qubes user guide instructed me to brick my qubes disk

[boromi...@sigaint.org]

I followed the user guide here for creating a usb VM because for some
reason qubes will otherwise automatically connect a possibly malicious USB
to DOM0 for some unknown reason. My qubes is installed onto a USB so i
dont know what good any of that would do.

-----------

https://www.qubes-os.org/doc/usb/

Alternatively, you can create a USB qube manually as follows:

In a dom0 terminal, type lsusb to check if you have a USB controller
free of input devices or programmable devices. If you find such free
controller, note its name and proceed to step 2.
Create a new qube. Give it an appropriate name and color label
(recommended: sys-usb, red).
In the qube’s settings, go to the “Devices” tab. Find your USB
controller in the “Available” list. Move it to the “Selected” list.
Click “OK.” Restart the qube.
Recommended: Check the box on the “Basic” tab which says “Start VM
automatically on boot.” (This will help to mitigate attacks in which
someone forces your system to reboot, then plugs in a malicious USB
device.)

------------------


LSUSB shows a list of devices and my usb connected to it, i could see my
controllers listed and my qubes usb, it did not specify which controller
its connected to, which even if it did would be of no help, as the devices
tab of the USB vm i created uses different names for the controllers.

I selected both controllers figuring there is no fault in protected all
usb ports. Then i selected 'start vm automatically' to protect against
some obscure attack. What the instructions failed to document is that a
usb VM will put your USB's into read-only mode which immediately began to
brick my qubes usb. I restarted hoping to fix the problem, but having set
it to start automatically as instructed forced the system to brick itself.

Im severely disappointed in the failure of the qubes development team to
forsee this simple problem and its failure to document the read-only
property of a usb vm. If it cannot even ascertain that its instructions
will lead to a fatal outcome how can anyone possibly believe they can
secure an entire operating system.

[Mike Patton]

Your subject is kind of false.  The guide didn't instruct you to brick your install disk.

Unfortunately you did that by not following the instructions.  It specifically says:

"type lsusb to check if you have a USB controller 

free of input devices or programmable devices. If you find such free 
controller, note its name and proceed"

Considering the operation is forwarding the USB controller to the usb-vm... 

Forwarding both your controllers (one of which includes your install disk)

doesn't seem like a smart thing to do.  Sorry, just my opinion.

If you weren't sure about the instructions, perhaps it would have been best

to ask somewhere for assistance?  I have had amazing response times to

queries in this group and when reporting a non-bug.

Hope you give it another go.

M.

[boromi...@sigaint.org]

> "*type lsusb to check if you have a USB controller *
>
> *free of input devices or programmable devices. If you find such
> free controller, note its name and proceed*"

>
> Considering the operation is forwarding the USB controller to the
> usb-vm...
> Forwarding both your controllers (one of which includes your install disk)
> doesn't seem like a smart thing to do. Sorry, just my opinion.
>
> If you weren't sure about the instructions, perhaps it would have been
> best
> to ask somewhere for assistance? I have had amazing response times to
> queries in this group and when reporting a non-bug.
>
> Hope you give it another go.
>
> M.
>

Had you read my post you would have saw that the lsusb command does not
state what controller a USB is connected to, and even if it had, the names
for the usb controllers listed in the devices tab of a VM do not relate in
any way to ones listed in lsusb.

[J. Eppler]

Hello,

Mike Patton is right. Instead of blaming other people afterwards you should have asked
before you do something.

Best regards
  J. Eppler

[raah...@gmail.com]

This page was easier to find in the old instructions. https://www.qubes-os.org/doc/assigning-devices/

There is a little more to it then just lsusb. https://www.qubes-os.org/doc/assigning-devices/

I admit this page was easier to find on the old website.

[boromi...@sigaint.org]

Dear neckbeard, please take your victim blaming somewhere else. The
instructions were clear on how to do this simple task, gave no warning
about the read-only properties its forces on usb devces, and did not take
into account the indecipherable nature of lsusb results which for the vast
majority of people whose neckbeards do not flow as freely as yours will
not be able to read properly.

The developers made a boneheaded mistake, which cost me the 18+ hours it
took to install and upgrade qubes onto a usb, and will cost me 18 hours
more. The very least they could do is apologize and amend the user guide
instructions to include warnings about this, but i get the sense that like
the tails developers they prefer to sit atop their ivory towers making
obscure changes while leaving real fixable problems hiding in plain sight.

[Unman]

You've obviously had a frustrating experience. To help others from
suffering from the same mistake why not amend the user guide
yourself? It's quite simple to do and others would find it very helpful.

unman

[raah...@gmail.com]

So did you not say if you ever followed these instructions or maybe did not see this page? https://www.qubes-os.org/doc/assigning-devices/

lsusb only tells you what device number is for the usb you want. But not what controller its on. So say you want to find out what the controller is for device #3 you do:

readlink /sys/bus/usb/devices/usb3

I think maybe these instructions should be on the main doc page. Because i have hard time finding these instructions too but already knew there was a command for this because of the past seeing it on past qubes website docs. But on the new website its hard to find this page.

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2016-06-10 19:26, raah...@gmail.com wrote:
> I think maybe these instructions should be on the main doc page.
> Because i have hard time finding these instructions too but
> already knew there was a command for this because of the past
> seeing it on past qubes website docs. But on the new website its
> hard to find this page.
>

I've updated the manual USB qube creation instructions based on the
feedback in this thread:

https://github.com/QubesOS/qubes-doc/commit/
85c5eda80c0b61795fa75516f68948ceef1a62f7

Thank you for for feedback, everyone.

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXXXaVAAoJENtN07w5UDAwzB4P/iVrwnyfIKcPR3sU+xKIrSm5
nSms+zyl2KBuX3u7/uTDxKDqpvEl5DJnj61K2nE5+rApVPdLhamcnEj1/aKpO10X
NYT0gh54T8/8CwcZyxcmDYHCgmjeBICZrDHuUwdw/pUF2kU/I9Pq26Gtkd8cP8t+
JABTxF/yPb6R2BA9RyGStZXj98aC1OlG01HARnfSAAS5jYW+orVAa33Ds45NjT41
uhX355WAWCrZARBcCcAwEk7ZaL7lfAQ20OMjZRsUkchR2+2/p6xgV6kev/R0rUzs
RGM0HrZx4dVNp9u5evoM5TPFIwCiNPn44+F8kKTNdhrHd2PnShV368BaWObI+wPR
XQrkYXFvts3EjWkDP18dTvK5+qJlTj0YtM1xKoSnrJk0WuaUc1O+ELIaCBXBPiK5
F0Tiad2pYmqa06S4tzqyFEjpPKr0EVhis7ejb+4GSxcr0iz2CjU65wSSpE7fO+IU
XwwBv+X1K+KfRc12+4nkube2gQbK7TUiKV7YlvXxUtbsdPzxBeKpSQY+NNB8IckW
uURGDkzsle9rxMdbEQ156D5pILHjLET5OoyE26Zvph02zZbYA6g+Oy410szVAb6P
SGFi+PbuhmjArmwQifciAOKFXUlCeq/WUpP+fnLgh8yrKrzJNLL+8cZIo/Tnw1XC
VoEFK+6zr7s1KddGZwq5
=dyfB
-----END PGP SIGNATURE-----