-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2016-07-31 13:45, Andrew David Wong wrote: > On 2016-07-31 13:42, Andrew David Wong wrote: >> On 2016-07-31 13:38, Marek Marczykowski-Górecki wrote: >>> On Sun, Jul 31, 2016 at 01:30:42PM -0700, Andrew David Wong wrote: >>>> On 2016-07-31 10:41, donoban wrote: >>>>> On 07/30/2016 11:52 PM, Marek Marczykowski-Górecki wrote: >>>>>> On Sat, Jul 30, 2016 at 02:44:24PM -0700, tel wrote: >>>>>>> Sorry for the delay, Chris. I was waiting for 3.2-rc2, which I >>>>>>> just installed. It seems to come with the latest AEM package, >>>>>>> so I didn't have to install that package myself. >>>>> >>>>>>> I added the parameter to the tboot line. It didn't reboot, but >>>>>>> it hung before asking for the password with "Waiting for >>>>>>> /dev/disk/by-label/aem* to be connected..." >>>>> >>>>>>> Not sure where to go from here. >>>>> >>>>>> Do you use also USB VM? In that case, dom0 has no access to USB >>>>>> controllers... >>>>> >>>>>> But you can re-enable it just for boot time by editing >>>>>> /etc/default/grub and removing the line with "hide_all_usb" (or >>>>>> just comment it out). Then rerun `grub2-mkconfig -o >>>>>> /boot/grub2/grub.cfg`. It will expose dom0 for all connected USB >>>>>> devices for a short time during system startup. >>>>> >>>>> >>>>> >>>>> Nice, this should be added to: >>>>> https://www.qubes-os.org/doc/usb/#tocAnchor-1-1-4 >>>>> >>>>> With some warning: "Caution! Enabling usb-vm with LUKS encryption >>>>> and a USB keyboard could stop you from booting your system" >>>>> >>>>> :) >>>>> > >>>> If a USB keyboard is detected, the installer does not allow the >>>> option of creating a USB qube, so it should not be possible for a >>>> user to accidentally get him- or herself into this predicament. > >>> But using USB qube will not stop you from creating AEM usb stick (or >>> the other way around). > > >> So, the problem is that if rd.qubes.hide_all_usb is added to grub.cfg >> when the USB qube is created, but the user later decides to create an AEM >> USB stick, then the user must be told to remove rd.qubes.hide_all_usb, or >> else it will not work. Is that correct? > > > (And, as you said, the converse: If a user creates an AEM USB stick, then > later decides to create a USB qube, they should be warned not to add > rd.qubes.hide_all_usb to grub.cfg.) >
Ok, added a new section to the USB documentation explaining hiding USB devices from dom0: https://github.com/QubesOS/qubes-doc/commit/15d418b778a8879323091c79fdc1084d ecb890cb And a pull request to the AEM README with a warning about using an AEM USB device with a USB qube: https://github.com/QubesOS/qubes-antievilmaid/pull/15 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXnnGCAAoJENtN07w5UDAwAXwP/jk/ikAjiWs+k4abrUzfyKdJ kPsgmyKKXTuj5YWbLI+OgAgrlcqsZee1M1riTren2khpQOZOMe6MgQiKZ17kJ5Gw 4HzX615zJZCqRH/0YqDKfhdgS0VXmSutvTtAT+TX6/zHVTSNYBQWO8L/Dg6Hpuqt 01x2JgJuhAp97dMLfS3y66McwZK/KDM6teTVp7RgF14yWJCqLdSnUd0VhHAgcXAm whBictNSdk169BtirC5jhUnNt0pIonVWVIOTwRaXV2kVxAWD74a04JNqKfLED11I XhjY89+AkK+NGo+1piKCNztyB4x44IOab5AEb5W2ScInXOsh6oA5ZY7fwd3zUbPY C2wgw7+7T9XhVlN/jrK58qsEZmXBws4jUSn7KqPon80sS7hz4uF21DCFexsFuxoG Amum3d0zpZ5wjCTa1Y1CdaltV+Wq7vDZI5O3e8TUQpgHKxKZ0Iox1S4pP5Cn+MJM b1aeR8bQce6zQswV7o5sH/2wC93bcdcWFlxoQYcwxZN55VAASqVW0FcE6RQzQ8ds CMrqbI/FQOU6LasapdNUppEEglqhoAGiqmyZcL/ZjrobCFSPRk9WIY4Nhr2iAK3A HhoXVMEeXRKzG+UkeWVesNQNJXC9b/sBXIccGA8Z5O4uAAdNCZIAOFLogFtwJj6D m1t9f2ghBFUvuwQUM1ER =j+oe -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a658ad08-8b76-ca0c-d529-639fc484ed21%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
