Attempting to make dedicated USB Qube
92 views
Skip to first unread message
Christopher Thacker
Jun 10, 2017, 9:56:50 PM6/10/17
to qubes-users
I want to make a dedicated USB Qube per the directions shown here:
https://www.qubes-os.org/doc/usb/
However I have some problems:
1) The directions state "You can create a USB qube using the management stack by performing the following steps as root in dom0:"
Unfortunately I don't know how to access root in Qubes 3.2, which is what I use. I don't even know if root is enabled.
How should I proceed?
2) The same directions briefly discuss hiding all USB controllers from dom0.
Should I do so?
FYI - My system is Qubes 3.2 on i7-4700hq at 2.4ghz with 4 USB 3.0 slots and 8gb system ram.
Thank you.
Christopher Thacker
Jun 10, 2017, 10:10:43 PM6/10/17
to qubes-users
To clarify, my purpose is to attach and detach an external USB hdd I use for data backup.
When I first started using Qubes 3.2, I could automatically do so, just as I did in Qubes 2.0.
After updating Qubes 3.2, I could no longer attach any external USB device. The attach option is "greyed", thus preventing my selecting it.
Thank you.
Franz
Jun 10, 2017, 11:38:34 PM6/10/17
to Christopher Thacker, qubes-users
On Sat, Jun 10, 2017 at 10:56 PM, Christopher Thacker <catha...@gmail.com> wrote:
I want to make a dedicated USB Qube per the directions shown here:
https://www.qubes-os.org/doc/usb/
However I have some problems:
1) The directions state "You can create a USB qube using the management stack by performing the following steps as root in dom0:"
Unfortunately I don't know how to access root in Qubes 3.2, which is what I use. I don't even know if root is enabled.
You can achieve this for example using the prefix "sudo" before your command
How should I proceed?
2) The same directions briefly discuss hiding all USB controllers from dom0.
Should I do so?
During Qubes 3.2 installation there is an option to install a USB Qube. Did you use that? Do you see a sys-usb VM in your Qubes Manager?
If not I would consider reinstalling Qubes with the USB Qube option activated, that may be easier to do if you have no linux experience.
But of course you may first try to follow the procedure that teaches exactly how to hide all usb controllers from Dom0 which is the thing to do.
FYI - My system is Qubes 3.2 on i7-4700hq at 2.4ghz with 4 USB 3.0 slots and 8gb system ram.
Thank you.
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e89034f6-fa3b-4478-816c-2fc17200aa59%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Franz
Jun 10, 2017, 11:40:22 PM6/10/17
to Christopher Thacker, qubes-users
Have you tried restarting your computer?
Thank you.
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f4d4b0da-c225-4a8a-896f-4e96671c52a6%40googlegroups.com.
Christopher Thacker
Jun 11, 2017, 10:15:03 AM6/11/17
to qubes-users
I made the sys-usb (it is a red icon).
I noticed that I can now attach a USB device to dom0 but I still can't attach a USB device to a specific Qube.
Is installing "qubes-usb-proxy" my next step? It do I have options?
Franz
Jun 11, 2017, 3:18:05 PM6/11/17
to Christopher Thacker, qubes-users
If you do not find better solutions I would try to make a backup of your VMs to your hard disk mounted on dom0, Then reinstall Qubes using the option that creates USB qube. After that restore your VMs
Best
Fran
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/42906df2-662f-4110-8449-662e8c5ebe03%40googlegroups.com.
Christopher Thacker
Jun 11, 2017, 3:35:55 PM6/11/17
to qubes-users
I was about to do so (reinstall) then I noticed something very odd.
Sometimes the "Attach/detach block devices" option is available and sometimes it is greyed out.
I have no idea why it would switch. It was working well until I updated it.
I will just reinstall and try again.
Unman
Jun 11, 2017, 4:36:27 PM6/11/17
to Christopher Thacker, qubes-users
On Sun, Jun 11, 2017 at 12:35:55PM -0700, Christopher Thacker wrote:
> I was about to do so (reinstall) then I noticed something very odd.
>
> Sometimes the "Attach/detach block devices" option is available and sometimes it is greyed out.
It isn't absolutely clear what you mean here: I can think of a number of
> I was about to do so (reinstall) then I noticed something very odd.
>
> Sometimes the "Attach/detach block devices" option is available and sometimes it is greyed out.
interpretations:
1. The option is consistently available for some qubes and not others.
2. The option is available for some qubes and not others, but this
varies over time.
2. For any qube, the option is sometimes available and sometimes greyed
out.
3. For any qube in the running state, the option is sometimes
available and sometimes not.
The resolution will depend on which of these problems you are seeing.
I would try to troubleshoot this by identifying the problem precisely,
and looking for correlations with qube activity and settings.
>
> I have no idea why it would switch. It was working well until I updated it.
>
> I will just reinstall and try again.
>
what is happening and let us know.
Good luck
unman
blacklight
Jun 11, 2017, 6:29:30 PM6/11/17
to qubes-users
first,with as root, they mean you should type "sudo" in front of all the commands (without the quotation marks) in the dom0 command line.
second, it depends on your threat level, as it is described: during boot, dom0 is shortly exposed to all the usb controllers, so if one where to be able to plug in a malicous usb drive during the early boot period, he might be able to takeover your system, this can be prevented by blacklisting all usb controllers in dom0. deciding whether this might be a threat in your situation is up to you and depends entirely on your threat level.
Christopher Thacker
Jun 11, 2017, 9:16:28 PM6/11/17
to blacklight, qubes-users
unman, blacklight -
I appreciate your input but I decided at this point, Qubes requires more skill than I can muster. It is a fantastic product but I just can't keep track of the moving parts.
Thank you.
--
You received this message because you are subscribed to a topic in the Google Groups "qubes-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/qubes-users/AS8PkqO9zVI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to qubes-users...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4e0a2518-1df4-4583-a1d0-17469b5604bb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
-- Christopher Thacker
Franz
Jun 11, 2017, 10:01:04 PM6/11/17
to Christopher Thacker, blacklight, qubes-users
On Sun, Jun 11, 2017 at 10:16 PM, Christopher Thacker <catha...@gmail.com> wrote:
On Sun, 11 Jun 2017 at 17:29, blacklight <pandak...@gmail.com> wrote:On Sunday, 11 June 2017 03:56:50 UTC+2, Christopher Thacker wrote:
> I want to make a dedicated USB Qube per the directions shown here:
>
> https://www.qubes-os.org/doc/usb/
>
> However I have some problems:
>
> 1) The directions state "You can create a USB qube using the management stack by performing the following steps as root in dom0:"
>
> Unfortunately I don't know how to access root in Qubes 3.2, which is what I use. I don't even know if root is enabled.
>
> How should I proceed?
>
> 2) The same directions briefly discuss hiding all USB controllers from dom0.
>
> Should I do so?
>
> FYI - My system is Qubes 3.2 on i7-4700hq at 2.4ghz with 4 USB 3.0 slots and 8gb system ram.
>
> Thank you.
first,with as root, they mean you should type "sudo" in front of all the commands (without the quotation marks) in the dom0 command line.
second, it depends on your threat level, as it is described: during boot, dom0 is shortly exposed to all the usb controllers, so if one where to be able to plug in a malicous usb drive during the early boot period, he might be able to takeover your system, this can be prevented by blacklisting all usb controllers in dom0. deciding whether this might be a threat in your situation is up to you and depends entirely on your threat level.
unman, blacklight -I appreciate your input but I decided at this point, Qubes requires more skill than I can muster. It is a fantastic product but I just can't keep track of the moving parts.
I agree that without some confidence with the command line and the terminal you definitely need some luck to be able to use Qubes long term. However luck depends also on the laptop you have. Some are more compatible than others. I selected my laptop just to be able to run Qubes reliably.
Of course it is possible to use it also with less compatible ones, but then you need more time and experience to fix the problems.
Of course it is possible to use it also with less compatible ones, but then you need more time and experience to fix the problems.
--
You received this message because you are subscribed to a topic in the Google Groups "qubes-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/qubes-users/AS8PkqO9zVI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4e0a2518-1df4-4583-a1d0-17469b5604bb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
---- Christopher Thacker--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CANpb_zVPD1t7i8rA%3DxL-gHYe%2BSB9sJpPM%2BfDhnJfhDfLpRqpyw%40mail.gmail.com.
Christopher Thacker
Jun 12, 2017, 9:27:33 AM6/12/17
to qubes-users
Yes, I think it is a combination of laptop and Qubes along with a healthy dose of user error.
:-)
My laptop was acting really weird in Qubes 3.2 but was just fine in Qubes 2.0.
Having said that, I loved Qubes when I did make it work. I really hope the developers continue the good work.
Reply all
Reply to author
Forward
0 new messages