Download raw body.
another yubikey diff
> Date: Fri, 22 Aug 2025 12:30:15 +0000
> From: Miod Vallat <miod@online.fr>
>
> The diff below attempts to make the yubikey situation less annoying.
>
> With this diff, when you connect your yubikey, it will attach as a
> keyboard again, but that keyboard will not get connected to the mux
> automatically, which means that if you press the button, the data will
> get eaten by /dev/null.
I considered doing something similar; so your idea isn't crazy ;).
> Then, if you need to use the button, you can manually connect it to your
> mux by running wsconscfg -k n (where `n' is the wskbd unit number
> corresponding to your yubikey). Elevated privileges might be needed for
> this command to succeed, depending on how you are logged on the system.
>
> Note that, a side effect of this diff is to impose the same behaviour on
> uthum/ugold devices, but that can be changed if people disagree with
> that policy change.
No opinion about that. However...
> Index: arch/armv7/exynos/crosec_kbd.c
> ===================================================================
> RCS file: /OpenBSD/src/sys/arch/armv7/exynos/crosec_kbd.c,v
> diff -u -p -r1.5 crosec_kbd.c
> --- arch/armv7/exynos/crosec_kbd.c 23 Jan 2023 09:36:39 -0000 1.5
> +++ arch/armv7/exynos/crosec_kbd.c 22 Aug 2025 12:13:21 -0000
> @@ -144,7 +144,7 @@ cros_ec_init_keyboard(struct cros_ec_sof
>
> wskbd_cnattach(&cros_ec_keyboard_consops, sc, &cros_ec_keyboard_keymapdata);
> a.console = 1;
> -
> + a.connect = 1;
> a.keymap = &cros_ec_keyboard_keymapdata;
> a.accessops = &cros_ec_keyboard_accessops;
> a.accesscookie = sc;
> Index: arch/luna88k/dev/lunaws.c
> ===================================================================
> RCS file: /OpenBSD/src/sys/arch/luna88k/dev/lunaws.c,v
> diff -u -p -r1.16 lunaws.c
> --- arch/luna88k/dev/lunaws.c 8 Mar 2023 04:43:07 -0000 1.16
> +++ arch/luna88k/dev/lunaws.c 22 Aug 2025 12:13:21 -0000
> @@ -187,6 +187,7 @@ wsattach(struct device *parent, struct d
> printf("\n");
>
> a.console = (args->hwflags == 1);
> + a.connect = 1;
> a.keymap = &omkbd_keymapdata;
> a.accessops = &omkbd_accessops;
> a.accesscookie = (void *)sc;
> Index: arch/sparc64/dev/comkbd_ebus.c
> ===================================================================
> RCS file: /OpenBSD/src/sys/arch/sparc64/dev/comkbd_ebus.c,v
> diff -u -p -r1.24 comkbd_ebus.c
> --- arch/sparc64/dev/comkbd_ebus.c 24 Oct 2021 17:05:03 -0000 1.24
> +++ arch/sparc64/dev/comkbd_ebus.c 22 Aug 2025 12:13:21 -0000
> @@ -217,6 +217,7 @@ comkbd_attach(struct device *parent, str
> sunkbd_setclick(ss, ss->sc_click);
>
> a.console = console;
> + a.connect = 1;
> if (ISTYPE5(ss->sc_layout)) {
> a.keymap = &sunkbd5_keymapdata;
> #ifndef SUNKBD5_LAYOUT
> Index: arch/sparc64/dev/z8530kbd.c
> ===================================================================
> RCS file: /OpenBSD/src/sys/arch/sparc64/dev/z8530kbd.c,v
> diff -u -p -r1.32 z8530kbd.c
> --- arch/sparc64/dev/z8530kbd.c 13 May 2024 01:15:50 -0000 1.32
> +++ arch/sparc64/dev/z8530kbd.c 22 Aug 2025 12:13:21 -0000
> @@ -372,6 +372,7 @@ zskbd_attach(struct device *parent, stru
> sunkbd_setclick(ss, ss->sc_click);
>
> a.console = console;
> + a.connect = 1;
> if (ISTYPE5(ss->sc_layout)) {
> a.keymap = &sunkbd5_keymapdata;
> #ifndef SUNKBD5_LAYOUT
> Index: dev/adb/akbd.c
> ===================================================================
> RCS file: /OpenBSD/src/sys/dev/adb/akbd.c,v
> diff -u -p -r1.16 akbd.c
> --- dev/adb/akbd.c 21 Oct 2022 22:42:36 -0000 1.16
> +++ dev/adb/akbd.c 22 Aug 2025 12:13:21 -0000
> @@ -248,6 +248,7 @@ akbdattach(struct device *parent, struct
> a.console = (++akbd_console_initted == 1);
> else
> a.console = 0;
> + a.connect = 1;
> a.keymap = &akbd_keymapdata;
> a.accessops = &akbd_accessops;
> a.accesscookie = sc;
> Index: dev/hid/hidcc.c
> ===================================================================
> RCS file: /OpenBSD/src/sys/dev/hid/hidcc.c,v
> diff -u -p -r1.5 hidcc.c
> --- dev/hid/hidcc.c 14 Nov 2022 00:16:44 -0000 1.5
> +++ dev/hid/hidcc.c 22 Aug 2025 12:13:21 -0000
> @@ -764,6 +764,7 @@ hidcc_attach_wskbd(struct hidcc *sc)
> };
> struct wskbddev_attach_args a = {
> .console = 0,
> + .connect = 1,
> .keymap = &sc->sc_keymap,
> .accessops = &accessops,
> .accesscookie = sc,
> Index: dev/hid/hidkbd.c
> ===================================================================
> RCS file: /OpenBSD/src/sys/dev/hid/hidkbd.c,v
> diff -u -p -r1.15 hidkbd.c
> --- dev/hid/hidkbd.c 21 Oct 2024 19:05:31 -0000 1.15
> +++ dev/hid/hidkbd.c 22 Aug 2025 12:13:21 -0000
> @@ -289,13 +289,15 @@ hidkbd_attach(struct device *self, struc
>
> void
> hidkbd_attach_wskbd(struct hidkbd *kbd, kbd_t layout,
> - const struct wskbd_accessops *accessops)
> + const struct wskbd_accessops *accessops, int connect)
> {
> struct wskbddev_attach_args a;
>
> ukbd_keymapdata.layout = layout;
>
> a.console = kbd->sc_console_keyboard;
> + a.connect = 1;
You probably want to drop this line.
> + a.connect = connect;
> a.keymap = &ukbd_keymapdata;
> a.accessops = accessops;
> a.accesscookie = kbd->sc_device;
> Index: dev/hid/hidkbdsc.h
> ===================================================================
> RCS file: /OpenBSD/src/sys/dev/hid/hidkbdsc.h,v
> diff -u -p -r1.3 hidkbdsc.h
> --- dev/hid/hidkbdsc.h 9 Nov 2022 10:05:18 -0000 1.3
> +++ dev/hid/hidkbdsc.h 22 Aug 2025 12:13:21 -0000
> @@ -103,7 +103,7 @@ struct hidkbd_translation {
> int hidkbd_attach(struct device *, struct hidkbd *, int, uint32_t,
> int, void *, int);
> void hidkbd_attach_wskbd(struct hidkbd *, kbd_t,
> - const struct wskbd_accessops *);
> + const struct wskbd_accessops *, int);
> void hidkbd_bell(u_int, u_int, u_int, int);
> void hidkbd_cngetc(struct hidkbd *, u_int *, int *);
> int hidkbd_detach(struct hidkbd *, int);
> Index: dev/hil/hilkbd.c
> ===================================================================
> RCS file: /OpenBSD/src/sys/dev/hil/hilkbd.c,v
> diff -u -p -r1.18 hilkbd.c
> --- dev/hil/hilkbd.c 6 Apr 2022 18:59:28 -0000 1.18
> +++ dev/hil/hilkbd.c 22 Aug 2025 12:13:21 -0000
> @@ -195,6 +195,7 @@ hilkbdattach(struct device *parent, stru
> a.console = 0;
> else
> a.console = hilkbd_is_console(ha->ha_console);
> + a.connect = 1;
> a.keymap = ps2 ? &hilkbd_keymapdata_ps2 : &hilkbd_keymapdata;
> a.accessops = &hilkbd_accessops;
> a.accesscookie = sc;
> Index: dev/i2c/ikbd.c
> ===================================================================
> RCS file: /OpenBSD/src/sys/dev/i2c/ikbd.c,v
> diff -u -p -r1.3 ikbd.c
> --- dev/i2c/ikbd.c 7 Jan 2025 19:26:14 -0000 1.3
> +++ dev/i2c/ikbd.c 22 Aug 2025 12:13:21 -0000
> @@ -125,7 +125,7 @@ ikbd_attach(struct device *parent, struc
> ikbd_enable(sc, 1);
> }
>
> - hidkbd_attach_wskbd(kbd, KB_US | KB_DEFAULT, &ikbd_accessops);
> + hidkbd_attach_wskbd(kbd, KB_US | KB_DEFAULT, &ikbd_accessops, 0);
And you need to pass 1 here instead of zero.
> }
>
> int
> Index: dev/pckbc/pckbd.c
> ===================================================================
> RCS file: /OpenBSD/src/sys/dev/pckbc/pckbd.c,v
> diff -u -p -r1.51 pckbd.c
> --- dev/pckbc/pckbd.c 13 Aug 2023 21:54:02 -0000 1.51
> +++ dev/pckbc/pckbd.c 22 Aug 2025 12:13:23 -0000
> @@ -471,9 +471,8 @@ pckbdattach(struct device *parent, struc
> pckbd_input, sc, sc->sc_dev.dv_xname);
>
> a.console = isconsole;
> -
> + a.connect = 1;
> a.keymap = &pckbd_keymapdata;
> -
> a.accessops = &pckbd_accessops;
> a.accesscookie = sc;
>
> Index: dev/usb/ukbd.c
> ===================================================================
> RCS file: /OpenBSD/src/sys/dev/usb/ukbd.c,v
> diff -u -p -r1.91 ukbd.c
> --- dev/usb/ukbd.c 14 Aug 2025 14:39:44 -0000 1.91
> +++ dev/usb/ukbd.c 22 Aug 2025 12:13:23 -0000
> @@ -196,14 +196,6 @@ ukbd_match(struct device *parent, void *
> int size;
> void *desc;
>
> - /*
> - * Most Yubikey have OTP enabled by default, and the feature
> - * is difficult to disable. Policy decision: Don't attach
> - * as a keyboard.
> - */
> - if (uha->uaa->vendor == USB_VENDOR_YUBICO)
> - return (UMATCH_NONE);
> -
> if (UHIDEV_CLAIM_MULTIPLE_REPORTID(uha))
> return (UMATCH_NONE);
>
> @@ -225,6 +217,7 @@ ukbd_attach(struct device *parent, struc
> u_int32_t quirks, qflags = 0;
> int dlen, repid;
> int console = 1;
> + int connect = 1;
> void *desc;
> kbd_t layout = (kbd_t)-1;
>
> @@ -245,7 +238,15 @@ ukbd_attach(struct device *parent, struc
> * Do not allow unwanted devices to claim the console.
> */
> if (usb_lookup(ukbd_never_console, uha->uaa->vendor, uha->uaa->product))
> - console = 0;
> + console = connect = 0;
> +
> + /*
> + * Most Yubikey have OTP enabled by default, and the feature
> + * is difficult to disable. Policy decision: don't connect
> + * automatically to the mux.
> + */
> + if (uha->uaa->vendor == USB_VENDOR_YUBICO)
> + connect = 0;
>
> quirks = usbd_get_quirks(sc->sc_hdev.sc_udev)->uq_flags;
> if (quirks & UQ_SPUR_BUT_UP)
> @@ -334,7 +335,7 @@ ukbd_attach(struct device *parent, struc
> usbd_delay_ms(sc->sc_hdev.sc_udev, 400);
> ukbd_set_leds(sc, 0);
>
> - hidkbd_attach_wskbd(kbd, layout, &ukbd_accessops);
> + hidkbd_attach_wskbd(kbd, layout, &ukbd_accessops, connect);
>
> #ifdef DDB
> timeout_set(&sc->sc_ddb, ukbd_db_enter, sc);
> Index: dev/wscons/wskbd.c
> ===================================================================
> RCS file: /OpenBSD/src/sys/dev/wscons/wskbd.c,v
> diff -u -p -r1.124 wskbd.c
> --- dev/wscons/wskbd.c 18 Jul 2025 17:34:29 -0000 1.124
> +++ dev/wscons/wskbd.c 22 Aug 2025 12:13:23 -0000
> @@ -405,9 +405,11 @@ wskbd_attach(struct device *parent, stru
> sc->sc_base.me_ops = &wskbd_srcops;
> #endif
> #if NWSMUX > 0
> - mux = sc->sc_base.me_dv.dv_cfdata->wskbddevcf_mux;
> - if (mux >= 0)
> - wsmux_sc = wsmux_getmux(mux);
> + if (ap->connect) {
> + mux = sc->sc_base.me_dv.dv_cfdata->wskbddevcf_mux;
> + if (mux >= 0)
> + wsmux_sc = wsmux_getmux(mux);
> + }
> #endif /* NWSMUX > 0 */
>
> if (ap->console) {
> Index: dev/wscons/wskbdvar.h
> ===================================================================
> RCS file: /OpenBSD/src/sys/dev/wscons/wskbdvar.h,v
> diff -u -p -r1.4 wskbdvar.h
> --- dev/wscons/wskbdvar.h 16 Feb 2022 06:23:42 -0000 1.4
> +++ dev/wscons/wskbdvar.h 22 Aug 2025 12:13:23 -0000
> @@ -67,6 +67,7 @@ struct wskbd_consops {
> */
> struct wskbddev_attach_args {
> int console; /* is it console? */
> + int connect; /* connect to mux? */
> const struct wskbd_mapdata *keymap;
>
> const struct wskbd_accessops *accessops; /* access ops */
>
>
another yubikey diff