Hi, I have reinstall Qubes official image but not the nitrokey specific image after wrong manipulation with LUKS.
I have no problem in general but it´s impossible to have Nitrokey U2F to work with u2f proxy. I applied this U2F proxy | Qubes OS but nothing work.
Have you get a specific hack on your install ? udev or other in sys-usb ?
By default U2F proxy runs as root (see /etc/qubes-rpc/policy/u2f.{Register,Authenticate} - there should be user=root), so udev rules should not be an issue.
The issue is with u2flib-host library we use there. It includes a whitelist of supported devices and Nitrokey is not there:
After adding (0x20a0, 0x42b1) there, it works with Nitrokey FIDO2.
Here is a patch so that later this manual fix won’t be required anymore.
1 Like
Ok to apply this patch but where is that file ?
The updated library with those devices included is in current-testing repository already. Will be available as an update in about a week.
According to the comment the package is available for stable Fedora 29+ and Debian’s Stretch and Buster.