-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FIDO_ERR_RX with multiple entries using same FIDO2 token #19842
Comments
hmm @martelletto what is the right approach for us here? what's the strategy for two different processes concurrently accessing a fido2 device via libfido2? ideally for the use in the systemd-cryptsetup logic we'd have a blocking form of fido_dev_open() that blocks (maybe with a time-out) until the caller is the sole user of the device. Then we could serialize access here. Internally, this could be implemented via BSD file locks: the device fd that libfido2 opens internally supports BSD flock() on Linux (all fds do on linux). So when opening every participant could just lock the fd before use. The lock is automatically released by the kernel once the device i closed. (note that only BSD file locks work like this, POSIX locks do not, don't bother with them). An alternative would be if libfido2 would somehow allow us to access the internal fd ourselves. If so we could do the BSD flock() stuff from our code instead of libfido2. That said it probably makes sense to have it in libfido2 itself, since this is advisory locking only and by putting it into libfido2 we can make sure any user of libfido2 will follow the lock protocol, not just systemd-cryptsetup. Anyway, what's your take on the synchronization story? |
@poettering The spec leaves enough room for multiplexing to happen at the device level if supported, which is why libfido2 does not enforce any synchronization of its own. The reality on the ground is a bit different, though: multiplexing is unlikely to be supported by the device, and even if it were supported, it is questionable whether it is a good idea in the first place. Therefore, implementing the synchronization in libfido2 makes sense IMHO. I will add it to libfido2's 1.8.0 roadmap. Thank you! |
@martelletto excellent! thanks! Let's wait for this to be solved in libfido2 for us then. |
(@bjacquin btw, ignore the /run/cryptsetup thing, it's a red herring, libcrytpsetup 1e7521c0564936fdbf098ce448e91e0ba25bffae downgraded the message since it doesn't really matter.) |
use flock() to serialise access to HID devices on Linux. prompted by systemd/systemd#19842.
use flock() to serialise access to HID devices on Linux. prompted by systemd/systemd#19842.
use flock() to serialise access to HID devices on Linux. prompted by systemd/systemd#19842.
use flock() to serialise access to HID devices on Linux. prompted by systemd/systemd#19842.
Given that Yubico/libfido2#350 was merged into libfido2 I guess we can close this here. |
systemd version the issue has been seen with
Used distribution
Linux kernel version used (
uname -a
)CPU architecture issue was seen on
Unexpected behaviour you saw
It does appear
/run/cryptsetup
is missing at this stage, however/usr/lib/tmpfiles.d/cryptsetup.conf
does exist with the following content:When this happen, the boot switch to emergency mode without systemd performing fallback requested to passphrase.
This specific issue does not appear with a single entry in /etc/crypttab.
The text was updated successfully, but these errors were encountered: