Re: [qubes-users] Re: Creating separate sys-usb and sys-net after installation
I tried to follow what I think is the official documentation, so I started with: sudo qubesctl state.sls qvm.usb-keyboard I ran into the same error as described here: https://forum.qubes-os.org/t/error-creating-sys-usb/7281 Then I followed the solution given there, essentially: sudo qubesctl state.highstate sudo qubesctl top.disable qvm.sys-net-as-usbvm pillar=True The latter ended with a long Python error, essentially saying: "ValueError: list.remove(x): x not in list". But after this, another try of the first command (sudo qubesctl state.sls qvm.usb-keyboard) succeeded. I had my USB controller persistently attached to sys-net, which I needed to detach before sys-net and the new sys-usb would run in parallel. On top of /etc/qubes-rpc/policy/qubes.InputKeyboard, the following line had been added automatically: sys-usb dom0 allow,user=root I deleted everything else in the file, except the final "$anyvm $anyvm deny". sys-usb is already disposable after all of this. So I think it is done now. "Howard Chen (HowardPlayzOfAdmin Gaming)" writes: > I think the best way to make disp sys-usb for the command with the > following: > >> sudo qubesctl state.sls qvm.sys-usb >> qvm-prefs sys-usb disposable_template enable >> qvm-prefs sys-usb tags add usb-dvm > > then in /etc/qubes-rpc/policy/qubes.InputKeyboard of dom0: > >> @tag:usb-dvm dom0 allow,user=root,default_target=dom0 > > on top of: > >> $anyvm $anyvm deny > > > Does it works? > On Monday, September 19, 2022 at 10:06:09 AM UTC-7 Lasse Kliemann wrote: > >> Greetings, upon installation a few weeks ago, I chose to create a single >> VM for USB and networking, which is called sys-net. This was in order to >> support USB network devices. The latter is no longer necessary, since >> the last kernel update introduced support for my internal WLAN adapter >> (Intel Corporation Wi-Fi 6 AX210/AX211/AX411 160MHz in a Thinkpad P14s). >> >> Now I would like to have sys-usb *and* sys-net, and also make sys-usb >> disposable. Will the following work? >> >> a) sudo qubesctl state.sls qvm.usb-keyboard (I use USB keyboard.) >> b) follow >> https://www.qubes-os.org/doc/disposable-customization/#create-the-sys-usb-disposable >> >> Thanks! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/87tu4ys61f.fsf%40lassekliemann.de.
[qubes-users] Creating separate sys-usb and sys-net after installation
Greetings, upon installation a few weeks ago, I chose to create a single VM for USB and networking, which is called sys-net. This was in order to support USB network devices. The latter is no longer necessary, since the last kernel update introduced support for my internal WLAN adapter (Intel Corporation Wi-Fi 6 AX210/AX211/AX411 160MHz in a Thinkpad P14s). Now I would like to have sys-usb *and* sys-net, and also make sys-usb disposable. Will the following work? a) sudo qubesctl state.sls qvm.usb-keyboard (I use USB keyboard.) b) follow https://www.qubes-os.org/doc/disposable-customization/#create-the-sys-usb-disposable Thanks! -- Kind Regards / MfG Dr. Lasse Kliemann Westring 269, 24116 Kiel, Germany E-Mail: la...@lassekliemann.de Telegram / Wire: @lassekliemann Signal / Phone: +49 162 66 88 468 Work Address: Department of Mathematics Kiel University *Heinrich-Hecht-Platz 6*, 24118 Kiel, Germany E-Mail: l.kliem...@math.uni-kiel.de -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/87illjxply.fsf%40lassekliemann.de.
[qubes-users] ThinkPad P14s: PCI problems, no-strict-reset
Hi, fresh installation of R4.1.1 on a ThinkPad P14s (latest BIOS version) with: [x] Use sys-net qube for both networking and USB devices (Because I want to use USB Wifi since the built-in Wifi does not work, which is "Intel Corporation Wi-Fi 6 AX210/AX211/AX411 160MHz".) 'qvm-start sys-net' hits me with: Start failed: internal error: Unable to reset PCI device :00:14.0: internal error: Unable to reset PCI device :00:0d.2: internal error: Unable to reset PCI device :00:1f.6: internal error: Unable to reset PCI device :00:0d.3: internal error: Unable to reset PCI device :00:0d.0: no FLR, PM reset or bus reset available, see /var/log/libvirt/libxl/libxl-driver.log for details Remedy found by trial-and-error: qvm-pci detach sys-net dom0:00_0d.0 qvm-pci detach sys-net dom0:00_0d.2 qvm-pci detach sys-net dom0:00_0d.3 qvm-pci detach sys-net dom0:00_14.0 qvm-pci detach sys-net dom0:00_1f.6 qvm-pci attach --persistent --option no-strict-reset=true sys-net dom0:00_14.0 Output of 'qvm-pci', reduced to relevant 5 devices: dom0:00_0d.0 USB controller: Intel Corporation Tiger Lake-LP Thunderbolt 4 USB Controller dom0:00_0d.2 USB controller: Intel Corporation Tiger Lake-LP Thunderbolt 4 NHI #0 dom0:00_0d.3 USB controller: Intel Corporation Tiger Lake-LP Thunderbolt 4 NHI #1 dom0:00_14.0 USB controller: Intel Corporation Tiger Lake-LP USB 3.2 Gen 2x1 xHCI Host Controller sys-net (no-strict-reset=true) dom0:00_1f.6 Ethernet controller: Intel Corporation Ethernet Connection (13) I219-LM *Question:* is this a solid setup? (It works so far.) Documentation reads: "While using the no-strict-reset flag, do not require PCI device to be reset before attaching it to another VM. This may leak usage data even without malicious intent." As far as I see, the Host Controller (00_14.0) is attached to sys-net once after the system starts and then stays attached there; that's it. Is the warning about leaking usage data still relevant in such a case? Thanks. -- Kind Regards / MfG Dr. Lasse Kliemann Westring 269, 24116 Kiel, Germany E-Mail: la...@lassekliemann.de Telegram / Wire: @lassekliemann Signal / Phone: +49 162 66 88 468 Work Address: Department of Mathematics Kiel University *Heinrich-Hecht-Platz 6*, 24118 Kiel, Germany E-Mail: l.kliem...@math.uni-kiel.de -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/875yj3x3ij.fsf%40lassekliemann.de. signature.asc Description: PGP signature
[qubes-users] Comments on Lenovo ThinkPad P14s Gen 2?
I'm considering to buy a Lenovo ThinkPad P14s Gen 2 with the following configuration: i7-1185G7 CPU 48 GB DDR4 3200 MHz 1 TB SSD, M.2 2280, PCIe, NVMe UHD (3840 x 2160) NVIDIA Quadro T500 4 GB GDDR6 Any concerns regarding the use of Qubes OS 4.0.4 on this machine? Moreover, I can choose between: Intel Wi-Fi 6E AX210 11AX (2x2) & Bluetooth 5.2 vPro IntelĀ® Wi-Fi 6 AX201 (2x2), Bluetooth 5.0 or higher Is one of them to be preferred? Thanks. (I know they sell this product also with Ryzen CPU. But the reports on this do not look convincing for a production system yet.) -- Kind Regards / MfG Dr. Lasse Kliemann Westring 269, 24116 Kiel, Germany E-Mail: la...@lassekliemann.de Telegram / Wire: @lassekliemann Phone: +49 162 66 88 468 Work Address: Department of Mathematics Kiel University *Heinrich-Hecht-Platz 6*, 24118 Kiel, Germany E-Mail: l.kliem...@math.uni-kiel.de -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/878s06aqlk.fsf%40lassekliemann.de. signature.asc Description: PGP signature
