Stuart Henderson wrote:

> though none of this helps with the actual problem that AIUI is really
> what prompted the "disable attaching kbd" commit: the difficulty of
> using the vendor's original management tools (to disable otp, or swap
> it to the "long press" slot) - for that, implementing hidraw(4) might
> be the best option as it would allow using the current vendor config
> tool (rather than the old one yubikey-personalisation-gui which uses
> libusb and is very awkward to get working on OpenBSD) - though there
> is still a question of which uids get access to that (it feels
> somewhat similar to the cases of microphones or cameras)

IIRC Yubikey has multiple management interfaces. Because if you e.g.
disable the OTP application that communicates over HID, you must use
the CCID interface to re-enable it because it's no longer available.

That said, would detaching the keyboard in effect disable the HID
management interface as well?