[snap] HyperFIDO Pro U2F security key doesn't work with chromium
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snapd |
Fix Released
|
Undecided
|
Olivier Tilloy | ||
chromium-browser (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
HyperFIDO Pro U2F security key doesn't work with Chromium snap, but works with native Chromium.
Tried on Ubuntu 20.10 x64 with Chromium Version 89.0.4389.90 (Official Build) snap (64-bit).
Snap permission "u2f-devices" is allowed. Also tried with "raw-usb".
Steps to reproduce.
1) Insert HyperFIDO Pro U2F security key in USB port.
2) Launch Chromium snap.
3) Go to Settings -> Privacy and security -> Security -> Manage security keys -> Sign-in data
4) Dialog "Security key sign-in data. To continue, insert and touch your security key" appears.
Expected: After touching security key, or unplugging it and plugging it back in, the dialog will disappear and Chromium will show the interface for sign-in data on the key.
Observed: The dialog does not disappear until one clicks the "Cancel" button (which, of course, does not lead to the interface for sign-in data). Log data fom journalctl and dmesg is listed below.
Other notes: The U2F key cannot be used for website authentication either. However, if Chromium is ran natively (rather than via snap), it has no problem communicating with the key. Also, the key can be used by Firefox (native). Thus, the problem does not appear to be with the security key itself.
journalctl:
Mar 15 23:11:03 rnr systemd[1507]: app-chromium_
Mar 15 23:11:11 rnr audit[79885]: AVC apparmor="DENIED" operation="open" profile=
Mar 15 23:11:11 rnr kernel: [drm] Failed to add display topology, DTM TA is not initialized.
Mar 15 23:11:11 rnr kernel: audit: type=1400 audit(161586427
Mar 15 23:13:01 rnr audit[79885]: AVC apparmor="DENIED" operation="open" profile=
Mar 15 23:13:01 rnr kernel: audit: type=1400 audit(161586438
dmesg:
[50172.135959] audit: type=1400 audit(161586427
[50281.798647] audit: type=1400 audit(161586438
Changed in snapd: | |
status: | New → In Progress |
assignee: | nobody → Olivier Tilloy (osomon) |
Changed in snapd: | |
status: | In Progress → Fix Released |
milestone: | none → 2.51 |
With your key plugged, can you share the corresponding line of the output of `lsusb` ?
According to https:/ /www.hyllusd. de/blog/ 06/11/2020/ hypersecu- hyperfido- pro-mini- security- key-mit- debian- buster- nutzen/, for the HyperFIDO Pro this should be "2ccf:0854", and if this is correct, the product ID needs to be added to https:/ /github. com/snapcore/ snapd/blob/ master/ interfaces/ builtin/ u2f_devices. go.