Re: [qubes-users] USB VM based on fedora-26 doesn't pass block devices
On Friday, February 23, 2018 at 11:32:17 AM UTC-5, Kelly Dean wrote: > awokd writes: > > I wonder if this might be related to a recent patch in testing. Are both > > your dom0 and templates on the same repository (current vs. testing) and > > updated? A recent patch also required a reboot once both were updated. > > Both on current, and both updated, and rebooted since last update. > > Anyway, problem solved. I plugged the USB device into a different port, and > it worked (I got xvdi in the appVM). Then I detached and moved it back to the > port where I was having the problem, and this time it worked there too. > Aargh, heisenbug. That almost sounds like a bug with the usb controller reset device or something to that effect. I assume both usb ports are on the same controller. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1d14c9e1-cd69-4612-8577-061fe98ebf4c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB VM based on fedora-26 doesn't pass block devices
awokd writes: > I wonder if this might be related to a recent patch in testing. Are both > your dom0 and templates on the same repository (current vs. testing) and > updated? A recent patch also required a reboot once both were updated. Both on current, and both updated, and rebooted since last update. Anyway, problem solved. I plugged the USB device into a different port, and it worked (I got xvdi in the appVM). Then I detached and moved it back to the port where I was having the problem, and this time it worked there too. Aargh, heisenbug. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/qQD4CRAJnbV7rBNHPdT5nuwU6Jd23TGISYpAaNcwfsH%40local. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB VM based on fedora-26 doesn't pass block devices
On Tue, February 20, 2018 5:02 pm, Kelly Dean wrote: > I'm getting the same bug as reported at > https://github.com/QubesOS/qubes-issues/issues/2018 > > qvm-block -l says the USB device is attached to the appVM. But the appVM > has no /dev/xvdi I wonder if this might be related to a recent patch in testing. Are both your dom0 and templates on the same repository (current vs. testing) and updated? A recent patch also required a reboot once both were updated. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/36700ab0f8449b3a840191b1f731633d.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB VM
Is there any way to assign just one specific USB port to a specific VM? Or assign a storage device to a guest AS a USB device not a physical device? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f63903c1-eb58-4a6a-af4d-6443651a9996%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB VM
On Wednesday, 28 September 2016 21:07:47 UTC+10, Marek Marczykowski-Górecki wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Tue, Sep 27, 2016 at 07:59:55PM -0700, Drew White wrote: > > On Wednesday, 28 September 2016 12:46:10 UTC+10, johny...@sigaint.org > > wrote: > > > Pretty sure the answer is "no." You can assign a whole USB bus (which is > > > typically a single PCI device) to a VM, but you can't split it up beyond > > > that, other than the default of having dom0 relay specific devices to > > > specific VM's (which isn't dom0 USB isolation at all). > > > > > > My mobo has 8 USB ports, but they're all on a single bus, so it's all or > > > nothing. > > > > > > > Hi JJ, > > > > My PC has 10 USB Bus's. > > My keyboard and mouse are on bus 10, which is PCI device .XX.X and I > > left that one on Dom0. > > > > However I now have another issue... > > > > "Error starting VM 'sys-usb': Requested operation is not valid: PCI device > > :00:1a.0 is in use by driver xenlight, domain sys-usb" > > I assume this is after previous failed sys-usb startup, right? There is > a bug in libvirt that device is not marked as unused when VM fails to > start. Workaround: restart libvirtd service. Close Qubes Manager first. > If you still get an error, take a look here: > https://www.qubes-os.org/doc/user-faq/#i-created-a-usbvm-and-assigned-usb-controllers-to-it-now-the-usbvm-wont-boot That appears to have resolved the problem thanks Marek. As for doing the pci strict reset to false, they are being assigned to a container, so that's good, they won't be available to dom0. How do I assign them and deassign them from Dom0 before the system boots? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6fbd6b35-fc94-4346-82da-a47c44677782%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB VM
On Wednesday, 28 September 2016 19:35:44 UTC+10, johny...@sigaint.org wrote: > > Hi JJ, > > > > Did some more testing, you were right, I only have 3. > > Hey, that's still pretty handy for separation. > > In Qubes VM Manager, for a chosen VM, you *should* be able to pick a given > PCI USB device and assign it. Yup, I did that, and it fails everything, it says the vm already using it, but the vm isn't even on to start using it and so the vm it's assigned to can't start because it's using a device it's got assigned to it. weird.. lol > Only having one USB bus myself, also used for root, I haven't tried this. > > I have a USB PCI card I've been tempted to use for similar reasons. But > once again, it was given to me out of the blue, which doesn't put it in my > "trusted hardware" chain. > > Not that *any* use bus or device should ever be trusted, the main > motivation for us stuffing them in a VM. :) It is annoying isn't it? > > I have 2 bus's on the motherboard... > > I plugged a USB drive into each set to find out which were which. > > > > But that doesn't explain why it isn't working when I even just attach my > > USB3 card to the USBVM. > > > > That alone should work, but it doesn't. > > Agreed, it should work, from my understanding. You reboot after assigning > things? rebooted, rebuilt, checked it wasn't on any other guests.. > There's some protection about PCI devices not being allowed to go back to > dom0 for reassignment after use, to protect against potentially > compromised devices then touching dom0 (to DMA-attack away): > > https://www.qubes-os.org/doc/user-faq/#i-assigned-a-pci-device-to-a-qube-then-unassigned-itshut-down-the-qube-why-isnt-the-device-available-in-dom0 > > Not sure if that's relevant or not. I'm over my head with this, and just > guessing, so I probably shouldn't be giving advice, lol. Nope, that isn't relevant. Interesting, but not relevant. Thanks. :} > > So this means I should be able to attach the USB3 card, and the 4 other > > USB to the USBVM, leaving 2 attached to Dom0 for my use. > > Makes sense to me. (Again, getting those darn keyboard/mice off of USB > and onto PS/2 certainly wouldn't hurt figuring things out.) It wouldn't change anything. If I can't assign a PCI-e USB3 4 port card to the VM and have it start... Bit of a problem? > > So why does it have the error? > > dmesg have any hints? (Or is that where the error messages your are > seeing are coming from in the first place?) No hints, no tips, no help button. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9e623d1e-70ed-4511-888c-263947b401c1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB VM
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Sep 27, 2016 at 07:59:55PM -0700, Drew White wrote: > On Wednesday, 28 September 2016 12:46:10 UTC+10, johny...@sigaint.org wrote: > > Pretty sure the answer is "no." You can assign a whole USB bus (which is > > typically a single PCI device) to a VM, but you can't split it up beyond > > that, other than the default of having dom0 relay specific devices to > > specific VM's (which isn't dom0 USB isolation at all). > > > > My mobo has 8 USB ports, but they're all on a single bus, so it's all or > > nothing. > > > > Hi JJ, > > My PC has 10 USB Bus's. > My keyboard and mouse are on bus 10, which is PCI device .XX.X and I left > that one on Dom0. > > However I now have another issue... > > "Error starting VM 'sys-usb': Requested operation is not valid: PCI device > :00:1a.0 is in use by driver xenlight, domain sys-usb" I assume this is after previous failed sys-usb startup, right? There is a bug in libvirt that device is not marked as unused when VM fails to start. Workaround: restart libvirtd service. Close Qubes Manager first. If you still get an error, take a look here: https://www.qubes-os.org/doc/user-faq/#i-created-a-usbvm-and-assigned-usb-controllers-to-it-now-the-usbvm-wont-boot - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJX66R8AAoJENuP0xzK19csYsQH/1EtR+VOp9LPys+sFh6yHHWJ ehsHKFRkvF/iJgHghRNM/707jylYYf+LEuuR/2ncymFPTuF2GjrLG8mxIys8HChC ZY7uQLhy2sNMWQAW+Z9BNN/6dIyKyfXLO1uiVoahddef4e5gk/PFulEPiBDunuFN J2pVr6BNg3xh8yeyqt1WddKYv3oRWiP9pOfQMGyaqHPt9cSmA942rMY0cHnFbRAu X1uSVroqvjeQhVnhWQm++Weoq0IoO0Of5+JnNDQ3oNHIC8F9cQ2niRPjKL5BJfAZ Dp2ShhCsg26B2UjWgPl77zJ+XID2JRlxUbi73PlVXdyyKYkPVMntwPF74ZqDUko= =qQzz -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160928110738.GL31510%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB VM
> Hi JJ, > > Did some more testing, you were right, I only have 3. Hey, that's still pretty handy for separation. In Qubes VM Manager, for a chosen VM, you *should* be able to pick a given PCI USB device and assign it. Only having one USB bus myself, also used for root, I haven't tried this. I have a USB PCI card I've been tempted to use for similar reasons. But once again, it was given to me out of the blue, which doesn't put it in my "trusted hardware" chain. Not that *any* use bus or device should ever be trusted, the main motivation for us stuffing them in a VM. :) > I have 2 bus's on the motherboard... > I plugged a USB drive into each set to find out which were which. > > But that doesn't explain why it isn't working when I even just attach my > USB3 card to the USBVM. > > That alone should work, but it doesn't. Agreed, it should work, from my understanding. You reboot after assigning things? There's some protection about PCI devices not being allowed to go back to dom0 for reassignment after use, to protect against potentially compromised devices then touching dom0 (to DMA-attack away): https://www.qubes-os.org/doc/user-faq/#i-assigned-a-pci-device-to-a-qube-then-unassigned-itshut-down-the-qube-why-isnt-the-device-available-in-dom0 Not sure if that's relevant or not. I'm over my head with this, and just guessing, so I probably shouldn't be giving advice, lol. > So this means I should be able to attach the USB3 card, and the 4 other > USB to the USBVM, leaving 2 attached to Dom0 for my use. Makes sense to me. (Again, getting those darn keyboard/mice off of USB and onto PS/2 certainly wouldn't hurt figuring things out.) > So why does it have the error? dmesg have any hints? (Or is that where the error messages your are seeing are coming from in the first place?) JJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0d5958c755d11fdad9df1c519e23c032.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB VM
Hi JJ, Did some more testing, you were right, I only have 3. I have 2 bus's on the motherboard... I plugged a USB drive into each set to find out which were which. But that doesn't explain why it isn't working when I even just attach my USB3 card to the USBVM. That alone should work, but it doesn't. So this means I should be able to attach the USB3 card, and the 4 other USB to the USBVM, leaving 2 attached to Dom0 for my use. So why does it have the error? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/96751700-6a17-4829-b224-5ee6841a2c39%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. /: Bus 10.Port 1: Dev 1, Class=root_hub, Driver=uhci_hcd/2p, 12M #(Back ports 1-2) |__ Port 1: Dev 2, If 0, Class=Human Interface Device, Driver=usbhid, 1.5M |__ Port 2: Dev 3, If 0, Class=Human Interface Device, Driver=usbhid, 1.5M |__ Port 2: Dev 3, If 1, Class=Human Interface Device, Driver=usbhid, 1.5M # bus 02-09 USB3 PCIE card (4 ports) /: Bus 09.Port 1: Dev 1, Class=root_hub, Driver=uhci_hcd/2p, 12M /: Bus 08.Port 1: Dev 1, Class=root_hub, Driver=uhci_hcd/2p, 12M /: Bus 07.Port 1: Dev 1, Class=root_hub, Driver=uhci_hcd/2p, 12M /: Bus 06.Port 1: Dev 1, Class=root_hub, Driver=uhci_hcd/2p, 12M /: Bus 05.Port 1: Dev 1, Class=root_hub, Driver=uhci_hcd/2p, 12M /: Bus 04.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/6p, 480M /: Bus 03.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/4p, 5000M /: Bus 02.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/4p, 480M |__ Port 2: Dev 9, If 0, Class=Mass Storage, Driver=usb-storage, 480M # USB HDD. USB3 card |__ Port 3: Dev 2, If 0, Class=Hub, Driver=hub/3p, 480M |__ Port 1: Dev 3, If 0, Class=Hub, Driver=hub/3p, 480M |__ Port 1: Dev 4, If 0, Class=Mass Storage, Driver=usb-storage, 480M |__ Port 3: Dev 11, If 0, Class=Mass Storage, Driver=usb-storage, 480M # USB HDD. Monitor SIDE 2 ports |__ Port 3: Dev 13, If 0, Class=Mass Storage, Driver=usb-storage, 480M # USB HDD. Monitor UNDERNEATH 2 ports /: Bus 01.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/6p, 480M |__ Port 3: Dev 3, If 0, Class=Mass Storage, Driver=usb-storage, 480M # USB HDD. #(Back ports 3-4 , Front 2 ports)
Re: [qubes-users] USB VM
On Wednesday, 28 September 2016 13:27:17 UTC+10, johny...@sigaint.org wrote: > > Hi JJ, > > > > My PC has 10 USB Bus's. > > My keyboard and mouse are on bus 10, which is PCI device .XX.X and I > > left that one on Dom0. > > Are they 10 separate PCI devices, 10 separate USB buses? > > I'd be very surprised if that were the case. But also very impressed, and > wanting such a motherboard for myself. It'd be awesome for Qubes. > > But it's more likely that it's a single USB controller with 10 ports. > > If you do a "lspci" do you see 10 different USB PCI devices? (Well, it > would probably be 20, as each USB bus usually shows up with a USB 1.1 and > a USB 2.0 version.) I have USB1 and USB2 hubs. (according to lsusb) > Or does "lspci" just show two USB PCI devices (one 1.1, and one 2.0)? attached, view it for yourself. :} in that list though, I only have 1 keyboard and 1 mouse plugged in. I will do some more with more devices plugged in so you can see where the devices attach to. I have 2 ports on the back on 1 bus, 2 ports on another. 2 ports on the front on another bus. I have a PCIE card with 4xUSB3 ports. I also have 1xUSB Internal (can be used as a boot device, as a Qubes boot device even) My monitor is plugged into the USB3 card, which has 4 USB ports and a Multimedia card reader in it. My other 2 USB port monitor is NOT plugged in. I have 2xUSB3 on the front that aren't plugged in. > The USB PCI device can have 10 *ports*, and still just be one PCI device, > assignable to only a single Qubes VM. > > I have 8 ports (well, 6 after blowing 2 of them on some projects, but > that's another story), which are handled by a single USB PCI device (which > has two presences, one for 1.1 (ohci), one for 2.0 (ehci). > > (I'm rather impressed that the single controller let me blow two ports, > while keeping the others alive. Nice isolation, NVIDIA!): > > # lspci > 00:02.0 USB controller: NVIDIA Corporation MCP61 USB 1.1 Controller (rev a3) > 00:02.1 USB controller: NVIDIA Corporation MCP61 USB 2.0 Controller (rev a3) > > "lsusb -t" is also telling: > > # lsusb -t > /: Bus 02.Port 1: Dev 1, Class=root_hub, Driver=ohci-pci/8p, 12M > /: Bus 01.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/8p, 480M > |__ Port 4: Dev 2, If 0, Class=Mass Storage, Driver=usb-storage, xxxM > |__ Port 6: Dev 3, If 0, Class=Mass Storage, Driver=usb-storage, xxxM > |__ Port 7: Dev 4, If 0, Class=Mass Storage, Driver=usb-storage, xxxM > |__ Port 8: Dev 5, If 0, Class=Mass Storage, Driver=usb-storage, xxxM > > USB ports are not the same as USB PCI devices/busses. And the only reason > you see two Bus's in both cases above, is because it's a USB 1.1 and USB > 2.0 presence of the same single USB controller. > > It *may* be possible to assign the 2.0 controller instance (fast hard > drives, thumb drives, etc.) to a given VM, while keeping the slower 1.1 > HID instance (keyboard, mouse) in dom0, but I wouldn't count on it. (I > might try that when I get a chance.) > > We'd possibly need Andrew or Merek or some other Qubes expert to answer that. > > Just get your keyboard/mouse onto PS/2, and then things get a lot simpler > to figure out. > > > However I now have another issue... > > > > "Error starting VM 'sys-usb': Requested operation is not valid: PCI device > > :00:1a.0 is in use by driver xenlight, domain sys-usb" > > > > What does this mean? > > It does this for each PCI device. I have removed them 1 by 1 just to > > verify. > > > > Why won't it just assign the device? > > Perhaps because you really only have one USB PCI device/bus, and because > two of the ports are tied up in dom0 with your USB keyboard/mouse it wants > to (out of necessity) control them all (well, the one USB controller, > really) and won't let you assign individual ports on the common USB PCI > bus to different VM's?? > > I've never seen that error, so I'm just guessing; that's a question for > the Qubes dev experts. > > I'm actually still running my boot/root drive off of USB until an imminent > reinstall (with btrfs root, yay!), so I'm a bit of a hypocrite singing the > praises of USB VM isolation. As long as my boot/root is on USB, I can't > create a USB VM, despite having a PS/2 keyboard/mouse. Soon... Soon... > > Cheers > > JJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7da5570e-7d36-4e4f-8a3d-c00e32e77df1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. 00:00.0 Host bridge: Intel Corporation 5520 I/O Hub to ESI Port (rev 22) 00:01.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express Root Port 1 (rev 22) 00:03.0 PCI bridge:
Re: [qubes-users] USB VM
> Hi JJ, > > My PC has 10 USB Bus's. > My keyboard and mouse are on bus 10, which is PCI device .XX.X and I > left that one on Dom0. Are they 10 separate PCI devices, 10 separate USB buses? I'd be very surprised if that were the case. But also very impressed, and wanting such a motherboard for myself. It'd be awesome for Qubes. But it's more likely that it's a single USB controller with 10 ports. If you do a "lspci" do you see 10 different USB PCI devices? (Well, it would probably be 20, as each USB bus usually shows up with a USB 1.1 and a USB 2.0 version.) Or does "lspci" just show two USB PCI devices (one 1.1, and one 2.0)? The USB PCI device can have 10 *ports*, and still just be one PCI device, assignable to only a single Qubes VM. I have 8 ports (well, 6 after blowing 2 of them on some projects, but that's another story), which are handled by a single USB PCI device (which has two presences, one for 1.1 (ohci), one for 2.0 (ehci). (I'm rather impressed that the single controller let me blow two ports, while keeping the others alive. Nice isolation, NVIDIA!): # lspci 00:02.0 USB controller: NVIDIA Corporation MCP61 USB 1.1 Controller (rev a3) 00:02.1 USB controller: NVIDIA Corporation MCP61 USB 2.0 Controller (rev a3) "lsusb -t" is also telling: # lsusb -t /: Bus 02.Port 1: Dev 1, Class=root_hub, Driver=ohci-pci/8p, 12M /: Bus 01.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/8p, 480M |__ Port 4: Dev 2, If 0, Class=Mass Storage, Driver=usb-storage, xxxM |__ Port 6: Dev 3, If 0, Class=Mass Storage, Driver=usb-storage, xxxM |__ Port 7: Dev 4, If 0, Class=Mass Storage, Driver=usb-storage, xxxM |__ Port 8: Dev 5, If 0, Class=Mass Storage, Driver=usb-storage, xxxM USB ports are not the same as USB PCI devices/busses. And the only reason you see two Bus's in both cases above, is because it's a USB 1.1 and USB 2.0 presence of the same single USB controller. It *may* be possible to assign the 2.0 controller instance (fast hard drives, thumb drives, etc.) to a given VM, while keeping the slower 1.1 HID instance (keyboard, mouse) in dom0, but I wouldn't count on it. (I might try that when I get a chance.) We'd possibly need Andrew or Merek or some other Qubes expert to answer that. Just get your keyboard/mouse onto PS/2, and then things get a lot simpler to figure out. > However I now have another issue... > > "Error starting VM 'sys-usb': Requested operation is not valid: PCI device > :00:1a.0 is in use by driver xenlight, domain sys-usb" > > What does this mean? > It does this for each PCI device. I have removed them 1 by 1 just to > verify. > > Why won't it just assign the device? Perhaps because you really only have one USB PCI device/bus, and because two of the ports are tied up in dom0 with your USB keyboard/mouse it wants to (out of necessity) control them all (well, the one USB controller, really) and won't let you assign individual ports on the common USB PCI bus to different VM's?? I've never seen that error, so I'm just guessing; that's a question for the Qubes dev experts. I'm actually still running my boot/root drive off of USB until an imminent reinstall (with btrfs root, yay!), so I'm a bit of a hypocrite singing the praises of USB VM isolation. As long as my boot/root is on USB, I can't create a USB VM, despite having a PS/2 keyboard/mouse. Soon... Soon... Cheers JJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/64d179f7274c52e3eda2c6401259dcf2.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB VM
On Wednesday, 28 September 2016 12:46:10 UTC+10, johny...@sigaint.org wrote: > Pretty sure the answer is "no." You can assign a whole USB bus (which is > typically a single PCI device) to a VM, but you can't split it up beyond > that, other than the default of having dom0 relay specific devices to > specific VM's (which isn't dom0 USB isolation at all). > > My mobo has 8 USB ports, but they're all on a single bus, so it's all or > nothing. > Hi JJ, My PC has 10 USB Bus's. My keyboard and mouse are on bus 10, which is PCI device .XX.X and I left that one on Dom0. However I now have another issue... "Error starting VM 'sys-usb': Requested operation is not valid: PCI device :00:1a.0 is in use by driver xenlight, domain sys-usb" What does this mean? It does this for each PCI device. I have removed them 1 by 1 just to verify. Why won't it just assign the device? FYI: I have plenty of adapters lying around. But thanks for thinking about that. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/70d18024-3a9c-433f-8056-8047153e901b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB VM
> It may no longer be the case, but it used to be that most USB keyboards > and mice had controllers that also automatically auto-detected and > supported PS/2, with a simple passive passthrough dongle between the > USB->PS/2 connection. > > http://www.ebay.com/itm/Cool-PS2-Female-to-USB-Male-Port-Mouse-Adapter-Converter-Connector-for-Keyboard-/321935935564?hash=item4af4e0884c:g:F98AAOSwgApW-yRg > > $0.75 each, including international shipping. > > You or someone you know may even have such dongles kicking around; if so, > given them a try. The common logitech ones seem to work for most every > keyboard/mouse I've tried. I should mention that if you're paranoid, are a high-value targeted individual, or simply have a psycho on your butt, you may want to do a good check of such a dongle with a ohmmeter or scope. Or even better, wire your own. It's a wonderful place to hide a keylogger. :) http://www.keydemon.com/ps2_hardware_keylogger/ https://www.keelog.com/usb_hardware_keylogger.html http://www.instructables.com/id/How-to-build-your-own-USB-Keylogger/ I have a couple of these in my "JJ's Meseum of Dodgy Devices." Thankfully I didn't have to pay for them myself, but they were graciously snuck into my inventory of parts by secret admirers. So very kind of them, and without even wanting credit. :) Cheers JJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/942e123f99dcd7bc60f509d719d7.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB VM
> I want to get the USB VMs to work, but I use keyboard and mouse via USB, > not PS/2, so it will not permit me to configure it. > > I wish to attach specific USB Ports to Dom0, which is 1 of the bus's. And > the other USB bus's to the USBVM, but I can't find out what device to > attach to Dom0 to allow this. > > I know what my USB3 is because that's a PCIe card. So that's easy enough > to push to a USBVM. But the others, not so easy. > > Is it possible to assign specific USB ports instead of whole USB bus's? Pretty sure the answer is "no." You can assign a whole USB bus (which is typically a single PCI device) to a VM, but you can't split it up beyond that, other than the default of having dom0 relay specific devices to specific VM's (which isn't dom0 USB isolation at all). My mobo has 8 USB ports, but they're all on a single bus, so it's all or nothing. It's worth looking into whether your keyboard/mouse support PS/2. It may no longer be the case, but it used to be that most USB keyboards and mice had controllers that also automatically auto-detected and supported PS/2, with a simple passive passthrough dongle between the USB->PS/2 connection. http://www.ebay.com/itm/Cool-PS2-Female-to-USB-Male-Port-Mouse-Adapter-Converter-Connector-for-Keyboard-/321935935564?hash=item4af4e0884c:g:F98AAOSwgApW-yRg $0.75 each, including international shipping. You or someone you know may even have such dongles kicking around; if so, given them a try. The common logitech ones seem to work for most every keyboard/mouse I've tried. Or, if you're handy with a soldering iron, make your own. https://imgur.com/a/n3BJ0 I've chopped up an old PS/2 cable and soldered it to a USB keyboard successfully in the past. (Even just cut and twisted the wires together in a pinch, lol. Worked great.) Worst case, splurge the <$10 each on getting a nice PS/2 mouse and keyboard, and proceed with far greater confidence/security, and more easily isolate your USB to a VM. (Heck, I'd send you a free PS/2 mouse/keyboard if it didn't cost more to ship than to it would be for you to purchase new.) Maybe it's less common these days for keyboards/mice to support that feature, but it's hardly difficult even today to buy or find a good PS/2 mouse and keyboard for dirt cheap. JJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9a89fa98a26dc3959505a12ab81dd1f1.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
