rp2350: passkeys fail when plugged in before boot #171

New Issue

2025-07-04T19:53:39+08:00

d-tischler commented

2025-07-04 19:53:39 +08:00

(Migrated from github.com)

Hi all,
recently, I integrated an rp2350 zero into my laptop on a free usb and commissioned it as a yubikey 4/5. Firmware 6.6.

In this context I noticed that, while everything else (challenge response on slot1, totp generation) worked fine, once I click on "passkeys" in the yubico authenticator, the authenticator hangs forever and has to be killed manually. Same behavior using command line ykman.
Only after I press the reset button on the rp2350 zero, passkeys work, too.
Same behavior with an external connected rp2350 one. When plugged in before boot passkeys fail until reset is pressed or unplugged/plugged.

I'm not sure, if this is something that can be mitigated on the pico-fido side but would be great.

As a workaround: Is it possible to trigger a reset of the rp2350 in software (using ykman, something else...)? Resetting the USB using usbreset from usbutils did not help.

Best regards and thanks,
Sebastian.

Hi all, recently, I integrated an rp2350 zero into my laptop on a free usb and commissioned it as a yubikey 4/5. Firmware 6.6. In this context I noticed that, while everything else (challenge response on slot1, totp generation) worked fine, once I click on "passkeys" in the yubico authenticator, the authenticator hangs forever and has to be killed manually. Same behavior using command line ykman. Only after I press the reset button on the rp2350 zero, passkeys work, too. Same behavior with an external connected rp2350 one. When plugged in before boot passkeys fail until reset is pressed or unplugged/plugged. I'm not sure, if this is something that can be mitigated on the pico-fido side but would be great. As a workaround: Is it possible to trigger a reset of the rp2350 in software (using ykman, something else...)? Resetting the USB using usbreset from usbutils did not help. Best regards and thanks, Sebastian.

polhenarejos commented

2025-07-04 20:07:18 +08:00

(Migrated from github.com)

Seems a host problem. I never experienced a problem like this.
Try using ykman -l TRAFFIC fido credentials list and paste the logs to see if some useful message appears.

Seems a host problem. I never experienced a problem like this. Try using `ykman -l TRAFFIC fido credentials list` and paste the logs to see if some useful message appears.

d-tischler commented

2025-07-04 23:30:56 +08:00

(Migrated from github.com)

You seem to be right. Just tested on an other system and it works. Should have done this before. Thanks for the command, however.
There are some troubles with permissions on hidraw0 but this is the same on both systems. Even when it works, this stays the same so this is probably not connected with the passkeys failing. Below is the output of the command. There is simply no answer after the last line SEND. After a reset of the rp2350, it goes on and succeeds.

`INFO 15:04:58.273 [ykman._cli.main.cli:239] System info:
ykman: 5.2.1
Python: 3.12.3 (main, Jun 18 2025, 17:59:45) [GCC 13.3.0]
Platform: linux
Arch: x86_64
System date: 2025-07-04
Running as admin: False

DEBUG 15:04:58.402 [ykman.hid.linux.list_devices:123] Couldn't read HID descriptor for /dev/hidraw0
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/ykman/hid/linux.py", line 117, in list_devices
with open(hidraw, "rb") as f:
^^^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: '/dev/hidraw0'
DEBUG 15:04:58.459 [fido2.hid.linux.list_descriptors:103] Failed opening device /dev/hidraw0
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/fido2/hid/linux.py", line 98, in list_descriptors
devices.append(get_descriptor(hidraw))
^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/fido2/hid/linux.py", line 55, in get_descriptor
with open(path, "rb") as f:
^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: '/dev/hidraw0'
DEBUG 15:04:58.518 [ykman.device.add:165] Add device for <class 'fido2.ctap.CtapDevice'>: CtapYubiKeyDevice(pid=0407, fingerprint='/dev/hidraw1')
TRAFFIC 15:04:58.571 [fido2.hid.call:175] SEND: ffffffff860008472f29710d1ddcfc
`

You seem to be right. Just tested on an other system and it works. Should have done this before. Thanks for the command, however. There are some troubles with permissions on hidraw0 but this is the same on both systems. Even when it works, this stays the same so this is probably not connected with the passkeys failing. Below is the output of the command. There is simply no answer after the last line `SEND`. After a reset of the rp2350, it goes on and succeeds. `INFO 15:04:58.273 [ykman._cli.__main__.cli:239] System info: ykman: 5.2.1 Python: 3.12.3 (main, Jun 18 2025, 17:59:45) [GCC 13.3.0] Platform: linux Arch: x86_64 System date: 2025-07-04 Running as admin: False DEBUG 15:04:58.402 [ykman.hid.linux.list_devices:123] Couldn't read HID descriptor for /dev/hidraw0 Traceback (most recent call last): File "/usr/lib/python3/dist-packages/ykman/hid/linux.py", line 117, in list_devices with open(hidraw, "rb") as f: ^^^^^^^^^^^^^^^^^^ PermissionError: [Errno 13] Permission denied: '/dev/hidraw0' DEBUG 15:04:58.459 [fido2.hid.linux.list_descriptors:103] Failed opening device /dev/hidraw0 Traceback (most recent call last): File "/usr/lib/python3/dist-packages/fido2/hid/linux.py", line 98, in list_descriptors devices.append(get_descriptor(hidraw)) ^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/fido2/hid/linux.py", line 55, in get_descriptor with open(path, "rb") as f: ^^^^^^^^^^^^^^^^ PermissionError: [Errno 13] Permission denied: '/dev/hidraw0' DEBUG 15:04:58.518 [ykman.device.add:165] Add device for <class 'fido2.ctap.CtapDevice'>: CtapYubiKeyDevice(pid=0407, fingerprint='/dev/hidraw1') TRAFFIC 15:04:58.571 [fido2.hid.call:175] SEND: ffffffff860008472f29710d1ddcfc `

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: dearsky/pico-fido#171