$ git log --pretty=format:'%h %s (%cs)%d'
39c2213 Version 0.1.0 (2019-03-21)
(HEAD -> master, tag: v0.1.0)
fe0a35d Add README (2019-03-21)
578e5b1 Clean up debugging prints (2019-03-21)
df6b6da tpm: Create the NV index counter if it doesn't exist (2019-03-21)
eafc5e6 tpm: correctly check for and use a NV index for the authenticate counter (2019-03-21)
ca4cd20 hidgd: add correct AUTHENTICATE response (2019-03-21)
28376e1 hidgd: use default volatile TPM parent (2019-03-20)
03bec55 crypto: make certificate key an openssl one and split out crypto processing (2019-03-20)
c9416a2 hidgd: allow parent to be specified as an option (2019-03-19)
fb684ed hidgd: add TPM functions to give correct registration (2019-03-19)
...
$ git cat-file blob HEAD:README
Using the CTAP hid gadget
=========================
After compiling the programmes, the fido binary is used to write the
binary report descriptor to the necessary place in configfs.
The script fido_configfs.sh can be used to set up both ends of the
gadget. To be used, the /dev/hidrawX end of the gadget *must* be
accessible by ordinary users meaning you either give the gadget an ID
matching the one udev will append the uaccess tag, which gives a
current user ACL. Alternatively you can simply chmod 666 the new
hidrawX device.
Ideally, you should also run the hidgd as non-root, so you'll have to
change the permissions on /dev/hidgX to allow that to happen. Once
the permissions are sorted out, you need to create an attestation
certificate and key. In theory FIDO relying entities use the
attestation certificate to verify the authenticity of the token, but
in practice a self signed certificate works. The certificate must
represent the public part of a NIST P-256 elliptic curve key becuase
the standard requires it.
To create the key do
openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -pkeyopt ec_param_enc:named_curve -out reg_key.key
After which you can create the self signed certificate as
openssl req -new -x509 -subj '/CN=My Fido Token/' -key reg_key.key -out reg_key.der -outform DER
And finally run hidgd as
hidgd /dev/hidg0 reg_key.der reg_key.key
And it should respond to the firefox browser using U2F sites.
# heads (aka `branches'):
$ git for-each-ref --sort=-creatordate refs/heads \
--format='%(HEAD) %(refname:short) %(subject) (%(creatordate:short))'
* master Version 0.1.0 (2019-03-21)
# tags:
$ git for-each-ref --sort=-creatordate refs/tags \
--format='%(refname:short) %(subject) (%(creatordate:short))'
v0.1.0 Version: 0.1.0 (2019-03-21) tar.gz
# associated public inboxes:
# (number on the left is used for dev purposes)
1 lkml
1 linux-samsung-soc
1 linux-fscrypt
1 linux-wireless
1 linux-mtd
1 cocci
1 linux-block
1 linux-riscv
1 linux-nvme
1 linux-xfs
1 live-patching
1 bpf
1 linux-nfs
1 qemu-devel
1 linux-mediatek
1 linux-crypto
1 linux-efi
1 linux-acpi
1 netfilter-devel
1 linux-integrity
1 linux-fsdevel
1 linux-edac
1 linux-cifs
1 linux-devicetree
1 linux-arm-msm
1 linux-amlogic
1 linux-erofs
1 linux-mm
1 linux-nvdimm
1 linux-iommu
1 netdev
1 linux-media
1 xen-devel
1 stable
1 linux-snps-arc
1 linux-mips
1 fstests
1 linux-pm
1 linux-hwmon
1 linux-rtc
1 linux-input
1 alsa-devel
1 linux-scsi
1 linux-btrfs
1 linux-arm-kernel
1 kvmarm
1 driverdev-devel
1 linux-usb
1 linux-renesas-soc
1 linux-kselftest
1 selinux
1 kernel-hardening
1 linux-clk
1 linux-iio
1 linux-gpio
1 dmaengine
1 linux-rdma
1 linux-next
1 linux-parisc
1 linux-ext4
1 dpdk-dev
1 linux-leds
1 linux-security-module
1 linux-pci
1 linux-f2fs-devel
1 linuxppc-dev
1 kvm
1 linux-modules
1 kernelnewbies
1 linux-rt-users
1 linux-bluetooth
1 linux-sgx
1 linux-ide
1 linux-serial
1 linux-watchdog
1 linux-trace-devel
1 linux-hyperv
1 workflows
1 rcu
1 linux-m68k
1 linux-i3c
1 util-linux
1 linux-spdx
1 linux-wpan
1 ksummit-discuss
1 wireguard
1 backports
1 io-uring
1 linux-kernel-mentees
1 linux-doc
1 git
1 linux-csky
1 linux-man
1 linux-mmc
1 amd-gfx
1 dri-devel
1 intel-gfx
1 tpmdd-devel
1 linux-unionfs
1 linux-firmware
1 linux-api
1 cip-dev
1 linux-omap
1 linux-audit
1 linux-spi
1 linux-i2c
1 linux-remoteproc
1 linux-dash
1 linux-bcache
1 linux-sparse
1 mm-commits
1 linux-pwm
1 linux-tegra
1 lttng-dev
1 virtualization
1 linux-kbuild
1 linux-fpga
1 ceph-devel
1 linux-arch
1 linux-can
1 containers
1 linux-rockchip
1 linux-raid
1 xdp-newbies
1 platform-driver-x86
1 phone-devel
1 openbmc
1 linux-hardening
1 dash
1 dm-devel
1 keyrings
1 linux-fbdev
1 linux-sctp
1 linux-cxl
1 linux-perf-users
1 target-devel
1 lustre-devel
1 linux-sh
1 soc
1 ocfs2-devel
1 rust-for-linux
1 ath10k
1 ath11k
1 nouveau
1 linux-phy
1 linux-s390
1 kernel-janitors
1 sparclinux
1 linux-staging
1 linux-sunxi
1 mptcp
1 linux-coco
1 regressions
1 ksummit
1 b43-dev
1 nvdimm
1 linux-nfc
1 u-boot
1 linux-bcachefs
1 ath9k-devel
1 buildroot
1 ntfs3
1 llvm
1 fio
1 iwd
1 ell
1 ofono
1 ltp
1 yocto
1 yocto-meta-freescale
1 openembedded-core
1 yocto-toaster
1 yocto-meta-arm
1 yocto-docs
1 openembedded-devel
1 bitbake-devel
1 linux-patches
1 yocto-meta-virtualization
1 chrome-platform
1 ntb
1 yocto-meta-ti
1 yocto-meta-arago
1 outreachy
1 xenomai
1 damon
1 asahi
1 openrisc
1 intel-wired-lan
1 kexec
1 loongarch
1 imx
1 ath12k
1 b4-sent
1 linux-trace-kernel
1 oe-linux-nfc
1 oe-kbuild-all
1 oe-chipsec
1 batman
1 intel-xe
1 linux-um
1 virtio-dev
1 virtio-comment
1 v9fs
1 ecryptfs
1 poky
1 qemu-riscv
1 linux-ia64
1 cluster-devel
1 grub-devel
1 kbd
1 autofs
1 cpufreq
1 dccp
1 cgroups
1 devicetree-spec
1 devicetree-compiler
1 initramfs
1 kvm-ppc
1 hail-devel
1 kvm-ia64
1 linux-8086
1 kernel-testers
1 linux-alpha
1 linux-btrace
1 linux-embedded
1 linux-hams
1 linux-hexagon
1 linux-hotplug
1 linux-laptop
1 linux-sound
1 trinity
1 reiserfs-devel
1 linux-metag
1 linux-x25
1 linux-nilfs
1 lvs-devel
1 netfilter
1 linux-oxnas
1 u-boot-amlogic
1 lm-sensors
1 lvm-devel
1 acpica-devel
1 perfbook
1 virtio-fs
1 smatch
1 ../../../../../../../fuego
1 ../../../../../../../wireless-regdb
1 ../../../../../../../igt-dev
1 ../../../../../../../powertop
git clone https://yhbt.net/lore/pub/scm/linux/kernel/git/jejb/fido2-ctap-gadget.git