Audio qube

Good to hear (and thanks for the great guide)!

In theory, is it possible that sys-audio makes your VMs more unique, therefore more fingerprintable? I hope not, just wondering as a half amateur Q user.

More unique for which attacker? You mean for websites or for local users? If itā€™s the former, then I find it unlikely. Do websites have access to the audio system?
If itā€™s the latter, then Qubes doesnā€™t try to prevent such fingerprinting.

Websites. And I donā€™t know. Do they? They can play audio for sure. Iā€™m also not sure about the scenario when audio is disabled by default. Can a website see that you donā€™t have any audio in your OS? In my mind this can be unique, but I maybe wrong as all of these are just my speculations.

Hi,

My bluetooth device is a Network controller: Intel Corporation Wi-Fi 6 AX201** that includes Bluetooth functionality, the Intel AX201 is known to be a combo card that supports both Wi-Fi 6 and Bluetooth 5.x.

When restarting the sys-audio cube i have following error:

Start failed: Requested operation is not valid: PCI device 0000:00:14.3 is in use by driver xenlight, domain sys-net, see /var/log/libvirt/libxl/libxl-driver.log for details

A restart of other qubes does not fix the problem.

I think the AX201 consists of two devices:

  • PCI Wireless controller that you should attach to sys-net for WiFi to work
  • USB Bluetooth adapter that you should attach from sys-usb to sys-audio for bluetooth to work in sys-audio (or attach the PCI USB controller to which the USB Bluetooth adapter is connected to to the sys-audio instead of sys-usb)

So you donā€™t need to attach PCI Wireless controller to sys-audio for bluetooth to work there.

These are all my devices (excluding my audio ones):

00:00.0 Host bridge: Intel Corporation 11th Gen Core Processor Host Bridge/DRAM Registers
00:01.0 PCI bridge: Intel Corporation 11th Gen Core Processor PCIe Controller #1
00:02.0 VGA compatible controller: Intel Corporation Tiger Lake-H GT1 [UHD Graphics]
00:04.0 Signal processing controller: Intel Corporation Tiger Lake-H Dynamic Tuning Processor Participant
00:05.0 PCI bridge: Intel Corporation Tiger Lake-H PCI Express Root Port #0
00:06.0 PCI bridge: Intel Corporation Tiger Lake-H PCI Express Root Port #2
00:07.0 PCI bridge: Intel Corporation Tiger Lake-H GNA Scoring Accelerator module
00:08.0 Signal processing controller: Intel Corporation Tiger Lake-H Gaussian Mixture Model
00:0d.0 USB controller: Intel Corporation Tiger Lake-H USB 3.1 xHCI Host Controller
00:0d.2 USB controller: Intel Corporation Tiger Lake-H NHI #0
00:0d.3 USB controller: Intel Corporation Tiger Lake-H NHI #1
00:0e.0 USB controller: Intel Corporation Tiger Lake-H xHCI Host Controller
00:14.0 USB controller: Intel Corporation Tiger Lake-H USB 3.2 xHCI Host Controller
00:14.2 RAM memory: Intel Corporation Tiger Lake-H Shared SRAM
00:14.3 Network controller: Intel Corporation Wi-Fi 6 AX201
00:15.0 Serial bus controller: Intel Corporation Tiger Lake-H Serial IO I2C Controller #0
00:15.1 Serial bus controller: Intel Corporation Tiger Lake-H Serial IO I2C Controller #1
00:16.0 Communication controller: Intel Corporation Tiger Lake-H Management Engine Interface
00:17.0 SATA controller: Intel Corporation Tiger Lake-H SATA AHCI Controller
00:1c.0 PCI bridge: Intel Corporation Tiger Lake-H PCI Express Root Port #9
00:1d.0 PCI bridge: Intel Corporation Tiger Lake-H PCI Express Root Port #11
00:1f.0 ISA bridge: Intel Corporation HM570 LPC/eSPI Controller
00:1f.3 SMBus: Intel Corporation Tiger Lake-H SMBus Controller
00:1f.4 SMBus: Intel Corporation Tiger Lake-H SPI Controller
01:00.0 VGA compatible controller: NVIDIA Corporation GA104M [GeForce RTX 3080 Mobile / Max-Q 8GB/16GB]
02:00.0 Non-Volatile memory controller: Samsung Electronics Co Ltd NVMe SSD Controller PM9A1/PM9A3/980PRO
52:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8125 2.5GbE Controller

These are my devices, excluding my audio ones:

00:00.0 Host bridge: Intel Corporation 11th Gen Core Processor Host Bridge/DRAM Registers
00:01.0 PCI bridge: Intel Corporation 11th Gen Core Processor PCIe Controller #1
00:02.0 VGA compatible controller: Intel Corporation Tiger Lake-H GT1 [UHD Graphics]
00:04.0 Signal processing controller: Intel Corporation Tiger Lake-H Dynamic Tuning Processor Participant
00:05.0 PCI bridge: Intel Corporation Tiger Lake-H PCI Express Root Port #0
00:06.0 PCI bridge: Intel Corporation Tiger Lake-H PCI Express Root Port #2
00:07.0 PCI bridge: Intel Corporation Tiger Lake-H GNA Scoring Accelerator module
00:08.0 Signal processing controller: Intel Corporation Tiger Lake-H Gaussian Mixture Model
00:0d.0 USB controller: Intel Corporation Tiger Lake-H USB 3.1 xHCI Host Controller
00:0d.2 USB controller: Intel Corporation Tiger Lake-H NHI #0
00:0d.3 USB controller: Intel Corporation Tiger Lake-H NHI #1
00:0e.0 USB controller: Intel Corporation Tiger Lake-H xHCI Host Controller
00:14.0 USB controller: Intel Corporation Tiger Lake-H USB 3.2 xHCI Host Controller
00:14.2 RAM memory: Intel Corporation Tiger Lake-H Shared SRAM
00:14.3 Network controller: Intel Corporation Wi-Fi 6 AX201
00:15.0 Serial bus controller: Intel Corporation Tiger Lake-H Serial IO I2C Controller #0
00:15.1 Serial bus controller: Intel Corporation Tiger Lake-H Serial IO I2C Controller #1
00:16.0 Communication controller: Intel Corporation Tiger Lake-H Management Engine Interface
00:17.0 SATA controller: Intel Corporation Tiger Lake-H SATA AHCI Controller
00:1c.0 PCI bridge: Intel Corporation Tiger Lake-H PCI Express Root Port #9
00:1d.0 PCI bridge: Intel Corporation Tiger Lake-H PCI Express Root Port #11
00:1f.0 ISA bridge: Intel Corporation HM570 LPC/eSPI Controller
00:1f.3 SMBus: Intel Corporation Tiger Lake-H SMBus Controller
00:1f.4 SMBus: Intel Corporation Tiger Lake-H SPI Controller
01:00.0 VGA compatible controller: NVIDIA Corporation GA104M [GeForce RTX 3080 Mobile / Max-Q 8GB/16GB]
02:00.0 Non-Volatile memory controller: Samsung Electronics Co Ltd NVMe SSD Controller PM9A1/PM9A3/980PRO
52:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8125 2.5GbE Controller

Whatā€™s the output of this command in sys-usb?

lsusb
user@sys-usb:~$ lsusb
Bus 005 Device 002: ID 0bda:0411 Realtek Semiconductor Corp. Hub
Bus 005 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 004 Device 004: ID 048d:c968 Integrated Technology Express, Inc. ITE Device(8258)
Bus 004 Device 003: ID 04f2:b67d Chicony Electronics Co., Ltd Integrated Camera
Bus 004 Device 002: ID 1050:0407 Yubico.com Yubikey 4/5 OTP+U2F+CCID
Bus 004 Device 006: ID 8087:0026 Intel Corp. AX201 Bluetooth
Bus 004 Device 009: ID 31e3:1312 Wooting Wooting 60HE (ARM)
Bus 004 Device 007: ID 1532:007b Razer USA, Ltd RC30-0305 Gaming Mouse Dongle [Viper Ultimate (Wireless)]
Bus 004 Device 005: ID 0bda:5411 Realtek Semiconductor Corp. RTS5411 Hub
Bus 004 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd QEMU Tablet
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
user@sys-usb:~$ 

This is your USB Bluetooth adapter from AX201.

Thanks! Interesting tough, I donā€™t see any mention of bluetooth in the connected devices under the sys-usb qubeā€¦

Connected devices:

00:0d.0 USB controller: Intel Corporation Tiger Lake-H Thunderbolt 4 USB Controller
00:0d.2 USB controller: Intel Corporation Tiger Lake-H Thunderbolt 4 NHI #0
00:0d.3 USB controller: Intel Corporation Tiger Lake-H Thunderbolt 4 NHI #1
00:14.0 USB controller: Intel Corporation Tiger Lake-H USB 3.2 Gen 2x1 XHCI Host Controller

You need to install blueman and configure the bluetooth in the sys-usb for it to work there:

I have installed and started the bluetooth service in the sys-usb template but nothing really changesā€¦

The availlable devices I can to add to sys-audio are:

00:00.0 Host bridge: Intel Corporation 11th Gen Core Processor Host Bridge/DRAM Registers
00:01.0 PCI bridge: Intel Corporation 11th Gen Core Processor PCIe Controller #1
00:02.0 VGA compatible controller: Intel Corporation TigerLake-H GT1 [UHD Graphics]
00:04.0 Signal processing controller: Intel Corporation TigerLake-LP Dynamic Tuning Processor Participant
00:06.0 PCI bridge: Intel Corporation 11th Gen Core Processor PCIe Controller #0
00:07.0 PCI bridge: Intel Corporation Tiger Lake-H Thunderbolt 4 PCI Express Root Port #0
00:07.2 PCI bridge: Intel Corporation Tiger Lake-H Thunderbolt 4 PCI Express Root Port #2
00:0a.0 Signal processing controller: Intel Corporation Tigerlake Telemetry Aggregator Driver
00:0d.0 USB controller: Intel Corporation Tiger Lake-H Thunderbolt 4 USB Controller
00:0d.2 USB controller: Intel Corporation Tiger Lake-H Thunderbolt 4 NHI #0
00:0d.3 USB controller: Intel Corporation Tiger Lake-H Thunderbolt 4 NHI #1
00:14.0 USB controller: Intel Corporation Tiger Lake-H USB 3.2 Gen 2x1 xHCI Host Controller
00:14.2 RAM memory: Intel Corporation Tiger Lake-H Shared SRAM
00:14.3 Network controller: Intel Corporation Tiger Lake PCH CNVi WiFi
00:15.0 Serial bus controller: Intel Corporation Tiger Lake-H Serial IO I2C Controller #0
00:15.1 Serial bus controller: Intel Corporation Tiger Lake-H Serial IO I2C Controller #1
00:15.2 Serial bus controller: Intel Corporation
00:16.0 Communication controller: Intel Corporation Tiger Lake-H Management Engine Interface
00:17.0 SATA controller: Intel Corporation Tiger Lake SATA AHCI Controller
00:1d.0 PCI bridge: Intel Corporation Tiger Lake-H PCI Express Root Port #9
00:1d.6 PCI bridge: Intel Corporation
00:1f.0 ISA bridge: Intel Corporation HM570 LPC/eSPI Controller
00:1f.4 SMBus: Intel Corporation Tiger Lake-H SMBus Controller
00:1f.5 Serial bus controller: Intel Corporation Tiger Lake-H SPI Controller
01:00.0 VGA compatible controller: NVIDIA Corporation GA104M [GeForce RTX 3080 Mobile / Max-Q 8GB/16GB]
02:00.0 Non-Volatile memory controller: Samsung Electronics Co Ltd NVMe SSD Controller PM9A1/PM9A3/980PRO
5c:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller

sys-usb qube: lsusb -t

user@sys-usb:~$ lsusb -t
/:  Bus 05.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/8p, 20000M/x2
    |__ Port 5: Dev 2, If 0, Class=Hub, Driver=hub/2p, 5000M
/:  Bus 04.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/16p, 480M
    |__ Port 3: Dev 2, If 2, Class=Chip/SmartCard, Driver=, 12M
    |__ Port 3: Dev 2, If 0, Class=Human Interface Device, Driver=usbhid, 12M
    |__ Port 3: Dev 2, If 1, Class=Human Interface Device, Driver=usbhid, 12M
    |__ Port 6: Dev 3, If 0, Class=Video, Driver=uvcvideo, 480M
    |__ Port 6: Dev 3, If 1, Class=Video, Driver=uvcvideo, 480M
    |__ Port 9: Dev 4, If 0, Class=Human Interface Device, Driver=usbhid, 12M
    |__ Port 10: Dev 5, If 0, Class=Hub, Driver=hub/2p, 480M
        |__ Port 1: Dev 7, If 0, Class=Human Interface Device, Driver=usbhid, 12M
        |__ Port 1: Dev 7, If 1, Class=Human Interface Device, Driver=usbhid, 12M
        |__ Port 1: Dev 7, If 2, Class=Human Interface Device, Driver=usbhid, 12M
        |__ Port 2: Dev 8, If 4, Class=Human Interface Device, Driver=usbhid, 12M
        |__ Port 2: Dev 8, If 2, Class=Human Interface Device, Driver=usbhid, 12M
        |__ Port 2: Dev 8, If 0, Class=Human Interface Device, Driver=usbhid, 12M
        |__ Port 2: Dev 8, If 5, Class=Human Interface Device, Driver=usbhid, 12M
        |__ Port 2: Dev 8, If 3, Class=Human Interface Device, Driver=usbhid, 12M
        |__ Port 2: Dev 8, If 1, Class=Human Interface Device, Driver=usbhid, 12M
    |__ Port 14: Dev 6, If 0, Class=Wireless, Driver=btusb, 12M
    |__ Port 14: Dev 6, If 1, Class=Wireless, Driver=btusb, 12M
/:  Bus 03.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/4p, 10000M
/:  Bus 02.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/1p, 480M
/:  Bus 01.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/6p, 480M
    |__ Port 1: Dev 2, If 0, Class=Human Interface Device, Driver=usbhid, 480M
user@sys-usb:~$ lsusb
Bus 005 Device 002: ID 0bda:0411 Realtek Semiconductor Corp. Hub
Bus 005 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 004 Device 004: ID 048d:c968 Integrated Technology Express, Inc. ITE Device(8258)
Bus 004 Device 003: ID 04f2:b67d Chicony Electronics Co., Ltd Integrated Camera
Bus 004 Device 002: ID 1050:0407 Yubico.com Yubikey 4/5 OTP+U2F+CCID
Bus 004 Device 006: ID 8087:0026 Intel Corp. AX201 Bluetooth
Bus 004 Device 008: ID 31e3:1312 Wooting Wooting 60HE (ARM)
Bus 004 Device 007: ID 1532:007b Razer USA, Ltd RC30-0305 Gaming Mouse Dongle [Viper Ultimate (Wireless)]
Bus 004 Device 005: ID 0bda:5411 Realtek Semiconductor Corp. RTS5411 Hub
Bus 004 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd QEMU Tablet
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

When I add a USB device that is allready in use by sys-usb, I get:

Screenshot_2024-09-05_21-41-28

When I move the USB device from sys-usb to sys-audio, I have no usb devices anymoreā€¦

Am I missing something?

Attach this USB device not PCI USB Controller from sys-usb to sys-audio:

Bus 004 Device 006: ID 8087:0026 Intel Corp. AX201 Bluetooth

Use Qubes Devices widget in system tray for this, not qubeā€™s Settings ā†’ Devices tab.
Then you can use blueman-manager in sys-audio to pair with your Bluetooth devices.

Thanks for helping, sadly enough that is not an option between my devicesā€¦
This is what I have:

[x@dom0 ~]$ qvm-usb
BACKEND:DEVID   DESCRIPTION                                              USED BY
sys-usb:4-10.1  1532:007b_Razer_Razer_Viper_Ultimate_Dongle              
sys-usb:4-10.2  31e3:1312_Wooting_Wooting_60HE__ARM__A02B2315W052H36407  
sys-usb:4-14    8087:0026_8087_0026                                      
sys-usb:4-3     1050:0407_Yubico_YubiKey_OTP+FIDO+CCID_0020637187        
sys-usb:4-6     04f2:b67d_Sonix_Technology_Co.__Ltd._Integrated_Camera   
sys-usb:4-9     048d:c968_ITE_Tech._Inc._ITE_Device_8258_                disp4018 (identity=0000:0000::'?''*''*''*''*''*''*')


[x@dom0 ~]$ lsusb
[x@dom0 ~]$ qvm-pci
BACKEND:DEVID  DESCRIPTION                                                                                                     USED BY
dom0:00_00.0   Host bridge: Intel Corporation 11th Gen Core Processor Host Bridge/DRAM Registers                               
dom0:00_01.0   PCI bridge: Intel Corporation 11th Gen Core Processor PCIe Controller #1                                        
dom0:00_02.0   VGA compatible controller: Intel Corporation TigerLake-H GT1 [UHD Graphics]                                     
dom0:00_04.0   Signal processing controller: Intel Corporation TigerLake-LP Dynamic Tuning Processor Participant               
dom0:00_06.0   PCI bridge: Intel Corporation 11th Gen Core Processor PCIe Controller #0                                        
dom0:00_07.0   PCI bridge: Intel Corporation Tiger Lake-H Thunderbolt 4 PCI Express Root Port #0                               
dom0:00_07.2   PCI bridge: Intel Corporation Tiger Lake-H Thunderbolt 4 PCI Express Root Port #2                               
dom0:00_0a.0   Signal processing controller: Intel Corporation Tigerlake Telemetry Aggregator Driver                           
dom0:00_0d.0   USB controller: Intel Corporation Tiger Lake-H Thunderbolt 4 USB Controller                                     sys-usb (no-strict-reset=True)
dom0:00_0d.2   USB controller: Intel Corporation Tiger Lake-H Thunderbolt 4 NHI #0                                             sys-usb (no-strict-reset=True)
dom0:00_0d.3   USB controller: Intel Corporation Tiger Lake-H Thunderbolt 4 NHI #1                                             sys-usb (no-strict-reset=True)
dom0:00_14.0   USB controller: Intel Corporation Tiger Lake-H USB 3.2 Gen 2x1 xHCI Host Controller                             sys-usb (no-strict-reset=True)
dom0:00_14.2   RAM memory: Intel Corporation Tiger Lake-H Shared SRAM                                                          
dom0:00_14.3   Network controller: Intel Corporation Tiger Lake PCH CNVi WiFi                                                  sys-net
dom0:00_15.0   Serial bus controller: Intel Corporation Tiger Lake-H Serial IO I2C Controller #0                               
dom0:00_15.1   Serial bus controller: Intel Corporation Tiger Lake-H Serial IO I2C Controller #1                               
dom0:00_15.2   Serial bus controller: Intel Corporation                                                                        
dom0:00_16.0   Communication controller: Intel Corporation Tiger Lake-H Management Engine Interface                            
dom0:00_17.0   SATA controller: Intel Corporation Tiger Lake SATA AHCI Controller                                              
dom0:00_1d.0   PCI bridge: Intel Corporation Tiger Lake-H PCI Express Root Port #9                                             
dom0:00_1d.6   PCI bridge: Intel Corporation                                                                                   
dom0:00_1f.0   ISA bridge: Intel Corporation HM570 LPC/eSPI Controller                                                         
dom0:00_1f.3   Audio device: Intel Corporation Tiger Lake-H HD Audio Controller                                                sys-audio (no-strict-reset=True)
dom0:00_1f.4   SMBus: Intel Corporation Tiger Lake-H SMBus Controller                                                          
dom0:00_1f.5   Serial bus controller: Intel Corporation Tiger Lake-H SPI Controller                                            
dom0:01_00.0   VGA compatible controller: NVIDIA Corporation GA104M [GeForce RTX 3080 Mobile / Max-Q 8GB/16GB]                 
dom0:01_00.1   Audio device: NVIDIA Corporation GA104 High Definition Audio Controller                                         sys-audio (no-strict-reset=True)
dom0:02_00.0   Non-Volatile memory controller: Samsung Electronics Co Ltd NVMe SSD Controller PM9A1/PM9A3/980PRO               
dom0:5c_00.0   Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller  sys-net
[x@dom0 ~]$ 

I think I will just the blueman-manager from sys-usb since replacing the usb controller with Bluetooth functionality from sys-usb to sys-audio also replaces all the other devices on my usb controller

What problem do you have with attaching USB Bluetooth adapter from sys-usb to sys-audio?
sys-usb:4-14 8087:0026_8087_0026 - is your USB Bluetooth adapter.
You can do this using Qubes Devices widget in system tray or by running this command in dom0 terminal:

qvm-usb attach sys-audo sys-usb:4-14

Iā€™ve tried attaching 4-14 and 4-9 but none of those devices show up in lsusb within sys-audio qubeā€¦ blueman-manager does not recognize any bluetooth device as well

Are you able to attach any USB device to any qube at all?

@neowutran it worked perfectly for me, thanks! I did not expect the recording to be passed as well from a bluetooth headsets :partying_face:

I just need to figure why the bluetooth applet does not start automatically now

Did you enable blueman service in the sys-audio Settings ā†’ Services?

2 Likes