Asus G14 - Keyboard + USB ports on same controller - Options

I have an Asus Zephyrus G14 2023 model. I will make a detailed HCL report once I have thoroughly tested it.

I am installing qubes with the bootloader and EFI partitions on a USB flash drive, as the system only takes a single nvme drive and I need multiple operating systems. The flash drive has signed firmware and a physical write protect switch. I am unable to use AEM as it is AMD ryzen with TPM 2.0.

The laptop has four USB controllers. It seems that the keyboard and bluetooth are on the same controller as the external USB-A ports (why
).

Simply using salt to automatically set up sys-usb and pass raw keyboard input to dom0 ‘safely’ works, but with the caveat that the keyboard backlight doesn’t function. This is unworkable for me. I believe it is to do with a separate ‘AsusTek N-KEY’ device on the same controller not being accessible to dom0. An option that does allow the backlight to work is to assign the entire controller to dom0. The caveat to this is not having bluetooth device accessible to pass through to VMs. And not being able to attach block devices via USB-A ports if usbcore.authorized_default=0 is used.

Even if there were a way to passthrough this Asus N-KEY device to dom0 such that the backlight would function, would this render the entire exercise pointless? Am I basically stuck without a keyboard backlight if I want to isolate usb devices from dom0 and still have access to the bluetooth and the USB-A ports? The only reason I would need bluetooth is to use my headphones OTG. The laptop does have a physical audio port but i’d rather not buy a 3rd set of headphones if I can avoid it.

Does anyone have any ideas for how I can better manage this hardware? Other than live without a backlight, but the keys are unreadable to me half the time without it.

I guess this is related:

So you need to build the kernel modules or kernel yourself.

Or maybe you can install this in dom0 but I don’t know if it’ll work:
https://asus-linux.org/guides/fedora-guide/

Thanks for the reply apparatus. Yes I’ve read everything I could find regarding this today after posting. It appears that that the asus-linux packages also rely on asus-nb-wmi so would need to rebuild the kernel to allow pci hotplug regardless. Last time i compiled a kernel was over 15 years ago on a slackware system. I’ll have a look at doing that tonight as I’d rather use qubes with caveats than not at all.

I tried installing asusctl in my dom0 today before putting me through the pain of recompiling the kernel. I managed to copy the necessary rpm files to dom0, but when I try to install it it fails because off libc6 missing. How to get that installed for dom0 fedore?

rpm -i asusctl.rpm

error: Failed dependencies:
libc.so.6(GLIBC_2.38(64bit) is needed by asusctl-6.0.12-3.fc42.x86_64

Also I have noticed that the version of asusctl released uses a newer fedora version then qubes latest at the moment, and I couldn’t find older asusctl binaries how big problem can that cause?

Yeah there are no versions for older fedora releases, and they won’t support you with it. You could try building newer glibc, add it to your ld path variable, and specify the newer glibc version when running the application, but I have no idea what other dependencies may be missing or even how well it would work with xen. I just decided to wait until next qubes release with updated dom0 and give it a try then.

I ended up just compiling kernel-latest myself using qubes build tools to enable pci hotplug. I now have asus-nb-wmi kernel module loaded, and suspend works as a result. The caveat is that the battery drains while in suspend, at a rate of about 5% per hour. It’s not ideal but it’s workable for me for now. I also need to keep the usb controller that has the asus n-key device attached to dom0 to get my keyboard backlight to work. This has the disadvantage that my usb-A ports are only usable for keyboard/mouse. I just use the usb-c ports for other devices. Not the most physically secure setup but it’s what i’ve got for now. Other than that everything works fine. The cooling kicks in whenever it heats up. Sometimes i get a crash when starting the usb qube, but not often. I need to learn a lot more about qubes tools and xen before i dig into it any more but it’s usable for now.

Yes, same goes for me, I also need to learn a lot about Xan and Qubes itself after coming from the Windows & Debian world.

How difficult was it for you to do the kernel compilation to enable pci hotplug? How much time did you spend playing with it?

Not difficult. I just followed the instructions here

under “Qubes Executor”, " CLI" and “Package” headings, and did some reading and digging around on how it works. After copying the qubes-os-4.2.yml config from example-configs I removed every package from the components list except for kernel-latest and builder-rpm (as far as i can remember) . I’m pretty sure i left the rest of the config file alone. Then I just typed ‘.qb package fetch’ to get the sources. Then i changed the qubes config file in the kernel sources folder to enable pci hotplug, and updated the rel file to 2 so my build wouldn’t conflict with the repo version. Then typed ‘.qb prep build’. The rpm files will be in the artefacts directory. That’s the general steps as far as I can remember. Sorry if it’s not so clear but it’s 5am here and I don’t have a build system to look at. Hope you manage to get it to work for you :slight_smile:

Anyway

Thank you for the detailed reply, I’ll test it in the upcoming 1-2 days.

Today, I tried it myself, however when I execute the sudo ./qb package fetch I get the following error:

19:15:16 [qb] An error occurred: Failed to copy-in: Command ‘[’/usr/lib/qubes/qrexec-client-vm’, ‘–’, ‘disp3791’, ‘qubesbuilder.FileCopyIn±2Fbuilder-2Fplugins-2Ffetch’, ‘/usr/lib/qubes/qfile-agent’, ‘/home/user/qubes-builderv2/qubesbuilder/plugins/fetch’]’ returned non-zero exit status 1.

I am using a disposable VM named work-qubesos based on a disposable VM template.

What can be the issue, do you have any suggestion?

From my understanding of the readme is that you get a fedora 39 template, install dependencies in that, and create an appvm called ‘work-qubesos’ in which you clone the git repo and run qubes builder from there. Since I already have a Fedora 40 disp-vm I created a new disp-vm template from the Fedora 39 template and followed instructions to set that up as default dvm for work-qubesos. Make sure to fetch the submodules as under “Dependencies” subheading before trying to fetch and build packages. I hope this helps.

(there are two dependency lists, one at the beginning of the document under “Dependencies”, one under “Qubes executor” and they appear to have duplicate packages between them - Do you install both dependency lists into fedora 39 template if using qubes executor? Confusing)

Ohh I think fetching the git submodules is what was missing for me, thanks!

Okay even with the submodules installed I get this error. Yes I installed both dependencies (dependencies-fedora.txt, dependencies-fedora-qubes-executor.txt)and that succeeded.

This is the full stacktrace.

[user@work-qubesos qubes-builderv2]$ sudo ./qb package fetch
18:21:43 [qb] Running stage 'fetch'
18:21:49 [qb.fetch.builder-rpm.fetch] copy-in (cmd): /usr/lib/qubes/qrexec-client-vm -- disp2170 qubesbuilder.FileCopyIn+-2Fbuilder-2Fplugins-2Ffetch /usr/lib/qubes/qfile-agent /home/user/qubes-builderv2/qubesbuilder/plugins/fetch
qfile-unpacker: Fatal error: Refusing to change to UID other than the caller's UID (error type: Success)
Traceback (most recent call last):
  File "/usr/local/etc/qubes-rpc/qubesbuilder.FileCopyIn", line 75, in <module>
    main()
  File "/usr/local/etc/qubes-rpc/qubesbuilder.FileCopyIn", line 64, in main
    subprocess.run(
  File "/usr/lib64/python3.12/subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['qfile-unpacker', '--allow-all-names', '--allow-unsafe-symlinks', '1000', '/builder/incoming']' returned non-zero exit status 1.
EOF
18:21:50 [qb] An error occurred: Failed to copy-in: Command '['/usr/lib/qubes/qrexec-client-vm', '--', 'disp2170', 'qubesbuilder.FileCopyIn+-2Fbuilder-2Fplugins-2Ffetch', '/usr/lib/qubes/qfile-agent', '/home/user/qubes-builderv2/qubesbuilder/plugins/fetch']' returned non-zero exit status 1.
18:21:50 [qb] 
Traceback (most recent call last):
  File "/home/user/qubes-builderv2/qubesbuilder/executors/qubes.py", line 89, in copy_in
    subprocess.run(copy_in_cmd, check=True)
  File "/usr/lib64/python3.12/subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['/usr/lib/qubes/qrexec-client-vm', '--', 'disp2170', 'qubesbuilder.FileCopyIn+-2Fbuilder-2Fplugins-2Ffetch', '/usr/lib/qubes/qfile-agent', '/home/user/qubes-builderv2/qubesbuilder/plugins/fetch']' returned non-zero exit status 1.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/user/qubes-builderv2/qubesbuilder/cli/cli_base.py", line 76, in __call__
    rv = self.main(*args, standalone_mode=False, **kwargs)
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/click/core.py", line 1055, in main
    rv = self.invoke(ctx)
         ^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/click/core.py", line 1657, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/click/core.py", line 1688, in invoke
    rv.append(sub_ctx.command.invoke(sub_ctx))
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/click/core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/click/core.py", line 760, in invoke
    return __callback(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/click/decorators.py", line 38, in new_func
    return f(get_current_context().obj, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/user/qubes-builderv2/qubesbuilder/cli/cli_package.py", line 63, in fetch
    _component_stage(
  File "/home/user/qubes-builderv2/qubesbuilder/cli/cli_package.py", line 41, in _component_stage
    p.run(stage=stage_name)
  File "/home/user/qubes-builderv2/qubesbuilder/plugins/fetch/__init__.py", line 185, in run
    executor.run(cmd, copy_in, copy_out, environment=self.environment)
  File "/home/user/qubes-builderv2/qubesbuilder/executors/qubes.py", line 377, in run
    raise e
  File "/home/user/qubes-builderv2/qubesbuilder/executors/qubes.py", line 285, in run
    self.copy_in(dispvm, source_path=src_in, destination_dir=dst_in)
  File "/home/user/qubes-builderv2/qubesbuilder/executors/qubes.py", line 96, in copy_in
    raise ExecutorError(msg, name=vm)
qubesbuilder.executors.ExecutorError: Failed to copy-in: Command '['/usr/lib/qubes/qrexec-client-vm', '--', 'disp2170', 'qubesbuilder.FileCopyIn+-2Fbuilder-2Fplugins-2Ffetch', '/usr/lib/qubes/qfile-agent', '/home/user/qubes-builderv2/qubesbuilder/plugins/fetch']' returned non-zero exit status 1.
[user@work-qubesos qubes-builderv2]$

It looks like it’s failed to copy in files from the dispvm. Maybe check that you have properly created bind-dirs and added mount command in the dispvm template as explained under Qubes Executor section of readme. Also make sure you have copied 50-qubesbuilder.policy in dom0 as explained under the same section.

Today my touchpad and touchscreen started working out of the blue, I don’t know how so the issue is resolved, but I don’t even know the reason behind it.

Did you update dom0? Possible new kernel has better support.

1 Like

Yes, probably that’s what fixed it for me.