![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / share / man / man4
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.4 / (download) - annotate - [select for diffs], Fri Aug 21 19:02:46 2020 UTC (3 years, 9 months ago) by mglocker
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
HEAD
Changes since 1.3: +3 -2 lines
Diff to previous 1.3 (colored)
fido(4) and umstc(4) also attach to uhidev(4).
Revision 1.3 / (download) - annotate - [select for diffs], Thu Jul 23 05:59:21 2020 UTC (3 years, 10 months ago) by tb
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)
Grammar fix: accept -> accepts. ok jmc
Revision 1.2 / (download) - annotate - [select for diffs], Tue Dec 17 18:14:32 2019 UTC (4 years, 5 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.1: +3 -3 lines
Diff to previous 1.1 (colored)
sync usb.4 entry with Nd: in this case, i think the usb.4 entry read better;
Revision 1.1 / (download) - annotate - [select for diffs], Tue Dec 17 13:08:54 2019 UTC (4 years, 5 months ago) by reyk
Branch: MAIN
Add fido(4), a HID driver for FIDO/U2F security keys While FIDO/U2F keys were already supported by the generic uhid(4) driver, this driver adds the first step to tighten the security of FIDO/U2F access. Specifically, users don't need read/write access to all USB/HID devices anymore and the driver also improves integration with pledge(2) and unveil(2): It is pledge-friendly because it doesn't require any ioctls to discover the device and unveil-friendly because it uses a single /dev/fido/* directory for its device nodes. It also allows to support FIDO/U2F in firefox without further weakening the "sandbox" of the browser. Firefox does not have a proper privsep design and many operations, such as U2F access, are handled directly by the main process. This means that the browser's "fat" main process needs direct read/write access to all USB HID devices, at least on other operating systems. With fido(4) we can support security keys in Firefox under OpenBSD without such a compromise. With this change, libfido2 stops using the ioctl to query the device vendor/product and just assumes "OpenBSD" "fido(4)" instead. The ioctl is still supported but there was no benefit in obtaining the vendor product or name; it also allows to use libfido2 under pledge. With feedback from deraadt@ and many others OK kettenis@ djm@ and jmc@ for the manpage bits