They specifically only support YubiCo at the moment, to the point that Chrome asked me if AWS could read my Security Key manufacturer and model when I pressed the button on my 4C Nano.
The manufacturer is irrelevant to the protocol, they may have asked you for these details but they do not matter. You can even emulate the key in software if you wanted.
Incorrect - everything related to the protocol, including becoming a compatible vendor, is managed by the fido alliance which Yubico is a member of. The U2F specification requires you to parse the certificate, and verify the response message against the cert's public key when registering the device with your application. You can choose to only accept certificates whose public key comes from a certain manufacturer, but that is up to the discretion of the implementer and is not required. If you want to read a full overview of the specification you can read the following document
It's not the manufacturer that AWS wants to read, it wants the attestation certificate, and Yubico's are signed with their Root CA, so it's not something you can emulate. https://developers.yubico.com/U2F/Attestation_and_Metadata/
I tried setting up my AWS account with a Tomu setup with U2F firmware and AWS rejected it.
Yeah I knew that it didn't matter to the protocol, I only made my comment because I could've absolutely sworn I read in docs or their UI that literally _only_ YubiCo was supported, as in no other U2F would work. Can't find it now, so my bad!
