diff --git a/qubes/ext/block.py b/qubes/ext/block.py
index 6094a8420..7611a9862 100644
--- a/qubes/ext/block.py
+++ b/qubes/ext/block.py
@@ -32,7 +32,7 @@
 import qubes.device_protocol
 import qubes.devices
 import qubes.ext
-from qubes.ext.utils import device_list_change
+from qubes.ext.utils import device_list_change, confirm_device_attachment
 from qubes.storage import Storage
 
 name_re = re.compile(r"\A[a-z0-9-]{1,12}\Z")
@@ -541,8 +541,6 @@ def pre_attachment_internal(
     async def on_domain_start(self, vm, _event, **_kwargs):
         # pylint: disable=unused-argument
         for assignment in vm.devices['block'].get_assigned_devices():
-            if assignment.mode == qubes.device_protocol.AssignmentMode.ASK:
-                pass
             self.notify_auto_attached(vm, assignment)
 
     def notify_auto_attached(self, vm, assignment):
@@ -556,6 +554,10 @@ def notify_auto_attached(self, vm, assignment):
                 f"does not match expected {identity}"
             )
 
+        if assignment.mode.value == "ask-to-attach":
+            if vm.name != confirm_device_attachment(device, {vm: assignment}):
+                return
+
         self.pre_attachment_internal(
             vm, device, assignment.options, expected_attachment=vm)
 
diff --git a/templates/libvirt/xen.xml b/templates/libvirt/xen.xml
index a9ce7c1db..95b59a0b6 100644
--- a/templates/libvirt/xen.xml
+++ b/templates/libvirt/xen.xml
@@ -156,7 +156,7 @@
 
             {# start external devices from xvdi #}
             {% set counter = {'i': 4} %}
-            {% for assignment in vm.devices.block.get_assigned_devices(False) %}
+            {% for assignment in vm.devices.block.get_assigned_devices(True) %}
                 {% set device = assignment.device %}
                 {% set options = assignment.options %}
                 {% include 'libvirt/devices/block.xml' %}