Re: [qubes-users] Automation of USB passthrough

[David Hobach]

On 04/20/2017 10:54 AM, Johannes Graumann wrote:

Hi,

Has anyone figured out a setup for qubes-usb-proxy-based USB-
passthrough that will allow for automatic (and active) monitoring of
sys-usb connections and VMs? I'm envisioning a situation where I tell
the proxy setup that
1) if device X shows up and VM Y is running, the device should be
connected to the VM.
2) If VM Y comes up and device X is present, the device should be
connected to the VM
3) the connection should be removed automatically if either member
disappears ...

Is this possible? Where would one start?


Should be possible I guess; maybe not yet implemented (I didn't test 
that new USB proxy feature so far). Should be implemented in dom0 for 
obvious security reasons.



In a side note: is it possible to pass a single device (e.g. smart card
reader) through to multiple VMs simultaneously?


I guess not (I/O racing conditions and so on), but then again you can try.

As the wiki states though [1]: "Stating with Qubes 3.2, it is possible 
to attach a single USB device to any Qube. While this is useful feature, 
it should be used with care, because there are many security 
implications from using USB devices and USB passthrough will expose your 
target qube for most of them. If possible, use method specific for 
particular device type (for example block devices described above), 
instead of this generic one."
--> So you should use qvm-block or qvm-copy-to-vm for the files on your 
SD cards, if you like the security Qubes provides. That can also be done 
automatically, if needed.



[1] https://www.qubes-os.org/doc/usb/

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6a041e30-921f-2c50-6551-5d09245e6859%40hackingthe.net.
For more options, visit https://groups.google.com/d/optout.


smime.p7s
Description: S/MIME Cryptographic Signature

[qubes-users] Automation of USB passthrough

[Johannes Graumann]

Hi,

Has anyone figured out a setup for qubes-usb-proxy-based USB-
passthrough that will allow for automatic (and active) monitoring of
sys-usb connections and VMs? I'm envisioning a situation where I tell
the proxy setup that 
1) if device X shows up and VM Y is running, the device should be
connected to the VM.
2) If VM Y comes up and device X is present, the device should be
connected to the VM
3) the connection should be removed automatically if either member
disappears ...

Is this possible? Where would one start?

In a side note: is it possible to pass a single device (e.g. smart card
reader) through to multiple VMs simultaneously?

Thanks for any hints.

Joh

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1492678478.1597.15.camel%40graumannschaft.org.
For more options, visit https://groups.google.com/d/optout.