Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Increase Timeout for Reset under Qubes #519

Open
nestire opened this issue Jul 22, 2024 · 5 comments
Open

Increase Timeout for Reset under Qubes #519

nestire opened this issue Jul 22, 2024 · 5 comments

Comments

@nestire
Copy link

nestire commented Jul 22, 2024

Backround is that under Qubes it takes much longer to attach a devices to the relevant qube (3 Clicks) and then execute the reset special if you use the nitrokey-app2 this leaves not much margin. A 20 Second Timeout should be enough
@robin-nitrokey
Copy link
Member

The timeout is defined in admin-app and currently set to 15 seconds:

https://github.com/Nitrokey/admin-app/blob/4dd16c02e93b928e722c6d2d1fd301681d0f02df/src/admin.rs#L17

Is a 5 second increase really enough to make a difference? If we change it, shouldn’t we go for something like 30 seconds directly?

@nestire
Copy link
Author

nestire commented Jul 24, 2024

yes 30 sec should be well then enough

robin-nitrokey added a commit to Nitrokey/admin-app that referenced this issue Aug 1, 2024
@robin-nitrokey
Increase timeout for reboot to bootloader
37d5437 
Previously, we had a timeout of 15 seconds for the user presence check
when rebooting to bootloader.  This can be too short in some situations,
see for example Nitrokey/nitrokey-3-firmware#519.

This patch increases the timeout to 30 seconds.
@robin-nitrokey robin-nitrokey mentioned this issue Aug 1, 2024
Merged
@robin-nitrokey
Copy link
Member

@nestire I might have misunderstood your request because nitrokey-app2 and Qubes is directly linked to bootloader issues in my brain. ^^ You were actually referring to the FIDO2 reset, right?

@daringer
Copy link
Collaborator

daringer commented Aug 1, 2024

Oh, right if it's the FIDO2 timeout can we even change it ?

from the specs:
6.6:

In case of authenticators with no display, request MUST have come to the authenticator within 10 seconds of powering
up of the authenticator.

@robin-nitrokey
Copy link
Member

Yes, that timeout is fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@daringer @robin-nitrokey @nestire