Record successful WebAuthn register/login in k_proxy

2026-04-24 06:48:52 +02:00 · 2026-04-24 06:48:52 +02:00 · 3dcac21dd0
parent b6dbbc4839
commit 3dcac21dd0
2 changed files with 25 additions and 4 deletions
--- a/Setup.md
+++ b/Setup.md
@ -115,9 +115,20 @@ Thread-safety expectation:
 ## Current Status Snapshot (2026-04-24)
- Python is available: `Python 3.13.12`.
+- AppVM OS version is confirmed: Debian `13.4` (`k_server`, and same on `k_client`/`k_proxy`).
- `python3 fido2_probe.py --list` runs, but returns: `No CTAP HID devices found.`
+- Python in AppVMs is available: `Python 3.13.5`.
- No HID raw device nodes currently visible: `no hidraw devices visible`.
+- `python3 /home/user/chromecard/fido2_probe.py --list` in `k_proxy` now detects ChromeCard on `/dev/hidraw0` (`vid:pid=4617:5`).
 - HID raw device nodes are now visible in `k_proxy`:
  - `/dev/hidraw0` -> `crw-rw----+`
  - `/dev/hidraw1` -> `crw-------`
 - `python3 /home/user/chromecard/fido2_probe.py --json` succeeds and returns CTAP2 `getInfo`:
  - versions: `["FIDO_2_0"]`
  - aaguid: `1234567890abcdef0123456789abcdef`
  - options: `rk=false`, `up=true`, `uv=true`
  - max_msg_size: `1024`
 - Local WebAuthn demo (`http://localhost:8765` in `k_proxy`) succeeded:
  - register: `ok=true`, `username=alice`, `credential_count=1`
  - login/auth: `ok=true`, `username=alice`, `authenticated=true`
 - `west` is not currently installed/in PATH: `west not found`.
 - The checked-out `CR_SDK_CK-main` tree appears incomplete for documented sysbuild role layout:
  - missing: `mvp`, `setup`, `components`, `samples`
@ -126,7 +137,8 @@ Thread-safety expectation:
 - Qubes AppVM baseline is now up: `k_client`, `k_proxy`, `k_server` can start and have terminals running.
 Implication:
- We cannot currently confirm live FIDO2 connectivity from this host.
+- Live FIDO2 connectivity from `k_proxy` to ChromeCard is confirmed over USB HID/CTAPHID.
 - Local browser WebAuthn register/login flow is confirmed working in `k_proxy`.
 - We cannot currently run the documented firmware build/flash flow.
 Session note (2026-04-24):
@ -134,6 +146,10 @@ Session note (2026-04-24):
 - AppVM template decision recorded: use `debian-13-xfce` for `k_client`, `k_proxy`, and `k_server`.
 - VM start attempt failed with Xen toolstack error: `libxenlight have failed to create new domain 'k_client'`.
 - VM start blocker was resolved by reducing VM memory to `400` MiB; all three AppVMs now start.
 - Runtime check from VMs: Debian `13.4` and Python `3.13.5`; `k_proxy` still shows `no hidraw devices`.
 - After USB assignment to `k_proxy`, `/dev/hidraw0` and `/dev/hidraw1` appeared.
 - CTAP probe re-run succeeded with detected ChromeCard device and valid CTAP2 `getInfo` response.
 - Local WebAuthn demo completed successfully for user `alice` (register + login).
 ## Known FIDO2 Transport Boundary
--- a/Workplan.md
+++ b/Workplan.md
@ -129,6 +129,11 @@ Exit criteria:
 Exit criteria:
 - Register and login both complete with card interaction prompts.
 Status (2026-04-24):
 - Completed in `k_proxy` using `http://localhost:8765`.
 - Registration result: `ok=true`, `username=alice`, `credential_count=1`.
 - Authentication result: `ok=true`, `username=alice`, `authenticated=true`.
 ## Phase 5: Implement Proxy Auth + Session Reuse
 1. Authenticate via card once per session window.