Tomster/QubesOS-Scripts
1
0
Fork 0
mirror of https://github.com/tommytran732/QubesOS-Scripts synced 2025-02-08 05:01:34 -05:00
Code

Add FIDO2 policies

Browse Source 
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2025-02-01 02:07:18 -07:00 committed by GitHub
parent 380faedd0d
commit 4c5913f895
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Quality of Life.md
View File

@ -37,6 +37,16 @@ Lenovo ePrivacy can be controlled through `/proc/acpi/ibm/lcdshadow`. I use the
- F5: `sudo bash -c 'echo 1 > /proc/acpi/ibm/lcdshadow'`
- F6: `sudo bash -c 'echo 0 > /proc/acpi/ibm/lcdshadow'`
### FIDO2 policies
The GUI configurator are missing 2 important policies needed for FIDO2 to work correctly, namely ctap.GetInfo and ctap.ClientPin.
Personally, I created `/etc/qubes/policy.d/50-ctap.policy` (note that I don't touch `/etc/qubes/policy.d/50-config-u2f.policy` to avoid it being overwritten by the GUI tool):
```
ctap.GetInfo * microsoft-edge sys-usb allpw
ctap.ClientPin * microsoft-edge sys-usb allow
```
### Bitwarden & Element Flatpak
These apps require the keyring to be created first to work properly. Simply open a browser like Microsoft Edge and set an empty password for the keyring before using them.