Re: [qubes-users] Re: Does qubes block usb on thunderbolt port?
I find the thunderbolt/usb-c hardware compatibility a mess[1] The USB-C dock I have uses DisplayLink[2] for output its a pain to get to work with Linux and ~impossible on cubes without compromising security of Dom-0[3] As far as I know Thunderbolt Docks use DisplayPort pass-through so should just work assuming the thunderbolt port your using supports the feature (it may need to be enabled in the bios), though I haven’t used any of these so nit sure. [1] USB (various versions), PCIe, DisplayPort and PowerDelivery all can use the same physical plug, and it’s very much not obvious which subset happens to work on any given port. [2] proprietary compressed frame buffer over high bandwidth USB, or apparently also (wireless) network. [3] you need to attach the ports usb controller directly to Dom-0, and then recompile + install the binary blob Display Link driver see https://github.com/displaylink-rpm/displaylink-rpm , and then significant massaging of the Xorg configuration to get it to play nice. Sent from my iPad > On 13 Oct 2020, at 05:34, 'Amir Omidi' via qubes-users > wrote: > Did any of this ever work? I have a USB C Thunderbolt based hub and I'm > unable to get it to output Displayport screens. > > All the USB/ethernet/etc on it work fine though. > > On Thursday, January 9, 2020 at 7:54:49 AM UTC-8 ryan...@ryantate.com wrote: >> >> >> On Wednesday, January 8, 2020 at 3:14:03 PM UTC-5, brend...@gmail.com wrote: >>> 1. Qubes has pcie hotplug disabled in the dom0 kernel, which TB uses for >>> PCIe-based thunderbolt devices. This is disabled for security reasons. >>> 2. The TB alternate mode that supports USBs might not instantiate the PCIe >>> USB controller it connects through *until a USB device is connected to that >>> port*. >>> 3. Therefore...depending on BIOS support...you *might* be able to have a >>> USB device seen by qubes if the USB device is plugged in at power-on. Even >>> if that works, it might be on a USB PCIe controller that is not already >>> attached to your sys-usb (if you have one). >>> 4. If it does work, you might want to create a sys-usb-c which you run only >>> after connecting a device to the port at boot time, and assign the (usually >>> hidden) PCIe USB controller that that VM only. >>> >>> >> >> Thanks for the reply! I took a break in the middle of typing my own reply, >> for a meeting, so your message came in as I was completing it. >> >> All of your points seem to line up with what I discovered poking around. >> Yes, I can get usb-c seen if device connected at power on. >> >> Thanks for the idea of an secondary sys-usb for usb-c! I had not considered >> that. If I discover I really need something Usb-c, which seems likely in >> time, I will probably do that. For now it's really just my new yubikey, >> which I am going to give to someone else and replace with a USB-A/NFC. > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/baf0e219-7c29-473b-ad76-3ba36a44ae8cn%40googlegroups.com. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/026E4A1D-A81A-4906-8665-63121C0FC74A%40gmail.com.
[qubes-users] Re: Does qubes block usb on thunderbolt port?
Did any of this ever work? I have a USB C Thunderbolt based hub and I'm unable to get it to output Displayport screens. All the USB/ethernet/etc on it work fine though. On Thursday, January 9, 2020 at 7:54:49 AM UTC-8 ryan...@ryantate.com wrote: > > > On Wednesday, January 8, 2020 at 3:14:03 PM UTC-5, brend...@gmail.com > wrote: > >> 1. Qubes has pcie hotplug disabled in the dom0 kernel, which TB uses for >> PCIe-based thunderbolt devices. This is disabled for security reasons. >> 2. The TB alternate mode that supports USBs might not instantiate the >> PCIe USB controller it connects through *until a USB device is connected to >> that port*. >> 3. Therefore...depending on BIOS support...you *might* be able to have a >> USB device seen by qubes if the USB device is plugged in at power-on. Even >> if that works, it might be on a USB PCIe controller that is not already >> attached to your sys-usb (if you have one). >> 4. If it does work, you might want to create a sys-usb-c which you run >> only after connecting a device to the port at boot time, and assign the >> (usually hidden) PCIe USB controller that that VM only. >> >> >> > Thanks for the reply! I took a break in the middle of typing my own reply, > for a meeting, so your message came in as I was completing it. > > All of your points seem to line up with what I discovered poking around. > Yes, I can get usb-c seen if device connected at power on. > > Thanks for the idea of an secondary sys-usb for usb-c! I had not > considered that. If I discover I really need something Usb-c, which seems > likely in time, I will probably do that. For now it's really just my new > yubikey, which I am going to give to someone else and replace with a > USB-A/NFC. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/baf0e219-7c29-473b-ad76-3ba36a44ae8cn%40googlegroups.com.
[qubes-users] Re: Does qubes block usb on thunderbolt port?
On Wednesday, January 8, 2020 at 3:14:03 PM UTC-5, brend...@gmail.com wrote: > 1. Qubes has pcie hotplug disabled in the dom0 kernel, which TB uses for > PCIe-based thunderbolt devices. This is disabled for security reasons. > 2. The TB alternate mode that supports USBs might not instantiate the PCIe > USB controller it connects through *until a USB device is connected to that > port*. > 3. Therefore...depending on BIOS support...you *might* be able to have a > USB device seen by qubes if the USB device is plugged in at power-on. Even > if that works, it might be on a USB PCIe controller that is not already > attached to your sys-usb (if you have one). > 4. If it does work, you might want to create a sys-usb-c which you run > only after connecting a device to the port at boot time, and assign the > (usually hidden) PCIe USB controller that that VM only. > > > Thanks for the reply! I took a break in the middle of typing my own reply, for a meeting, so your message came in as I was completing it. All of your points seem to line up with what I discovered poking around. Yes, I can get usb-c seen if device connected at power on. Thanks for the idea of an secondary sys-usb for usb-c! I had not considered that. If I discover I really need something Usb-c, which seems likely in time, I will probably do that. For now it's really just my new yubikey, which I am going to give to someone else and replace with a USB-A/NFC. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/aad044cc-2da8-44b9-b515-367edc7490b3%40googlegroups.com.
[qubes-users] Re: Does qubes block usb on thunderbolt port?
On Wednesday, January 8, 2020 at 4:29:57 PM UTC-5, Ryan Tate wrote: > (The one thing that I do wonder is if is neccesary for sys-usb to bail > out on boot when an assigned device is not present, maybe there could be > a system for transient but assigned devices to be allowed to come online > post boot? No idea how feasible this is.) > PCIe attach has to happen at startup, and Xen will fail to start it up if the named device isn't there. My suggestion: create a *second* sys-usb style VM (e.g. called "sys-usb-c") with the "extra" usb pcie device attached and *remember* to have the USB port populated at boot if you want to use devices from that second device VM. The regular sys-usb will always start up for the other ports (regardless of whether you have a device plugged in or not). Brendan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4eb2e9cd-af16-46ef-9b77-d3a6a888f9b8%40googlegroups.com.
[qubes-users] Re: Does qubes block usb on thunderbolt port?
Ryan Tate writes: > On my ThinkPad X1 Carbon gen5, I can use my thunderbolt 3 ports fine for > display and for power. However, Qubes does not seem to recognize a usb-c > flash stick or a usb-c yubikey plugged into these ports I think I got this figured out. ThinkPads apparently do not show the USB-C controller on these Thunderbolt ports to the OS unless and until something is physically plugged in. I was clued into this by this thread; don't be fooled by the subject line it is about more than hubs - see bit where the user also was not able to connect the drive directly - https://groups.google.com/forum/#!searchin/qubes-users/usb-c$20thunderbolt%7Csort:date/qubes-users/VIqnIcubq9Y/-gmRME7qBgAJ Per the thread above, Qubes does not (seem to) handle controllers that pop up after boot. When I booted with a usb-c flash drive already in the Thunderbolt port, I was able to finally see the USB-C controller via lspci in dom0. I was able to shut down sys-usb and attach the controller to sys-usb (Devices tab in Qubes Settings for sys-usb) and USB-C items then became visible when I started sys-usb again. But, on a reboot, if no USB was plugged in to the port, sys-usb would fail to start up at all because the controller (aka the "device" I had attached) was no longer there. (Also, even when a usb-c item was plugged in at boot and mounted, disconnecting the item and connecting something else (like a displayport cable for external monitor, which worked) left me unable to re-connect the usb-c item, but this may be because I did not set "no-strict-reset" -- I never bothered to fiddle with that when I realized the prior mentioned boot issue). This is all kind of a bummer because it means that effectively I can't use usb-c to attach anything like a storage device, yubikey, etc on this machine with Qubes. On the other hand I realize the Thunderbolt system generally and perhaps specifically the way Lenovo/ThinkPad machines handle exposing USB buses on Thunderbolt raise some unique challenges. (The one thing that I do wonder is if is neccesary for sys-usb to bail out on boot when an assigned device is not present, maybe there could be a system for transient but assigned devices to be allowed to come online post boot? No idea how feasible this is.) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/87muaxprg6.fsf%40disp2634.
[qubes-users] Re: Does qubes block usb on thunderbolt port?
On Wednesday, January 8, 2020 at 6:19:54 AM UTC-5, Ryan Tate wrote: > > Does qubes block USB data on Thunderbolt ports? > So a few things: 1. Qubes has pcie hotplug disabled in the dom0 kernel, which TB uses for PCIe-based thunderbolt devices. This is disabled for security reasons. 2. The TB alternate mode that supports USBs might not instantiate the PCIe USB controller it connects through *until a USB device is connected to that port*. 3. Therefore...depending on BIOS support...you *might* be able to have a USB device seen by qubes if the USB device is plugged in at power-on. Even if that works, it might be on a USB PCIe controller that is not already attached to your sys-usb (if you have one). 4. If it does work, you might want to create a sys-usb-c which you run only after connecting a device to the port at boot time, and assign the (usually hidden) PCIe USB controller that that VM only. Brendan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0cbd5089-ce29-4c13-9d9f-d40ff678e95a%40googlegroups.com.
