Ubuntu
firefox package

[Snap] Ubuntu Firefox installed from snap cannot use Trezor U2F

Bug #1947746 reported by Aditya Suseno
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Fix Released
Medium
Olivier Tilloy

Bug Description

Trezor U2F security key doesn't work with firefox snap after updating to Ubuntu 21.10, but works with apt debian firefox package.

Steps to reproduce:
1) Insert Trezor U2F security key in USB port.
2) Launch `run snap firefox` (it is the default on Ubuntu 21.10)
3) Test https://demo.yubico.com/webauthn-technical/registration

It works well on Ubuntu 21.04 and on traditional apt debian installation.

$ snap list firefox
Name Version Rev Tracking Publisher Notes
firefox 93.0-1 631 latest/stable mozilla✓ -

$ snap connections firefox
Interface Plug Slot Notes
audio-playback firefox:audio-playback :audio-playback -
audio-record firefox:audio-record :audio-record -
avahi-observe firefox:avahi-observe :avahi-observe -
browser-support firefox:browser-sandbox :browser-support -
camera firefox:camera :camera -
content[gnome-3-38-2004] firefox:gnome-3-38-2004 gnome-3-38-2004:gnome-3-38-2004 -
content[gtk-3-themes] firefox:gtk-3-themes gtk-common-themes:gtk-3-themes -
content[icon-themes] firefox:icon-themes gtk-common-themes:icon-themes -
content[sound-themes] firefox:sound-themes gtk-common-themes:sound-themes -
cups-control firefox:cups-control :cups-control -
dbus - firefox:dbus-daemon -
desktop firefox:desktop :desktop -
desktop-legacy firefox:desktop-legacy :desktop-legacy -
gsettings firefox:gsettings :gsettings -
hardware-observe firefox:hardware-observe :hardware-observe -
home firefox:home :home -
joystick firefox:joystick - -
mpris - firefox:mpris -
network firefox:network :network -
network-observe firefox:network-observe - -
opengl firefox:opengl :opengl -
personal-files firefox:dot-mozilla-firefox :personal-files -
removable-media firefox:removable-media :removable-media -
screen-inhibit-control firefox:screen-inhibit-control :screen-inhibit-control -
system-files firefox:etc-firefox-policies :system-files -
system-packages-doc firefox:system-packages-doc :system-packages-doc -
u2f-devices firefox:u2f-devices :u2f-devices -
unity7 firefox:unity7 :unity7 -
upower-observe firefox:upower-observe :upower-observe -
wayland firefox:wayland :wayland -
x11 firefox:x11 :x11 -

$ cat /etc/os-release
PRETTY_NAME="Ubuntu 21.10"
NAME="Ubuntu"
VERSION_ID="21.10"
VERSION="21.10 (Impish Indri)"
VERSION_CODENAME=impish
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=impish

$ echo $XDG_SESSION_TYPE
wayland

$ uname -r
5.13.0-19-generic

Tags: snap
Aditya Suseno (aditya-suseno)
affects: chromium-browser (Ubuntu) → firefox (Ubuntu)
Revision history for this message
Olivier Tilloy (osomon) wrote :

Similar to bug #1945182.

Can you share the output of running `lsusb` in a terminal when your Trezor key is plugged in?

summary: - [Snap] Ubuntu Firefox installed from snap cannot use U2F
+ [Snap] Ubuntu Firefox installed from snap cannot use Trezor U2F
Changed in firefox (Ubuntu):
status: New → Incomplete
tags: added: snap
Revision history for this message
Aditya Suseno (aditya-suseno) wrote :

Thanks Olivier Tilloy for your quick response.

The Trezor works well. Even for the web wallet on https://wallet.trezor.io
Maybe because they use Trezor Bridge

It's just the U2F/FIDO2 functionality that doesn't works

Here is the `lsusb`

$ lsusb
Bus 006 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 005 Device 002: ID 1131:1001 Integrated System Solution Corp. KY-BT100 Bluetooth Adapter
Bus 005 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 009: ID 30de:6544 KIOXIA TransMemory
Bus 003 Device 008: ID 0bda:8152 Realtek Semiconductor Corp. RTL8152 Fast Ethernet Adapter
Bus 003 Device 010: ID 1209:53c1 Generic SatoshiLabs TREZOR
Bus 003 Device 007: ID 214b:7250 Huasheng Electronics USB2.0 HUB
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 003: ID 048d:5702 Integrated Technology Express, Inc. ITE Device
Bus 001 Device 002: ID 0bda:8179 Realtek Semiconductor Corp. RTL8188EUS 802.11n Wireless Network Adapter
Bus 001 Device 007: ID 046d:c534 Logitech, Inc. Unifying Receiver
Bus 001 Device 006: ID 1a40:0101 Terminus Technology Inc. Hub
Bus 001 Device 005: ID 046d:0825 Logitech, Inc. Webcam C270
Bus 001 Device 004: ID 05e3:0608 Genesys Logic, Inc. Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Sebastien Bacher (seb128)
Changed in firefox (Ubuntu):
status: Incomplete → New
Revision history for this message
mcudev (mcudev) wrote (last edit ):

I noticed that the file /etc/udev/rules.d/70-snap.firefox.rules does not have any rules for the Trezor devices.

In my Trezor rules file, /etc/udev/rules.d/51-trezor.rules, that can be downloaded from https://data.trezor.io/udev/51-trezor.rules, I appended the FireFox snap TAG to one of the existing lines to get, for example:

KERNEL=="hidraw*", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="53c1", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl", TAG+="snap_firefox_firefox"

Unplug/replug the device and then try again in FireFox. That worked for me.

Revision history for this message
Olivier Tilloy (osomon) wrote :

Thanks for the feedback mcudev, and sorry for not following up earlier Aditya.

I've submitted https://github.com/snapcore/snapd/pull/11031, which should enable Trezor keys for all snaps connecting to the u2f-devices plug.

Changed in firefox (Ubuntu):
assignee: nobody → Olivier Tilloy (osomon)
status: New → In Progress
importance: Undecided → Medium
Revision history for this message
Aditya Suseno (aditya-suseno) wrote :

The solution from mcudev works for me.
I added this lines on 51-trezor.rules file and copied to /etc/udev/rules.d/ then restart my machine and voila it works!

Thanks mcudev and Olivier Tilloy!
You are the reasons I still using Firefox 🙂️

Olivier Tilloy (osomon)
Changed in firefox (Ubuntu):
status: In Progress → Fix Committed
Olivier Tilloy (osomon)
Changed in firefox (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
weer (romeo8881) wrote :

I had exactly the same issue with latest Ledger Nano S Plus and I finally solved it: Prerequisites: Ledger Nano S Plus Firefox installed from snap

    DO lsusb -v and gather product id
    sudo vim /etc/udev/rules.d/70-snap.firefox.rule find the line with Ledger Blue + Nano S + Nano X

should look like this:

SUBSYSTEM=="hidraw", KERNEL=="hidraw*", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0000|0001|0004|0005|0015|1005|1015|4005|4015|5015", TAG+="snap_firefox_firefox"

what you need to do is append your new productId to the end of the attributes.

    sudo systemctl reload apparmor.service

Hope that it helps

Revision history for this message
weer (romeo8881) wrote :

btw this is a full udev rules set from official ledger
https://raw.githubusercontent.com/LedgerHQ/udev-rules/master/add_udev_rules.sh

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.