Investigate emulation possibilities (kvm/qemu) of Nitrokey usb security dongles

[tlaurion]

This guide introduces the USB/IP runner and shows how it can be used to simulate a Nitrokey 3 device.
https://github.com/Nitrokey/nitrokey-3-firmware/blob/main/docs/usbip.md

That would resolve most of my qemu (tcg, not kvm) problems in HOTP testing, and most of automated testings needs (outside of #1203)

[tlaurion]

Alternative that could implement reverse HOTP sealing support:

• yubikey (refused but don't find a trace)
• canokey needing use case justification at Reverse HOTP support  canokeys/canokey-qemu#7

[mkopec]

I got the usbip NK3 runner working according to the doc , the key appears in lsusb but it looks like the usbip runner is built without the secrets app (so no HOTP support). I'm still looking into how difficult it would be to enable

[macpijan]

@mkopec So this would need to be added to the NK3 emulator? Why don't we ask @daringer about that? We may also create issue in NK repo with such a question, and cross-reference here. If that can be done, I am sure NitroKey folks would know better than us.

[mkopec]

Created Nitrokey/nitrokey-3-firmware#564

[tlaurion]

@mkopec details requested under Nitrokey/nitrokey-3-firmware#564 (comment)

[tlaurion]

@mkopec details requested under Nitrokey/nitrokey-3-firmware#564 (comment)

@mkopec asked specifics for Heads use case and docs improvements needed for qemu under following comment

[tlaurion]

CCID functions not supported from usb runner?

Nitrokey/nitrokey-3-firmware#564 (comment) :

Seems like refered doc limitation section's bug Nitrokey/nitrokey-3-firmware#261 is blocker to this, referring to this discussion (no fix) : https://lore.kernel.org/lkml/ZBHxfUX60EyCMw5l@Sun/

[tlaurion]

Cannot build usb-runner Nitrokey/nitrokey-3-firmware#564 (comment)