On 02/16/2017 12:30 AM, bbrr3...@gmail.com
wrote:
I've been able to use my Yubikey 4 on a debian 8 qube successfully. (Remember
to patch the libccid_Info.plist). Might be worth giving it a try?
Hi,
What did you patch exactly ?
I found out after some fumbling around that the yubikey works perfectly
well if I don't use qvm-usb, and instead assign the entire USB bus to
the guest VM. My understanding is that this is less secure and opens me
up to DMA attacks. It's also a lot less flexible. After digging around,
I found out that qvm-usb uses qubes-usb-proxy[0], which seems to be the
party at fault here.
I tried using usbmon and wireshark to find out more. The logs of the
guest and host are attached (they log the same session). Clearly, the
usb doesn't seem to answer in time to the Get Slot Status request. It
looks like it times out after 100ms in both the guest and the host. Is
it possible that the USB proxy would add latency, causing the timeout ?
Should I try to increase the timeout in the PCSC software ?
I also have made another wireshark log of what happens in sys-usb when
accessing the yubikey directly from there (The scenario where the
yubikey works) in case that's useful.
Thanks for the help,
Robin Lambertz
[0]: https://github.com/QubesOS/qubes-app-linux-usb-proxy
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/o847r7%24u2m%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.
host.pcap
Description: application/vnd.tcpdump.pcap
host_direct_access.pcap
Description: application/vnd.tcpdump.pcap
guest.pcap
Description: application/vnd.tcpdump.pcap
