[u2f-passthru]: pamu2fcfg command will stuck forever in Guest OS of Qemu
Prerequisite
Yubikey 5 hardware dependency https://www.yubico.com/products/yubikey-5-overview/
Host environment
-
Operating system: Ubuntu
-
OS/kernel version: 22.04.4 LTS / 6.5.0-1019-oem
-
Architecture: x86_64
-
QEMU flavor: qemu-system-x86_64
-
QEMU version: QEMU emulator version 6.2.0
-
QEMU Commit: https://github.com/qemu/qemu/commit/a12214d1c4204d2f51d8724993b8dfcf50dd7d94
-
QEMU command line:
./qemu-system-x86_64 -m 2048 -cpu host -vga virtio -smp 2 -enable-kvm -drive file=/var/lib/libvirt/images/ubuntu22.04.qcow2 \ -net user -net nic -usb -device u2f-passthru,hidraw=/dev/hidraw2
Emulated/Virtualized environment
- Operating system: Ubuntu
- OS/kernel version: 22.04.4 LTS / 6.5.0-1019-oem
- Architecture: x86_64
Description of problem
To use FIDO2 user verification we need to run pamu2fcfg command which will stuck forever in Guest OS of Qemu
Passing -usb -device u2f-passthru,hidraw=/dev/hidraw2 for U2F-Passthrough
Steps to reproduce
- Make you have have plugged Yubikey.
- In Guest shell install package using following command
sudo apt-get install pamu2fcfg - Run $
pamu2fcfgcommand will stuck forever.
Note: If I run pamu2fcfg in my Ubuntu Host environment it works fine.
Additional information
lsusb output:
$lusb
Bus 001 Device 002: ID 46f4:0005 QEMU U2F USB key
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Debug Details:
When pamu2fcfg was launched following will be the call flow.
u2f_key_recv_from_guest → recv_from_guest → u2f_passthru_recv_from_guest → u2f_passthru_read → u2f_passthru_recv_from_host → u2f_transaction_get_from_nonce → u2f_send_to_guest → u2f_pending_in_add → main_loop_wait (stuck here)
From above call flow looks like guest is waiting for key.
Even I have tried enabling U2F support flag in Qemu while building but that one was not helping either.
References:
https://github.com/Yubico/pam-u2f/tree/main
https://www.qemu.org/docs/master/system/devices/usb-u2f.html