search

solokeys / solo1

Solo 1 firmware in C
https://solokeys.com/
Other
2.31k stars 273 forks source link

Udev rule for Solo #45

Open craftyguy opened 5 years ago

craftyguy commented 5 years ago

I had to add the following udev rule to get the Solo key to be recognized on Linux:

/etc/udev/rules.d/70-solo_key.rules:

# Solo
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess"
elerch commented 5 years ago

On one of my linux systems running GalliumOS (Ubuntu variant for Chromebooks), I needed to also add MODE="0664", GROUP="plugdev" to the rule (my user is in the plugdev group. The rule above works fine on debian. The full line I used for Gallium was:

KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", MODE="0664", GROUP="plugdev", TAG+="uaccess"

I'm guessing this is a misconfiguration of something on my part (e.g. my local user should have access to devices tagged with uaccess, but in my case this is not happening despite the tagging operating properly).

nickray commented 5 years ago

It may also be useful to add a symlink, by appending something like

, SYMLINK+="solokey"

to more easily identify the device in /dev (otherwise, it gets an entry /dev/hidrawX with not-very-deterministic X). Don't forget to udevadm trigger.

You can check if the permissions work via cat /dev/solokey (read access) and echo 'Hello, Solo' > /dev/solokey (write access).

We have some technical documentation under https://solo.solokeys.io/udev/ -- pull requests welcome!

stevesong commented 5 years ago

The default rules did not work for me on Ubuntu 18.04. After some playing around, this worked

# Solo
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", ATTRS{product}=="Solo", TAG+="uaccess", GROUP="plugdev", SYMLINK+="solokey", KERNEL=="hidraw*", SUBSYSTEM=="hidraw"

The only change seems to be the addition of ATTRS{product}=="Solo"

adds68 commented 5 years ago

@stevesong this udev rules worked for me running on Antergos, thanks!

Krastanov commented 5 years ago

This might be of importance, considering the use of plugdev in the future https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897916

ahwayakchih commented 5 years ago

I'm running on Antergos and i do not have plugdev group. It's also not listed on https://wiki.archlinux.org/index.php/Users_and_groups#Group_list (although i can't say if that list is up to date or not).

craftyguy commented 5 years ago

@ahwayakchih (& others)

Is my top-level comment in this issue hidden from folks? The udev rule I posted does not require the plugdev group. It works on Arch Linux (I am using Arch Linux). I'll repost it since it seems that it is not visible for some reason:

/etc/udev/rules.d/70-solo_key.rules:

# Solo
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess"
stevesong commented 5 years ago

@craftyguy your initial issue is visible. not clear to me why you voted down my comment which merely points out that ATTRS{product}=="Solo" was required to make the rules work on Ubuntu 18.04

ahwayakchih commented 5 years ago

@craftyguy i have it working here. I was just answering to previous comments. I'm sorry if i wasn't clear about that :).

elerch commented 5 years ago

FYI, it appears that the Yubikey rules are incomplete if you want to use gpg with SSH access. I needed to add this line to get gpg --card-status to work with a Yubikey:

# Yubico YubiKey: CCID (Smart Card access for gpg)
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0200|0402|0403|0406|0407|0410", TAG+="uaccess"

This is irrelevant now, but I know similar capability is on the roadmap for solo, so the udev rules and docs will likely need adjustment when the feature is available.