fido_dev_enable_entattest(fido_dev_t *dev, const char *pin);
fido_dev_toggle_always_uv(fido_dev_t *dev, const char *pin);
fido_dev_force_pin_change(fido_dev_t *dev, const char *pin);
fido_dev_set_pin_minlen(fido_dev_t *dev, size_t len, const char *pin);
The functions described in this page allow configuration of a FIDO 2.1 authenticator.
fido_dev_enable_entattest() function enables the Enterprise Attestation feature on dev. Enterprise Attestation instructs the authenticator to include uniquely identifying information in subsequent attestation statements. The pin parameter may be NULL if dev does not have a PIN set.
fido_dev_toggle_always_uv() function toggles the “user verification always” feature on dev. When set, this toggle enforces user verification at the authenticator level for all known credentials. If dev supports U2F (CTAP1) and the user verification methods supported by the authenticator do not allow protection of U2F credentials, the U2F subsystem will be disabled by the authenticator. The pin parameter may be NULL if dev does not have a PIN set.
fido_dev_force_pin_change() instructs dev to require a PIN change. Subsequent PIN authentication attempts against dev will fail until its PIN is changed.
fido_dev_set_pin_minlen() function sets the minimum PIN length of dev to len. Minimum PIN lengths may only be increased.
Configuration settings are reflected in the payload returned by the authenticator in response to a fido_dev_get_cbor_info(3) call.
Authenticator configuration is a tentative feature of FIDO 2.1. Applications willing to strictly abide by FIDO 2.0 should refrain from using authenticator configuration. Applications using authenticator configuration should ensure the feature is supported by the authenticator prior to using the corresponding API. Since FIDO 2.1 hasn't been finalised, there is a chance the functionality and associated data structures may change.
The man pages fido_dev_force_pin_change(3), fido_dev_set_pin_minlen(3) and fido_dev_toggle_always_uv(3) are aliases of fido_dev_enable_entattest(3).