ubikey 5 nfc not working - FreeBSD 14.2

[Yampress]

I have a problem with the correct operation of ubbikey 5 NFC - webauth & Firefox/Chromium-ungoogled on Freebsd 14.2

When I go to a website where login is authorized using a key, a window does not pop up asking me to enter the PIN for the key. Instead, a window appears asking me to touch the key. So one step is skipped and I don't know what the error is, or if something is not configured. On Windows or Linux, everything works correctly. I go to the website, enter my login, then my password, then a window appears asking me to enter the PIN for Ubikey. And when I enter it, another window appears asking me to touch the key. When I touch it, the process of correctly logging in to the service begins. Unfortunately, on FreeBSD, a window does not pop up in the browser asking me to enter the PIN for the key. A window immediately pops up asking me to touch the key. At this point, a message about an unsuccessful login attempt pops up. What else should I do to make it work properly?

How I installed and configured it before
At the very beginning I secured the ubikey key with a PIN in the Yubikey Manager application for Windows.

On FreeBSD
I installed the packages

# pkg install libfido2 py311-fido2 py311-yubikey-manager pcsc-lite ccid libu2f-host u2f-devd

I added myself (yampress) to the u2f group

pw group mod u2f -m yampress

I added the appropriate entries to the configuration files

/boot/loader.conf

hw.usb.usbhid.enable="1"

/etc/rc.conf

kld_list="hidraw hkbd"
pcscd_enable="YES"

Then I restarted the computer


The key is detected in the system

# usbconfig show_ifdrv
[ugen1.4: <Yubikey 4/5 OTP+U2F+CCID Yubico.com> at usbus1, cfg=0 md=HOST spd=FULL (12Mbps) pwr=ON (30mA)
ugen1.4.0: usbhid4: <Yubico YubiKey OTP+FIDO+CCID, class 0/0, rev 2.00/5.71, addr 4>
ugen1.4.1: usbhid5: <Yubico YubiKey OTP+FIDO+CCID, class 0/0, rev 2.00/5.71, addr 4>
root@freebsd / #

yampress@freebsd ~ % ykman info
Device type: YubiKey 5 NFC
Serial number:
Firmware version: 5.7.1
Form factor: Keychain (USB-A)
Enabled USB interfaces: OTP, FIDO, CCID
NFC transport is enabled.

Applications USB NFC
OTP Enabled Enabled
FIDO U2F Enabled Enabled
FIDO2 Enabled Enabled
OATH Enabled Enabled
PIV Enabled Enabled
OpenPGP Enabled Enabled
YubiHSM Auth Enabled Enabled
yampress@freebsd ~ %

Unfortunately it doesn't find any uhid device

root@freebsd / # ls -alF /dev/uhid0
ls: /dev/uhid0: No such file or directory
root@freebsd / # ls -alF /dev/uhid*
zsh: no matches found: /dev/uhid*
root@freebsd / #

dmesg shows
root@freebsd / # dmesg

.....
.....
.....

gen1.4: <Yubico YubiKey OTP+FIDO+CCID> at usbus1
usbhid4 on uhub3
usbhid4: <Yubico YubiKey OTP+FIDO+CCID, class 0/0, rev 2.00/5.71, addr 4> on usbus1
hidbus4: <HID bus> on usbhid4
hkbd2: <Yubico YubiKey OTP+FIDO+CCID Keyboard> on hidbus4
kbd4 at hkbd2
usbhid5 on uhub3
usbhid5: <Yubico YubiKey OTP+FIDO+CCID, class 0/0, rev 2.00/5.71, addr 4> on usbus1
hidbus5: <HID bus> on usbhid5

 

[CheGuevara]

Im having the same issue... did you fix it ? and if so, what did you do?

 

[Yampress]

That's how I managed to do it.
First, check if the module is loading (and the /dev/uhid* device is displayed in the directory.If so, the problem is just finding the mechanism for changing access rights to this device. If the device has operator rights, simply add the user to the operator group. If the u2f group is to have rights, you need to configure the uhid device access rights appropriately by editing /usr/local/etc/devd/u2f.conf.
I solved it this way for my device:
Take this as a template.

action "chgrp u2f /dev/uhid0; chmod g+rw /dev/uhid0; chgrp u2f /dev/uhid1; chmod g+rw /dev/uhid1";

I modified part of this file for my device. and added the above quoted entry

notify 100
{modified}

attach 100
{modified}

I removed all configurations for devices other than mine from this file