The keys used in U2F are generated by the device it self, you can’t do it yourself. Yubico’s Developer webpage explain it very clearly. For short, take a look the graph below.
Device Secret is generated in manufacture phrase. As far as I know, this secret can’t changed by a software tweak. AppID is equal to web service URL. At the time of generation, an integrated RNG will generate a Nonce, feed in to a HMAC-SHA256 with AppID, keyed with the device secret, the output is the private key. Then feed the private key and the AppID into the HMAC function again, concatenate the output and the nonce, which becomes the key handle. Public key is generate by the private key, and sent it with the key handle to the web service.
This is the part about code signing and the key to do. Yes, you can generate a private key on your own machine and upload it to the Yubikey. Take a look Yubico’s PIV explanation. Especially articles under
Tools/YubiKey PIV Manager(if you use Windows) and
Yubico is a bit lack of explaining this part, so I found a great GitHub repo contributed by drduh where it contain a full explanation how to use OpenPGP with Yubikey.