Does "Refresh Hardware Keys" reset USB devices?

[uschwarz]

Overview

The "unlock database" screen automatically does something with connected USB devices, and again when clicking "Refresh Hardware Keys", and this something has effects like "numlock flashes off, then on again on keyboard" and "systemd sometimes sees unplug/plug events".

Steps to Reproduce

1. Make sure NumLock is on
2. Open KeePassXC window to "unlock database" screen
3. Observe NumLock LED on keyboard briefly flash off after about a second
4. Click "Refresh Hardware Keys"
5. Observe NumLock LED on keyboard briefly flash off after about a second

Expected Behavior

Nothing happens

Actual Behavior

NumLock LED flashes, I suspect due to a device reset?

Context

If this concerned only the NumLock LED, this would be a trivial quality-of-life thing, but I use a YubiKey for my SSH keys and now I have a chance that ssh-agent loses the keys every time I open KeePassXC, and that can't be desired behaviour.

Since I'm not compiling KeePassXC myself, I have no way of disabling the extensions listed below at runtime (right?). If someone can give me a magic AppArmor incantation that stops KeePassXC from accessing the USB at all, that would be fine by me – locking KeePassXC with hardware tokens is not on my current to-do list, so it'd be a workable temporary fix.

KeePassXC - Version 2.7.9 Revision: 8f6dd13

Qt 5.15.15 Debugging mode is disabled.

Operating system: Ubuntu 24.10 CPU architecture: x86_64 Kernel: linux 6.11.0-9-generic

Enabled extensions:

• Auto-Type
• Browser Integration
• Passkeys
• SSH Agent
• KeeShare
• YubiKey
• Secret Service Integration

Cryptographic libraries:

• Botan 2.19.3

Operating System: Linux (Ubuntu 24.10) Desktop Env: Gnome Windowing System: Wayland

[droidmonkey]

See here: https://github.com/keepassxreboot/keepassxc/issues/10077#issuecomment-2047444637

This is a bug in the yubikey that removes the device when doing challenge response. Nothing we can do about it, just how it works.