Hi

On Sun, Nov 2, 2014 at 7:57 PM, Andy Lutomirski [off-list ref] wrote:

I want to get U2F (universal second factor, sometimes called "security
key" or even "gnubby") working on Linux.  U2F tokens are HID devices
that speak a custom protocol.  The intent is that user code will speak
to then using something like HIDAPI.

The trick is that, for HIDAPI to work, something needs to recognize
these devices and get udev to set appropriate device permissions.

[snip]

 - An actual kernel driver for U2F devices using the hid group
mechanism for enumeration.  This seems overcomplicated.

Imho, this is the way to go. Create a proper char-dev for U2F, create
an API and make it work.

We had this discussion earlier about vendor-extensions that should be
writable via hidraw from user-space. This turned out to be really
messy.. and was discussed for several weeks straight. hidraw just
wasn't designed as unprivileged user-space API. For instance, what
happens if a device provides U2F plus something else? Both will be on
the same hidraw device.
We could split hidraw per usage, but I don't see how that is superior
to a proper U2F API. And once one usage can affect a device as a whole
(like power-off), you're screwed.

Just look at the libusb mess where some devices are handled in the
kernel and some in user-space (eg., see Gnome cheese, media devices,
...). I don't think we should repeat that with HID.

Thanks
David
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel