cutemeli/server
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2adfbd9ea73fc04955d459a3e37101263067ebdb
server/usr/share/doc/qemu-system-common/system/devices/usb-u2f.html
cutemeli 2adfbd9ea7 .gitignore angepasst
2026-01-07 20:52:11 +01:00

265 lines
16 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html class="writer-html5" lang="en" data-content_root="../../">
<head>
<meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Universal Second Factor (U2F) USB Key Device &mdash; QEMU Debian 1:8.2.2+ds-0ubuntu1.11 documentation</title>
<link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=fa44fd50" />
<link rel="stylesheet" type="text/css" href="../../_static/css/theme.css?v=86f27845" />
<link rel="stylesheet" type="text/css" href="../../_static/theme_overrides.css?v=08e6c168" />
<link rel="shortcut icon" href="../../_static/qemu_32x32.png"/>
<script src="../../_static/jquery.js?v=8dae8fb0"></script>
<script src="../../_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
<script src="../../_static/documentation_options.js?v=802af9f6"></script>
<script src="../../_static/doctools.js?v=888ff710"></script>
<script src="../../_static/sphinx_highlight.js?v=dc90522c"></script>
<script src="../../_static/custom.js?v=2ab9f71d"></script>
<script src="../../_static/js/theme.js"></script>
<link rel="index" title="Index" href="../../genindex.html" />
<link rel="search" title="Search" href="../../search.html" />
<link rel="next" title="igb" href="igb.html" />
<link rel="prev" title="CanoKey QEMU" href="canokey.html" />
</head>
<body class="wy-body-for-nav">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side">
<div class="wy-side-scroll">
<div class="wy-side-nav-search" style="background: #802400" >
<a href="../../index.html" class="icon icon-home">
QEMU
<img src="../../_static/qemu_128x128.png" class="logo" alt="Logo"/>
</a>
<div class="version">
8.2.2
</div>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="../../search.html" method="get">
<input type="text" name="q" placeholder="Search docs" aria-label="Search docs" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div><div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="Navigation menu">
<p class="caption" role="heading"><span class="caption-text">Contents:</span></p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../about/index.html">About QEMU</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="../index.html">System Emulation</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../introduction.html">Introduction</a></li>
<li class="toctree-l2"><a class="reference internal" href="../invocation.html">Invocation</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="../device-emulation.html">Device Emulation</a><ul class="current">
<li class="toctree-l3"><a class="reference internal" href="../device-emulation.html#common-terms">Common Terms</a></li>
<li class="toctree-l3 current"><a class="reference internal" href="../device-emulation.html#emulated-devices">Emulated Devices</a><ul class="current">
<li class="toctree-l4"><a class="reference internal" href="can.html">CAN Bus Emulation Support</a></li>
<li class="toctree-l4"><a class="reference internal" href="ccid.html">Chip Card Interface Device (CCID)</a></li>
<li class="toctree-l4"><a class="reference internal" href="cxl.html">Compute Express Link (CXL)</a></li>
<li class="toctree-l4"><a class="reference internal" href="ivshmem.html">Inter-VM Shared Memory device</a></li>
<li class="toctree-l4"><a class="reference internal" href="keyboard.html">Sparc32 keyboard</a></li>
<li class="toctree-l4"><a class="reference internal" href="net.html">Network emulation</a></li>
<li class="toctree-l4"><a class="reference internal" href="nvme.html">NVMe Emulation</a></li>
<li class="toctree-l4"><a class="reference internal" href="usb.html">USB emulation</a></li>
<li class="toctree-l4"><a class="reference internal" href="vhost-user.html">vhost-user back ends</a></li>
<li class="toctree-l4"><a class="reference internal" href="virtio-gpu.html">virtio-gpu</a></li>
<li class="toctree-l4"><a class="reference internal" href="virtio-pmem.html">virtio pmem</a></li>
<li class="toctree-l4"><a class="reference internal" href="virtio-snd.html">virtio sound</a></li>
<li class="toctree-l4"><a class="reference internal" href="vhost-user-rng.html">QEMU vhost-user-rng - RNG emulation</a></li>
<li class="toctree-l4"><a class="reference internal" href="canokey.html">CanoKey QEMU</a></li>
<li class="toctree-l4 current"><a class="current reference internal" href="#">Universal Second Factor (U2F) USB Key Device</a></li>
<li class="toctree-l4"><a class="reference internal" href="igb.html">igb</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../keys.html">Keys in the graphical frontends</a></li>
<li class="toctree-l2"><a class="reference internal" href="../mux-chardev.html">Keys in the character backend multiplexer</a></li>
<li class="toctree-l2"><a class="reference internal" href="../monitor.html">QEMU Monitor</a></li>
<li class="toctree-l2"><a class="reference internal" href="../images.html">Disk Images</a></li>
<li class="toctree-l2"><a class="reference internal" href="../virtio-net-failover.html">QEMU virtio-net standby (net_failover)</a></li>
<li class="toctree-l2"><a class="reference internal" href="../linuxboot.html">Direct Linux Boot</a></li>
<li class="toctree-l2"><a class="reference internal" href="../generic-loader.html">Generic Loader</a></li>
<li class="toctree-l2"><a class="reference internal" href="../guest-loader.html">Guest Loader</a></li>
<li class="toctree-l2"><a class="reference internal" href="../barrier.html">QEMU Barrier Client</a></li>
<li class="toctree-l2"><a class="reference internal" href="../vnc-security.html">VNC security</a></li>
<li class="toctree-l2"><a class="reference internal" href="../tls.html">TLS setup for network services</a></li>
<li class="toctree-l2"><a class="reference internal" href="../secrets.html">Providing secret data to QEMU</a></li>
<li class="toctree-l2"><a class="reference internal" href="../authz.html">Client authorization</a></li>
<li class="toctree-l2"><a class="reference internal" href="../gdb.html">GDB usage</a></li>
<li class="toctree-l2"><a class="reference internal" href="../replay.html">Record/replay</a></li>
<li class="toctree-l2"><a class="reference internal" href="../managed-startup.html">Managed start up options</a></li>
<li class="toctree-l2"><a class="reference internal" href="../bootindex.html">Managing device boot order with bootindex properties</a></li>
<li class="toctree-l2"><a class="reference internal" href="../cpu-hotplug.html">Virtual CPU hotplug</a></li>
<li class="toctree-l2"><a class="reference internal" href="../pr-manager.html">Persistent reservation managers</a></li>
<li class="toctree-l2"><a class="reference internal" href="../targets.html">QEMU System Emulator Targets</a></li>
<li class="toctree-l2"><a class="reference internal" href="../security.html">Security</a></li>
<li class="toctree-l2"><a class="reference internal" href="../multi-process.html">Multi-process QEMU</a></li>
<li class="toctree-l2"><a class="reference internal" href="../confidential-guest-support.html">Confidential Guest Support</a></li>
<li class="toctree-l2"><a class="reference internal" href="../vm-templating.html">QEMU VM templating</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../user/index.html">User Mode Emulation</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../tools/index.html">Tools</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../interop/index.html">System Emulation Management and Interoperability</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../specs/index.html">System Emulation Guest Hardware Specifications</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../devel/index.html">Developer Information</a></li>
</ul>
</div>
</div>
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"><nav class="wy-nav-top" aria-label="Mobile navigation menu" style="background: #802400" >
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="../../index.html">QEMU</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="Page navigation">
<ul class="wy-breadcrumbs">
<li><a href="../../index.html" class="icon icon-home" aria-label="Home"></a></li>
<li class="breadcrumb-item"><a href="../index.html">System Emulation</a></li>
<li class="breadcrumb-item"><a href="../device-emulation.html">Device Emulation</a></li>
<li class="breadcrumb-item active">Universal Second Factor (U2F) USB Key Device</li>
<li class="wy-breadcrumbs-aside">
<a href="https://gitlab.com/qemu-project/qemu/blob/master/docs/system/devices/usb-u2f.rst" class="fa fa-gitlab"> Edit on GitLab</a>
</li>
</ul>
<hr/>
</div>
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div itemprop="articleBody">
<section id="universal-second-factor-u2f-usb-key-device">
<h1>Universal Second Factor (U2F) USB Key Device<a class="headerlink" href="#universal-second-factor-u2f-usb-key-device" title="Link to this heading"></a></h1>
<p>U2F is an open authentication standard that enables relying parties
exposed to the internet to offer a strong second factor option for end
user authentication.</p>
<p>The second factor is provided by a device implementing the U2F
protocol. In case of a USB U2F security key, it is a USB HID device
that implements the U2F protocol.</p>
<p>QEMU supports both pass-through of a host U2F key device to a VM,
and software emulation of a U2F key.</p>
<section id="u2f-passthru">
<h2><code class="docutils literal notranslate"><span class="pre">u2f-passthru</span></code><a class="headerlink" href="#u2f-passthru" title="Link to this heading"></a></h2>
<p>The <code class="docutils literal notranslate"><span class="pre">u2f-passthru</span></code> device allows you to connect a real hardware
U2F key on your host to a guest VM. All requests made from the guest
are passed through to the physical security key connected to the
host machine and vice versa.</p>
<p>In addition, the dedicated pass-through allows you to share a single
U2F security key with several guest VMs, which is not possible with a
simple host device assignment pass-through.</p>
<p>You can specify the host U2F key to use with the <code class="docutils literal notranslate"><span class="pre">hidraw</span></code>
option, which takes the host path to a Linux <code class="docutils literal notranslate"><span class="pre">/dev/hidrawN</span></code> device:</p>
<pre class="literal-block">qemu-system-x86_64 -usb -device u2f-passthru,hidraw=/dev/hidraw0</pre>
<p>If you dont specify the device, the <code class="docutils literal notranslate"><span class="pre">u2f-passthru</span></code> device will
autoscan to take the first U2F device it finds on the host (this
requires a working libudev):</p>
<pre class="literal-block">qemu-system-x86_64 -usb -device u2f-passthru</pre>
</section>
<section id="u2f-emulated">
<h2><code class="docutils literal notranslate"><span class="pre">u2f-emulated</span></code><a class="headerlink" href="#u2f-emulated" title="Link to this heading"></a></h2>
<p><code class="docutils literal notranslate"><span class="pre">u2f-emulated</span></code> is a completely software emulated U2F device.
It uses <a class="reference external" href="https://github.com/MattGorko/libu2f-emu">libu2f-emu</a>
for the U2F key emulation. libu2f-emu
provides a complete implementation of the U2F protocol device part for
all specified transports given by the FIDO Alliance.</p>
<p>To work, an emulated U2F device must have four elements:</p>
<blockquote>
<div><ul class="simple">
<li><p>ec x509 certificate</p></li>
<li><p>ec private key</p></li>
<li><p>counter (four bytes value)</p></li>
<li><p>48 bytes of entropy (random bits)</p></li>
</ul>
</div></blockquote>
<p>To use this type of device, these have to be configured, and these
four elements must be passed one way or another.</p>
<p>Assuming that you have a working libu2f-emu installed on the host,
there are three possible ways to configure the <code class="docutils literal notranslate"><span class="pre">u2f-emulated</span></code> device:</p>
<blockquote>
<div><ul class="simple">
<li><p>ephemeral</p></li>
<li><p>setup directory</p></li>
<li><p>manual</p></li>
</ul>
</div></blockquote>
<p>Ephemeral is the simplest way to configure; it lets the device generate
all the elements it needs for a single use of the lifetime of the device.
It is the default if you do not pass any other options to the device.</p>
<pre class="literal-block">qemu-system-x86_64 -usb -device u2f-emulated</pre>
<p>You can pass the device the path of a setup directory on the host
using the <code class="docutils literal notranslate"><span class="pre">dir</span></code> option; the directory must contain these four files:</p>
<blockquote>
<div><ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">certificate.pem</span></code>: ec x509 certificate</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">private-key.pem</span></code>: ec private key</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">counter</span></code>: counter value</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">entropy</span></code>: 48 bytes of entropy</p></li>
</ul>
</div></blockquote>
<pre class="literal-block">qemu-system-x86_64 -usb -device u2f-emulated,dir=$dir</pre>
<p>You can also manually pass the device the paths to each of these files,
if you dont want them all to be in the same directory, using the options</p>
<blockquote>
<div><ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">cert</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">priv</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">counter</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">entropy</span></code></p></li>
</ul>
</div></blockquote>
<pre class="literal-block">qemu-system-x86_64 -usb -device u2f-emulated,cert=$DIR1/$FILE1,priv=$DIR2/$FILE2,counter=$DIR3/$FILE3,entropy=$DIR4/$FILE4</pre>
</section>
</section>
</div>
</div>
<footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer">
<a href="canokey.html" class="btn btn-neutral float-left" title="CanoKey QEMU" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
<a href="igb.html" class="btn btn-neutral float-right" title="igb" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
</div>
<hr/>
<div role="contentinfo">
<p>&#169; Copyright 2025, The QEMU Project Developers.</p>
</div>
Built with <a href="https://www.sphinx-doc.org/">Sphinx</a> using a
<a href="https://github.com/readthedocs/sphinx_rtd_theme">theme</a>
provided by <a href="https://readthedocs.org">Read the Docs</a>.
<!-- Empty para to force a blank line after "Built with Sphinx ..." -->
<p></p>
<p>This documentation is for QEMU version 8.2.2.</p>
<p><a href="../../about/license.html">QEMU and this manual are released under the
GNU General Public License, version 2.</a></p>
</footer>
</div>
</div>
</section>
</div>
<script>
jQuery(function () {
SphinxRtdTheme.Navigation.enable(true);
});
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink