Attaching a single USB device to a qube (USB passthrough)
501 views
Skip to first unread message
Franz
Mar 4, 2017, 10:18:18 AM3/4/17
to qubes...@googlegroups.com
Hello,
for the first time I am trying this new feature of Qubes 3.2 with the idea of using attaching a scanner to a scannerVM.user@sys-usb:~$ lsusb
Bus 003 Device 005: ID 04a9:190f Canon, Inc.
qvm-usb
https://www.qubes-os.org/doc/usb/
So which is the difference between webcam and scanner? Perhaps that the webcam was already installed at boot, while the scanner was connected after? But from a security point of view is it advisable to boot with the scanner already connected?
Best
raah...@gmail.com
Mar 4, 2017, 3:14:05 PM3/4/17
to qubes-users
did you install proxy in the usb vm too?> not sure havent; tried with a scanner only printer. I still print and scan over network with a raspberry pi that i set up on earlier version of Qubes. I;ve gotten android phone to work as single usb device though too. maybe scanner use some diff protocol or port?
Franz
Mar 4, 2017, 8:06:55 PM3/4/17
to cooloutac, qubes-users
On Sat, Mar 4, 2017 at 5:14 PM, <raah...@gmail.com> wrote:
did you install proxy in the usb vm too?>On Saturday, March 4, 2017 at 10:18:18 AM UTC-5, Francesco wrote:
> Hello,
> for the first time I am trying this new feature of Qubes 3.2 with the idea of using attaching a scanner to a scannerVM.
>
> Fist installed qubes-usb-proxy and simple-scan in the template from which both sys-usb and scannerVM depend.
>
> Then connected the usb cable and the scanner appeared in sys-usb terminal:
> user@sys-usb:~$ lsusb
> Bus 003 Device 005: ID 04a9:190f Canon, Inc.
> but
> it does not show in dom0 with
> qvm-usb
> as taught at the end of this document:
> https://www.qubes-os.org/doc/usb/
> In fact only the webcam appears there.
>
>
> So which is the difference between webcam and scanner? Perhaps that the webcam was already installed at boot, while the scanner was connected after? But from a security point of view is it advisable to boot with the scanner already connected?
> Best
> Fran
yes
not sure havent; tried with a scanner only printer. I still print and scan over network with a raspberry pi that i set up on earlier version of Qubes.
That may be a cleaner way to do that
I;ve gotten android phone to work as single usb device though too. maybe scanner use some diff protocol or port?
May be, but it seems strange that qvm-usb does not see it
Best
Fran
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5fe54565-d6f7-4aa3-a61d-28ed0e0cefbb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
raah...@gmail.com
Mar 5, 2017, 3:11:54 PM3/5/17
to qubes-users, raah...@gmail.com
>
> To post to this group, send email to qubes...@googlegroups.com.
>
> To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5fe54565-d6f7-4aa3-a61d-28ed0e0cefbb%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.
did it work with it plugged in at boot?> To post to this group, send email to qubes...@googlegroups.com.
>
> To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5fe54565-d6f7-4aa3-a61d-28ed0e0cefbb%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.
Franz
Mar 5, 2017, 5:18:02 PM3/5/17
to cooloutac, qubes-users
did not try that wondering if it may be a security risk
best
Fran
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/99c1aacc-d9c2-43ec-b11f-24279246a61c%40googlegroups.com.
Andrew David Wong
Mar 5, 2017, 8:39:16 PM3/5/17
to Franz, cooloutac, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
>> [...] did it work with it plugged in at boot?
Qubes can't isolate USB controllers during early stages of the boot
process. IIRC, Joanna's recommendation is to unplug all USB devices
before (re)booting.
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYvL2rAAoJENtN07w5UDAwQj4P/2tjrBk2wK5mpE7+EEZ4o4ss
Y/EFoEuD/331qI82tHVYvJdDz41HGXdsugZYOR8w4xuQLgDcOCbkOf1sxHk/PgGl
MVIPqHhH/fdapsGkNM30ZjjdotKpeEMi+Bxfo1cglaOzXnvRwuAVlX0l96Aob5EE
3Y4MnYmUA3simV45hQGMEyfNKZ4mahNVyLTpDglmKZwFdXLYeHcOWm6H8X0FOFS2
WXBY8UzpIFz0l9XJW9tBuEVnPIHn57m8wxrrQNXxzeaD88h17ZhyVGTbP2jTLSvm
gAbTdZq4y+7Vl4ZeW/mi7Wz+9D406y0JNzJBBGlDXdMpmaVszQ+BxVakrKYs0yZJ
xFWP3p84RF3UH0TYrO1YK709PKP8uLjPoRsviW8UCa9tk5hOSIAs3UMUuZhax6r7
e9wxYW2+ZryhhlOSx2JPVhj/0zZ9w3enY7sq1RWDKlvQ3SDpsGJ6tX0L3BtGgsQv
/LOZKCH3EY367jUUwt23bDPbllGb/7E6hXwHLFbWbOG2WZejE8NuizboL8uu2EVj
FaEKXOUOQMWPc5lZXLEABgQInTiX0RN/GgK6fCteyTFbffR8IRqY9xe3Xy4ee5ti
JIqRCRcvgfB6K9+JjpLwheCY1Z40DV/fA/sqX6Vh9TIG89ppoF7nMKA/8r83mQZ5
y+YKmXvDB0Rm6hbe/cSV
=hO24
-----END PGP SIGNATURE-----
Hash: SHA512
>> [...] did it work with it plugged in at boot?
>>
> did not try that wondering if it may be a security risk
Yes, leaving USB devices plugged in during boot can be a risk, since
> did not try that wondering if it may be a security risk
Qubes can't isolate USB controllers during early stages of the boot
process. IIRC, Joanna's recommendation is to unplug all USB devices
before (re)booting.
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYvL2rAAoJENtN07w5UDAwQj4P/2tjrBk2wK5mpE7+EEZ4o4ss
Y/EFoEuD/331qI82tHVYvJdDz41HGXdsugZYOR8w4xuQLgDcOCbkOf1sxHk/PgGl
MVIPqHhH/fdapsGkNM30ZjjdotKpeEMi+Bxfo1cglaOzXnvRwuAVlX0l96Aob5EE
3Y4MnYmUA3simV45hQGMEyfNKZ4mahNVyLTpDglmKZwFdXLYeHcOWm6H8X0FOFS2
WXBY8UzpIFz0l9XJW9tBuEVnPIHn57m8wxrrQNXxzeaD88h17ZhyVGTbP2jTLSvm
gAbTdZq4y+7Vl4ZeW/mi7Wz+9D406y0JNzJBBGlDXdMpmaVszQ+BxVakrKYs0yZJ
xFWP3p84RF3UH0TYrO1YK709PKP8uLjPoRsviW8UCa9tk5hOSIAs3UMUuZhax6r7
e9wxYW2+ZryhhlOSx2JPVhj/0zZ9w3enY7sq1RWDKlvQ3SDpsGJ6tX0L3BtGgsQv
/LOZKCH3EY367jUUwt23bDPbllGb/7E6hXwHLFbWbOG2WZejE8NuizboL8uu2EVj
FaEKXOUOQMWPc5lZXLEABgQInTiX0RN/GgK6fCteyTFbffR8IRqY9xe3Xy4ee5ti
JIqRCRcvgfB6K9+JjpLwheCY1Z40DV/fA/sqX6Vh9TIG89ppoF7nMKA/8r83mQZ5
y+YKmXvDB0Rm6hbe/cSV
=hO24
-----END PGP SIGNATURE-----
Franz
Mar 5, 2017, 8:56:35 PM3/5/17
to Andrew David Wong, cooloutac, qubes-users
On Sun, Mar 5, 2017 at 10:39 PM, Andrew David Wong <a...@qubes-os.org> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2017-03-05 14:18, Franz wrote:
> On Sun, Mar 5, 2017 at 5:11 PM, <raah...@gmail.com> wrote:
>> [...] did it work with it plugged in at boot?
>>
> did not try that wondering if it may be a security risk
Yes, leaving USB devices plugged in during boot can be a risk, since
Qubes can't isolate USB controllers during early stages of the boot
process. IIRC, Joanna's recommendation is to unplug all USB devices
before (re)booting.
So, leaving that aside, the only remaining option would be to look into some log or similar information source to try to find out why the scanner appears in sys-usb, but not in dom0 qvm-usb. Any idea where to look?
Andrew David Wong
Mar 5, 2017, 9:39:26 PM3/5/17
to Franz, cooloutac, qubes-users, Marek Marczykowski-Górecki
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hash: SHA512
On 2017-03-05 17:56, Franz wrote:
> On Sun, Mar 5, 2017 at 10:39 PM, Andrew David Wong
> <a...@qubes-os.org> wrote:
>
>> On 2017-03-05 14:18, Franz wrote:
>>> On Sun, Mar 5, 2017 at 5:11 PM, <raah...@gmail.com> wrote:
>>>> [...] did it work with it plugged in at boot?
>>>>
>>> did not try that wondering if it may be a security risk
>>
>> Yes, leaving USB devices plugged in during boot can be a risk,
>> since Qubes can't isolate USB controllers during early stages of
>> the boot process. IIRC, Joanna's recommendation is to unplug all
>> USB devices before (re)booting.
>>
>>
> So, leaving that aside, the only remaining option would be to look
> into some log or similar information source to try to find out why
> the scanner appears in sys-usb, but not in dom0 qvm-usb. Any idea
> where to look?
>
Sorry, no idea.
> On Sun, Mar 5, 2017 at 10:39 PM, Andrew David Wong
> <a...@qubes-os.org> wrote:
>
>> On 2017-03-05 14:18, Franz wrote:
>>> On Sun, Mar 5, 2017 at 5:11 PM, <raah...@gmail.com> wrote:
>>>> [...] did it work with it plugged in at boot?
>>>>
>>> did not try that wondering if it may be a security risk
>>
>> Yes, leaving USB devices plugged in during boot can be a risk,
>> since Qubes can't isolate USB controllers during early stages of
>> the boot process. IIRC, Joanna's recommendation is to unplug all
>> USB devices before (re)booting.
>>
>>
> So, leaving that aside, the only remaining option would be to look
> into some log or similar information source to try to find out why
> the scanner appears in sys-usb, but not in dom0 qvm-usb. Any idea
> where to look?
>
P.S. - Franz, would you mind excluding extraneous quoted material from
your replies? In particular, please exclude PGP signatures and generic
Google Groups information included as a signature.
https://www.qubes-os.org/mailing-lists/#discussion-list-guidelines
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
W5Q5njs+d5nnUayHrhH6dAZukMgNYXzlYj+zNiIr3EAdEX6pEFeBuJpRJ57CVItf
/nXYenALSlRyiqn1GWqrob2cwuJiaC0XTVpwQLjhd6M/KSCqpj1ZiVWYc82UgF53
ZB0ztgK+ynOk03x6IIdeFlAdwlf84BpPqBuLl82N6bQvLMO01aBYcYoia73hUp2D
1sxH0PlGOLmHMB1dD7us+IOUKArJxf9FRnWeozcyWuin6SrdsJux84oFPT9BGVaO
WEGJQKFGTPkZaA2KjktmyE/7lxueoAlaiVbCCA2LZhJgB1EFO/IP8qEzB/vOboBt
X9D0k3/X8BSvzqxUX+L9NUeoey7ryorHimR8SdBE1dftOgjTttbapbfAPGl3NSi6
COlYXMTtBAoPDNBnSx1imE9yq+36cmXQExsAAW4U2x0IlJJKqMqUjo4YVohU7/u9
TuRvfRNrRXAZTMM0+kM5FZsUXMhyc5PrF5OgRlMvsbPGCRc8k16DDXLi2oQq/yTO
MJEzHaU0WZ3JOmPzR1RjxU19wX9gAggtU4PDc+cGlOTQizVTlsODoc1Y86Otdsta
/ZFR7xDc9jP2g6J5eYTfcczFmXvxAUoGqKLTZ+LZ+H+TBrnatk7+iHDY66RCDNjI
jt7fDX4K+KDGEdi/u86F
=FT4M
-----END PGP SIGNATURE-----
Franz
Mar 6, 2017, 11:18:54 AM3/6/17
to Andrew David Wong, cooloutac, qubes-users, Marek Marczykowski-Górecki
On Sun, Mar 5, 2017 at 11:39 PM, Andrew David Wong <a...@qubes-os.org> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2017-03-05 17:56, Franz wrote:
> On Sun, Mar 5, 2017 at 10:39 PM, Andrew David Wong
> <a...@qubes-os.org> wrote:
>
>> On 2017-03-05 14:18, Franz wrote:
>>> On Sun, Mar 5, 2017 at 5:11 PM, <raah...@gmail.com> wrote:
>>>> [...] did it work with it plugged in at boot?
>>>>
>>> did not try that wondering if it may be a security risk
>>
>> Yes, leaving USB devices plugged in during boot can be a risk,
>> since Qubes can't isolate USB controllers during early stages of
>> the boot process. IIRC, Joanna's recommendation is to unplug all
>> USB devices before (re)booting.
>>
>>
> So, leaving that aside, the only remaining option would be to look
> into some log or similar information source to try to find out why
> the scanner appears in sys-usb, but not in dom0 qvm-usb. Any idea
> where to look?
>
Sorry, no idea.
P.S. - Franz, would you mind excluding extraneous quoted material from
your replies? In particular, please exclude PGP signatures and generic
Google Groups information included as a signature.
https://www.qubes-os.org/mailing-lists/#discussion-list-guidelines
To go along I tried to use the USB controller that was assigned to assignedVM, that worked in the past. But now I am unable to start the assignedVM. The log tells:
Icon size: 128x128
invalid PMaxSize for 0x3600015 (32767/32767)
invalid PMaxSize for 0x3600015 (32767/32767)
invalid PMaxSize for 0x360002b (533/32767)
invalid PMaxSize for 0x360002b (533/32767)
invalid PMaxSize for 0x360002b (533/32767)
invalid PMaxSize for 0x3600035 (32767/32767)
invalid PMaxSize for 0x3600035 (32767/32767)
invalid PMaxSize for 0x3600035 (32767/32767)
invalid PMaxSize for 0x3600035 (32767/32767)
invalid PMaxSize for 0x3600035 (32767/32767)
invalid PMaxSize for 0x3600035 (32767/32767)
invalid PMaxSize for 0x3600035 (32767/32767)
invalid PMaxSize for 0x3600040 (32767/32767)
invalid PMaxSize for 0x360002b (533/32767)
invalid PMaxSize for 0x360002b (533/32767)
libvchan_is_eof
Icon size: 128x128
domain dead
Failed to connect to gui-agent
Icon size: 128x128
invalid PMaxSize for 0x3600015 (32767/32767)
invalid PMaxSize for 0x3600015 (32767/32767)
invalid PMaxSize for 0x360002b (533/32767)
invalid PMaxSize for 0x360002b (533/32767)
invalid PMaxSize for 0x360002b (533/32767)
invalid PMaxSize for 0x3600035 (32767/32767)
invalid PMaxSize for 0x3600035 (32767/32767)
invalid PMaxSize for 0x3600035 (32767/32767)
invalid PMaxSize for 0x3600035 (32767/32767)
invalid PMaxSize for 0x3600035 (32767/32767)
invalid PMaxSize for 0x3600035 (32767/32767)
invalid PMaxSize for 0x3600035 (32767/32767)
invalid PMaxSize for 0x3600040 (32767/32767)
invalid PMaxSize for 0x360002b (533/32767)
invalid PMaxSize for 0x360002b (533/32767)
libvchan_is_eof
Icon size: 128x128
domain dead
Failed to connect to gui-agent
Best
Fran
Franz
Mar 8, 2017, 3:54:44 PM3/8/17
to Andrew David Wong, cooloutac, qubes-users, Marek Marczykowski-Górecki
I do not know if ti was the last dom0 update or another reboot, but the assignment now works, while the "attaching a single USB device" yet not.
Best
Fran
Reply all
Reply to author
Forward
0 new messages