mounting USB sticks
Franz
as sdc1), am unable to mount USB sticks.
USB sticks do not appear in Dom0 /dev as sdc1, but only as sdc, and
with fdisk -l they do not appear at all.
If I try to block-attach sdc using Dom0 terminal
xl block-attach personal phy:/dev/sdc xvdl w
it does not report errors, but using personal terminal, xvdl does not
appear neither with fdisk -l nor in /dev
Anyway sdc is the device and not a partition, and only partitions can
be mounted as I understand.
I tried with a couple of USB sticks that mount automatically with ubuntu.
best
Francesco
Marek Marczykowski
> While I'm able to mount external USB disks (that appear in Dom0 /dev
> as sdc1), am unable to mount USB sticks.
>
> USB sticks do not appear in Dom0 /dev as sdc1, but only as sdc, and
> with fdisk -l they do not appear at all.
>
> If I try to block-attach sdc using Dom0 terminal
>
> xl block-attach personal phy:/dev/sdc xvdl w
>
> it does not report errors, but using personal terminal, xvdl does not
> appear neither with fdisk -l nor in /dev
Hmm.. any errors from dom0 or VM kernel? (dmesg)
What shows xl block-list personal?
> Anyway sdc is the device and not a partition, and only partitions can
> be mounted as I understand.
Not all USB sticks are divided into partitions. This is normal.
--
Pozdrawiam / Best Regards,
Marek Marczykowski
Invisible Things Lab
Marek Marczykowski
Does it work in dom0? Perhaps this is read-only (?!) device?
In attached info I see:
Vdev BE handle state evt-ch ring-ref BE-path
51888 0 3 6 34 818 /local/domain/0/backend/vbd/3/51888
State: 4 - connected (active), 6 - closed (after eg block-detach, or
failed attach).
Looks like a problem with block backend module, but don't know the reason...
Did it happens also after fresh system boot?
Marek Marczykowski
On 18.11.2011 01:47, Franz wrote:
> Marek, sorry for the late reply, but have no more ubuntu installed on
> this computer and do not know how to tell you which was the working
> kernel.
>
> But I found an old Ubuntu CD, to arrange a live ubuntu. Well, the same
> USB stick mounts automatically and kernel is 2.6 32-21 generic. So
> this kernel seems older that Qubes kernel. So why isn't qubes mounting
> the USB stick? May it be because this was a 32 bit kernel? Or am I
> doing something wrong?
Strange... can you test also Qubes installation DVD? There is shell
console on tty2.
I have no idea what is the reason of this problem...
> I checked again Dom0 fdisk -l and it is absolutely identical before
> and after inserting the usb stick. This seems to mean that USB sticks
> and memory cards are not recognized.
>
> I do not know if this is related but sometimes a small window appears
> with the writing: 'Starting KTTSD failed'
This is text-to-speach daemon - shouldn't matter.
> best
> Franz
>
> On Mon, Nov 14, 2011 at 3:02 PM, Marek Marczykowski
> <marm...@invisiblethingslab.com> wrote:
>> On 14.11.2011 20:54, Franz wrote:
>>> On Mon, Nov 14, 2011 at 7:39 AM, Marek Marczykowski
>>> <marm...@invisiblethingslab.com> wrote:
>>>> On 14.11.2011 12:00, Franz wrote:
>>>>> On Sat, Nov 12, 2011 at 5:08 AM, Marek Marczykowski
>>>>> <marm...@invisiblethingslab.com> wrote:
>>>>>> On 12.11.2011 10:18, Franz wrote:
>>>>>>> While I'm able to mount external USB disks (that appear in Dom0 /dev
>>>>>>> as sdc1), am unable to mount USB sticks.
>>>>>>>
>>>>>>> USB sticks do not appear in Dom0 /dev as sdc1, but only as sdc, and
>>>>>>> with fdisk -l they do not appear at all.
>>>>>>>
>>>>>>> If I try to block-attach sdc using Dom0 terminal
>>>>>>>
>>>>>>> xl block-attach personal phy:/dev/sdc xvdl w
>>>>>>>
>>>>>>> it does not report errors, but using personal terminal, xvdl does not
>>>>>>> appear neither with fdisk -l nor in /dev
>>>>>>
>>>>>> Hmm.. any errors from dom0 or VM kernel? (dmesg)
>>>>>> What shows xl block-list personal?
>>>>>>
>>>>>>> Anyway sdc is the device and not a partition, and only partitions can
>>>>>>> be mounted as I understand.
>>>>>>
>>>>>> Not all USB sticks are divided into partitions. This is normal.
>>>>
>>>> Does it work in dom0?
>>> If I try on Dom0
>>> mount /dev/sdc /media/prova
>>> I get:
>>> you must specify the filesystem type
>>
>> So, this is some problem with pendrive(s) on your machine. Perhaps some
>> USB driver in dom0 kernel to old? Or some problem in connection with xen...
>>
>>> Perhaps this is read-only (?!) device?
>>> well I tried with 2 USB Sticks and a SD card and all works perfectly
>>> (read and write) with Ubuntu, on the same computer.
>>
>> Which kernel version?
>
> When I installed Qubes I deleted the Ubuntu installation, so I cannot tell.
>>
>>>> In attached info I see:
>>>> Vdev BE handle state evt-ch ring-ref BE-path
>>>> 51888 0 3 6 34 818 /local/domain/0/backend/vbd/3/51888
>>>>
>>>> State: 4 - connected (active), 6 - closed (after eg block-detach, or
>>>> failed attach).
>>>>
>>>> Looks like a problem with block backend module, but don't know the reason...
>>>>
>>>> Did it happens also after fresh system boot?
>>> Yes
>>>
>>> On your computer are you able to use USB sticks and SD cards?
>>
>> Didn't tried SD card, but USB sticks - yes.
Franz
> console on tty2.
> I have no idea what is the reason of this problem...
Marek,
Test Qubes installation DVD? Shell console on tty2?
It seems you are telling that there is some sort of live running of
the Qubes installation DVD and that this way it is possible to run a
console without installing Qubes to test Usb sticks. But how do I open
this console?
Best
Franz
Marek Marczykowski
>> Strange... can you test also Qubes installation DVD? There is shell
>> console on tty2.
>> I have no idea what is the reason of this problem...
>
> Marek,
> Test Qubes installation DVD? Shell console on tty2?
> It seems you are telling that there is some sort of live running of
> the Qubes installation DVD and that this way it is possible to run a
> console without installing Qubes to test Usb sticks. But how do I open
> this console?
Alt+Ctrl+F2
Franz
Made some progress. Tried the live Qubes DVD as you suggested and was
able to mount sdc1 of a normal USB stick that generates a sdc and sdc1
items in /dev. But was unable to mount the Ironkey USB stick that is
an hardware encrypted stick that disrupts itself after 10 failed
password attempt to unencrypt it.
Then tried again on normal Qubes installation (not live) and fdisk -l
is unchanged after inserting the Ironkey USB stick, but lsusb shows
it. Studing a little bit the documentation of ironkey I noted that it
should be mounted as a CD ROM. So was able to mount it, read-only, on
Dom0 as
mount /dev/sr0 /media/test.
Then tried xl block-attach vault phy:/dev/sr0 xvdz
it runs it with no errors but not xvdz device appears on vaultVM's /dev
So how can I mount xvdz on vaultVM?
Best
Francesco
Marek Marczykowski
> Marek,
> Made some progress. Tried the live Qubes DVD as you suggested and was
> able to mount sdc1 of a normal USB stick that generates a sdc and sdc1
> items in /dev. But was unable to mount the Ironkey USB stick that is
> an hardware encrypted stick that disrupts itself after 10 failed
> password attempt to unencrypt it.
Are you sure it doesn't need any additiona non-standard driver?
> Then tried again on normal Qubes installation (not live) and fdisk -l
> is unchanged after inserting the Ironkey USB stick, but lsusb shows
> it. Studing a little bit the documentation of ironkey I noted that it
> should be mounted as a CD ROM. So was able to mount it, read-only, on
> Dom0 as
> mount /dev/sr0 /media/test.
>
> Then tried xl block-attach vault phy:/dev/sr0 xvdz
For read-only devices add "r" option at the end of command.
Of course detach it first before trying attaching again.
Franz
<marm...@invisiblethingslab.com> wrote:
> On 28.11.2011 04:02, Franz wrote:
>> Marek,
>> Made some progress. Tried the live Qubes DVD as you suggested and was
>> able to mount sdc1 of a normal USB stick that generates a sdc and sdc1
>> items in /dev. But was unable to mount the Ironkey USB stick that is
>> an hardware encrypted stick that disrupts itself after 10 failed
>> password attempt to unencrypt it.
>
> Are you sure it doesn't need any additiona non-standard driver?
Well on Ubuntu it works with no problems and it is supposed to work on
Fedora 32 bit too.
>
>> Then tried again on normal Qubes installation (not live) and fdisk -l
>> is unchanged after inserting the Ironkey USB stick, but lsusb shows
>> it. Studing a little bit the documentation of ironkey I noted that it
>> should be mounted as a CD ROM. So was able to mount it, read-only, on
>> Dom0 as
>> mount /dev/sr0 /media/test.
>>
>> Then tried xl block-attach vault phy:/dev/sr0 xvdz
>
> For read-only devices add "r" option at the end of command.
> Of course detach it first before trying attaching again.
using "r" option xvdz appears on /dev of vaultVM so it is possible to mount it.
However, after mounting, running the relevant ironkey file on the USB
stick I'm getting a:
"unable to initialize IKDevCore"
But this is possibly not a Quebes issue, rather a Fedora 64 bit issue.
it seems other users of Fedora 64 got similar problems.
Also this is a problem only related to this particularly security
oriented USB sticks.
Well many thanks for your help
best
Francesco
Laszlo Zrubecz
>>> Then tried again on normal Qubes installation (not live) and fdisk -l
>>> is unchanged after inserting the Ironkey USB stick, but lsusb shows
>>> it. Studing a little bit the documentation of ironkey I noted that it
>>> should be mounted as a CD ROM. So was able to mount it, read-only, on
>>> Dom0 as
>>> mount /dev/sr0 /media/test.
>>>
>>> Then tried xl block-attach vault phy:/dev/sr0 xvdz
>>
>> For read-only devices add "r" option at the end of command.
>> Of course detach it first before trying attaching again.
>
> using "r" option xvdz appears on /dev of vaultVM so it is possible to mount it.
> However, after mounting, running the relevant ironkey file on the USB
> stick I'm getting a:
> "unable to initialize IKDevCore"
Maybe You should mount all the partitions of that pendrive, because
the software on the CD like partition doing the encription on the
other encripted partitions...
You can check it on Ubuntu: jut search for the related partitions from
output of `mount` command...
--
Zrubi
Franz
> Maybe You should mount all the partitions of that pendrive, because
> the software on the CD like partition doing the encription on the
> other encripted partitions...
>
> You can check it on Ubuntu: jut search for the related partitions from
> output of `mount` command...
Laszlo,
I do not know the output of the 'mount' command because Ubuntu mounts
it automatically with no output, but here follows what is added to
dmesg after inserting the pendrive on Ubuntu:
[32428.832329] usb-storage: device scan complete
[32431.209557] scsi 9:0:0:0: CD-ROM IronKey CD-ROM
2.0A PQ: 0 ANSI: 0
[32431.211032] scsi 9:0:0:1: Direct-Access IronKey Secure Drive
2.0A PQ: 0 ANSI: 0
[32431.341406] sr1: scsi3-mmc drive: 52x/52x cd/rw xa/form2 cdda tray
[32431.341682] sr 9:0:0:0: Attached scsi CD-ROM sr1
[32431.341843] sr 9:0:0:0: Attached scsi generic sg3 type 5
[32431.342190] sd 9:0:0:1: Attached scsi generic sg4 type 0
sr1 is mounted automatically by Ubuntu. When I enter into it and run
file ironkey, it shows /dev/sg3 as a possible encrypted device to
mount. When i run it with:
./ironkey /dev/sg3
it asks my password and then mounts the partition so that all enclosed
file are accessible.
When I try to do that on Qubes I get the following lines from dmesg on Dom0:
93305.805455] scsi 7:0:0:0: CD-ROM IronKey CD-ROM
2.0A PQ: 0 ANSI: 0
[93305.937542] sr0: scsi3-mmc drive: 52x/52x cd/rw xa/form2 cdda tray
[93305.938443] sr 7:0:0:0: Attached scsi CD-ROM sr0
[93305.938734] sr 7:0:0:0: Attached scsi generic sg2 type 5
[93305.952131] scsi 7:0:0:1: Direct-Access IronKey Secure Drive
2.0A PQ: 0 ANSI: 0
[93305.953158] sd 7:0:0:1: Attached scsi generic sg3 type 0
[93305.968937] sd 7:0:0:1: [sdc] Attached SCSI removable disk
Then try to block-attach sr0, sg2 and sg3
the first one works:
[f@dom0 f]$ xl block-attach bogri phy:/dev/sr0 xvdx r
but for the other 2 I'm getting the following errors:
[f@dom0 f]$ xl block-attach bogri phy:/dev/sg2 xvdz w
libxl: error: libxl.c:913:validate_virtual_disk Virtual disk /dev/sg2
is not a block device!
libxl_device_disk_add failed.
[f@dom0 f]$ xl block-attach bogri phy:/dev/sg3 xvdz w
libxl: error: libxl.c:913:validate_virtual_disk Virtual disk /dev/sg3
is not a block device!
Best
Francesco
Marek Marczykowski
This is the essential problem - block-attach only support _block_
devices, not chararacter (which sg - scsi generic - is). For now the
only way to get char devices in VM is to delegate full USB controller to
the VM (as PCI device).
You can also try to decrypt this stick in dom0 (run ./ironkey /dev/sg3)
and connect resulting block device (if it is done that way...) to the
VM. But in general it isn't good idea to run some "external" tools in dom0.