matchboxbananasynergy

That fixed it, thank you! A full list of correct steps is below:

  1. Create a new profile (for a repeatable starting configuration for debugging purposes).
    Settings > Multiple users > Add user > OK. Then walk through new user creation.

  2. As the new user, download Google Play services, Google Services Framework, and Google Play Store.
    Apps > Install Google Play services, Google Services Framework, and Google Play Store. All 3 are required.

  3. Enable storage scopes on Google Play services
    Settings > All Apps > Google Play services > Permissions > Photos and videos > Configure Storage Scopes > Enable

  4. (Optional) For privacy, disable sensors and network permissions for all 3 Google apps.
    Settings > All Apps > Google Play services > Permissions > Network > Don't allow. Sensors > Don't allow.

  5. Ensure NFC is enabled
    Settings > Connected Devices > Connection Preferences > NFC > Enable

  6. Test 2FA at demo.yubico.com/playground
    Open Vanadium > Go to webpage https://demo.yubico.com/playground > Create new account > Add security key > Next. Interact with my YubiKey via NFC or via USB. Both NFC and USB were tested and work properly with a YubiKey 5C NFC.

    2 months later

    chock-a-block I'm pretty sure it only applies to the profile in which Sandboxed Google Play is isntalled. The Sandboxed Google Play installation doesn't persist across profiles, they can't even see apps in other profiles cause they're just regular apps.

      matchboxbananasynergy
      That is correct. In my instructions, the first step of "create a new profile" was only to provide a consistent baseline for testing purposes. Set it up on the profile that you want to use hardware key 2FA with.

      6 months later

      Is there any way to get a Yubikey working on GOS without installing Google Play Services / Framework / Store, etc.?

        7 days later