I just recently moved all my fedora qubes to fedora-33, and there’s still some strange lingering issue, so was just wondering if anyone else has discovered the solution.
I’m using Yubikey 5 NFC for U2F and other things as well (OpenPGP etc.). With fedora-32 everything worked perfectly. So I could access my pgp keys, login with U2F (via proxy) etc.
After upgrading sys-usb to fedora-33 strange issues started happening. U2F proxy works, but it’s not reliable. If I access my pgp keys on the Yubikey, U2F proxy stops functioning. I’m not 100% what happens in which order, but anyways it’s not like fedora-32 which was solid.
I also tried to create debian-10-minimal -based template for sys-usb, but couldn’t make the U2F proxy to work at all. Everything else works with my template. I installed qubes-u2f, as explained in the U2F documentation.
If I change sys-usb back to fedora-32 (which I still have lying around because of this issue), everything works again! So it is not about my appvm’s either.
I’d be interested in hearing your experience with Yubikey, fedora-33 and U2F proxy, and especially what needs to be done in order to create sys-usb template based on debian-10-minimal. I’m not the biggest fan of Fedora upgrade cycle, so I’d like to switch all my sys qubes to debian.
Edit. I did some more testing, and found out that with fedora-33 and debian-10-minimal, the authentication works via U2F proxy only once.