Hello, everyone! Starting this past early September, I've been working on and off to create a new tool for secure webcam integration in Qubes OS out of /absolute necessity/ for remote work at both my (new) job and school at the university I'm newly attending. The tool is called Qubes Video Companion and I'm proud to announce that it's evolved far past that basic requirement and at version 1.0.4 is now publicly available for testing!
Before resorting to the creation of an entirely new project, I thought of many other potential solutions for allowing me to use a webcam in Qubes but all of them fell flat in one way or another, to list them all (skip through this list if you're not up for too much reading, haha): 1. Do video conferencing in the sys-usb qube with the webcam device attached Unfortunately, the desktop I run Qubes OS on doesn't have a sys-usb qube due to complications of its hardware. The primary issue being that I require a USB sound card which has to stay attached to dom0 where the other Qubes audio components are. Not to mention, this solution is also far from being optimal from a security standpoint particularly because I also use a USB mouse and keyboard meaning I would essentially have to hand over control of those devices to sys-usb. This leaves the door open for keyboard injection into dom0 thereby compromising it (and the entire system) in the case sys-usb is compromised due to, for example, a bug in the video conferencing software. This also means enabling networking (removing the air gap) for sys-usb which again is harmful to security. Note that I don't personally consider not having a sys-usb qube for protecting dom0 from physical USB device attacks as much of a security issue because my desktop is always at home which is outside of my threat model. 2. Do video conferencing in any qube with qrexec+usbip (with a sys-usb qube; can't be done from dom0) Even disregarding my personal hardware issues above, qrexec+usbip is a mess to get working and does poor on performance according to this GitHub issue: https://github.com/QubesOS/qubes-issues/issues/4035. Although, I've never been able to test it out myself. Additionally, the security concerns of using TCP/IP and USBIP between qubes is there. This also remotely exposes the webcam firmware which is yet another security risk with this configuration. 3. Do video conferencing in any qube with a bought USB hub PCI card This also means taking on all the security risks of attaching that physical hardware directly to the VMs which considering they are to run applications I don't trust such as Zoom (which my job requires; I wouldn't use Zoom given the choice of course) — doesn't sit well with me at all. Plus, hot swapping PCI devices, though supported by Xen, is disabled in Qubes because of what a complex operation it is security-wise leaving the door open to bugs (I read this was the reason somewhere I think in the Qubes mailing list I think). This means that in order to use my webcam on different qubes (my "school" and "work" qubes for my purposes) I would have to reboot them each time to attach and remove the USB hub with my webcam plugged into it. This would be very inconvenient for my use case particularly when I'm trying to get work done efficiently. I thought about combining my school and work qubes into just one qube but at that point why am I even bothering to use Qubes OS if I don't utilize its most basic security feature. Lastly, I could also buy multiple USB hub PCI cards but that was just too hacky for me. 4. Do video conferencing in any qube with FFmpeg for streaming video At the time, there were preliminary outlines of a working solution for webcam video streaming with FFmpeg. While this was a good start, it just didn't cut it for my needs. The resolution was very low (when I tried to raise it to 1920x1090 it didn't work) and even with that low resolution the latency was below optimal and it just tore up my CPU power when I needed it the most; hence this too was not a realistic solution. Plus, FFmpeg isn't available in Fedora without adding RPM Fusion repo due to patent issues which was just one more little gripe I had with it. And to top it off, FFmpeg doesn't exactly have an amazing security track record... 5. Dual booting and other OSs Finally, as a very last resort (not being able to use my webcam wasn't an option for me), I thought about dual booting (way too inconvenient not to mention the security downfalls) and (just for a very brief moment for the sake of completeness) other OSs. However, I have already contributed one project (qvm-create-windows-qube) to Qubes OS and have now been "locked in" to the Qubes ecosystem (haha) by fantastic features such as Qubes Split GPG, a great community as well as countless other qualities and would feel insecure running any other operating system. As far as using a webcam in Qubes OS went, I needed something that /just worked/, I needed — Qubes Video Companion. And that's how this project was born. Add in screen sharing (a welcomed bonus), an unspoofable video sharing tray indicator, packaging and all the documentation to boot, and you've got what Qubes Video Companion has evolved into! I've tested performance and although I haven't tried qrexec+usbip with a webcam myself (reasons stated above), I can say that by comparing CPU performance (using CPU model performance comparison websites) of the CPU specs of other Qubes users and the performance they are getting with qrexec+usbip versus what I'm getting with Qubes Video Companion and my lower power, older CPU (some of you guys are rocking beast setups or just plain laptops that outperform my desktop, haha) it would seem to me that Qubes Video Companion wins on performance by a wide margin. I also saw reports of qrexec+usbip using a lot of RAM. Well, with Qubes Video Companion that's no problem because from the moment I start the video stream from my webcam (at 1920x1080 30 FPS) I only see a 30-40 MB increase in RAM on the sending and receiving side then it remains stable at that amount! I've already been using Qubes Video Companion on a regular basis for a couple of months now (in time for when my job contract began) and it's been working amazingly even in a Zoom call with over 60 other people I had absolutely no problems (just had to assign all 4 of my vCPUs to that qube and up the memory or else Zoom would have trouble)! Repo can be found here: https://github.com/elliotkillick/qubes-video-companion I spent a lot of time trying to make this a "just works" (and well) experience (discounting just a couple of hiccups in the FAQ of the README and GitHub Issues) as I would've wanted back in September (or earlier) so please star the repo if my project achieves that for you. Otherwise, create an issue and I'll try to diagnose and fix the problem you're having as soon as I have a moment. One of the main advantages of the architecture of Qubes Video Companion is that it depends on GStreamer as opposed to FFmpeg. I found out about GStreamer in the v4l2loopback GitHub Issues and saw it was being used as part of the "set-caps" functionality in the "v4l2loopback-ctl" command. This interested me and upon further research, it became increasingly apparent to me that GStreamer has multiple benefits over FFmpeg in the context of this project all of which are documented in the README. The timeline for working on this project starting from September was (as I mentioned) very on and off until early January at which point I had figured out all the GStreamer and video related components. Going from knowing nothing about GStreamer or Video4Linux to the level of knowledge required to create this project was an involved process to say the least mostly consisting of trial and error (tons of it), reading GStreamer documentation and mailing lists, Stack Overflow and countless hours of work. I almost gave up at one point, but a couple of months later after having success with another somewhat related mini project I was doing at the time, I persevered and I'm glad I did because I'm very happy with how this project turned out! In particular, I got wrapped up in one red herring based on something I saw in the very verbose GST_DEBUG logs. That and vague GStreamer error messages that appear to only be of any assistance if you get into reading the underlying GStreamer code (such as the very helpful "Internal data stream error" which I never want to see again, haha). Of course, in retrospect looking at the final solution now, it all seems so obvious and straightforward but it sure wasn't at the time. After all that, it was just a matter of making the UI (in which I applied some of the object-oriented programming (OOP) experience I acquired in one of my university classes), adding polishing, packaging and all the documentation to boot from mid-January to now (although, the UI was a last minute thing I decided I wanted to add somewhere in around March)! As for contribution to the Qubes Community Repo (if that is to be desired) I first want to fix the issue with Firefox (see the GitHub issue) because Mozilla has been a great supporter of Qubes with the big grant they gave so it's the least we could do as well as to not put Firefox at a disadvantage. Hope you're doing well! Best regards, Elliot P.S. As part of making this project, I found myself needing to do video conferencing in one of my Kali Linux qubes ("debian-10" qube turned into a "kali" qube). Unfortunately, the audio and microphone PulseAudio components were broken in that qube by one of the packages Kali Linux installs by default. I was able to fix this issue and plan on making a pull request to the Qubes documentation so others can fix this issue if they run into it with their "kali" qubes. Also, if you're looking for a solution to enable screen sharing with Zoom then check out my issue here (although I didn't solve the issue myself): https://github.com/QubesOS/qubes-issues/issues/5863 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0b8495ef-f5e3-aa77-01c4-6adfc98f90a1%40zohomail.eu.
OpenPGP_signature
Description: OpenPGP digital signature