Yubico yubikey 5 nfc on FreeBSD

[Yampress]

Tested on FreeBSD 14.3
manual version 20251009

Note: It is assumed that the user has secured/set a PIN on the Ubikey key before using the instructions below.

I am installing the necessary packages

# pkg install yubico-piv-tool pcsc-lite ccid py311-fido2 libfido2
# pkg install libu2f-host u2f-devd

Adds myself (an authorized user) to the U2F group. Only users in the U2F group can use Ubikey.

# pw group mod u2f -m yampress

Check device
(put ubikey in usb port and run the commands below)

# usbconfig show_ifdrv
# ykman info

Enable pcscd daemon

/etc/rc.conf
pcscd_enable="YES"
pcscd_flags="--disable-polkit"

Load hidraw device module on system startup

/boot/loader.conf
hidraw_load="YES"
hkbd_load="YES"

Configuring the devd daemon to grant u2f group access rights to the hidraw device

/usr/local/etc/devd/u2f.conf
# Allow members of group u2f to access U2F authentication tokens.
# 'notify' rules work on /dev/usb/* (used by libu2f-host),
# 'attach' rules work on /dev/uhid* (used by web browsers)

# Yubico Yubikey
notify 100 {
match "system" "USB";
match "subsystem" "DEVICE";
match "type" "ATTACH";
match "vendor" "0x1050";
match "product" "(0x0113|0x0114|0x0115|0x0116|0x0120|0x0200|0x0402|0x0403|0x0404|0x0406|0x0407|0x0410)";
action "chgrp u2f /dev/uhid0; chmod g+rw /dev/uhid0;chgrp u2f /dev/uhid1; chmod g+rw /dev/uhid1";
};

attach 100 {
match "vendor" "0x1050";
match "product" "(0x0113|0x0114|0x0115|0x0116|0x0120|0x0200|0x0402|0x0403|0x0404|0x0406|0x0407|0x0410)";
action "chgrp u2f /dev/uhid0; chmod g+rw /dev/uhid0; chgrp u2f /dev/uhid1; chmod g+rw /dev/uhid1";
};

Configuring Firefox to work with the Yubikey 5 key
In the Firefox address bar, enter about:config and change the settings to the following:

security.webauth.u2f true
security.webauth.webauthn true
security.webauth.webauthn_enable_softtoken true
security.webauth.webauthn_enable_usbtoken true

Reboot system