Both /etc/qubes-rpc/policy/qubes.InputKeyboard and InputMouse, should say something like this.
sys-usb dom0 allow,user=root Yes, If you have a sys-usb set up, then the USB keyboard will attach there first. More specifically, the USB Host Controller that the USB keyboard is plugged into is attached to sys-usb. But the keyboard device is immediately sent to dom0 per the rpc policy. Because a keyboard that stays attached to sys-usb, can only type into sys-usb. And not the interactive window you see when you open up a terminal for sys-usb... but rather its own session. dom0 needs the keyboard and mouse. The USB Host Controller still resides in sys-usb, but the USB raw data passes to dom0 upon boot. Unfortunately, the rpc policy is generic based on all USB devices enumerating as a keyboard. So it may not be able to selectively attach a yubikey to an AppVM. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7615fd30-64e4-4594-bd7c-be4b58ecd5c2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
