> 1. Find a free USB controller. I didn't want to use the same one as my > keyboard or mouse. Your board specs and the lsusb utility are your friends > in the hunt. Check out the Qubes document "Assigning Devices to VMs" for > the gory details of discovering the PCI device assignments to your USB > controllers. > 2. In the VM you plan to use the key, you'll want to assign the PCI > device for your free hub to that VM. That's accomplished by firing up Qube > settings for the VM and selecting the devices tab. Scroll down to the > available device and move it to the selected box. > 3. You might have to configure strict reset (or disable strict reset) for > the USB controller. > 4. Start the VM. > > One gotcha: the VM won't run in PVH mode once you make this assignment. > But, my Yubikey lights up when Gmail or Facebook need the second factor, > and it works as advertised. > > It looks like when in the sys-usb Qube the Yubikey works as intended. When attaching it to another Qube it's listed under lsusb properly and lights up accordingly however when using it there is no output (to stdout / wherever). I'm not quite sure how to debug this further so if someone could shed some light in that regard that'd be great.
In the interim I'll use a solution similar to yours and just juggle the USB controller to different Qubes as needed (ick!). Thanks for the information! On Fri, Mar 9, 2018 at 4:13 PM, William Bormann <[email protected]> wrote: > I have a FIDO U2F Yubico Security Key that I use for authentication to > Gmail and Facebook. In my situation, I decided to use a single VM for two > factor authentication. Here's what I did: > > 1. Find a free USB controller. I didn't want to use the same one as my > keyboard or mouse. Your board specs and the lsusb utility are your friends > in the hunt. Check out the Qubes document "Assigning Devices to VMs" for > the gory details of discovering the PCI device assignments to your USB > controllers. > 2. In the VM you plan to use the key, you'll want to assign the PCI > device for your free hub to that VM. That's accomplished by firing up Qube > settings for the VM and selecting the devices tab. Scroll down to the > available device and move it to the selected box. > 3. You might have to configure strict reset (or disable strict reset) for > the USB controller. > 4. Start the VM. > > One gotcha: the VM won't run in PVH mode once you make this assignment. > But, my Yubikey lights up when Gmail or Facebook need the second factor, > and it works as advertised. > > On Friday, March 9, 2018 at 12:34:06 PM UTC-5, Jon R. wrote: > > Hello, > > > > I've scoured around the mailing lists / SO / Reddit and haven't come > across a solution to this yet. I'm running 4.0 (R4.0) and when I attempt to > use my Yubikey it's seemingly not picking up any input on the button press. > > > > It's detecting the USB properly and I can attach it fine: > > > > [cloe@dom0 Desktop]$ qvm-usb > > BACKEND:DEVID DESCRIPTION USED BY > > sys-usb:2-1 Yubico_Yubikey_4_OTP+CCID > > > > [cloe@dom0 Desktop]$ qvm-usb attach work sys-usb:2-1 > > > > [cloe@dom0 Desktop]$ qvm-usb > > BACKEND:DEVID DESCRIPTION USED BY > > sys-usb:2-1 Yubico_Yubikey_4_OTP+CCID work > > > > However upon button presses on the Yubikey in the "work" domain there is > no action. I've tested this in gedit, the terminal and elsewhere to no > avail. > > > > > > Can someone point me in the right direction as to what may be happening? > I've successfully attached storage devices and other smart card related > devices without any issue so it seems to be isolated to the Yubikey itself. > I've tried 2 separate Yubikey 4's and an older version to no avail. > > > > > > Thank you for your time. > > > > > > - Cody > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/qubes-users/7e00edc7-3c2a-462e-98c6-443dd1af7d36%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJd29SSKf%3DY9CygxG7W6bQXh%3DxomyS76wZchVi0k8%2ByeY7rmzg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
