Make Tails work with U2F Security Keys
Torbrowser 9 can use U2F Security Keys as a second factor.
I think it would be great if it was possible to use U2F Security Keys (like a Yubikey) on Tails. I have managed to use a Yubikey as a second factor on Tails to login to Gitlab, but there was some manual work involved:
first one has to install
libu2f-udev, it would be great if that package could be installed by default. Its 24.6 kB on disk. When using the additional software feature to install it, one would have to reload the udev rules as root to make the devices work.
the torbrowser apparmor rules deny access to the devices. I had to add the following permissions to make the yubikey work:
#u2f /sys/class/ r, /sys/class/hidraw/ r, /sys/devices/** r, /run/udev/data/* r, /sys/bus/ r, /dev/hidraw* rw,
But thats the first time I touched apparmor, so I’m sure there is potential for refinement (especially the write to /dev/hidraw makes me nervous).
(I can also create a bug against the
torbrowser-launcherpackage or create a merge request on salsa if the discussion regarding the apparmor rules should be moved there).
Feature Branch: feature/17153-u2f