-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Wed, Nov 30, 2016 at 10:54:51PM +0000, Manuel Amador (Rudd-O) wrote: > On 11/30/2016 04:18 AM, pixel fairy wrote: > > has anyone here experimented with bluetooth locks? it seems like a lot of > > extra scary code to run in dom0, but i like the idea of auto shutdown if > > device loses range. or maybe after a timeout period of some trigger?thats > > another discussion. > > On your Bluetooth VM (usually a USBVM), run Blueproximity, and have > Blueproximity invoke a custom /etc/qubes-rpc/pixelfairy.Lock service on > dom0 which you will need to write yourself. It's a one-liner service: > > loginctl lock-sessions > > To invoke it from the Bluetooth VM, you need to ask Blueproximity to run > the command: > > /usr/lib/qubes/qrexec-client-vm "$bluetoothvm" pixelfairy.Lock > > Once you have given the Bluetooth VM permission ("yes to all") to invoke > the locker, it should work automatically every time you walk away. > > The reverse is also possible — you could have a similar service that > unlocks the screen by running loginctl unlock-sessions.
But the later may be unwise - USB VM should be considered untrusted, so giving it permission to unlock the computer doesn't look good. Unless you take some measures to limit that ability. For example do some challenge-response[1] with the device triggering the unlock operation, so USB VM would not be able to do that without the device actually being present (assuming that device is safe enough to not be cloned, and resistant to proxy attacks etc.). But better don't do that. [1] https://www.qubes-os.org/doc/yubi-key/ - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJYP2WYAAoJENuP0xzK19csbs4H/Aw4aVz/upAYoHv68WCxAnk/ NpUPPRyhiz51Kle695445LdwK7P4viqtzooL7YofVgDvbrrVYJyWBtyoWarRswsk EKRGLUCM6KIboAd30rlFs3G/H+QTOb9EEbIhxO90dWnE88rBm/TGViXi4b9c9uVq 3q5OxKAs7l4iBfMONKVMexSjVP36hD4+/79xnYja6+QUCuCPXG26oYe/dBYNkgqD +eXbDAvsy4vvw5do++S2HgI3n1cB08cp3tFuUgLOSCRdrD59O1f70WNgkMmBSHQc gpqbuBTmfLYCxHQspku4gRdVFpE43VSB6YBAmoaY+m8z9DaeQE9hTFjAYN/4gmo= =PkgG -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161130234943.GB1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.