Udev rules: Is there a way to only allow FIDO devices with specific serial number?

[aegiMt]

Hi

Is there a way to extend the udev rules to not only looking for vendor and product id, but also for the serial number of the FIDO device? My plan is to allow access to the login shell only for a short list of about 5 FIDO devices and prevent all other devices from enabling the login shell...

Hope this question makes sense, thanks in advance!

[LDVG]

Hi,

Your USB devices may or may not expose a serial number via their device descriptor; this may depend on the manufacturer, product, or product settings. The CTAP specification has no notion of a serial number, uniquely identifiable information is generally not provided (with the exception of enterprise attestation). You'd likely have to refer your device manufacturer's documentation or support organization for details. If you can explain the problem you're trying to solve, we may be able to help with alternative approaches.