Yubico Forum

I've got the question several times now what was really changed between the 1.3.2 and the 1.3.3 version ?

In the USB device descriptor which is read at startup/enumeration time, there is a flag specifying if the USB device is a boot device. In the pre-1.3.3 Yubikeys, this flag is not set and therefore the BIOS simply rejects it and the Yubikey goes into dormant mode until the OS starts up.

Under Windows, this can be checked by firing up the Device Manager. Locate the Yubikey under "Human Interface Devices" and open the properties dialog. Under the Details tab, locate the "Compatible Ids" and you'll find USB\Class_03&SubClass_01&Prot_01 for the 1.3.3 Yubikey. This means that it is a HID device (3), Boot Interface Subclass (1) and Keyboard protocol (1).

A simple fix indeed and one could ask why that was not done in the first place. I actually did not see any reason to fire up the key until the OS was started as it did not make sense to have it enabled until there is a service available that could verify the OTP. That was certainly true before we introduced static OTPs but I could not simply envision the pre-boot usage.

A good reason not to enable the Yubikey unless necessary is that it then stays in dormant mode and consumes virtually no power.

With the best regards,

Jakob E
Hardware- and firmware guy @ Yubico

So if my "Compatible Ids" for my newly purchased YubiKeys is:

USB\Class_03&SubClass_00&Prot_00
USB\Class_03&SubClass_00
USB\Class_03

they wont work with pre-boot authentication?

Pre-boot authentication with TrueCrypt full disk encryption was one of my intended uses.

This would be unfortunate as I only received my keys today.

--
znark

It seems that you received a YubiKey with the firmware version 1.3.2. The YubiKey requires firmware version 1.3.3 to work at the pre-boot environment.

To check the firmware version of the YubiKey, please visit the following forum post:

viewtopic.php?f=2&t=85&p=804&hilit=yubikey+version#p804

If the YubiKey firmware version is older that the version 1.3.3, please send an email to "support@yubico.com" with the purchasing details. Yubico will arrange for a replacement.

We hope this answers your question.

Feel free to write back to us in case you face any problems.