On Tuesday, February 20, 2018 at 2:58:18 PM UTC-5, Yuraeitha wrote: > > wait hold on, just to be sure we're on the same page here. > Why would you bring up sys-usb? Putting a USB controller in sys-usb is > normally for the purpose to use qvm-usb/widget to virtually pass it to > multiple of other VM's, or just a place to hold it for keyboard/mouse. Since > the Yubi key didn't work for me by passing it away from the sys-usb, but > worked in the sys-usb itself. > > If you have a controller to spare, you'd want to put it directly into the > AppVM. It's less secure than a sys-usb, but nonetheless, if you really need > an USB application working, which doesn't work in the widget/qvm-USB, then > you need to pass the USB controller directly into the very VM where you need > the Yubi key. This can also cause problems if you need to switch the > controller from one VM to another, for example you can't run both VM's at the > same time if they both try to claim the controller, and if the USB controller > has no pci-reset functionality, then you need to restart the whole computer > to be able to move it to a new VM. > > Just to be sure we're on the same page here?
We are. I identified two approaches: direct assignment of the hub to a particular VM, or, bring up sys-usb so I could easily assign the U2F key to any VM. The latter seemed more flexible, but also more of a heavyweight solution. In the end, I decided to simply assign the spare hub to the VM I would be using for most U2F logins. If it turns out that I frequently need to use U2F on other VMs I'll revisit the sys-usb solution, especially since I know both work. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/deefe89d-f2f3-495c-a0fa-87dfe24f4612%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
