On Wed, Aug 12, 2020 at 11:41:22AM +0200, César Belley wrote:
> This patch series adds the U2F dedicated support to Qemu through a USB
> U2F key device that can operate in two modes: pass-through and emulated.
>
> This work is also part of the GSoC program of this year and follows the
> proposal I made for the 'Virtual FIDO2/U2F security key' subject,
> suggested and mentored by by Gerd Hoffmann.
>
> U2F is an open authentication standard. It enables relying parties
> exposed to the internet to offer a strong second factor option for end
> user authentication.
>
> The standard brings many advantages to both parties, client and server,
> allowing to reduce over-reliance on passwords, it increases
> authentication security and simplifies passwords.
>
> The second factor is materialized by a device implementing the U2F
> protocol. In case of a USB U2F security key, it is a USB HID device
> that implements the U2F protocol.
>
> The USB U2F key device given in this patch series allows to add guest
> U2F security keys via two possible modes: pass-through and emulated.
>
> The pass-through mode consists of passing all requests made from the
> guest to the physical security key connected to the host machine and
> vice versa. In addition, the dedicated pass-through allows to have a
> U2F security key shared on several guests which is not possible with
> a simple host device assignment pass-through.
>
> The emulated mode consists of completely emulating the behavior of an
> U2F device through software part. Libu2f-emu is used for that.
Reviewed & tested. Nice job.
Queued up for merge, pull req goes out in a moment.
Note there is a pending patch series converting the qemu build system
to meson which very likely conflicts with the Makefile changes. So
there is a chance that the series needs a rebase because of that.
take care,
Gerd