Summary
Enable bcvk ephemeral run --yubikey so a YubiKey plugged into the host is passed directly into a yubiOS ephemeral VM via QEMU USB host passthrough. This makes hardware-in-the-loop testing of the full FIDO2 enrollment flow possible without flashing to real hardware.
Upstream PR
bcvk: feature/yubikey-usb-passthrough → bcvk/pull/2
How it works
- Detects YubiKey via sysfs (
/sys/bus/usb/devices, idVendor=1050)
- Adds
-device usb-ehci,id=yubikey-ehci + -device usb-host,vendorid=0x1050,bus=yubikey-ehci.0 to QEMU args
- Fails fast with a clear message if no YubiKey is detected
Usage (once bcvk PR is merged)
bcvk ephemeral run --yubikey ghcr.io/corning-croak-cable/yubiOS:latest
Remaining work
Summary
Enable
bcvk ephemeral run --yubikeyso a YubiKey plugged into the host is passed directly into a yubiOS ephemeral VM via QEMU USB host passthrough. This makes hardware-in-the-loop testing of the full FIDO2 enrollment flow possible without flashing to real hardware.Upstream PR
bcvk: feature/yubikey-usb-passthrough → bcvk/pull/2
How it works
/sys/bus/usb/devices,idVendor=1050)-device usb-ehci,id=yubikey-ehci+-device usb-host,vendorid=0x1050,bus=yubikey-ehci.0to QEMU argsUsage (once bcvk PR is merged)
Remaining work
bcvk ephemeral run --yubikeywith a software emulator (see #CI-emulator issue)tests/vm/test-fido2-enrollment.shthat exercises the full wizard inside the VM