Arch Linux User Repository

@NickGeek You need to add your user to the tpm-fido group.

By the way, this tool also needs to be started after the graphical UI has been started. Enabling the systemd unit is not ensuring that so it makes sense to automatically start the unit with a .desktop file instead, e.g.:

cat ~/.config/autostart/tpm-fido.desktop 
[Desktop Entry]
Name=tpm-fido
Exec=systemctl --user start tpm-fido
Terminal=False
Type=Application

@Martchus, so you see the security key , for me i see "Please connect a security token." , debug on my end :

from service journal :

Jan 19 18:36:21 foo tpm-fido[3099]: 2025/01/19 18:36:21 got VersionCmd

& the browser log says :

DOMException: The request is not allowed by the user agent or the platform in the current context, possibly because the user denied permission. main. write https://vault.bitwarden.com/app/main. error https://vault.bitwarden.com/app/main. createCredential https://vault.bitwarden.com/app/main. a https://vault.bitwarden.com/app/main. invoke https://vault.bitwarden.com/app/polyfills. onInvoke https://vault.bitwarden.com/app/vendor. invoke https://vault.bitwarden.com/app/polyfills. run https://vault.bitwarden.com/app/polyfills. j https://vault.bitwarden.com/app/polyfills. invokeTask https://vault.bitwarden.com/app/polyfills. onInvokeTask https://vault.bitwarden.com/app/vendor. invokeTask https://vault.bitwarden.com/app/polyfills. runTask https://vault.bitwarden.com/app/polyfills. y https://vault.bitwarden.com/app/polyfills.

is the pkg working on your end ? can you help me debug this thing ?

another thing there is no tpm-fido group to add my user to

No, it doesn't show up. However, it nevertheless works for me in Chromium and Firefox on various websites.

The page "about:webauthn" shows a USB fido so I suppose it is generally supposed to show those devices. Not sure why it doesn't work for this software and why it nevertheless just works anyway.

@Martchus , tell me if you open a tab in firefox and you typed "about:webauthn" does it show your tpm ? click here using firefox based browser.

however check my github issue

@aurz It works for me (using the mentioned .desktop file). I'm not even sure what you're saying.

pro this isnt working , if you check about:webauthn in firefox you well find no security key , check some github issues for that matter.

@NickGeek You need to add your user to the tpm-fido group.

By the way, this tool also needs to be started after the graphical UI has been started. Enabling the systemd unit is not ensuring that so it makes sense to automatically start the unit with a .desktop file instead, e.g.:

cat ~/.config/autostart/tpm-fido.desktop 
[Desktop Entry]
Name=tpm-fido
Exec=systemctl --user start tpm-fido
Terminal=False
Type=Application

When running the service with systemctl --user start tpm-fido it fails with:

panic: open /dev/tpmrm0: permission denied

I assume there is some permissions logic that needs to be setup as part of the install here?

You can find a proper version of this package (that follows Arch package guidelines more closely) on my PKGBUILDs repo. The list of changes compared to this AUR package is stated in the relevant commit message.

The architecture must be x86_64 as the resulting package will contain architecture-specific binaries. Checkout https://wiki.archlinux.org/title/PKGBUILD#arch for details.

The current md5sum for tpm-fido.service seems to be wrong.