Question on creating USB qube

744 views
Skip to first unread message

neilh...@gmail.com

unread,
Jul 28, 2016, 12:21:20 PM7/28/16
to qubes-users
I am installing QUBES 3.2 to a new laptop.

With the 1st option:

[X] "Create a USB qube holding all USB controllers (sys-usb) [experimental]"

There is then a 2nd option underneath:

[ ] "Use sys-net qube for both networking and USB devices"

Is it recommended to check the box for the 2nd option or not?

Desobediente

unread,
Jul 28, 2016, 2:31:15 PM7/28/16
to qubes-users
What that option means is to not actually create a new "sys-usb" qube to handle the USB controllers, but rather use the already existing "sys-net" qube to handle the USB controllers.

Since the "sys-net" qube already handles networking, the option states "both networking and USB devices".

Having a "sys-usb" qube on will probably consume a small amount of additional RAM memory, and having "sys-net" handle more things will probably open an hypothetical probability of something going wrong in an hypothetical future.

Come to think about it, I have another question: how different would be to use USB network cards in the three different scenarios (USB handled by dom0, sys-net and sys-usb)? 

neilh...@gmail.com

unread,
Jul 28, 2016, 2:43:27 PM7/28/16
to qubes-users
OK thanks for the explanation.

Let me follow up with another question.

Do I need to create a USB qube in order to take advantage of the VT-D/IOMMU protection for my internal WiFi chip... or is sys-net OK in that regard..?

R.B.

unread,
Jul 28, 2016, 5:08:37 PM7/28/16
to neilh...@gmail.com, qubes-users
Hi Neil,

In my experience, USB network dongle (either wifi or copper), do not
seem to work outside the the USB cube. I tried to assign the USB network
adapter to sys-net, but it failed.... Since then, I installed 3.2rc1
with the option of USB and networking in one qube.

You Could try it, but I think you'd need to prevent the network drivers
from loading in the USB qube somehow.

Greetings,

RB

neilh...@gmail.com

unread,
Jul 28, 2016, 5:20:49 PM7/28/16
to qubes-users, neilh...@gmail.com, rebo...@reboli.nl
Yeah, I'm not talking about WiFi USB dongles.

I'm simply talking about the INTERNAL WiFi.

Marek Marczykowski-Górecki

unread,
Jul 28, 2016, 6:44:49 PM7/28/16
to Desobediente, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
USB handled in dom0: no way to use it for VM networking

USB handled in sys-net: should be easily accessible using the same
NetworkManager icon

USB handled in sys-usb: possible to use it after some configuration:
One of:
- assign the device to sys-net using qvm-usb
- enable NetworkManager sys-usb (in "services" tab in sys-usb settings)
and assign it as a netvm for sys-firewall

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJXmorcAAoJENuP0xzK19csTDUIAJoctr5bseALRFL0VDfWmSjG
+kjLeCsmhcSZ3tkhw27GH4Au9PMuDlrHjkrTzk0fpg61r7VkM/YuobJn+/3T79TK
GjEgJa1mtUEkGRVtz1S9SyMLiK2kZXE4jIYWmc42auxYmrM/8f5wLg/Md4rFKKIO
50xeSXu9uagfaQp2UZG5gPZxAQ1rEj7RMenwLFE0fB9L1JYusQXyxajAIC8f8zZT
ce/M7ImmGC7B3Ig6QWCgHF4rnsZPZaUXd5UgxFoenEyITn4MP6Ar4aYSmP1fYqSv
Onh3vZvx79K0M+oI0QhtKcmuUbP+jARZQwkyWb4p0TRkfdokVte5LgPOqdCLMcE=
=cE/N
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages