Hello fellow Qubes users,
Sharing a Qubes-specific issue to do with KeePassXC that had been troubling me for several weeks now, that I could not find any solution online for, but just cracked the nut and resolved it. Sharing here just in case anyone else ever faces the same problem.
Problem:
KeePassXC, when trying to open a .kdbx database file protected with Yubikey HMAC-challenge unlock, the Yubikey is detected just fine, but when pressing “Unlock” button the whole KeePassXC programs just freezes up before the “Touch Yubikey to Unlock” prompt appears. The program then cannot be closed or killed, the VaultVM itself can’t even be shutdown and must instead be Killed via Qube Manager.
Solution found:
It turns out the issue was in how many vCPUs the VaultVM has allocated to it. Playing around with the memory assigned made no difference (usually I run my VaultVM with 400-1,500MB memory + memory balancing enabled, tried assigning up to 4,000MB and turning off balancing to no effect), but I had set the VaultVM to only use 1 vCPU. Bumping this up to 2 vCPUs solved the problem!
Most people using Qubes’ default vCPU allocation (2) won’t have this problem, but if you’re having issues with unlocking your KeePassXC vault and are using a Yubikey and have adjusted the vCPUs of your VaultVM, try bumping up the vCPUs to >2, hopefully this solves your issue.
Misc info:
Running Qubes 4.1.2, Debian 12-minimal morped into Kicksecure-17 (with qubes-usb-proxy installed), KeePassXC 2.7.4 installed from Debian repo, Yubikey 5C routed via sys-USB (also based on Debian-12 minimal morphed into Kicksecure-17)
Cheers
