Is Librem Key a security key?

I was hoping to use my Librem Key for 2FA as a security key. Is it suitable for that?

Specifically, I am trying to use it with GitHub. https://docs.github.com/en/github/authenticating-to-github/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-security-key

When I try to add a security key with GitHub:

• Firefox 90.0.2: Popup with a cancel button only. Times out.
• Chromium 90.0.4430.212: “Insert your security key and touch it”. Times out.

I guess I am supposed to press a button or something on the security key, but the Librem Key has nothing like it?

Related (sadly, with no response):

It should be suitable for that.

I believe you need some driver to ‘press the button’ for you. The Librem Key is based on the Nitrokey, maybe try their app?

That would be interesting, please report back if you could make it work =)!

I would also be interested in having a Librem Key that supports U2F. Yubikey might be the leader here right now for these security keys but I don’t think it’s supported to backup the keys on them.

Sounds like something Librem Key would do right…

The Librem Key is based on the Nitrokey Pro. Only the Nitrokey 3 and FIDO2 supports U2F/FIDO2. When I asked Purism support about a year ago about whether or not they will release a new Librem Key based on the Nitrokey 3, they said they did not have plans for it.

I don’t believe a driver would work as this would be going against the Fido2 standards (there needs to be user confirmation that they are present). I can’t confirm there isn’t a workaround, just strongly doubt it.

What I would like is a wya to integrate a PAM-enabled FIDO key (like Yubikey) as a LUKS 2FA). If it’s possible to accomplish it’d be amazing. Might even be able to utilize the smartcard reader in that capacity. No smartcard, no boot, even with correct credentials.