From 05616a71ba873f242000d7def81302cbd48111e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Mon, 12 Oct 2020 22:36:53 +0200 Subject: [PATCH] u2f: add info about non-default USB qube name --- user/security-in-qubes/u2f-proxy.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/user/security-in-qubes/u2f-proxy.md b/user/security-in-qubes/u2f-proxy.md index eff000d9..272a7d0b 100644 --- a/user/security-in-qubes/u2f-proxy.md +++ b/user/security-in-qubes/u2f-proxy.md @@ -112,6 +112,17 @@ Do not delete the file itself. The default model is to allow a qube to access all and only the keys that were enrolled by that qube. For example, if your `banking` qube enrolls your banking key, and your `twitter` qube enrolls your Twitter key, then your `banking` qube will have access to your banking key but not your Twitter key, and your `twitter` qube will have access to your Twitter key but not your banking key. +## Non-default USB qube name + +If your USB qube is named differently than `sys-usb`, then do the following in the appropriate template(s): + +``` +systemctl enable qubes-u2fproxy@USB_QUBE.service +systemctl disable qubes-u2fproxy@sys-usb.service +``` + +Replace `USB_QUBE` with the actual USB qube name. + ## TemplateVM and browser support The large number of possible combinations of TemplateVM (Fedora 27, 28; Debian 8, 9) and browser (multiple Google Chrome versions, multiple Chromium versions, multiple Firefox versions) made it impractical for us to test every combination that users are likely to attempt with the Qubes U2F Proxy.