USB & PCIe devices management questions
137 views
Skip to first unread message
B&B
Jan 14, 2017, 10:43:35 AM1/14/17
to qubes-users
Hello, for starters, pardon my ignorance, I am at the very beginning of the learning curve.
I am planning out a new workstation build, I want to plan it out with Qubes in mind. But I have few questions, as I do not have a Qubes compatible desktop right now, and my laptops are not really good to experiment with it.
I am planning out a new workstation build, I want to plan it out with Qubes in mind. But I have few questions, as I do not have a Qubes compatible desktop right now, and my laptops are not really good to experiment with it.
I want to add and assign a secondary GPU to a Windows based VM, to be used as a gaming and CAD machine. If I do that, what about monitor output, if primary GPU is in dom0, do I need to connect second GPU to a monitor, or can I route the signal somehow without additional hardware?
I want to use few, separate, color coded USB hubs(spray paint for the win), each attached to different domain, with same color coding. I want it to work as seamlessly as possible, preferably with no additional steps after I attach/detach any device to/from a hub. It simply shows into a VM and acts accordingly. I have problem understanding how the qvm-pci and USB management works in this area. Is my planned use case even achievable or do I need to manage each device every single time I attach it?
Is assigning devices to vms persistent after booting, or can be made persistent?
raah...@gmail.com
Jan 17, 2017, 11:29:25 PM1/17/17
to qubes-users, bb.al...@gmail.com
don't thnk its supported yet.
Grzesiek Chodzicki
Jan 18, 2017, 4:58:00 AM1/18/17
to qubes-users, bb.al...@gmail.com
As for the hubs, this might be tricky without a large number of separate USB controllers.
bb.al...@gmail.com
Jan 18, 2017, 6:26:47 AM1/18/17
to qubes-users, bb.al...@gmail.com
What about PCIe USB cards? Could I assign such pcie device to specific cube, so USB ports on that card are available only for that qube, as there is another controller on the card(I think so at least), or is my reasoning wrong?
podmo
Jan 18, 2017, 10:13:11 AM1/18/17
to qubes-users
bb.al...@gmail.com wrote:
> What about PCIe USB cards? Could I assign such pcie device to specific
> cube, so USB ports on that card are available only for that qube, as there
> is another controller on the card(I think so at least), or is my reasoning
> wrong?
Keep in mind you can passthrough a single USB device to a qube by
> What about PCIe USB cards? Could I assign such pcie device to specific
> cube, so USB ports on that card are available only for that qube, as there
> is another controller on the card(I think so at least), or is my reasoning
> wrong?
following the steps at the bottom of https://www.qubes-os.org/doc/usb so
you don't really need to use all these separate USB controllers, but the
method you are describing would work too.
raah...@gmail.com
Jan 18, 2017, 11:04:00 AM1/18/17
to qubes-users, bb.al...@gmail.com
bb.al...@gmail.com
Jan 18, 2017, 1:45:38 PM1/18/17
to qubes-users, po...@sigaint.org
I thought it would be a less cumbersome way to do it than attaching a device, and then manually running two commands to attach, and also two to detach the device. Every single time I use any device. That is less than ideal, that is why I thought I might be able to assign one USB controller to each of my qubes, so I can use USB devices with less hassle, yet still isolate them to specific qubes.
Can I consider a USB hub a 'device'?
Can I consider a USB hub a 'device'?
podmo
Jan 19, 2017, 10:39:23 AM1/19/17
to qubes-users
bb.alastor wrote:
> I thought it would be a less cumbersome way to do it than attaching a
> device, and then manually running two commands to attach, and also two to
> detach the device. Every single time I use any device. That is less than
> ideal, that is why I thought I might be able to assign one USB controller
> to each of my qubes, so I can use USB devices with less hassle, yet still
> isolate them to specific qubes.
> Can I consider a USB hub a 'device'?
No, I tried mapping a hub but that doesn't work. You could write some
> I thought it would be a less cumbersome way to do it than attaching a
> device, and then manually running two commands to attach, and also two to
> detach the device. Every single time I use any device. That is less than
> ideal, that is why I thought I might be able to assign one USB controller
> to each of my qubes, so I can use USB devices with less hassle, yet still
> isolate them to specific qubes.
> Can I consider a USB hub a 'device'?
simple scripts in dom0 to map and unmap, especially since it sounds like
you are going to dedicate a range of USB ports to each VM.
Jeremy Rand
Feb 4, 2017, 6:47:24 PM2/4/17
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
podmo:
PCIe device isolation in Qubes is much stronger than USB device
isolation, so assigning separate PCIe USB controllers to each VM will
be more secure than assigning USB devices from the same controller.
Cheers,
- -Jeremy
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYlmf1AAoJELPy0WV4bWVwcwAQAIs4/EGJLDzRh0vDDU+T+c9T
1KkZknyNCiwEIAKuqf3kdfxrEIhpIBiiKYABn6oWAnteRiJOTfIFCmNn+hACRNQo
jYIqVVUZQoq3jV60rYxa651E1dTSc/lpyB6LpWQV4DiN+5FqGt4vubNV3hH59G/f
OeM43cq8+qJCAdH6HRQje6aBHHmABT6lL/a2QfqiWoP1jz/524lZjApwu0kX5K1B
X4/sDmIE6y519tjmZz7ShGKInAXdH1oKiOmzDl7zCSEQprnycm7bEKFscbcG6mjj
Rh8y6B36zh6+U3/LTDSY6FSkEwsfhA3CaYG8o8nFJiY7p6l93/3q+sChZyO2rY/K
Bk0rBXk75c8oCYJ47EcnqSZF68CYqZd9S6oJB0vbWRlCXGWrKzAeBz0MKHJfRdLj
psLYwxZ3OgYouj0dUOGxOIbhBWYImHx8CxKkkdwbU7Fwub6TV56gkxP6T7X8GF8S
pDTgemmaAqMoN4rCuQhrWuClKN6XmP25dFHRZwNnSA4nhvebgB+YkaR8ufBWRdXf
NwiEvvcgVN50ZkygGe2ZIVyNknqBV/SE6S5MbaXBqWVPxiFyF6pSQ0K8NRDePU4t
atwMNexKZazmfJgEcwk1pHEIqFjAHiRw1DI2CVXzKwfbI+LA8fgbrPvPz2qHVlOR
RxAb0tB7oYTp5IsON+1F
=yCzf
-----END PGP SIGNATURE-----
Hash: SHA512
podmo:
isolation, so assigning separate PCIe USB controllers to each VM will
be more secure than assigning USB devices from the same controller.
Cheers,
- -Jeremy
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYlmf1AAoJELPy0WV4bWVwcwAQAIs4/EGJLDzRh0vDDU+T+c9T
1KkZknyNCiwEIAKuqf3kdfxrEIhpIBiiKYABn6oWAnteRiJOTfIFCmNn+hACRNQo
jYIqVVUZQoq3jV60rYxa651E1dTSc/lpyB6LpWQV4DiN+5FqGt4vubNV3hH59G/f
OeM43cq8+qJCAdH6HRQje6aBHHmABT6lL/a2QfqiWoP1jz/524lZjApwu0kX5K1B
X4/sDmIE6y519tjmZz7ShGKInAXdH1oKiOmzDl7zCSEQprnycm7bEKFscbcG6mjj
Rh8y6B36zh6+U3/LTDSY6FSkEwsfhA3CaYG8o8nFJiY7p6l93/3q+sChZyO2rY/K
Bk0rBXk75c8oCYJ47EcnqSZF68CYqZd9S6oJB0vbWRlCXGWrKzAeBz0MKHJfRdLj
psLYwxZ3OgYouj0dUOGxOIbhBWYImHx8CxKkkdwbU7Fwub6TV56gkxP6T7X8GF8S
pDTgemmaAqMoN4rCuQhrWuClKN6XmP25dFHRZwNnSA4nhvebgB+YkaR8ufBWRdXf
NwiEvvcgVN50ZkygGe2ZIVyNknqBV/SE6S5MbaXBqWVPxiFyF6pSQ0K8NRDePU4t
atwMNexKZazmfJgEcwk1pHEIqFjAHiRw1DI2CVXzKwfbI+LA8fgbrPvPz2qHVlOR
RxAb0tB7oYTp5IsON+1F
=yCzf
-----END PGP SIGNATURE-----
square...@gmail.com
Apr 6, 2017, 7:51:44 PM4/6/17
to qubes-users, bb.al...@gmail.com
I have succesfully achieved this functionality by adding PCIe USB controllers and using PCIe passthrough to isolate them to specific domain VMs. With USB extension cables it is as simple to use as if VMs were separate physical hosts, no problems whatsoever detected.
USB controllers were produced by Unitek brand, generic chinese brand, PCie x1 card and 3.5 external bay USB front panel. All guests detected the devices without any problem.
USB controllers were produced by Unitek brand, generic chinese brand, PCie x1 card and 3.5 external bay USB front panel. All guests detected the devices without any problem.
And as for GPU, I chose to use a separate machine and utilize VNC and Nvidia Gamestream to game on Qubes Box, using one of the VMs as a Gamestream client. It required minimal troubleshooting due to the usage of unofficial Moonlight app for the client.
Reply all
Reply to author
Forward
0 new messages