-
Notifications
You must be signed in to change notification settings - Fork 834
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please enable CONFIG_HIDRAW & CONFIG_USB_HIDDEV in WSL kernel for using SmartCards #10581
Comments
Here's full steps to build kernel with flags & final test using Yubico's fido2-token utility to enumerate yubikey's mounted as hidraw devices. Create wsl file .wslconfig in your Windows home folder (C:\USERS\YourName) with contents:[experimental] autoMemoryReclaim=gradualInstall latest wsl2 & OL9 Note msi's can be downloaded from release page, such as here: https://github.com/microsoft/WSL/releases/tag/2.0.3Update Windows to 23H2 (OS Build 25951.1010), see Windows 11 Pro Insider Preview Canary option.Update wslwsl --update --pre-release Install OL9wsl --install -d OracleLinux_9_1 Start terminal from TerminalPerform all these as root.Change sudoers to allow wheel group no passwd:sudo visudo Add # to first wheel entry, and remove from second entry.Contents of /etc/wsl.confsudo vi /etc/wsl.conf Restart from Powershell via wsl --shutdownUpdate packages as rootsudo -i Restart from Powershell via wsl --shutdownSetting up Yubikey sharing via usbip From within WSL:sudo -i cd /opt choose default optionscp arch/x86/boot/bzImage /mnt/c/Users/YOUR_USER/ Restart from Powershell via wsl --shutdownCheck new kernel is running from within WSL via:uname -a On Windows install latest (3.2.0+) usbipd-win from here:https://github.com/dorssel/usbipd-win/releases.Setup usbip on WSL Setting up usbip on WSL inorder to use Yubikey from Windows hostStart with usb utils, which also installs hwdata:yum install usbutils Test vialsusb Should show a couple of MS vhci devices.Set up access to elrepo for OL9:rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org yum install usbip-utils.x86_64 Restart from Powershell via wsl --shutdownTo check usbip works, from admin Powershell, share the Windows YubiKey usb device:Note busid may be different, find it via usbipd list.usbipd bind --busid=1-4 From wsl2 terminal attach to the device:usbip attach --remote=127.0.0.1 --busid=1-4 Check via lsusb -v -t that it's seen & that If 2 Driver=usbfs (only when pcscd installed).Access to hidraw devices - needed for yubikey OTP etc.yum install systemd-udev Useful tool from libfido2 to check if access to yubikey works:Should list yubikey device if accessible, otherwise reports permission denied.fido2-token -dL |
Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
Thanks for this information. I needed this also for making Ledger Nano device to work under WSL. |
Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW and CONFIG_USB_HIDDEV are now enabled in the latest WSL2 kernel release linux-msft-wsl-5.15.150.1 Please keep in mind the kernel is released to the WSL2-linux-kernel repo first and will be included in an upcoming WSL release. |
Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
Hi Kelsey,
That’s great news! 😊
Thank you.
|
Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
CONFIG_HIDRAW=y CONFIG_USB_HIDDEV=y Enable CONFIG_USB_HIDDEV and CONFIG_HIDRAW to provide HID device support that are not strictly user interface devices. These devices include security keys. link: microsoft/WSL#8302 link: microsoft/WSL#10581 Signed-off-by: Kelsey Steele <[email protected]>
Windows Version
23H2 25951.1010
WSL Version
2.0.1.0
Are you using WSL 1 or WSL 2?
Kernel Version
5.15.123.1-1
Distro Version
OracleLinux_9_1
Other Software
Latest usbipd-win 3.2.0.
Yubikey on Windows.
pcscd running on WSL,
pcscd logs don't report any access problems.
polkit rules defined so usb accessible by non root users.
piv-tool -n and opensc-tool -n both report access to Yubikey for user.
Repro Steps
Attaching Yubikey via usbipd / usbip & running browser (firefox or chrome) in WSL with fido2 / u2f enabled.
Browser prompts for yubikey password on start.
Navigating to site that require u2f/ fido2:
pcscd logs show browser can probe Yubikey, but OTP/CTAP2 (chip touch) does not work.
That is, Yubikey does not blink when browser shows u2f dialog.
For firefox about:config, webAuth settings all true for otp, fido2 ctap2 etc.
Expected Behavior
Yubikey Leds shoudl blink when browser shows u2f dialog.
Actual Behavior
Yubikey does not flash or respond to touch.
Note, attempting same thing from a VirtualBox VM running OracleLinux does work.
Dumping driver info via
usb_devices and lsusb -v -t,
shows WSL and VB VM both using same drivers for smartcard.
Diagnostic Logs
No response
The text was updated successfully, but these errors were encountered: