How to enable FIDO U2F on Linux

Although some recent versions of Linux have built-in support for U2F security keys, many do not, and you may therefore have to make a minor system configuration change in order to allow the requesting web browser (such as Chrome) to communicate directly with your Key-ID U2F token via the USB port.

This is a system-wide configuration update that enables Key-ID U2F functionality on Linux for all users, and is entirely safe. It uses standard Linux udev rules, which allows you to identify and thus allow certain devices, based on their specific properties, such as its USB Vendor ID and Product ID.

The Key-ID FIDO U2F token has a Vendor ID (VID) of 096e (hex) and a Product ID (PID) of 0850 or 0880 (hex). To enable it on Linux, assuming you are running udev version 188 or later, simply create the file ‘/etc/udev/rules.d/70-u2f.rules’ with the following contents:

# this udev file should be used with udev 188 and newer
ACTION!="add|change", GOTO="u2f_end"
# Key-ID FIDO U2F
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0858|0880", TAG+="uaccess"
LABEL="u2f_end"

You will usually need to have full administrator rights in order to copy or save a file in this system folder. Once created, reboot your system (or reload the rules with ‘sudo udevadm control –reload-rules && sudo udevadm trigger’) and everything should spring into life!

This has been successfully tested by us and our customers on Linux Mint and various other distros.

In case you use ‘apparmor’ and you are getting following type of errors in syslog:

2026-03-19T14:06:59.563880+00:00 my-laptop mtp-probe: bus: 3, device: 9 was not an MTP device
2026-03-19T14:06:59.581125+00:00 my-laptop kernel: audit: type=1400 audit(1773929219.579:1098): apparmor="DENIED" operation="open" class="file" profile="firefox" name="/dev/hidraw1" pid=8007 comm="firefox" requested_mask="wr" denied_mask="wr" fsuid=1001 ouid=0

You need to add a specific profile for Firefox by creating a file ‘/etc/apparmor.d/local/usr.bin.firefox’ with these contents:

 


# u2f (tested with FIDO2 U2F)
/sys/class/ r,
/sys/bus/ r,
/sys/class/hidraw/ r,
/run/udev/data/c24{7,9}:* r,
/dev/hidraw* rw,
/sys/devices/**/hidraw/hidraw*/uevent r,
KEY-ID FIDO U2F

Why KEY-ID?

FIDO U2F features

Account access with FIDO U2F

Support videos

Call us

Europe & Asia
+44 (0)1428 685 861
Northern and Latin America
Toll Free: +1 888-262-9642
Direct: +1 562-262-9642

E-mail

info@key-id.com

Why compromise online security?

Buy KEY-ID FIDO U2F
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.