When plugging my Yubikey (Yubikey 5) into Qubes 4.1, I see a bunch of notifications about the USB device being found. (Good!)
However, one of them is a warning that the Yubikey cannot be added as a keyboard device to dom0. This is correct – the yubikey has a keyboard mode, but it shouldn’t be added to dom0.
The problem is more user-level. When a user sees that warning, they think something went wrong. Is there some way to hide that warning notice since it is expected?
Qrexec calls implicitly denied results now in a notification. You can add explicit “deny” rule to avoid it: create /etc/qubes/policy.d/30-user.policy with this line:
qubes.InputKeyboard * sys-usb dom0 deny notify=no
The documentation for the new policy features (including new location) is still incomplete, but a draft is available at qubes-core-qrexec/multifile-policy.markdown at master · QubesOS/qubes-core-qrexec · GitHub
1 Like
Thanks @marmarek. I’ll test this in the morning.