On Wed, Jun 2, 2021 at 2:48 PM Franz <169...@gmail.com> wrote: > > > On Wed, Jun 2, 2021 at 10:42 AM unman <un...@thirdeyesecurity.org> wrote: > >> On Wed, Jun 02, 2021 at 09:03:46AM -0300, Franz wrote: >> > Hello all, >> > >> > After standard installation using a PS2 keyboard, I should have two >> > separate usb controllers in the same sys-usb qube. I would prefer to >> have >> > two distinct sys-usb so using one more secure for the mouse (PS2 mouse >> does >> > not work) that should be somehow connected to dom0 and the other less >> > secure for external USB disks. >> > i carefully examined the Qubes papers >> > https://www.qubes-os.org/doc/usb-qubes/#enable-a-usb-keyboard-for-login >> > but I am still very confused. >> > Which is the proper way to do that? >> > Best Franz >> > >> >> You can simply qvm-clone the existing sys-usb, and then fix up the >> controller allocation between the two. >> You can also set autostart with qvm-prefs for the "less secure" so that >> it is not started by default. This will mean that you have to >> consciously start that usb qube if you want to use external devices. >> You might also consider using udev rules, or blacklisting modules in the >> "mouse" usb, so that it cannot be used with other USB devices. >> >> > The idea to clone sys-usb is brilliant and seems easy, Unman. I will try > to do that. Many thanks > > So, I did the cloning, but without a mouse I am unable to detach the relevant US usb controller from the second sys-usb, using Qubes Manager because the keyboard seems unable to move it from Selected to Available.
So followed the CLI instructions https://www.qubes-os.org/doc/pci-devices/ qvm-pci gives the address of the usbcontroller to be detached dom0:00_.14.5 and tells the following: sys-2usb (no-strict-rest=True), sys-usb (no-strict-reset=true) Because the linked Qubes instructions apparently only teach how to attach, but not how to detach, I tried the following: qvm-pci attach sys-usb dom0:00_14.5 but it replies: device dom0:00_14.5 of class pci already attached to sys-usb and nothing is done. So, I do not know how to go on. I would need a command to detach dom0:00_14.5 from sys-2usb without attaching it elsewhere. Best. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qC0xUHs7XeCb7-hW_D%3DkXndeE36fz8SKEJOY6_o7v%2B07g%40mail.gmail.com.
