Device blocked after suspend despite being allowed in rules

[meden]

Hello, I'm facing the following issue: when resuming the system from suspend, one of the internal devices (a Synaptics fingerprint reader, with USB id 06cb:00f9) gets blocked, despite the rules allow it.

I'm using USBguard 1.1.2 in Debian 12.

Here the log, where I (1) restart the service, (2) suspend&resume, (3) restart the service again:

ago 05 11:08:12 alg-pc systemd[1]: Stopping usbguard.service - USBGuard daemon...
ago 05 11:08:12 alg-pc systemd[1]: usbguard.service: Deactivated successfully.
ago 05 11:08:12 alg-pc systemd[1]: Stopped usbguard.service - USBGuard daemon.
ago 05 11:08:12 alg-pc systemd[1]: Starting usbguard.service - USBGuard daemon...
ago 05 11:08:12 alg-pc systemd[1]: Started usbguard.service - USBGuard daemon.
ago 05 11:08:12 alg-pc usbguard-daemon[1486078]: uid=0 pid=1486073 result='SUCCESS' device.rule='allow id 1d6b:0002 serial "XXXXXX" name "xHCI Host Controller" hash "d3YN7OD60Ggqc9hClW0/al6tlFEshidDnQKzZRRk410=" parent-hash "Y1kBdG1uWQr5CjULQs7uh2F6pHgFb6VDHcWLk83v+tE=" via-port "usb1" with-interface 09:00:00 with-connect-type ""' device.system_name='/devices/pci0000:00/0000:00:0d.0/usb1' type='Device.Present'
ago 05 11:08:12 alg-pc usbguard-daemon[1486078]: uid=0 pid=1486073 result='SUCCESS' device.system_name='/devices/pci0000:00/0000:00:0d.0/usb1' target.new='allow' device.rule='allow id 1d6b:0002 serial "XXXXXX" name "xHCI Host Controller" hash "d3YN7OD60Ggqc9hClW0/al6tlFEshidDnQKzZRRk410=" parent-hash "Y1kBdG1uWQr5CjULQs7uh2F6pHgFb6VDHcWLk83v+tE=" via-port "usb1" with-interface 09:00:00 with-connect-type ""' target.old='allow' type='Policy.Device.Update'
ago 05 11:08:12 alg-pc usbguard-daemon[1486078]: uid=0 pid=1486073 result='SUCCESS' device.rule='allow id 1d6b:0003 serial "XXXXXX" name "xHCI Host Controller" hash "4Q3Ski/Lqi8RbTFr10zFlIpagY9AKVMszyzBQJVKE+c=" parent-hash "Y1kBdG1uWQr5CjULQs7uh2F6pHgFb6VDHcWLk83v+tE=" via-port "usb2" with-interface 09:00:00 with-connect-type ""' device.system_name='/devices/pci0000:00/0000:00:0d.0/usb2' type='Device.Present'
ago 05 11:08:12 alg-pc usbguard-daemon[1486078]: uid=0 pid=1486073 result='SUCCESS' device.system_name='/devices/pci0000:00/0000:00:0d.0/usb2' target.new='allow' device.rule='allow id 1d6b:0003 serial "XXXXXX" name "xHCI Host Controller" hash "4Q3Ski/Lqi8RbTFr10zFlIpagY9AKVMszyzBQJVKE+c=" parent-hash "Y1kBdG1uWQr5CjULQs7uh2F6pHgFb6VDHcWLk83v+tE=" via-port "usb2" with-interface 09:00:00 with-connect-type ""' target.old='allow' type='Policy.Device.Update'
ago 05 11:08:12 alg-pc usbguard-daemon[1486078]: uid=0 pid=1486073 result='SUCCESS' device.rule='allow id 1d6b:0002 serial "XXXXXX" name "xHCI Host Controller" hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" parent-hash "rV9bfLq7c2eA4tYjVjwO4bxhm+y6GgZpl9J60L0fBkY=" via-port "usb3" with-interface 09:00:00 with-connect-type ""' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3' type='Device.Present'
ago 05 11:08:12 alg-pc usbguard-daemon[1486078]: uid=0 pid=1486073 result='SUCCESS' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3' target.new='allow' device.rule='allow id 1d6b:0002 serial "XXXXXX" name "xHCI Host Controller" hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" parent-hash "rV9bfLq7c2eA4tYjVjwO4bxhm+y6GgZpl9J60L0fBkY=" via-port "usb3" with-interface 09:00:00 with-connect-type ""' target.old='allow' type='Policy.Device.Update'
ago 05 11:08:12 alg-pc usbguard-daemon[1486078]: uid=0 pid=1486073 result='SUCCESS' device.rule='allow id 1d6b:0003 serial "XXXXXX" name "xHCI Host Controller" hash "prM+Jby/bFHCn2lNjQdAMbgc6tse3xVx+hZwjOPHSdQ=" parent-hash "rV9bfLq7c2eA4tYjVjwO4bxhm+y6GgZpl9J60L0fBkY=" via-port "usb4" with-interface 09:00:00 with-connect-type ""' device.system_name='/devices/pci0000:00/0000:00:14.0/usb4' type='Device.Present'
ago 05 11:08:12 alg-pc usbguard-daemon[1486078]: uid=0 pid=1486073 result='SUCCESS' device.system_name='/devices/pci0000:00/0000:00:14.0/usb4' target.new='allow' device.rule='allow id 1d6b:0003 serial "XXXXXX" name "xHCI Host Controller" hash "prM+Jby/bFHCn2lNjQdAMbgc6tse3xVx+hZwjOPHSdQ=" parent-hash "rV9bfLq7c2eA4tYjVjwO4bxhm+y6GgZpl9J60L0fBkY=" via-port "usb4" with-interface 09:00:00 with-connect-type ""' target.old='allow' type='Policy.Device.Update'
ago 05 11:08:12 alg-pc usbguard-daemon[1486078]: uid=0 pid=1486073 result='SUCCESS' device.rule='allow id 046d:c534 serial "XXXXXX" name "USB Receiver" hash "2Tmol95c6dv//0RiOpMlUD2f72+S/vuJuIfLIZ2rNXc=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "3-3" with-interface { 03:01:01 03:01:02 } with-connect-type "hotplug"' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3/3-3' type='Device.Present'
ago 05 11:08:12 alg-pc usbguard-daemon[1486078]: uid=0 pid=1486073 result='SUCCESS' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3/3-3' target.new='allow' device.rule='allow id 046d:c534 serial "XXXXXX" name "USB Receiver" hash "2Tmol95c6dv//0RiOpMlUD2f72+S/vuJuIfLIZ2rNXc=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "3-3" with-interface { 03:01:01 03:01:02 } with-connect-type "hotplug"' target.old='allow' type='Policy.Device.Update'
ago 05 11:08:12 alg-pc usbguard-daemon[1486078]: uid=0 pid=1486073 result='SUCCESS' device.rule='allow id 30c9:0050 serial "XXXXXX" name "Integrated RGB Camera" hash "F1s4gysKB+YDQiMyLHbVWIxq9IFvWxonx95/bH60F+A=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "3-5" with-interface { 0e:01:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:01:01 0e:02:01 0e:02:01 fe:01:01 } with-connect-type "not used"' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3/3-5' type='Device.Present'
ago 05 11:08:12 alg-pc usbguard-daemon[1486078]: uid=0 pid=1486073 result='SUCCESS' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3/3-5' target.new='allow' device.rule='allow id 30c9:0050 serial "XXXXXX" name "Integrated RGB Camera" hash "F1s4gysKB+YDQiMyLHbVWIxq9IFvWxonx95/bH60F+A=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "3-5" with-interface { 0e:01:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:01:01 0e:02:01 0e:02:01 fe:01:01 } with-connect-type "not used"' target.old='allow' type='Policy.Device.Update'
ago 05 11:08:12 alg-pc usbguard-daemon[1486078]: uid=0 pid=1486073 result='SUCCESS' device.rule='allow id 058f:9540 serial "XXXXXX" name "EMV Smartcard Reader" hash "j6z/wqFtA1bZWwBIPmIr/g8KfsEQJ63vpgf4cBcNLbU=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "3-6" with-interface 0b:00:00 with-connect-type "not used"' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3/3-6' type='Device.Present'
ago 05 11:08:12 alg-pc usbguard-daemon[1486078]: uid=0 pid=1486073 result='SUCCESS' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3/3-6' target.new='allow' device.rule='allow id 058f:9540 serial "XXXXXX" name "EMV Smartcard Reader" hash "j6z/wqFtA1bZWwBIPmIr/g8KfsEQJ63vpgf4cBcNLbU=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "3-6" with-interface 0b:00:00 with-connect-type "not used"' target.old='allow' type='Policy.Device.Update'
ago 05 11:08:12 alg-pc usbguard-daemon[1486078]: uid=0 pid=1486073 result='SUCCESS' device.rule='allow id 06cb:00f9 serial "XXXXXX" name "" hash "N0lDm4gYlYr7p+/D8wvenAbSdB60P/aONrJeyN2djic=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "3-7" with-interface ff:00:00 with-connect-type "not used"' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3/3-7' type='Device.Present'
ago 05 11:08:12 alg-pc usbguard-daemon[1486078]: uid=0 pid=1486073 result='SUCCESS' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3/3-7' target.new='allow' device.rule='allow id 06cb:00f9 serial "XXXXXX" name "" hash "N0lDm4gYlYr7p+/D8wvenAbSdB60P/aONrJeyN2djic=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "3-7" with-interface ff:00:00 with-connect-type "not used"' target.old='allow' type='Policy.Device.Update'
ago 05 11:08:12 alg-pc usbguard-daemon[1486078]: uid=0 pid=1486073 result='SUCCESS' device.rule='allow id 8087:0026 serial "XXXXXX" name "" hash "Z5csNGxiUukPPZwSHPyUqpVCNagsfOSSNL2CfXhw4IY=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "3-10" with-interface { e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 } with-connect-type "not used"' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3/3-10' type='Device.Present'
ago 05 11:08:12 alg-pc usbguard-daemon[1486078]: uid=0 pid=1486073 result='SUCCESS' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3/3-10' target.new='allow' device.rule='allow id 8087:0026 serial "XXXXXX" name "" hash "Z5csNGxiUukPPZwSHPyUqpVCNagsfOSSNL2CfXhw4IY=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "3-10" with-interface { e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 } with-connect-type "not used"' target.old='allow' type='Policy.Device.Update'
ago 05 11:08:32 alg-pc usbguard-daemon[1486078]: uid=0 pid=1486073 result='SUCCESS' device.rule='allow id 06cb:00f9 serial "XXXXXX" name "" hash "N0lDm4gYlYr7p+/D8wvenAbSdB60P/aONrJeyN2djic=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "3-7" with-interface ff:00:00 with-connect-type "not used"' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3/3-7' type='Device.Remove'
ago 05 11:08:33 alg-pc usbguard-daemon[1486078]: uid=0 pid=1486073 result='SUCCESS' device.rule='block id 06cb:00f9 serial "XXXXXX" name "" hash "N0lDm4gYlYr7p+/D8wvenAbSdB60P/aONrJeyN2djic=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "3-7" with-interface ff:00:00 with-connect-type "not used"' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3/3-7' type='Device.Insert'
ago 05 11:08:33 alg-pc usbguard-daemon[1486078]: uid=0 pid=1486073 result='SUCCESS' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3/3-7' target.new='block' device.rule='block id 06cb:00f9 serial "XXXXXX" name "" hash "N0lDm4gYlYr7p+/D8wvenAbSdB60P/aONrJeyN2djic=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "3-7" with-interface ff:00:00 with-connect-type "not used"' target.old='block' type='Policy.Device.Update'
ago 05 11:08:48 alg-pc systemd[1]: Stopping usbguard.service - USBGuard daemon...
ago 05 11:08:48 alg-pc systemd[1]: usbguard.service: Deactivated successfully.
ago 05 11:08:48 alg-pc systemd[1]: Stopped usbguard.service - USBGuard daemon.
ago 05 11:08:48 alg-pc systemd[1]: Starting usbguard.service - USBGuard daemon...
ago 05 11:08:48 alg-pc systemd[1]: Started usbguard.service - USBGuard daemon.
ago 05 11:08:48 alg-pc usbguard-daemon[1486682]: uid=0 pid=1486677 result='SUCCESS' device.rule='allow id 1d6b:0002 serial "XXXXXX" name "xHCI Host Controller" hash "d3YN7OD60Ggqc9hClW0/al6tlFEshidDnQKzZRRk410=" parent-hash "Y1kBdG1uWQr5CjULQs7uh2F6pHgFb6VDHcWLk83v+tE=" via-port "usb1" with-interface 09:00:00 with-connect-type ""' device.system_name='/devices/pci0000:00/0000:00:0d.0/usb1' type='Device.Present'
ago 05 11:08:48 alg-pc usbguard-daemon[1486682]: uid=0 pid=1486677 result='SUCCESS' device.system_name='/devices/pci0000:00/0000:00:0d.0/usb1' target.new='allow' device.rule='allow id 1d6b:0002 serial "XXXXXX" name "xHCI Host Controller" hash "d3YN7OD60Ggqc9hClW0/al6tlFEshidDnQKzZRRk410=" parent-hash "Y1kBdG1uWQr5CjULQs7uh2F6pHgFb6VDHcWLk83v+tE=" via-port "usb1" with-interface 09:00:00 with-connect-type ""' target.old='allow' type='Policy.Device.Update'
ago 05 11:08:48 alg-pc usbguard-daemon[1486682]: uid=0 pid=1486677 result='SUCCESS' device.rule='allow id 1d6b:0003 serial "XXXXXX" name "xHCI Host Controller" hash "4Q3Ski/Lqi8RbTFr10zFlIpagY9AKVMszyzBQJVKE+c=" parent-hash "Y1kBdG1uWQr5CjULQs7uh2F6pHgFb6VDHcWLk83v+tE=" via-port "usb2" with-interface 09:00:00 with-connect-type ""' device.system_name='/devices/pci0000:00/0000:00:0d.0/usb2' type='Device.Present'
ago 05 11:08:48 alg-pc usbguard-daemon[1486682]: uid=0 pid=1486677 result='SUCCESS' device.system_name='/devices/pci0000:00/0000:00:0d.0/usb2' target.new='allow' device.rule='allow id 1d6b:0003 serial "XXXXXX" name "xHCI Host Controller" hash "4Q3Ski/Lqi8RbTFr10zFlIpagY9AKVMszyzBQJVKE+c=" parent-hash "Y1kBdG1uWQr5CjULQs7uh2F6pHgFb6VDHcWLk83v+tE=" via-port "usb2" with-interface 09:00:00 with-connect-type ""' target.old='allow' type='Policy.Device.Update'
ago 05 11:08:48 alg-pc usbguard-daemon[1486682]: uid=0 pid=1486677 result='SUCCESS' device.rule='allow id 1d6b:0002 serial "XXXXXX" name "xHCI Host Controller" hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" parent-hash "rV9bfLq7c2eA4tYjVjwO4bxhm+y6GgZpl9J60L0fBkY=" via-port "usb3" with-interface 09:00:00 with-connect-type ""' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3' type='Device.Present'
ago 05 11:08:48 alg-pc usbguard-daemon[1486682]: uid=0 pid=1486677 result='SUCCESS' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3' target.new='allow' device.rule='allow id 1d6b:0002 serial "XXXXXX" name "xHCI Host Controller" hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" parent-hash "rV9bfLq7c2eA4tYjVjwO4bxhm+y6GgZpl9J60L0fBkY=" via-port "usb3" with-interface 09:00:00 with-connect-type ""' target.old='allow' type='Policy.Device.Update'
ago 05 11:08:48 alg-pc usbguard-daemon[1486682]: uid=0 pid=1486677 result='SUCCESS' device.rule='allow id 1d6b:0003 serial "XXXXXX" name "xHCI Host Controller" hash "prM+Jby/bFHCn2lNjQdAMbgc6tse3xVx+hZwjOPHSdQ=" parent-hash "rV9bfLq7c2eA4tYjVjwO4bxhm+y6GgZpl9J60L0fBkY=" via-port "usb4" with-interface 09:00:00 with-connect-type ""' device.system_name='/devices/pci0000:00/0000:00:14.0/usb4' type='Device.Present'
ago 05 11:08:48 alg-pc usbguard-daemon[1486682]: uid=0 pid=1486677 result='SUCCESS' device.system_name='/devices/pci0000:00/0000:00:14.0/usb4' target.new='allow' device.rule='allow id 1d6b:0003 serial "XXXXXX" name "xHCI Host Controller" hash "prM+Jby/bFHCn2lNjQdAMbgc6tse3xVx+hZwjOPHSdQ=" parent-hash "rV9bfLq7c2eA4tYjVjwO4bxhm+y6GgZpl9J60L0fBkY=" via-port "usb4" with-interface 09:00:00 with-connect-type ""' target.old='allow' type='Policy.Device.Update'
ago 05 11:08:48 alg-pc usbguard-daemon[1486682]: uid=0 pid=1486677 result='SUCCESS' device.rule='allow id 046d:c534 serial "XXXXXX" name "USB Receiver" hash "2Tmol95c6dv//0RiOpMlUD2f72+S/vuJuIfLIZ2rNXc=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "3-3" with-interface { 03:01:01 03:01:02 } with-connect-type "hotplug"' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3/3-3' type='Device.Present'
ago 05 11:08:48 alg-pc usbguard-daemon[1486682]: uid=0 pid=1486677 result='SUCCESS' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3/3-3' target.new='allow' device.rule='allow id 046d:c534 serial "XXXXXX" name "USB Receiver" hash "2Tmol95c6dv//0RiOpMlUD2f72+S/vuJuIfLIZ2rNXc=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "3-3" with-interface { 03:01:01 03:01:02 } with-connect-type "hotplug"' target.old='allow' type='Policy.Device.Update'
ago 05 11:08:48 alg-pc usbguard-daemon[1486682]: uid=0 pid=1486677 result='SUCCESS' device.rule='allow id 30c9:0050 serial "XXXXXX" name "Integrated RGB Camera" hash "F1s4gysKB+YDQiMyLHbVWIxq9IFvWxonx95/bH60F+A=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "3-5" with-interface { 0e:01:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:01:01 0e:02:01 0e:02:01 fe:01:01 } with-connect-type "not used"' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3/3-5' type='Device.Present'
ago 05 11:08:48 alg-pc usbguard-daemon[1486682]: uid=0 pid=1486677 result='SUCCESS' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3/3-5' target.new='allow' device.rule='allow id 30c9:0050 serial "XXXXXX" name "Integrated RGB Camera" hash "F1s4gysKB+YDQiMyLHbVWIxq9IFvWxonx95/bH60F+A=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "3-5" with-interface { 0e:01:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:01:01 0e:02:01 0e:02:01 fe:01:01 } with-connect-type "not used"' target.old='allow' type='Policy.Device.Update'
ago 05 11:08:48 alg-pc usbguard-daemon[1486682]: uid=0 pid=1486677 result='SUCCESS' device.rule='allow id 058f:9540 serial "XXXXXX" name "EMV Smartcard Reader" hash "j6z/wqFtA1bZWwBIPmIr/g8KfsEQJ63vpgf4cBcNLbU=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "3-6" with-interface 0b:00:00 with-connect-type "not used"' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3/3-6' type='Device.Present'
ago 05 11:08:48 alg-pc usbguard-daemon[1486682]: uid=0 pid=1486677 result='SUCCESS' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3/3-6' target.new='allow' device.rule='allow id 058f:9540 serial "XXXXXX" name "EMV Smartcard Reader" hash "j6z/wqFtA1bZWwBIPmIr/g8KfsEQJ63vpgf4cBcNLbU=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "3-6" with-interface 0b:00:00 with-connect-type "not used"' target.old='allow' type='Policy.Device.Update'
ago 05 11:08:48 alg-pc usbguard-daemon[1486682]: uid=0 pid=1486677 result='SUCCESS' device.rule='block id 06cb:00f9 serial "XXXXXX" name "" hash "N0lDm4gYlYr7p+/D8wvenAbSdB60P/aONrJeyN2djic=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "3-7" with-interface ff:00:00 with-connect-type "not used"' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3/3-7' type='Device.Present'
ago 05 11:08:48 alg-pc usbguard-daemon[1486682]: uid=0 pid=1486677 result='SUCCESS' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3/3-7' target.new='allow' device.rule='block id 06cb:00f9 serial "XXXXXX" name "" hash "N0lDm4gYlYr7p+/D8wvenAbSdB60P/aONrJeyN2djic=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "3-7" with-interface ff:00:00 with-connect-type "not used"' target.old='block' type='Policy.Device.Update'
ago 05 11:08:48 alg-pc usbguard-daemon[1486682]: uid=0 pid=1486677 result='SUCCESS' device.rule='allow id 8087:0026 serial "XXXXXX" name "" hash "Z5csNGxiUukPPZwSHPyUqpVCNagsfOSSNL2CfXhw4IY=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "3-10" with-interface { e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 } with-connect-type "not used"' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3/3-10' type='Device.Present'
ago 05 11:08:48 alg-pc usbguard-daemon[1486682]: uid=0 pid=1486677 result='SUCCESS' device.system_name='/devices/pci0000:00/0000:00:14.0/usb3/3-10' target.new='allow' device.rule='allow id 8087:0026 serial "XXXXXX" name "" hash "Z5csNGxiUukPPZwSHPyUqpVCNagsfOSSNL2CfXhw4IY=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "3-10" with-interface { e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 } with-connect-type "not used"' target.old='allow' type='Policy.Device.Update'
ago 05 11:08:48 alg-pc usbguard-daemon[1486682]: Ignoring unknown UEvent action: sysfs_devpath=/devices/pci0000:00/0000:00:14.0/usb3/3-7 action=change

In Gnome, I get notified about a new USB peripheral attached during suspend, which gets blocked (another annoying thing, as actually there are no new peripherals).

Restarting the service after resume makes the fingerprint reader available again, and I can use it until the next suspension, even if I lock the session, so I would tend to exclude some intervention by Gnome (although I cannot be sure, as I don't really know how it works).

These are my rules (initially generated with usbguard generate-policy, then manually refined):

allow id 1d6b:0002 serial "XXXXXX" name "xHCI Host Controller" hash "d3YN7OD60Ggqc9hClW0/al6tlFEshidDnQKzZRRk410=" parent-hash "Y1kBdG1uWQr5CjULQs7uh2F6pHgFb6VDHcWLk83v+tE=" with-interface 09:00:00
allow id 1d6b:0003 serial "XXXXXX" name "xHCI Host Controller" hash "4Q3Ski/Lqi8RbTFr10zFlIpagY9AKVMszyzBQJVKE+c=" parent-hash "Y1kBdG1uWQr5CjULQs7uh2F6pHgFb6VDHcWLk83v+tE=" with-interface 09:00:00
allow id 1d6b:0002 serial "XXXXXX" name "xHCI Host Controller" hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" parent-hash "rV9bfLq7c2eA4tYjVjwO4bxhm+y6GgZpl9J60L0fBkY=" with-interface 09:00:00
allow id 1d6b:0003 serial "XXXXXX" name "xHCI Host Controller" hash "prM+Jby/bFHCn2lNjQdAMbgc6tse3xVx+hZwjOPHSdQ=" parent-hash "rV9bfLq7c2eA4tYjVjwO4bxhm+y6GgZpl9J60L0fBkY=" with-interface 09:00:00
allow id 1d5c:5001 name "USB3.0 Hub" hash "9G2PvBO3tDvXuoLO0+ARNRefZh9imUEltyvnrIs+N3I=" parent-hash "4Q3Ski/Lqi8RbTFr10zFlIpagY9AKVMszyzBQJVKE+c=" with-interface 09:00:00 with-connect-type "hotplug"
allow id 1d5c:5011 name "USB2.0 Hub" hash "vIFIEbxMf5Dj/XPrcM4bEOy4uHc0a3QWGbF9DBqa6JA=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" with-interface { 09:00:01 09:00:02 } with-connect-type "hotplug"
allow id 30c9:0050 serial "XXXXXX" name "Integrated RGB Camera" hash "F1s4gysKB+YDQiMyLHbVWIxq9IFvWxonx95/bH60F+A=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" with-interface { 0e:01:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:01:01 0e:02:01 0e:02:01 fe:01:01 }
allow id 058f:9540 name "EMV Smartcard Reader" hash "j6z/wqFtA1bZWwBIPmIr/g8KfsEQJ63vpgf4cBcNLbU=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" with-interface 0b:00:00
allow id 06cb:00f9 serial "XXXXXX" hash "N0lDm4gYlYr7p+/D8wvenAbSdB60P/aONrJeyN2djic=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" with-interface ff:00:00 label "XXXXXX"
allow id 2c7c:030a name "Quectel EM05-G" hash "stsm8fGoKT05u5egRMN0gy13WcdrKeAqP4XcLYUioJY=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" with-interface { ff:ff:ff ff:00:00 ff:00:00 ff:00:00 02:0e:00 0a:00:02 0a:00:02 }
allow id 8087:0026 hash "Z5csNGxiUukPPZwSHPyUqpVCNagsfOSSNL2CfXhw4IY=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" with-interface { e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 } label "XXXXXX"
allow id 1a40:0801 name "USB 2.0 Hub" hash "AGUYEKgZCSjWnBQRgECiKsBFduiNgQO6eIKZQaynmmY=" parent-hash "vIFIEbxMf5Dj/XPrcM4bEOy4uHc0a3QWGbF9DBqa6JA=" with-interface 09:00:00
allow id 0bda:8153 name "USB 10/100/1000 LAN" hash "0e64v7j3WdPYy2m8WjI5GBk9ubTiB153rAwHzsCn57c=" parent-hash "vIFIEbxMf5Dj/XPrcM4bEOy4uHc0a3QWGbF9DBqa6JA=" with-interface { ff:ff:00 02:06:00 0a:00:00 0a:00:00 }
allow id 1b3f:2008 name "USB Audio Device" hash "2WvHLXDFTIVfoa/z54LmFuVBuBbDPnCPalytHZFczPg=" parent-hash "AGUYEKgZCSjWnBQRgECiKsBFduiNgQO6eIKZQaynmmY=" with-interface { 01:01:00 01:02:00 01:02:00 01:02:00 01:02:00 03:00:00 }
allow id 18d1:4ee8 serial "XXXXXX" hash "TzPV+OdErRNZgHSk0op9fNMsn3tq/iTg0bK8EgpwQFM=" with-interface { 01:01:00 01:03:00 } with-connect-type "hotplug" label "XXXXXX"
allow id one-of { 046d:c52b 046d:c534 } name "USB Receiver" with-interface { 03:01:01 03:01:02 } with-connect-type "hotplug" label "XXXXXX"
allow id 045e:07f8 name "Wired Keyboard 600" hash "R+y+7NMVCKLRalharwiNXPe3GG/zIlLg1OXVkIx6fa4=" with-interface { 03:01:01 03:00:00 } label "XXXXXX"

Personal information have been partially obfuscated in all shared snippets.

There is a similar report (#543), but my issue happens regardless the computer being docked or not, so I'm opening a new one.

Thank you for your work!

[meden]

I think this issue is caused by this commit. Not sure about its motive, though.

[meden]

About the motive, I thick the actual motive is this one, so I'm not sure anymore whether this bug is valid or not.

[commandline-be]

Same issue, tried multiple variations of usbguard config.

After the last config test I just left the screen to auto-lock, on resume all USB devices awoke as expected by policy.
Whenever I manually lock the screen by enabling suspend the "USB 2.1 Hub" is forgotten and must be re-enabled manually.

One test I do which demonstrates the faulty event is systemctl restart usbguard which then disables the devices as if the systems resumed from suspend in the same erroneous way. Regardless, the system correctly resumed just before i wrote this post.

apt show usbguard
Package: usbguard
Version: 1.1.1+ds-3

usbguard get-parameter ImplicitPolicyTarget
block

usbguard get-parameter InsertedDevicePolicy
apply-policy

[meden]

@commandline-be, this may actually not be an USBGuard's issue.

I currently solved the bad behavior by disabling Gnome's USB "security":

$ gsettings set org.gnome.desktop.privacy usb-protection false

Please check my comment on the gnome-setting-daemon bug tracker for further details.

Hope it helps.

[commandline-be]

@meden With prior experiences I've also tried disabling usb-protection eventually to no avail.
This time it did work, thanks for reminding us.

[commandline-be]

@meden forget what i said, this works only 50% of the time, it seems deeper suspend states (or something, speculating) are working against this (as noted before)

How is your experience by now ?

[meden]

@commandline-be, as far as I can tell, things are working properly now (with Gnome's USB security disabled). When resuming the laptop, now GDM suggests that I can use the fingerprint to access (although it looks that sometimes it does it only on the second attempt, as I need to hit e.g. ESC a couple of times to "open-close-open" the password box).

Also, I'm not flooded anymore by the notifications coming from all my USB3 HUB's sub-devices.

[commandline-be]

facing this issue again i can tell it is not working reliably