Hi, I have reinstall Qubes official image but not the nitrokey specific image after wrong manipulation with LUKS.
I have no problem in general but it´s impossible to have Nitrokey U2F to work with u2f proxy. I applied this U2F proxy | Qubes OS but nothing work.
Have you get a specific hack on your install ? udev or other in sys-usb ?

By default U2F proxy runs as root (see /etc/qubes-rpc/policy/u2f.{Register,Authenticate} - there should be user=root), so udev rules should not be an issue.

The issue is with u2flib-host library we use there. It includes a whitelist of supported devices and Nitrokey is not there:

After adding (0x20a0, 0x42b1) there, it works with Nitrokey FIDO2.

Here is a patch so that later this manual fix won’t be required anymore.

1 Like

Ok to apply this patch but where is that file ?

The updated library with those devices included is in current-testing repository already. Will be available as an update in about a week.

I understand this issue is closed now and no manual patching required.

According to the comment the package is available for stable Fedora 29+ and Debian’s Stretch and Buster.