Using latest R4.1.1 Qubes. I’ve built my own deb-11-min as per @Sven method. When I attach the yubikey to the one of the deb-11-mins appVMs I can’t get u2f to work for lastpass or any other 2fa systems on firefox-esr or librewolf. They work fine with the default work VM or any other appvm that is built off non-minimal templates, with or without u2f-proxy ( U2F proxy | Qubes OS ) . I installed the u2f proxy as per the method in the url but that didn’t fix the problem either.
Given they work fine on the normal Qubes that come installed. I know i’ve either left something off that needs to be installed or haven’t configured something correctly. I’m just not sure what. Any suggestions?
Attaching yubikey via sys-usb. I see no issues with yubikey being detected in dmesg or lsusb.
Packages installed on top of deb-minimal
qubes-core-agent-networking, qubes-core-agent-nautilus, nautilus, zenity, gnome-keying, policykit-1, libglockdev-crypto2, firefox-esr, librewolf, qt5-style-plugins, gtk2-engine-murrine, gnome-themes-standard, pulseaudio-qubes, wget, curl, qubes-usb-proxy
Thanks for the suggestion, but none of those packages are installed on the default debian-11 template which my work VM is based on, and it works fine with the yubikey.
update: I should of checked yubico website before pasting here, they talked about libu2f-udev. Searching through apt I noticed libpam-yubico, libu2f-udev, libpam-u2f, u2f-host. I installed them but it didn’t fix the problem. Also worth noting none of them seem to be installed in the debian-11 default template which is working.
Okay after a few hours of comparing all the packages installed on the debian-11 template and the debian-minimal. Installing a package I thought was related, rebooting VMs and testing it out. I found the package that fixes the problem.
You don’t need all the yubikey libraries or applications. In your debian-11-minimal template:
sudo apt-get install xserver-xorg-input-all
I suspect its only xserver-xorg-input-libinput that is needed.