Thank you for the effort in replying to me, I really appreciate :) So the only viable option left in order for me to use my HW wallet in Qubes is to create a sys-usb from scratch, and create it as a AppVM instead of NetVM as the default?
Wouldn't this solution expose also any USB device to the internet? Is this a safe trade-off? Isn't possible to attach only my HW wallet to an AppVM instead of assigning the whole USB controller? (I've tested this option, and once I assign my USB PCI device to another AppVM all my USB ports will also be assigned to the same AppVM) Ideally I'm looking for the most secure possible solution - one that assigns only that USB port to another AppVM instead of exposing all my USB controller to the internet. Is this possible? Does anyone knows? > On 14 July 2017 at 22:16 Essax <es...@protonmail.com> wrote: > > Was just reading through the qubes docs. You can delete your current > sys-usb and make a new sys-usb and make it an appVM(sys-usb). Then you could > attach it to a sys-firewall or sys-net . Im not 100% sure this will help but > it is worth a try. Sorry I don't have time to write out the instructions. > The link to the doc: Qubes-doc-usb https://www.qubes-os.org/doc/usb/ > > > Essax > > Sent with ProtonMail https://protonmail.com Secure Email. > > > > > -------- Original Message -------- > > Subject: Re: [qubes-users] Re: Working with a BTC hardware wallet > > on Qubes > > Local Time: July 14, 2017 11:42 AM > > UTC Time: July 14, 2017 3:42 PM > > From: p...@mailbox.org > > To: Patrik Hagara <patriha...@gmail.com> > > qubes-users@googlegroups.com > > > > > > Actually I do have the qubes-proxy-usb installed on my sys-usb > > (that's how I'm able to use my mouse) however I'm not sure if the > > qubes-proxy-usb can be used to pass the HW wallet. > > > > How I'm I suppose to pass my Ledger nano s or trezor via the proxy? > > > > > > > > > > > > > > > > On 14 July 2017 at 15:40 Patrik Hagara <patriha...@gmail.com> > > > wrote: > > > > > > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA256 > > > > > > > > > > > > On 07/14/2017 02:19 PM, Mr. DONG wrote: > > > > > > > > > > > > > > Unfortunately that doesn't work either. > > > > > > > > > > > > > > > > The "qvm-usb -l" doesn't show my legder nano s. In fact > > > > I can only > > > > see it attached on the sys-usb, not on dom0. > > > > > > > > > > > > > > > > > > > > > > > > The qvm-usb list output shows no difference either I > > > > attach or not > > > > the HW wallet. The only way I can attach to another > > > > appvm is if I > > > > attach the entire PCI controller, via the > > > > usb-passthrough does not > > > > work. > > > > > > > > > > > > > > > > Any alternatives? > > > > > > > > > > > > > > > > On 14 July 2017 at 10:48 Patrik Hagara > > > > <patriha...@gmail.com> > > > > wrote: > > > > > > > > > > > > > > > > On 07/14/2017 02:54 AM, 'Essax' via qubes-users wrote: > > > > > > > > Have you tried these steps: > > > > > > > > > > > > > > > > 1) Attach hardware wallet to sys-usb 2) Go to the dom0 > > > > Gui and and > > > > right click on the appVM you want to attach it to. 3) > > > > In the box > > > > that opens scroll down to Attach/detach block devices > > > > and your > > > > hardware wallet should show up to the right. 4) Right > > > > click on > > > > your hardware wallet to attach it to your appVM. > > > > > > > > > > > > > > > > /Essa*x*/ > > > > > > > > > > > > > > > > -------- Original Message -------- Subject: > > > > [qubes-users] Re: > > > > Working with a BTC hardware wallet on Qubes Local Time: > > > > July 13, > > > > 2017 4:23 PM UTC Time: July 13, 2017 8:23 PM From: > > > > p...@mailbox.org > > > > To: qubes-users@googlegroups.com > > > > > > > > > > > > > > > > > > > > > > > > I do have a sys-usb vm, however I cannot attach a netVM > > > > to it since > > > > the sys-usb is also a netvm. > > > > > > > > > > > > > > > > > > > > > > > > I possibly will need to create a new sys-usb vm or is > > > > there any > > > > other alternative? > > > > > > > > > > > > > > > > > > > > > > > > Attaching it as a block device won't work, since > > > > bitcoin hardware > > > > wallet is not a mass storage device. Luckily, it's not > > > > emulating a > > > > HID device either, which would get picked up by the > > > > dom0 USB > > > > keyboard/mouse input proxy. Thus, there's no graphical > > > > means of > > > > attaching USB bitcoin hardware wallet in Qubes to > > > > another VM... > > > > > > > > > > > > > > > > You can, however, attach it via the qvm-usb command > > > > line tool: > > > > > > > > > > > > > > > > 1) connect the bitcoin hardware wallet 2) in dom0 > > > > terminal, run > > > > |qvm-usb -l| to list USB devices attached 3) locate the > > > > line with > > > > bitcoin wallet and note the first column (eg. > > > > "sys-usb:2-1.6") 4) > > > > run |qvm-usb -a bitcoin sys-usb:2-1.6| from a dom0 > > > > terminal to > > > > attach the wallet to bitcoin AppVM > > > > > > > > > > > > > > > > Cheers, Patrik > > > > > > > > > > > > > > > > > > > > Most likely you don't have qubes-usb-proxy installed in the > > > sys-usb's > > > template (make sure to also install this package in the > > > target bitcoin > > > banking AppVM's template). See [1] for more info. > > > > > > > > > > > > > > > > > > [1] > > > > > > https://www.qubes-os.org/doc/usb/#attaching-a-single-usb-device-to-a-qub > > > e-usb-passthrough > > > -----BEGIN PGP SIGNATURE----- > > > Version: GnuPG v2 > > > > > > > > > > > > > > > > > > > > > iQIcBAEBCAAGBQJZaMnNAAoJEFwecd8DH5rlmTkP/jiwIpUlTMr6OMEUw3afH46X > > > > > > h1Z+hcADH40Z1M2FVTH3oqginIjoGs0kJyd490vcpaic3Js1EO6+I0eXtvF4n2qt > > > > > > J5LWSHQ/AQg3xjfBAFSsl2kEXnNa0CGF9hl0ZLCJOaHKcbpcJfS69fH79kT7KtJG > > > > > > KJ4bOgENGCHaxgHb6vqtvdaYgnj8ltHqRvIZjwThai1PBsQcmw1HSf+uBMzQNRFw > > > > > > 5E39a1Rb6vkvpdG1EDjEXrtzU8TdLH/96eCGODD0+t6vbAAp0t9EEheeqFjDdtz1 > > > > > > 65FNUWYx+WxkCvjcDaMK6GR/NY447C9cCM3xm55rQlFH7/vzH9CkMTM52+ZW0bqB > > > > > > 27B8d+BatKYaIKQbrxHBWxdN7LDsJkcr+YHVHGt2F7nqt14LsLaRf+52gj6A+MHq > > > > > > utn+5cVUpVT//GKlox+vEwfxZC/TjRqr4Im6tqAWQX+OZrpH9q4yP+asb6Ca2YdY > > > > > > 3K9qoJZmtUVCaMiVQLqTRcjzHdVpMllS7scSs4wcJDHvi+KxhIOafG3iH2zAx7VC > > > > > > CKXj2JltK7BXv4rlRUmcsIO6f4vTq/ylzZ4pP9bUp3VuQQum3wJ4dQnC9GdOoN6B > > > > > > rTwgfZ5ovA+Fo37FVdRR6k5tc/Gh1emhiFHNfOMAtO6364O0GxWo6NkERTHhVF94 > > > ZdhPoB3Ggx9FoTiAyNPI > > > =9Dw6 > > > -----END PGP SIGNATURE----- > > > > > > > > > > > > > > > > > > -- > > You received this message because you are subscribed to the Google > > Groups "qubes-users" group. > > To unsubscribe from this group and stop receiving emails from it, > > send an email to qubes-users+unsubscr...@googlegroups.com > > mailto:qubes-users+unsubscr...@googlegroups.com . > > To post to this group, send email to qubes-users@googlegroups.com > > mailto:qubes-users@googlegroups.com . > > To view this discussion on the web visit > > https://groups.google.com/d/msgid/qubes-users/1441642922.1727.1500046931339%40office.mailbox.org > > > > https://groups.google.com/d/msgid/qubes-users/1441642922.1727.1500046931339%40office.mailbox.org?utm_medium=email&utm_source=footer > > . > > For more options, visit https://groups.google.com/d/optout. > > > > > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1071956780.4360.1500112287591%40office.mailbox.org. For more options, visit https://groups.google.com/d/optout.
