Automation of USB passthrough
65 views
Skip to first unread message
Johannes Graumann
Apr 20, 2017, 4:54:28 AM4/20/17
to qubes...@googlegroups.com
Hi,
Has anyone figured out a setup for qubes-usb-proxy-based USB-
passthrough that will allow for automatic (and active) monitoring of
sys-usb connections and VMs? I'm envisioning a situation where I tell
the proxy setup that
1) if device X shows up and VM Y is running, the device should be
connected to the VM.
2) If VM Y comes up and device X is present, the device should be
connected to the VM
3) the connection should be removed automatically if either member
disappears ...
Is this possible? Where would one start?
In a side note: is it possible to pass a single device (e.g. smart card
reader) through to multiple VMs simultaneously?
Thanks for any hints.
Joh
Has anyone figured out a setup for qubes-usb-proxy-based USB-
passthrough that will allow for automatic (and active) monitoring of
sys-usb connections and VMs? I'm envisioning a situation where I tell
the proxy setup that
1) if device X shows up and VM Y is running, the device should be
connected to the VM.
2) If VM Y comes up and device X is present, the device should be
connected to the VM
3) the connection should be removed automatically if either member
disappears ...
Is this possible? Where would one start?
In a side note: is it possible to pass a single device (e.g. smart card
reader) through to multiple VMs simultaneously?
Thanks for any hints.
Joh
David Hobach
Apr 20, 2017, 2:43:11 PM4/20/17
to Johannes Graumann, qubes...@googlegroups.com
On 04/20/2017 10:54 AM, Johannes Graumann wrote:
> Hi,
>
> Has anyone figured out a setup for qubes-usb-proxy-based USB-
> passthrough that will allow for automatic (and active) monitoring of
> sys-usb connections and VMs? I'm envisioning a situation where I tell
> the proxy setup that
> 1) if device X shows up and VM Y is running, the device should be
> connected to the VM.
> 2) If VM Y comes up and device X is present, the device should be
> connected to the VM
> 3) the connection should be removed automatically if either member
> disappears ...
>
> Is this possible? Where would one start?
Should be possible I guess; maybe not yet implemented (I didn't test
> Hi,
>
> Has anyone figured out a setup for qubes-usb-proxy-based USB-
> passthrough that will allow for automatic (and active) monitoring of
> sys-usb connections and VMs? I'm envisioning a situation where I tell
> the proxy setup that
> 1) if device X shows up and VM Y is running, the device should be
> connected to the VM.
> 2) If VM Y comes up and device X is present, the device should be
> connected to the VM
> 3) the connection should be removed automatically if either member
> disappears ...
>
> Is this possible? Where would one start?
that new USB proxy feature so far). Should be implemented in dom0 for
obvious security reasons.
> In a side note: is it possible to pass a single device (e.g. smart card
> reader) through to multiple VMs simultaneously?
As the wiki states though [1]: "Stating with Qubes 3.2, it is possible
to attach a single USB device to any Qube. While this is useful feature,
it should be used with care, because there are many security
implications from using USB devices and USB passthrough will expose your
target qube for most of them. If possible, use method specific for
particular device type (for example block devices described above),
instead of this generic one."
--> So you should use qvm-block or qvm-copy-to-vm for the files on your
SD cards, if you like the security Qubes provides. That can also be done
automatically, if needed.
[1] https://www.qubes-os.org/doc/usb/
Reply all
Reply to author
Forward
0 new messages