Great, tx.
Wiadomość została wysłana przy pomocy AquaMail dla systemu Android
http://www.aqua-mail.com
Dnia 26 listopada 2016 23:29:39 Grzesiek Chodzicki
<grzegorz.chodzi...@gmail.com> napisał(a):
W dniu sobota, 26 listopada 2016 19:52:39 UTC+1 użytkownik Pawel Debski
napisał:
W dniu sobota, 26 listopada 2016 18:56:49 UTC+1 użytkownik Grzesiek
Chodzicki napisał:
> W dniu sobota, 26 listopada 2016 18:53:26 UTC+1 użytkownik Pawel Debski
napisał:
> > Folks,
> >
> > I'm trying to create a VM that will handle all USB devices that are or
may be connected to the machine.
> >
> > 1. I have created a new AppVM based on fedora-24-full-sw template.
> >
> > 2. fedora-24-full-sw template is a copy of Fedora 24 template with all
sorts of additional software installed, for example for Bluetooth handling,
3G modem, finger print reader, camera, flash card reader and so on.
> >
> > 3. I have assigned an USB controller to the newly created AppVM and
switched-off memory balancing in the options as recommended by the message
on "Advanced" tab.
> >
> > 4. When I'm trying to start the VM I'm getting the following message:
> > "PCI device in use by driver xenlight"
> >
> > Please note that at the moment only one single USB bus is assigned to
this VM.
> > Without any assigned devices this VM starts properly.
> >
> > What shall I do to make it work with USB bus?
> >
> > Best regards
> > PD
>
> put following command in dom0 terminal: qvm-prefs -s vmname
pci_strictreset false
Tx Greg, that works.
Can we briefly discuss how much does it lower the security of the
workstation. I mean: does it really allow to plug-in fabricated USB device
to install keylogger to obtain credentials to highly sensitive applications
running in other qube (say VaultVM).
What other potential attack scenaria does it open?
(assuming that one is interested only to protect VaultVM transient content)
If the device is assigned to one vm only at all times then it doesn't lower
security afaik. PCI strict reset is used to reset the device's state when
moving the device between machines. If the device is not moved between
machines then it shouldn't matter.
--
You received this message because you are subscribed to a topic in the
Google Groups "qubes-users" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/qubes-users/livE9VYBvUI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/c965fe62-57f0-4dc1-ad5a-ba3108df6b15%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/158a5a371f0.27bf.e8d9d2e9cd019a112d31c27ed70f495b%40econsulting.pl.
For more options, visit https://groups.google.com/d/optout.