[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 00/13] Introduce USB U2F key device

From: Gerd Hoffmann
Subject: Re: [PATCH 00/13] Introduce USB U2F key device
Date: Wed, 19 Aug 2020 07:46:25 +0200

On Wed, Aug 12, 2020 at 11:41:22AM +0200, César Belley wrote:
> This patch series adds the U2F dedicated support to Qemu through a USB
> U2F key device that can operate in two modes: pass-through and emulated.
> This work is also part of the GSoC program of this year and follows the
> proposal I made for the 'Virtual FIDO2/U2F security key' subject,
> suggested and mentored by by Gerd Hoffmann.
> U2F is an open authentication standard. It enables relying parties
> exposed to the internet to offer a strong second factor option for end
> user authentication.
> The standard brings many advantages to both parties, client and server,
> allowing to reduce over-reliance on passwords, it increases
> authentication security and simplifies passwords.
> The second factor is materialized by a device implementing the U2F
> protocol. In case of a USB U2F security key, it is a USB HID device
> that implements the U2F protocol.
> The USB U2F key device given in this patch series allows to add guest
> U2F security keys via two possible modes: pass-through and emulated.
> The pass-through mode consists of passing all requests made from the
> guest to the physical security key connected to the host machine and
> vice versa. In addition, the dedicated pass-through allows to have a
> U2F security key shared on several guests which is not possible with
> a simple host device assignment pass-through.
> The emulated mode consists of completely emulating the behavior of an
> U2F device through software part. Libu2f-emu is used for that.

Reviewed & tested.  Nice job.
Queued up for merge, pull req goes out in a moment.

Note there is a pending patch series converting the qemu build system
to meson which very likely conflicts with the Makefile changes.  So
there is a chance that the series needs a rebase because of that.

take care,

reply via email to

[Prev in Thread] Current Thread [Next in Thread]