On Wednesday, March 21, 2018 at 2:38:25 PM UTC-4, Jon R. wrote: > Just a brief update on this -- I snagged a few Yubikey FIDO specific devices > and they seem to work fine and as you'd expect. The issue seems to be > isolated to the Yubikey 4 / the ones that support smart card features / > things of that nature. > > Color me confused.
A U2F Yubikey has a single USB "interface" that provides the U2F functionality. Yubikey NEOs/4s out of the box are setup to provide three USB "interfaces": U2F, classic Yubikey (two slots, HID based) and CCID (smart card) "interfaces". Discussion of USB "interfaces" can be found here: https://stackoverflow.com/questions/33103711/whats-difference-between-configuration-and-interface-in-usb-device As I read it, if the device works in sys-usb but doesn't work in other VMs using the same template, perhaps the qubes/xen code that handles reassigning USB devices doesn't handle multi-interface USB devices well? Perhaps try temporarily configuring your Yubikey 4 to disable OTP and CCID (leaving only the U2F interface enabled) using the Yubikey NEO Manager and see if that allows the U2F to function when the USB device is assigned to a VM. IF that works, see if other combinations (U2F+CCID, U2F+OTP) work or don't. Brendan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/42830839-73c5-45e5-9490-bde157013e49%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
