Nitrokey FIDO2 not working on Linux (Manjaro)

natt-och-dag · February 20, 2020, 6:15pm

Hi,
My Nitrokey FIDO2 is not working on Manjaro kernel - 5.4.18-1-MANJARO. The key is working fine on Windows 10.

The key is recognized when put in to a USB port:

     [xxx@xxx ~]$ udevadm monitor
    monitor will print the received events for:
    UDEV - the event which udev sends out after rule processing
    KERNEL - the kernel uevent
    KERNEL[1325.694707] add      /devices/pci0000:00/0000:00:14.0/usb1/1-11 (usb)
   KERNEL[1325.696549] add      /devices/pci0000:00/0000:00:14.0/usb1/1-11/1-11:1.0 (usb)
    KERNEL[1325.697248] add      /devices/pci0000:00/0000:00:14.0/usb1/1-11/1-11:1.0/0003:20A0:42B1.0012 (hid)
    KERNEL[1325.697571] add      /devices/pci0000:00/0000:00:14.0/usb1/1-11/1-11:1.0/usbmisc/hiddev2 (usbmisc)
    KERNEL[1325.697643] add      /devices/pci0000:00/0000:00:14.0/usb1/1-11/1-11:1.0/0003:20A0:42B1.0012/hidraw/hidraw4 (hidraw)
    KERNEL[1325.697708] bind     /devices/pci0000:00/0000:00:14.0/usb1/1-11/1-11:1.0/0003:20A0:42B1.0012 (hid)
    KERNEL[1325.697767] bind     /devices/pci0000:00/0000:00:14.0/usb1/1-11/1-11:1.0 (usb)
    KERNEL[1325.697828] bind     /devices/pci0000:00/0000:00:14.0/usb1/1-11 (usb)
    UDEV  [1326.232239] add      /devices/pci0000:00/0000:00:14.0/usb1/1-11 (usb)
    UDEV  [1326.233669] add      /devices/pci0000:00/0000:00:14.0/usb1/1-11/1-11:1.0 (usb)
    UDEV  [1326.234396] add      /devices/pci0000:00/0000:00:14.0/usb1/1-11/1-11:1.0/usbmisc/hiddev2 (usbmisc)
    UDEV  [1326.234669] add      /devices/pci0000:00/0000:00:14.0/usb1/1-11/1-11:1.0/0003:20A0:42B1.0012 (hid)
    UDEV  [1326.235749] add      /devices/pci0000:00/0000:00:14.0/usb1/1-11/1-11:1.0/0003:20A0:42B1.0012/hidraw/hidraw4 (hidraw)
    UDEV  [1326.236432] bind     /devices/pci0000:00/0000:00:14.0/usb1/1-11/1-11:1.0/0003:20A0:42B1.0012 (hid)
    UDEV  [1326.237536] bind     /devices/pci0000:00/0000:00:14.0/usb1/1-11/1-11:1.0 (usb)
    UDEV  [1326.240066] bind     /devices/pci0000:00/0000:00:14.0/usb1/1-11 (usb)

udevadm monitor log

But it’s not recognized on any website (Bitwarden for example) and when running pamu2fcfg it doesn’t show up.

I have already tried the udev rules but they didn’t work.
I have also tried both Firefox and Brave without success.

Update
When running pamu2fcfg as sudo I get:
Unable to generate registration challenge, error in transport layer (-2)

But if I instead unplug the nitrokey, run sudo pamu2fcfg and then plug in the nitrokey it seems to work.
No U2F device available, please insert one now, you have 12 seconds
Device found!
root:"A bunch of numbers and letters"

Any ideas of what could be causing this? How do I get the key working with my normal user?

BR

natt-och-dag · February 20, 2020, 7:51pm

Problem solved!
I removed the udev rule and instead of copy-pasting the content from github in to a text editor, which I did before, I now used curl to download the file and moved it.

If any one else is having the same problem:
curl https://raw.githubusercontent.com/Nitrokey/libnitrokey/master/data/41-nitrokey.rules
sudo mv 41-nitrokey.rules /etc/udev/rules.d/
sudo udevadm control --reload

szszszsz · February 21, 2020, 4:10pm

Hi @natt-och-dag!

Thank you for sharing this! Some whitespace had to got into the way while copying the file. Surely it would be hard to debug that