Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot disable all applications #639

Open
eric-j-ason opened this issue Nov 1, 2024 · 0 comments
Open

Cannot disable all applications #639

eric-j-ason opened this issue Nov 1, 2024 · 0 comments

Comments

@eric-j-ason
Copy link

  • YubiKey Manager (ykman) version: 5.5.1
  • How was it installed?: MacPorts (sudo port install yubikey-manager)
  • Operating system and version: macOS 15.0.1
  • YubiKey model and version: YubiKey 5C NFC (5.4.3)
  • Bug description summary: Cannot disable all applications.

Steps to reproduce

ykman config usb --disable=otp --disable=u2f --disable=fido2 --disable=oath --disable=piv --disable=openpgp --disable=hsmauth

Expected result

USB configuration changes:
  Disable Yubico OTP, FIDO U2F, OpenPGP, PIV, OATH, YubiHSM Auth, FIDO2
  The YubiKey will reboot
Proceed? [y/N]:

Actual results and logs

ERROR: Can not disable all applications over USB.

Other info

This is the piece of code that forbids all applications from being disabled:

yubikey-manager/ykman/_cli/config.py

Lines 285 to 287 in 84e340e

if transport == TRANSPORT.USB:
if sum(CAPABILITY) & new_enabled == 0:
raise CliFail(f"Can not disable all applications over {transport}.")

I might be missing something, but I haven't been able to figure out why this should be forbidden. What would happen if I removed the check?

My goal is to reset YubiKeys fully and then enable precisely the things I want.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@eric-j-ason