FIDO Security Keys failing with "unable to enumerate USB device" error

danherbert · 2023-07-31 20:36:31

I'm having problems on my machine with connecting FIDO/U2F security keys. When I try to use them, applications don't think anything is connected. I'm seeing this in my dmesg log when plugging in:

2023-07-30T14:12:53,885028-07:00 usb 3-2: new full-speed USB device number 4 using xhci_hcd
2023-07-30T14:12:54,300314-07:00 usb 3-2: New USB device found, idVendor=1050, idProduct=0407, bcdDevice= 5.43
2023-07-30T14:12:54,300318-07:00 usb 3-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0
2023-07-30T14:12:54,300319-07:00 usb 3-2: Product: YubiKey OTP+FIDO+CCID
2023-07-30T14:12:54,300320-07:00 usb 3-2: Manufacturer: Yubico
2023-07-30T14:12:54,314654-07:00 input: Yubico YubiKey OTP+FIDO+CCID as /devices/pci0000:00/0000:00:14.0/usb3/3-2/3-2:1.0/0003:1050:0407.0003/input/input20
2023-07-30T14:12:54,372260-07:00 hid-generic 0003:1050:0407.0003: input,hidraw2: USB HID v1.10 Keyboard [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:00:14.0-2/input0
2023-07-30T14:12:54,373596-07:00 hid-generic 0003:1050:0407.0004: hiddev96,hidraw3: USB HID v1.10 Device [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:00:14.0-2/input1
2023-07-30T14:12:54,373651-07:00 usbcore: registered new interface driver usbhid
2023-07-30T14:12:54,373653-07:00 usbhid: USB HID core driver
2023-07-30T14:13:02,058358-07:00 usb usb2-port1: attempt power cycle
2023-07-30T14:13:10,424135-07:00 usb usb2-port1: unable to enumerate USB device

I've tried with kernels 6.1.39-1-lts and 6.4.7-arch1-1 with the same results. I've also tried testing with a few different fido keys from both Yubico and Google and consistently get the same results.

These keys were previously working fine, and still work fine on other machines. I can't think of any system changes I've intentionally made that might have broken things. What can I do to troubleshoot this?

Strike0 · 2023-08-02 16:09:17

A first way to troubleshoot is to use

# dmesg -w

to see what happens the moment when you plug, press its key, unplug it, start an app, etc.
Which applications do you refer to? What happens with yubico's ykman - does it connect to it? Is it the same fail with a different usb port?

The error you paste in the log appears to be for a different usb port (usb2-port1) than the yubikey (usb 3-2), but the error may be arbitrary. A reason could be powersaving, or maybe you have an old udev-rule in /etc/udev/rules.d/ for the yubikey and now detection races with systemd.

danherbert · 2023-08-03 02:43:42

I did not have ykman installed, only libfido2 (which was previously working fine). After installing ykman, my security keys are suddenly being recognized fine now. From looking at dependencies, installing ykman also installs ccid which was not previously installed and might have fixed things.

The apps I was testing with were Chrome/Chromium/Firefox, all of which were not recognizing a FIDO device was plugged in. It was failing on every USB port on my machine, but now my tests are recognizing my keys in every browser, plus ykman.

As a note about the usb2-port1 vs usb 3-2 message, the original logs I posted were (and still are) consistently logging every time a fido key was plugged in. But I noticed that the "usb2-port1" messages only showed when plugging a USB-C key into a USB-C port. My USB-A ports do not include that "unable to enumerate device" log message with USB-A security keys.

Strike0 · 2023-08-03 09:27:42

Ok, progress and nothing broken, great.
I'm not sure about the ccid package. Instead it may be an udev rule to recognise the key, which is installed by the yubikey-personalization package. If you copy it to /etc

# cp /usr/lib/udev/rules.d/69-yubikey.rules  /etc/udev/rules.d/.

it may continue to work after deinstalling (pacman -Rs) the ykman related packages again. If not, reload rules once. Any dice?

danherbert · 2023-08-08 20:55:46

After doing some more testing, I'm realizing that whatever the problem was, it actually went much deeper than just FIDO keys. However, it seems to have completely resolved itself on its own. Though I have no idea what changed on my machine. I didn't make any system changes before the problem went away.

To troubleshoot, I uninstalled ykman and confirmed that any new dependencies it added were also gone. Afterwards my FIDO keys still worked. Another problem I had that I thought was unrelated (hadn't tried troubleshooting it enough to realize), was certain USB devices like any mice/keyboards/etc (I'm on a laptop so they weren't urgent) also wouldn't work. Those also started mysteriously working again with no system changes that I'm aware of. I use etckeeper so I reviewed changes in /etc/ and found nothing that stood out to me. I also checked pacman logs to see if any packages/dependencies (that I'm familar with at least) looked suspicious and didn't see anything. Plus my /etc/udev/rules.d/ rules folder is completely empty (though I'm not sure if that's good or bad).

Strike0 · 2023-08-11 10:52:06

If in doubt, systemd broke it while Allan was AFK.™
No really, it could be updates to kernel modules for the laptop and any automatism related to udev, but it could also be a sporadic but forthcoming definite hw defect. Yet, it's too much ado about nothing, if it works again with defaults. Happy computing.

Arch Linux

#1 2023-07-31 20:36:31

FIDO Security Keys failing with "unable to enumerate USB device" error

#2 2023-08-02 16:09:17

Re: FIDO Security Keys failing with "unable to enumerate USB device" error

#3 2023-08-03 02:43:42

Re: FIDO Security Keys failing with "unable to enumerate USB device" error

#4 2023-08-03 09:27:42

Re: FIDO Security Keys failing with "unable to enumerate USB device" error

#5 2023-08-08 20:55:46

Re: FIDO Security Keys failing with "unable to enumerate USB device" error

#6 2023-08-11 10:52:06

Re: FIDO Security Keys failing with "unable to enumerate USB device" error

Board footer