sirfartsalot Can someone help me use a YubiKey with GrapheneOS? I used other posts on this forum as a guide, but I can't figure it out. I tried: Create a new profile (for a repeatable starting configuration for debugging purposes). Settings > Multiple users > Add user > OK. Then walk through new user creation. As the new user, download Google Play services and Google Services Framework. Apps > Install Google Play services and Google Services Framework. Enable storage scopes on Google Play services Settings > All Apps > Google Play services > Permissions > Photos and videos > Configure Storage Scopes > Enable Ensure NFC is enabled Settings > Connected Devices > Connection Preferences > NFC > Enable Test 2FA at demo.yubico.com/playground Open Vanadium > Go to webpage https://demo.yubico.com/playground > Create new account > Add security key > Next. At this point, I should interact with my YubiKey via NFC or by plugging it in. Instead, it shows the error message "Operation cancelled" and "There was an error in the registration procedure, please try again".
matchboxbananasynergy sirfartsalot Hi there! I noticed you didn't install Google Play Store. Even if you don't plan to use it, please install it. It's required for Sandboxed Google Play to work properly.
sirfartsalot matchboxbananasynergy That fixed it, thank you! A full list of correct steps is below: Create a new profile (for a repeatable starting configuration for debugging purposes). Settings > Multiple users > Add user > OK. Then walk through new user creation. As the new user, download Google Play services, Google Services Framework, and Google Play Store. Apps > Install Google Play services, Google Services Framework, and Google Play Store. All 3 are required. Enable storage scopes on Google Play services Settings > All Apps > Google Play services > Permissions > Photos and videos > Configure Storage Scopes > Enable (Optional) For privacy, disable sensors and network permissions for all 3 Google apps. Settings > All Apps > Google Play services > Permissions > Network > Don't allow. Sensors > Don't allow. Ensure NFC is enabled Settings > Connected Devices > Connection Preferences > NFC > Enable Test 2FA at demo.yubico.com/playground Open Vanadium > Go to webpage https://demo.yubico.com/playground > Create new account > Add security key > Next. Interact with my YubiKey via NFC or via USB. Both NFC and USB were tested and work properly with a YubiKey 5C NFC.
chock-a-block sirfartsalot Once you set this up, does the yubikey work outside of the new profile or does all your FIDO2 yubikey-authenticated accounts have to be accessed within that profile?
matchboxbananasynergy chock-a-block I'm pretty sure it only applies to the profile in which Sandboxed Google Play is isntalled. The Sandboxed Google Play installation doesn't persist across profiles, they can't even see apps in other profiles cause they're just regular apps.
sirfartsalot matchboxbananasynergy That is correct. In my instructions, the first step of "create a new profile" was only to provide a consistent baseline for testing purposes. Set it up on the profile that you want to use hardware key 2FA with.
FreshStart Is there any way to get a Yubikey working on GOS without installing Google Play Services / Framework / Store, etc.?