Add support for Yubikey PGP and U2F features
Originally created by @sonicsnail on #11565 (Redmine)
The OpenPGP smartcard and FIDO U2F features of Yubikey hardware security keys don’t work in Linux unless you add special udev rules. Even if you add the rules, they aren’t persistent in Tails. This means it’s currently not practical to use Yubikeys’ OpenPGP smartcard and FIDO U2F features in Tails.
Yubico has already done the work of creating the udev rules and
instructions for installing
them:
https://github.com/Yubico/libu2f-host/blob/master/70-u2f.rules
https://www.yubico.com/faq/enable-u2f-linux/
2. Go to https://github.com/Yubico/libu2f-host/blob/master/70-u2f.rules and download or create a copy of the file named 70-u2f.rules into the Linux directory:
/etc/udev/rules.d/
3. Save your file, and then reboot your system.
The problem is that in Tails, the rules currently aren’t persistent. You
can’t reboot or you’ll lose the changes. You can run sudo udevadm control --reload-rules
after adding the rules file to make the changes
take effect, but it’s still a pain to have to do this every session. And
adding the rules requires setting an admin password, which users
shouldn’t always be doing. But if we can build the rules file into
Tails, Yubikeys should work automatically by default.
More info about this and a tutorial on putting PGP keys on a Yubikey with Tails: https://gist.github.com/ageis/5b095b50b9ae6b0aa9bf
Related issues
- Has duplicate #12168 (closed)