search

trezor / trezord-go

:smiling_imp: Trezor Communication Daemon (written in Go)
GNU Lesser General Public License v3.0
244 stars 146 forks source link

Trezor not recognized on OpenBSD #220

Closed ln2max closed 3 years ago

ln2max commented 3 years ago

trezord installs and runs fine on OpenBSD, but the actual Trezor device (Trezor One) is not recognized.

prusnak commented 3 years ago

OpenBSD is not officially supported by SatoshiLabs.

Please contact OpenBSD maintainer of the trezord package.

ln2max commented 3 years ago

OpenBSD is not officially supported by SatoshiLabs.

Please contact OpenBSD maintainer of the trezord package.

There is no trezord package in OpenBSD, only this repository.

prusnak commented 3 years ago

In that case maybe @kucharskim (OpenBSD user) or @alexdupre (FreeBSD user) might be able to help you.

kucharskim commented 3 years ago

trezord installs and runs fine on OpenBSD, but the actual Trezor device (Trezor One) is not recognized.

I'm wondering what means not recognized here. I didn't had time yet to properly sit down and look into running trezord on OpenBSD, but one of the things to be aware of is https://marc.info/?l=openbsd-misc&m=154126108502919&w=2

On a default OpenBSD kernel, Trezor One is recognized, however as uhid(4) device:

uhidev0 at uhub1 port 1 configuration 1 interface 0 "SatoshiLabs TREZOR" rev 2.00/1.00 addr 9
uhidev0: iclass 3/0
uhid0 at uhidev0: input=64, output=64, feature=0

Based on above link to MARC with email from Colin Bortner, trezord leverages libusb under the hood and that software only works with ugen(4) devices. Above snippet from dmesg command is from kernel:

OpenBSD 6.8-current (GENERIC.MP) #302: Sat Jan 30 21:51:53 MST 2021
    deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

I did only initial research so far, and I did not test properly on my end what Colin Bortner wrote. I would like to look into running trezord on OpenBSD, but at the moment I'm short on spare time, so not sure when this will happen.

ln2max commented 3 years ago

Okay, looking at the openbsd-misc post you linked above, it seems that he had to rebuild his kernel so the device would be recognized as ugen0 instead of uhid0:

libusb on OpenBSD only supports ugen devices. So I added the Trezor to \
usb_quirks, forcing the ugen driver and rebuilt my kernel.

dev/usb/usbdevs.h:

> #define USB_VENDOR_SATOSHILABS  0x534c          /* SatoshiLabs */
> #define USB_PRODUCT_TREZOR      0x0001  /* TREZOR */

dev/usb/usb_quirks.c:

> { USB_VENDOR_SATOSHILABS, USB_PRODUCT_TREZOR,  ANY,    { UQ_BAD_HID }},

And ugen attaches as expected:

> ugen0 at uhub1 port 1 "SatoshiLabs TREZOR" rev 2.00/1.00 addr 7

However, things have also changed a little bit... OpenBSD now does have HIDAPI support.

I don't know how to leverage this to get trezord working without a kernel recompile, though.

Any ideas?

prusnak commented 3 years ago

Trezor does not use HID anymore but WebUSB, which is very similar but not the same.

Not sure how the WebUSB device is recognized on OpenBSD. That email from 2018 might not be relevant anymore.

ln2max commented 3 years ago

On Thu, Feb 11, 2021 at 11:35:58AM -0800, Pavol Rusnak wrote:

Trezor does not use HID anymore but WebUSB, which is very similar but not the same.

WebUSB is disabled in OpenBSD for security reasons (why on earth does a crypto product need WebUSD...?!) thus we need trezord.

prusnak commented 3 years ago

WebUSB is disabled in OpenBSD

You are confusing WebUSB support in Chrome, which is probably disabled, with WebUSB protocol which is almost exactly the same as HID and it's what Trezor use to communicate with the host.