Using Trezor with FIDO2/WebAuthn

How do I use Trezor T with WebAuthn/FIDO2?

If I go to https://webauthn.io/ and try to register or login I get the message “Use your security key with webauthn.io. Insert your security key and touch it”. Nothing happens if I insert the Trezor and touch it. It just displays “My Trezor” and a lock.

I’m also getting an error message if I try to run pamu2fcfg used for Linux login:

error: fido_cred_verify (-7) FIDO_ERR_INVALID_ARGUMENT

Is it enough to have /etc/udev/rules.d/51-trezor.rules? Supposedly errors with pamu2fcfg can mean udev is not setup correctly.

Partly fixed it. Debian and Ubuntu has an old broken version of libpam-u2f, so a new working version has to be downloaded and built from source

Neither Firefox nor Chrome recognize the Trezor T though. Anyone know how to configure the Trezor in Linux so that browsers will recognize it as an authentication device?

Setting up the udev rules should be enough. Also make sure your browser(s) have U2F/FIDO enabled.

I didn’t find a setting for it in chrome, but in firefox under about:config I see security.webauth.u2f is set to enabled. Not getting any contact with the Trezor from either Firefox or Chrome though. I am getting contact with some command line tools, so it seems to be working, just not with the browsers.