Re: [qubes-users] Using a Desktop Computer with Qubes (R 4.0.1)
On Sunday, January 13, 2019 at 7:52:29 PM UTC-6, js...@bitmessage.ch wrote: > John Goold: > > Just discovered that there is only one USB controller (but 4 USB connector > > sockets). So when I tried to attach the USB controller to the appVM (had to > > set it to HVM), I lost the mouse and keyboard :-( > > > > I have got the impression from reading the documentation and posts to this > > forum that if I have disk encryption enabled, that I cannot create a > > sys-usb VM without losing the mouse+keyboard (and possibly not being able > > to enter the pass-phrase when powering up. > > Yea with only one usb controller you can't attach the whole controller > to a VM without losing your usb keyboard/mouse. I'm in the same situation. > > It sounds like you've already looked at the docs but here's the link: > > https://www.qubes-os.org/doc/usb/ > > You have to have sys-usb to attach a usb device like a scanner to an > appvm (unless you can just attach the whole usb controller, which you > can't). > > I haven't done this myself but my understanding from reading the docs is > it's still possible to have sys-usb, you just have to be careful not to > lock yourself out (not able to control the system with usb > mouse/keyboard, or not able to enter encryption passphrase at boot). > > According to the docs, if you're using 4.0, you can just use salt to set > up a usb qube with the ability to use a usb keyboard with the command > > sudo qubesctl state.sls qvm.usb-keyboard > > The doc says that this will create the usb qube if it's not present, and > that it will expose dom0 to usb devices on boot so you can enter the > passphrase. After you do this though you still may want to check your > grub/efi config file to make sure it doesn't have the > "rd.qubes.hide_all_usb" line in it, just in case. > > Or you can follow the steps in the docs to do it manually, just make > sure to add the required lines to the qubes.InputKeyboard and > qubes.InputMouse files first, and don't add the "rd.qubes.hide_all_usb > line to grub/efi config file. > > Also this has security implications since if your sys-usb is compromised > an attacker could scoop up your keystrokes, but this should still be > safer than attaching insecure usb devices to dom0. > > But it should work, unless i'm reading something wrong. > > -- > Jackie I re-read the document you pointed me at (and then re-read it again!). Although I have put several days of work into my transition to using Qubes (I am using Qubes 4.0.1), I would be left with very unappealing options if I could not use the scanner under Qubes. So, with a great deal of trepidation, I tried the Salt approach. It worked flawlessly -- my very first test was to shut down my computer and then reboot. I, though I hate to admit it, had my fingers crossed at the point that the Luks request for a pass phrase showed up. But the keyboard worked and the rest of the boot-up ran fine. I realize there may be some security vulnerabilities because of this set up; however, I am a non-entity as far as some one choosing to invest considerable effort to hack. I doubt any of the USB devices I use pose a threat (to me). There is one strange thing, but I will start a separate thread for it (I do not seem to be able to configure my mouse as left-handed). Thank you very much for taking the time to respond. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/64900629-bf76-4fbd-9ee8-d2d1bc6b8a3f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Using a Desktop Computer with Qubes (R 4.0.1)
> So in theory you would plug your scanner which should appear in sys-
> usb,
> and you'd attach ("proxy") it to a VM where you have your scanning
> software installed. If you're lucky it will work that way but not
> every
> USB device works well with proxying and scanners aren't know to be
> very
> plug friendly. In that case you will have to use sys-usb
> directly
> (either for firmware loading - most scanners need that nowadays - or
> for
> firmware loading + scanning software).
> That's also why you have the option to combine sys-net and sys-usb
> into
> one VM during installation time: some USB networking devices can't be
> proxied so the only way to use them is to have the usb controllers in
> sys-net (or symmetrically, networking support in sys-usb).
Sounds reasonable. I am using a sane scanner which requires no
firmware, so it should work.
> Ditto for the smartcard reader...
OpenSC is pretty standard. I am using a stock CCID smartcard reader.
Should also work.
Thanks !
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/115311007a404367071fe0d23d893a0942bac876.camel%40mailbox.org.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Using a Desktop Computer with Qubes (R 4.0.1)
On 1/14/19 11:59 AM, Alexandre Belgrand wrote:
> Le lundi 14 janvier 2019 à 01:52 +, js...@bitmessage.ch a écrit :
>> It sounds like you've already looked at the docs but here's the link:
>> https://www.qubes-os.org/doc/usb/
>> You have to have sys-usb to attach a usb device like a scanner to an
>> appvm (unless you can just attach the whole usb controller, which
>> you
>> can't).
>
> Pardon my ignorance, I am planning to install Qubes on a laptop.
>
> I need to connect to
> (1) a USB scanner and
> (2) a USB smartcard reader (with OpenSC).
>
> In the documentation it is written:
>
> " Note, you cannot pass through devices from dom0 (in other words: a
> USB VM is required). To use this feature, you need to have the qubes-
> usb-proxy package installed in the template used for the USB qube "
>
> Does it mean I will have to create a USB VM and then connect it to
> other VMs using USB proxy. And I will loose USB keyboard and mouse in
> dom0.
You will need a VM with the USB controller assigned to it. Actually that
VM is created by default at install time (it's called "sys-usb"). You
won't "loose" your USB keyboard/mouse in dom0: those are "proxied" from
sys-usb to dom0 with the help of the qubes-input-proxy daemon, which -
if I'm not mistaken - has nothing to do with proxying of USB devices
from one VM to another.
So in theory you would plug your scanner which should appear in sys-usb,
and you'd attach ("proxy") it to a VM where you have your scanning
software installed. If you're lucky it will work that way but not every
USB device works well with proxying and scanners aren't know to be very
plug friendly. In that case you will have to use sys-usb directly
(either for firmware loading - most scanners need that nowadays - or for
firmware loading + scanning software).
That's also why you have the option to combine sys-net and sys-usb into
one VM during installation time: some USB networking devices can't be
proxied so the only way to use them is to have the usb controllers in
sys-net (or symmetrically, networking support in sys-usb).
Ditto for the smartcard reader...
Hope this helps...
Ivan
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/85d1a3ea-502c-314e-a6a5-3aad1814b399%40maa.bz.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Using a Desktop Computer with Qubes (R 4.0.1)
Le lundi 14 janvier 2019 à 01:52 +, js...@bitmessage.ch a écrit : > It sounds like you've already looked at the docs but here's the link: > https://www.qubes-os.org/doc/usb/ > You have to have sys-usb to attach a usb device like a scanner to an > appvm (unless you can just attach the whole usb controller, which > you > can't). Pardon my ignorance, I am planning to install Qubes on a laptop. I need to connect to (1) a USB scanner and (2) a USB smartcard reader (with OpenSC). In the documentation it is written: " Note, you cannot pass through devices from dom0 (in other words: a USB VM is required). To use this feature, you need to have the qubes- usb-proxy package installed in the template used for the USB qube " Does it mean I will have to create a USB VM and then connect it to other VMs using USB proxy. And I will loose USB keyboard and mouse in dom0. So is the only solution to buy a USB card and plug it in the laptop? Kind regards, -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dcb8712b169a3b4e5cb1ea6434fd884583a7e448.camel%40mailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Using a Desktop Computer with Qubes (R 4.0.1)
John Goold: Just discovered that there is only one USB controller (but 4 USB connector sockets). So when I tried to attach the USB controller to the appVM (had to set it to HVM), I lost the mouse and keyboard :-( I have got the impression from reading the documentation and posts to this forum that if I have disk encryption enabled, that I cannot create a sys-usb VM without losing the mouse+keyboard (and possibly not being able to enter the pass-phrase when powering up. Yea with only one usb controller you can't attach the whole controller to a VM without losing your usb keyboard/mouse. I'm in the same situation. It sounds like you've already looked at the docs but here's the link: https://www.qubes-os.org/doc/usb/ You have to have sys-usb to attach a usb device like a scanner to an appvm (unless you can just attach the whole usb controller, which you can't). I haven't done this myself but my understanding from reading the docs is it's still possible to have sys-usb, you just have to be careful not to lock yourself out (not able to control the system with usb mouse/keyboard, or not able to enter encryption passphrase at boot). According to the docs, if you're using 4.0, you can just use salt to set up a usb qube with the ability to use a usb keyboard with the command sudo qubesctl state.sls qvm.usb-keyboard The doc says that this will create the usb qube if it's not present, and that it will expose dom0 to usb devices on boot so you can enter the passphrase. After you do this though you still may want to check your grub/efi config file to make sure it doesn't have the "rd.qubes.hide_all_usb" line in it, just in case. Or you can follow the steps in the docs to do it manually, just make sure to add the required lines to the qubes.InputKeyboard and qubes.InputMouse files first, and don't add the "rd.qubes.hide_all_usb line to grub/efi config file. Also this has security implications since if your sys-usb is compromised an attacker could scoop up your keystrokes, but this should still be safer than attaching insecure usb devices to dom0. But it should work, unless i'm reading something wrong. -- Jackie -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fe249d79-6aba-d9ae-2343-a8890931aaad%40bitmessage.ch. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Using a Desktop Computer with Qubes (R 4.0.1)
On Sunday, 13 January 2019 17:56:10 UTC-3:30, John Goold wrote: > On Sunday, 13 January 2019 15:50:13 UTC-3:30, 799 wrote: > > Hello John, > > > > > > welcome to Qubes ;-) > > > > > > > > On Sun, 13 Jan 2019 at 18:49, John Goold wrote: > > > > This leads to my first issue: > > > > I seem unable to attach my scanner (it is a ScanSnap ix800 which is not a > > printer/scanner/copier, just a scanner) to an appVM. It does not appear in > > the Dom0 devices menu. If I plug in a USB drive, the drive shows up in the > > menu. > > > > Is there a straightforward way to attach the scanner to an appVM (it will > > not be a server, but will always be the same appVM, "personal")? > > > > > > > > I am not sure if I have understand you correctly, have you chosen to > > install a sys-usb-qube? > > If you didn't you can also do this after the installation. > > If you chose not to use sys-usb, you could try to pass through one of the > > usb-controllers to the AppVM to which you connect the scanner to. > > I have never used an Intel NUC before, but in case that you can run a Qube > > like sys-usb I suggest doing so. > > You can then run the following command from dom0: > > > > > > qvm-usb > > > > > > then attach the scanner to the AppVM > > qvm-usb attach sys-usb:NR-NR > > > > 2. I like to listen to a classical music radio station (CBC Music) and, > > when it is broadcasting other "stuff", streaming classical music from their > > website. > > > > I can play YouTube videos, including hearing the audio, but the above does > > not work (the website page gets stuck loading/waiting for an audio stream). > > > > > > > > Can you send me the link of the radio station you're trying to listen to? > > I'll give it a try to listen to it in my multimedia AppVM which is based on > > my howto here: > > https://www.qubes-os.org/doc/multimedia/ > > > > > > - O > > Just discovered that there is only one USB controller (but 4 USB connector > sockets). So when I tried to attach the USB controller to the appVM (had to > set it to HVM), I lost the mouse and keyboard :-( > > I have got the impression from reading the documentation and posts to this > forum that if I have disk encryption enabled, that I cannot create a sys-usb > VM without losing the mouse+keyboard (and possibly not being able to enter > the pass-phrase when powering up. > > The radio station is: https://www.cbc.ca/listen/live/cbcmusic > > The streaming music is: https://www.cbcmusic.ca/music-streams > > Thank you for responding... @799 I followed your multi-media templateVM how-to document. I installed VLC (haven't tried it yet) and Google Chrome. I do not know if it was the library that was added, but I can now listen to the radio and streaming music. I prefer Banshee to play my music which is all ripped from physical CDs I have bought over the decades (the sites I mentioned are the only ones I stream). However, I will check out VLC and see if it can handle my music library (it is organized differently than the organizations normally supported by music players, which is why I prefer Banshee -- I organized it using Banshee). VLC definitely works (tried "opening a folder"). I will have to learn how to navigate my library with it. THANK YOU. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3726ec26-c686-4a3a-ae11-33f09bf6a925%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Using a Desktop Computer with Qubes (R 4.0.1)
On Sunday, 13 January 2019 15:50:13 UTC-3:30, 799 wrote: > Hello John, > > > welcome to Qubes ;-) > > > > On Sun, 13 Jan 2019 at 18:49, John Goold wrote: > > This leads to my first issue: > > I seem unable to attach my scanner (it is a ScanSnap ix800 which is not a > printer/scanner/copier, just a scanner) to an appVM. It does not appear in > the Dom0 devices menu. If I plug in a USB drive, the drive shows up in the > menu. > > Is there a straightforward way to attach the scanner to an appVM (it will not > be a server, but will always be the same appVM, "personal")? > > > > I am not sure if I have understand you correctly, have you chosen to install > a sys-usb-qube? > If you didn't you can also do this after the installation. > If you chose not to use sys-usb, you could try to pass through one of the > usb-controllers to the AppVM to which you connect the scanner to. > I have never used an Intel NUC before, but in case that you can run a Qube > like sys-usb I suggest doing so. > You can then run the following command from dom0: > > > qvm-usb > > > then attach the scanner to the AppVM > qvm-usb attach sys-usb:NR-NR > > 2. I like to listen to a classical music radio station (CBC Music) and, when > it is broadcasting other "stuff", streaming classical music from their > website. > > I can play YouTube videos, including hearing the audio, but the above does > not work (the website page gets stuck loading/waiting for an audio stream). > > > > Can you send me the link of the radio station you're trying to listen to? > I'll give it a try to listen to it in my multimedia AppVM which is based on > my howto here: > https://www.qubes-os.org/doc/multimedia/ > > > - O Just discovered that there is only one USB controller (but 4 USB connector sockets). So when I tried to attach the USB controller to the appVM (had to set it to HVM), I lost the mouse and keyboard :-( I have got the impression from reading the documentation and posts to this forum that if I have disk encryption enabled, that I cannot create a sys-usb VM without losing the mouse+keyboard (and possibly not being able to enter the pass-phrase when powering up. The radio station is: https://www.cbc.ca/listen/live/cbcmusic The streaming music is: https://www.cbcmusic.ca/music-streams Thank you for responding... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ed93da87-501b-4c02-b5ba-7548d65a9619%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Using a Desktop Computer with Qubes (R 4.0.1)
Hello John, welcome to Qubes ;-) On Sun, 13 Jan 2019 at 18:49, John Goold wrote: > > This leads to my first issue: > I seem unable to attach my scanner (it is a ScanSnap ix800 which is not a > printer/scanner/copier, just a scanner) to an appVM. It does not appear in > the Dom0 devices menu. If I plug in a USB drive, the drive shows up in the > menu. > Is there a straightforward way to attach the scanner to an appVM (it will > not be a server, but will always be the same appVM, "personal")? > I am not sure if I have understand you correctly, have you chosen to install a sys-usb-qube? If you didn't you can also do this after the installation. If you chose not to use sys-usb, you could try to pass through one of the usb-controllers to the AppVM to which you connect the scanner to. I have never used an Intel NUC before, but in case that you can run a Qube like sys-usb I suggest doing so. You can then run the following command from dom0: qvm-usb then attach the scanner to the AppVM qvm-usb attach sys-usb:NR-NR > 2. I like to listen to a classical music radio station (CBC Music) and, > when it is broadcasting other "stuff", streaming classical music from their > website. > I can play YouTube videos, including hearing the audio, but the above does > not work (the website page gets stuck loading/waiting for an audio stream). > Can you send me the link of the radio station you're trying to listen to? I'll give it a try to listen to it in my multimedia AppVM which is based on my howto here: https://www.qubes-os.org/doc/multimedia/ - O -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2v5%2BAN8ijqTZPPbS%2Bx9ddGLL%2BOFrEG22h6DxsWmPeCiwQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Using a Desktop Computer with Qubes (R 4.0.1)
I am one of those Qubes newbies. I do have a "computer" background, having
started out on Mainframe computers — I have been retired for over 20 years;
however, I now use my computer as a tool (though I do some website development
to keep the neurons firing). I do not need a highly locked down computer, but
do want to use whatever security improvements I can reasonably get with Qubes
without the set-up and maintenance becoming a full-time job. I also prefer to
using a GUI when possible (spent decades using terminals).
___
Normally I would post each issue as a separate post to a forum such as this;
however, these are all related to the "Subject" and my getting started. I
always try searching for similar issues before posting, but (here) have not
found solutions (either here or in the documentation).
1. The NUC is an Intel desktop computer with a nice small foot-print (Intel
NUC7i7 BNH with 512 GB SSD and 32GB RAM). The only mouse and keyboard that
works are USB (there is no PS/1 port) — possibly bluetooth devices would work
but I do not want to get into the issues involved (I do use an Apple bluetooth
keyboard with Linux Mint on my HP laptop).
My disk is encrypted and the installation nicely reminded me of the warnings in
this forum about setting up sys-usb — so sys-usb is a non-starter. This leads
to my first issue:
I seem unable to attach my scanner (it is a ScanSnap ix800 which is not a
printer/scanner/copier, just a scanner) to an appVM. It does not appear in the
Dom0 devices menu. If I plug in a USB drive, the drive shows up in the menu.
Is there a straightforward way to attach the scanner to an appVM (it will not
be a server, but will always be the same appVM, "personal")?
2. I like to listen to a classical music radio station (CBC Music) and, when it
is broadcasting other "stuff", streaming classical music from their website.
I can play YouTube videos, including hearing the audio, but the above does not
work (the website page gets stuck loading/waiting for an audio stream).
I imagine this has something to do with proxy settings. Is this correct? I have
created an appVM ("entertainment") specifically to handle playing music, so I
am not worried about it getting compromised because I use less secure settings
for it.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/b599cb54-08f0-4703-a375-d67458823c1e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
