Gods, this thread is such an absolute useless mess it’s not even funny - with such “guides” it is better to just throw stuff at random and hope that it sticks lol. It’s not like authors of such “guides” do anything different anyway…
Ok.
As I need to somewhat structure my sys-audio odyssey I will split my post into three parts:
- My torturous journey of wading through the threads here in search for the crumbs of useful information. And my problems with the so-called “solutions” given in this particular thread.
- The steps I took to set up a disposable vm that can use both debian-minimal and fedora-minimal templates.
- The bugs I have encountered in the process or the story of how I ultimately failed.
First, I need to mention that even a cursory look at all the threads here would tell you that you should keep from this “sys-audio” thing as far away as possible for a foreseeable future. And this is exactly what I had intended to keep doing… until I found out that the random freezes I keep experiencing might be somehow related to the audio stack 
So the obvious solution would be to isolate the audio stack in a vm, right? Right, if only things were that simple…
- The threads.
Absolute mess. Don’t even bother.
This thread exemplifies it more than any other. We have two wonderful “solutions” here:
- remove and reinstall the same package with the same deps and expect a different result
…and - the kernel initializes the sound card only on the n-th reboot, so… just reboot n times! here’s even a helpful script! (genius lol)
This is the level we are talking about here…
The ONLY coherent guide I could find is that of neowutran’s, but he uses fedora-minimal for sys-audio, while I strongly prefer debian for my service vms. But this soon got proven to be irrelevant as the same issues got reproduced on both templates.
Nevertheless I used neowutran’s guide as my baseline for a disposable debian-minimal sys-audio vm. Here are my own notes documenting the process:
-
Create
dvm disposable templatebased ondebian-xx-min-clone-audioby enablingDisposable templateoption -
Add
restrictedtag to thedvm disposable template
qvm-tags <disposable-Template-Name> add restricted
- Create a
named disposablequbesys-audiobased ondvm disposable template
qvm-create --template <disposable-Template-Name> --class DispVM --label red sys-audio
-
In
sys-audioqube settingsServicestab, add theaudiovmservice -
Change
sys-audiovirtualization mode toHVM -
Change
sys-audiomemory to1000 MBand uncheckInclude in memory balancing -
Change
sys-audioDefault disposable templatetonone -
Passthrough the PCI device
00:1f.3 Audio device: Intel Corporation Cannon Lake PCH cAVStosys-audioandConfigure strict reset for PCI devices -
In
dom0execute the following command (changesys-audiotodom0to revert back)
qubes-prefs default_audiovm sys-audio
- Configure policy in
dom0by creating the file/etc/qubes/policy.d/50-sys-audio.policywith the following content
admin.Events * sys-audio @adminvm allow target=dom0
admin.Events +domain-stopped sys-audio @tag:audiovm-sys-audio allow target=dom0
admin.Events +domain-shutdown sys-audio @tag:audiovm-sys-audio allow target=dom0
admin.Events +domain-start sys-audio @tag:audiovm-sys-audio allow target=dom0
admin.Events +connection-established sys-audio @tag:audiovm-sys-audio allow target=dom0
admin.vm.CurrentState * sys-audio @adminvm allow target=dom0
admin.vm.CurrentState * sys-audio @tag:audiovm-sys-audio allow target=dom0
admin.vm.List * sys-audio @adminvm allow target=dom0
admin.vm.List * sys-audio @tag:audiovm-sys-audio allow target=dom0
admin.vm.property.Get +audiovm sys-audio @tag:audiovm-sys-audio allow target=dom0
admin.vm.property.Get +xid sys-audio @tag:audiovm-sys-audio allow target=dom0
admin.vm.feature.CheckWithTemplate +audio sys-audio @tag:audiovm-sys-audio allow target=dom0
admin.vm.feature.CheckWithTemplate +audio-model sys-audio @tag:audiovm-sys-audio allow target=dom0
admin.vm.property.Get +stubdom_xid sys-audio @tag:audiovm-sys-audio allow target=dom0
admin.vm.property.Get +keyboard_layout sys-audio @tag:audiovm-sys-audio allow target=dom0
admin.vm.property.GetAll * sys-audio @tag:audiovm-sys-audio allow target=dom0
Further elaboration:
Point 2, ie adding a restricted tag is irrelevant for this discussion - it is used in my rpc policies.
As explained in neowutran’s guide, adding audiovm service will launch at startup the following command: qvm-start-daemon --all --watch
PCI device 00:1f.3 Audio device: Intel Corporation Cannon Lake PCH cAVS is machine specific
debian-xx-min-clone-audio is an updated debian-minimal tempalte with the following installed packages:
-
Utils
alsa-utils-
pciutils// for lspci command -
pulseaudio-utils
-
Qubes specific
pulseaudio-qubes-
qubes-audio-daemon qubes-gui-daemon-pulseaudioqubes-core-admin-client
-
Misc
-
pasystray// volume tray icon pavucontrolalsa-ossalsa-firmware-loaders-
alsa-ucm-conf
-
-
For mic
socat
In the debian-xx-min-clone-audio template also:
- Create the file
/etc/modprobe.d/50-snd.confwith the following content
options snd_hda_intel enable=1 index=0 power_save=0
enable=1 needed to automatically switch to your Built-in Audio Analog Stereo output device when (or more like “if”) your soundcard gets initialized, otherwise it will use Qubes VCHAN sink, which is relevant in a disposable environment
power_save=0 is apparently there to help with a scratchy sound
Regarding policies, neowutran has the most concise list which makes me believe that he somehow understood what he was doing. I only needed to add two last lines because I was getting errors.
The policies provided in this thread are excessive - every vm with a default audiovm value gets assigned an audiovm-sys-audio tag when you execute qubes-prefs default_audiovm sys-audio
For a fedora-minimal template I installed packages as outlined in the neowutran’s guide.
This pretty much covers the setup. In the next post I will cover my experiences of actually trying to run it.