On Tuesday, December 5, 2017 at 12:31:29 AM UTC+1, Paul Mosier wrote: > On Monday, December 4, 2017 at 8:39:48 AM UTC-5, awokd wrote: > > Can't help with that specific issue but as a workaround you can assign one > > of your USB controllers directly to the AppVM. Look under "Finding the > > right USB controller" in here > > https://www.qubes-os.org/doc/assigning-devices/ . > > Would love to, but there is only one USB controller on this laptop. It kinda > defeats the purpose to reassign the whole thing.
qvm-usb isn't perfect 1:1 USB translation, so some kinds of device standards and devices types, may not work. For example I've tried getting a Yubi key to work on it recently, and it did not work. Many (all I tested) USB thumb drives, external drives, USB keyboards, USB mouses, and what else of these common devices, seems to work smooth with qvm-usb, without fail and appears reliable. However more exotic devices, such as your USB device, or other exotic devices such as Yubi key, seems not to work with the current state of qvm-usb. I'm aware it's not a beautiful or flexible fix to pass an USB controller directly to a VM. But it may end up being the only viable solution, so it's not out of the question to discuss it early too before reaching a conclusion on getting the qvm-usb to work properly, especially considering direct USB pass-through is easy, assuming hardware support is sufficient. Does your USB controller support PCI reset? If it does, then you won't have to do a full system restart (or bypass security with a few commands (not recommended practice) to switch the USB controller from one AppVM to another. Limitations to consider: - Can only run one VM with the controller at any one time. - The need to restart the VM in order to get USB on an already running VM. - Lacking PCI reset makes it a whole lot more troublesome and cumber-stone. - Must be in HVM or PV "qvm-prefs src-vm virt_mode" to work, PVH won't work. If you have USB PCI reset support, then only having one USB controller might not be so bad as it seems. However, it still isn't as nice as using qvm-usb. PCI reset sensitivity can also be adjusted so that it won't reject PCI cards without PCI reset support, however, it's adding one extra attack vector to your system through USB attacks. You could write a small script to turn off sys-usb (assuming no VMs are tied to it, i.e. for USB tethering internet purposes), which then starts your VM that requires your exotic USB device, and keep using sys-usb for common devices. For example, write a very simple but effective script like this; qvm-shutdown sys-usb wait qvm-start AppVM (the one with exotic USB). wait Have another script which reverses it, by shutting down your exotic USB AppVM, and restarts your sys-usb VM. You can put a XFCE4 Launcher (or use Whisker menu's) which both are pre-installed Qubes 4 plugin (Qubes 3.2. only has the Launcher pre-installed). Pick a random icon to add to either the launcher or the whisker menu, and right click on the launcher itself (or the icon in whisker menu), and click properties for launcher or edit icon for Whisker menu. >From here, both are really similar. It doesn't matter which icon you use, as >long it's an icon you dont plan on using. Whisker menu will replace the icon >you change, however Launcher is more powerful because it doesn't actually >affect the original icon by the changes you make to any icons inside the >Launcher configurations. So if using Launcher (which you can add multiple of, and with the right icons, youcan make it look really stylish too, like the kind of stylish look Apple dock has (I do by no means like Apple products, though one should be objective fair to the aspects they did well). This is quickly and easily done without even installing anything on Qubes. So, now you can add any scripts or any commands you like, to the launcher, change the icons and names, organize it in whatever way you like, there is litterelly no limit. In there, you can put a launcher for special scripts, such as the one switching between sys-usb and AppVM-(with-exotic-USB-use-cases). Essentially by making such a script, you can not only easily make an icon out of it, you can also easily keybind the script too, as well as backup the script for future re-installs of Qubes (be sure to audit the script before moving it out/in of dom0 for security reasons). This is a potential way you can work around the issue, it's not all round fix, but it may be practical enough, depending on your needs. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d0ce3dbd-2b71-4334-b2d4-501aa1cfadff%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
