bug is fixed in Linux 5.1-rc3 and the patch is being backported to the stable 4.x branches, so I thought you may consider this PR again. One interesting use case would be attaching the emulated HID device to a Windows virtual machine running on the Linux host. That will enable to run and debug the solo firmware against Windows services and browsers. Let me know what you think. |
How would one do that? |
See the |
|
Hi @rgerganov I am on ubuntu 18.04 with linux kernel 5.1 RC3
I applied the your patch and make all Solo and sudo ./main -b hidg
Can you suggest where should I look into in order to get it to work? |
Did you install the |
Aha, thanks. It works now. |
|
Cannot enter bootloader or DFU. Is it Solo Secure or Solo Hacker? I think Solo must be emulated as close to real as possible. |
|
@andy-dicki For bootloader and DFU, emulation, we would need a good emulation platform for STM32L4 chipset. QEMU would be a good option, but STM32L4 emulation isn't complete AFAIK. |
|
I'm planning to merge this as soon as it's in 4.x branches. What is a good way to track the backport? |
|
Any idea how to make Codacy happy when reading a file descriptor? |
There is a HID gadget driver on Linux which provides emulation of USB HID devices. This could be very useful for testing the Solo firmware without actual hardware, using only a Linux box. This patch adds a command line argument which specifies whether the existing UDP backing should be used or the new one which reads and writes to /dev/hidg0. Testing done: 1. Created HID device with configfs 2. Started "./main -b hidg" as root 3. Successfully executed Webauthn registration and authentication on the same Linux machine Closes: solokeys#122
The Makefile has targets for building, installing and uninstalling a HID gadget which acts as FIDO2 authenticator. Tested on Ubuntu 18.04 but should work on other distros as well. The only assumption being made is that kernel source is available at /usr/src/linux-source-$(KERNEL_VERSION).tar.bz2. A possible improvement would be to have a configure script which finds the correct kernel source archive.
There is a HID gadget driver on Linux which provides emulation of USB
HID devices. This could be very useful for testing the Solo firmware
without actual hardware, using only a Linux box.
This patch adds a command line argument which specifies whether the
existing UDP backing should be used or the new one which reads and
writes to /dev/hidg0.
Testing done:
the same Linux machine
Closes: #122