Sunday, October 8, 2017

Enable FIDO U2F on Linux

By default, only root can access the FIDO U2F device on Linux.  To change this:


  • Insert the U2F device.  Note the device number and execute the following command to print out the info. e.g.
sudo udevadm info -a /dev/usb/hiddev1

  • Take note of the attributes. e.g. for my HyperFIDO device:

......
ATTRS{idProduct}=="0880"
ATTRS{idVendor}=="096e"
ATTRS{ltm_capable}=="no"
ATTRS{manufacturer}=="HS"
ATTRS{maxchild}=="0"
ATTRS{product}=="HyperFIDO Token"
......


  • Create a new rule file under /etc/udev/rules.d and grant permission to all users. e.g. create a file named "10-fido-key.rules" and add the followings:
SUBSYSTEMS=="usb", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0880", TAG+="uaccess"

  • Re-insert the U2F device.

No comments: