diff --git a/roles/debian/files/70-solokeys-access.rules b/roles/debian/files/70-solokeys-access.rules
new file mode 100644
index 0000000..0243401
--- /dev/null
+++ b/roles/debian/files/70-solokeys-access.rules
@@ -0,0 +1,19 @@
+# Notify ModemManager this device should be ignored
+ACTION!="add|change|move", GOTO="mm_usb_device_blacklist_end"
+SUBSYSTEM!="usb", GOTO="mm_usb_device_blacklist_end"
+ENV{DEVTYPE}!="usb_device",  GOTO="mm_usb_device_blacklist_end"
+
+ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+LABEL="mm_usb_device_blacklist_end"
+
+
+# Solo bootloader + firmware access
+SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess"
+SUBSYSTEM=="tty", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess"
+
+# ST DFU access
+SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", TAG+="uaccess"
+
+# U2F Zero
+SUBSYSTEM=="hidraw", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="8acf", TAG+="uaccess"
diff --git a/roles/debian/tasks/main.yml b/roles/debian/tasks/main.yml
index 200b3c0..7a4d7a9 100644
--- a/roles/debian/tasks/main.yml
+++ b/roles/debian/tasks/main.yml
@@ -4,3 +4,4 @@
   when: gui == true
 - include: modules.yml
 - include: ssh.yml
+- include: solokeys.yml
diff --git a/roles/debian/tasks/solokeys.yml b/roles/debian/tasks/solokeys.yml
new file mode 100644
index 0000000..fbe5b52
--- /dev/null
+++ b/roles/debian/tasks/solokeys.yml
@@ -0,0 +1,15 @@
+---
+- name: install solokeys udev rule
+  become: true
+  copy:
+    src: 70-solokeys-access.rules
+    dest: /etc/udev/rules.d/70-solokeys-access.rules
+  register: solokeys_copy
+- name: reload udevadm rules
+  become: true
+  command: udevadm control --reload-rules
+  when: solokeys_copy.changed
+- name: trigger udevadm
+  become: true
+  command: udevadm trigger
+  when: solokeys_copy.changed
diff --git a/roles/home-gui/files/user.js b/roles/home-gui/files/user.js
index 8e338b5..53a6018 100644
--- a/roles/home-gui/files/user.js
+++ b/roles/home-gui/files/user.js
@@ -9,4 +9,5 @@ user_pref("general.smoothScroll", false);
 user_pref("media.peerconnection.enabled", false);
 user_pref("network.security.ports.banned.override", "6697");
 user_pref("privacy.resistFingerprinting", true);
+user_pref("security.webauth.u2f", true);
 user_pref("signon.rememberSignons", false);
diff --git a/roles/ubuntu/tasks/packages-cli.yml b/roles/ubuntu/tasks/packages-cli.yml
index 93d7bbb..a231d6d 100644
--- a/roles/ubuntu/tasks/packages-cli.yml
+++ b/roles/ubuntu/tasks/packages-cli.yml
@@ -18,6 +18,7 @@
       - dnsutils
       - git
       - gnupg
+      - libu2f-udev
       - lldb
       - mc
       - nmap