On Sunday, June 5, 2016 at 4:07:17 PM UTC-4, Ilpo Järvinen wrote: > On Sun, 5 Jun 2016, Marek Marczykowski-Górecki wrote: > > > On Sat, Jun 04, 2016 at 06:13:45PM -0700, pixel fairy wrote: > > > > > Is it possible to have multiple usb qubes, one > > > for each controller? > > > > Yes, if you have multiple USB controllers. Which is quite rare > > nowadays... > > At least for recent desktop motherboards, that seems slightly incorrect > statement according to my research. Few desktop PCH datasheets I've > looked, indicate that there are two USB controllers (EHCI and XHCI), > however, it seems that typically on a modern MB the ports are > forwarded/routed by default so that they appear under a single controller > due to ease of use reasons (also Linux device driver code forces > forwarding all ports which allow forwarding). XHCI PCI config has XUSB2PR > register that might allow disabling the forwarding for a selected set of > registers. > > I'm yet to test if the forwarding/routing works for real because I lack > such a motherboard (I'll likely get one sooner than later though) but I > see no particular reason why it wouldn't work as documented. Probably > laptop PCH have similar arrangement and I might be able to test that one > soon if I find enough time to play with the usbvm kernel. Another thing > that needs testing, even if routing is configurable, is whether PCHs > really support EHCI and XHCI in different VMs or if there's some > other limiting depency between them. > > I've attached potentially working patch for Linux kernel. The mapping > between PCI register ports might not be consistent though so that the > patch might not exactly do what intented as is (usb3/superspeed port > might unintentionally be routed to EHCI, the docs are unclear on this > point). However, if any USB port would successfully appear as EHCI one > when using a kernel with that patch in usb vm, it is great success in > itself on truly separating the ports. > > At least X99/C612 and some recent Series X PCH datasheets listed the > required register (in case somebody is interested in testing this). > > I suspect that for a secure implementation Xen would need to somehow > arbitrate that PCI register as otherwise the xhci usb VM might be able > to steal the usb ports from the ehci VM. But this is already way beyond > my current level of understanding about Xen and PCI passthrough. > > > -- >
>From what i"ve learned when building desktop for qubes and from my own >experience on desktop machines only. Older pc's without usb3, usually >have two controllers. One controller is for the two usb ports next to the ps2 >slot. I always assumed it was for mouse and kb at the slower usb1 speed (ahci) > And all the other usb ports on the 2nd controller(ehci). When building a newer qubes machine i5 1150 board (new for me) I was under the impression I would then get 3 controllers since it had usb3 (xhci) and i saw in the spec sheets it stated ahci, ehci, and xhci. But as Ilpo explained, all the controllers are automatically routed through the xhci controller. Which means that there is only actually a single controller, not 3. In most motherboard bios though you can disable xhci (usb3.0) which means you can use the other two controllers seperately. one for dom0 and one for usbvm. But then you won't get the super usb speeds, they will all be only at high speed (usb2.0). For super speed usb3.0 you can use the mouse proxy in qubes which worked well for me with the system only having a single usb controller on usbvm. But I set it up with a ps2 kb. (you can pick up a cheap usb to ps2 adapter since ps2 kb's are harder to come by. But you will need to use terminal when restarting the sys-usb after an update which is not too noob friendly for people not too computer illiterate. You can use a usb keyboard proxy too in qubes but that is a security risk and might be even more difficult for a nooby to manage. In order to have 3 usb controllers the only board I have found where this might be possible is with a 2011 socket board, and a board that has a bios that gives the ability to manually route the controllers. But who knows how compatible with linux the newer boards are at the moment, might run into other problems since not many people using them yet. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6f1f8379-ae10-4a8c-b527-e5cfb86b6b95%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
