You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm running USBGuard 1.1.4 on NixOS 25.11, with GDM/GNOME. I'm using a Framework 13 laptop, which means that the USB expansion cards can end up in any slot and appear differently to USBGuard, but I'm not sure if/how that explains the issue I'm running into. Every other USBGuard rule is working fine, it's just the below rules that don't seem to be working. I would appreciate any pointers or further troubleshooting steps I can take.
When disconnected from peripherals, USBGuard functions correctly with my rules file, allowing all my devices. When I plug into a USB hub and my monitor, USBGuard immediately blocks the connected devices and GNOME locks my screen, even though all of the connected devices are allowed in my rules. I have an AX88179A USB Ethernet adapter and a C925e webcam connected either directly to the hub or to a USB switch connected to the hub, and I have a keyboard and a couple mice connected to the switch as well. Diagram below for the hierarchy.
When I run usbguard list-devices -b it shows the HDMI expansion card, the Ethernet adapter, and the webcam, but the details exactly match the USBGuard rules I already have in place.
The relevant rules are below, especially confusing is why the HDMI Expansion Card is being blocked when it is part of a wildcard rule.
12: allow id 32ac:*
...
20: allow id 046d:085b serial "71DCC9DF" name "Logitech Webcam C925e" hash "Vn912biQ0xToqQEK/l13OByxq0eLjMRjpf/7GLCbEJs="
21: allow id 0b95:1790 serial "00000000002D54" name "AX88179A" hash "upreoKfvnqxfoFobGPGThnTzQeMfeYyE2hLPco3DKa4="
When I look at the USBGuard logs, it shows that they're blocked but doesn't explain why, even though I get the impression the rules should match. Is there something I'm missing with my rules that is needed to make this work? Does this have something to do with the devices being blocked before USBGuard can apply the rules?
I also noticed that if I usbguard allow-device <id> my Ethernet adapter specifically, it fails to allow and remains blocked, plus locks my screen, like the device is being reset.
I'm running USBGuard 1.1.4 on NixOS 25.11, with GDM/GNOME. I'm using a Framework 13 laptop, which means that the USB expansion cards can end up in any slot and appear differently to USBGuard, but I'm not sure if/how that explains the issue I'm running into. Every other USBGuard rule is working fine, it's just the below rules that don't seem to be working. I would appreciate any pointers or further troubleshooting steps I can take.
When disconnected from peripherals, USBGuard functions correctly with my rules file, allowing all my devices. When I plug into a USB hub and my monitor, USBGuard immediately blocks the connected devices and GNOME locks my screen, even though all of the connected devices are allowed in my rules. I have an AX88179A USB Ethernet adapter and a C925e webcam connected either directly to the hub or to a USB switch connected to the hub, and I have a keyboard and a couple mice connected to the switch as well. Diagram below for the hierarchy.
graph TD; FW13-->USB-C-->A["USB Hub"]; FW13-->HDMI; A-->AX88179A; A-->B["USB Switch"]; B-->C["C925e Webcam"]; B-->Keyboard; B-->D["Mouse 1"]; B-->E["Mouse 2"];When I run
usbguard list-devices -bit shows the HDMI expansion card, the Ethernet adapter, and the webcam, but the details exactly match the USBGuard rules I already have in place.The relevant rules are below, especially confusing is why the HDMI Expansion Card is being blocked when it is part of a wildcard rule.
When I look at the USBGuard logs, it shows that they're blocked but doesn't explain why, even though I get the impression the rules should match. Is there something I'm missing with my rules that is needed to make this work? Does this have something to do with the devices being blocked before USBGuard can apply the rules?
I also noticed that if I
usbguard allow-device <id>my Ethernet adapter specifically, it fails to allow and remains blocked, plus locks my screen, like the device is being reset.