John Goold:
Just discovered that there is only one USB controller (but 4 USB connector
sockets). So when I tried to attach the USB controller to the appVM (had to set
it to HVM), I lost the mouse and keyboard :-(
I have got the impression from reading the documentation and posts to this
forum that if I have disk encryption enabled, that I cannot create a sys-usb VM
without losing the mouse+keyboard (and possibly not being able to enter the
pass-phrase when powering up.
Yea with only one usb controller you can't attach the whole controller
to a VM without losing your usb keyboard/mouse. I'm in the same situation.
It sounds like you've already looked at the docs but here's the link:
https://www.qubes-os.org/doc/usb/
You have to have sys-usb to attach a usb device like a scanner to an
appvm (unless you can just attach the whole usb controller, which you
can't).
I haven't done this myself but my understanding from reading the docs is
it's still possible to have sys-usb, you just have to be careful not to
lock yourself out (not able to control the system with usb
mouse/keyboard, or not able to enter encryption passphrase at boot).
According to the docs, if you're using 4.0, you can just use salt to set
up a usb qube with the ability to use a usb keyboard with the command
sudo qubesctl state.sls qvm.usb-keyboard
The doc says that this will create the usb qube if it's not present, and
that it will expose dom0 to usb devices on boot so you can enter the
passphrase. After you do this though you still may want to check your
grub/efi config file to make sure it doesn't have the
"rd.qubes.hide_all_usb" line in it, just in case.
Or you can follow the steps in the docs to do it manually, just make
sure to add the required lines to the qubes.InputKeyboard and
qubes.InputMouse files first, and don't add the "rd.qubes.hide_all_usb
line to grub/efi config file.
Also this has security implications since if your sys-usb is compromised
an attacker could scoop up your keystrokes, but this should still be
safer than attaching insecure usb devices to dom0.
But it should work, unless i'm reading something wrong.
--
Jackie
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/fe249d79-6aba-d9ae-2343-a8890931aaad%40bitmessage.ch.
For more options, visit https://groups.google.com/d/optout.
