multi-personality devices on NetBSD especially Yubikey devices

To: tech-kern%NetBSD.org@localhost
Subject: multi-personality devices on NetBSD especially Yubikey devices
From: Sevan Janiyan <venture37%geeklan.co.uk@localhost>
Date: Mon, 23 Jul 2018 20:20:53 +0100

Hello,
There are a couple of ways of using a yubikey as a certificate source
for use with SSH. One is as a CCID device via PC/SC Lite and the other
is via GPG.
Going down the former approach, using PC/SC Lite to get setup from
scratch (ignoring keygen), install pcsc-lite (as the middleware) and
opensc (for the drivers). On NetBSD, as ukbd is attached to the yubikey,
pcscd is unable to communicate with the device requiring a kernel built
with device id hard-coded to attach to ugen.
This doesn't seem to be an issue on FreeBSD (install pcsc-lite & opensc
then off you go).
I was wondering what the difference is in our USB stacks where pcscd can
still communicate with the Yubikey without change?

I also stumbled across this old post which takes the approach of adding
a new knobs so you can re-attach a device as ugen on the fly but I can't
comment on the suitability.
https://nonakap.hatenablog.com/entry/2015/12/24/000700


Sevan

Prev by Date: Re: Adding a boot flag for No ASLR
Next by Date: Re: Adding a boot flag for No ASLR
Previous by Thread: Adding a boot flag for No ASLR
Next by Thread: hashtables
Indexes:

Home | Main Index | Thread Index | Old Index