On Sunday, January 13, 2019 at 7:52:29 PM UTC-6, js...@bitmessage.ch wrote: > John Goold: > > Just discovered that there is only one USB controller (but 4 USB connector > > sockets). So when I tried to attach the USB controller to the appVM (had to > > set it to HVM), I lost the mouse and keyboard :-( > > > > I have got the impression from reading the documentation and posts to this > > forum that if I have disk encryption enabled, that I cannot create a > > sys-usb VM without losing the mouse+keyboard (and possibly not being able > > to enter the pass-phrase when powering up. > > Yea with only one usb controller you can't attach the whole controller > to a VM without losing your usb keyboard/mouse. I'm in the same situation. > > It sounds like you've already looked at the docs but here's the link: > > https://www.qubes-os.org/doc/usb/ > > You have to have sys-usb to attach a usb device like a scanner to an > appvm (unless you can just attach the whole usb controller, which you > can't). > > I haven't done this myself but my understanding from reading the docs is > it's still possible to have sys-usb, you just have to be careful not to > lock yourself out (not able to control the system with usb > mouse/keyboard, or not able to enter encryption passphrase at boot). > > According to the docs, if you're using 4.0, you can just use salt to set > up a usb qube with the ability to use a usb keyboard with the command > > sudo qubesctl state.sls qvm.usb-keyboard > > The doc says that this will create the usb qube if it's not present, and > that it will expose dom0 to usb devices on boot so you can enter the > passphrase. After you do this though you still may want to check your > grub/efi config file to make sure it doesn't have the > "rd.qubes.hide_all_usb" line in it, just in case. > > Or you can follow the steps in the docs to do it manually, just make > sure to add the required lines to the qubes.InputKeyboard and > qubes.InputMouse files first, and don't add the "rd.qubes.hide_all_usb > line to grub/efi config file. > > Also this has security implications since if your sys-usb is compromised > an attacker could scoop up your keystrokes, but this should still be > safer than attaching insecure usb devices to dom0. > > But it should work, unless i'm reading something wrong. > > -- > Jackie
I re-read the document you pointed me at (and then re-read it again!). Although I have put several days of work into my transition to using Qubes (I am using Qubes 4.0.1), I would be left with very unappealing options if I could not use the scanner under Qubes. So, with a great deal of trepidation, I tried the Salt approach. It worked flawlessly -- my very first test was to shut down my computer and then reboot. I, though I hate to admit it, had my fingers crossed at the point that the Luks request for a pass phrase showed up. But the keyboard worked and the rest of the boot-up ran fine. I realize there may be some security vulnerabilities because of this set up; however, I am a non-entity as far as some one choosing to invest considerable effort to hack. I doubt any of the USB devices I use pose a threat (to me). There is one strange thing, but I will start a separate thread for it (I do not seem to be able to configure my mouse as left-handed). Thank you very much for taking the time to respond. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/64900629-bf76-4fbd-9ee8-d2d1bc6b8a3f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.