This is something from Official Qubes documentation-
Some devices do not implement a reset option. In these cases, Qubes by default does not allow attaching the device to any VM. If you decide to override this precaution, beware that the device may only be trusted when attached to the first VM. Afterwards, it should be considered tainted until the whole system is shut down. Even without malicious intent, usage data may be leaked.
In case device reset is disabled for any reason, detaching the device should be considered a risk. Ideally, devices for which the no-strict-reset option is set are attached once to a VM which isn’t shut down until the system is shut down.
So I wanted to ask that if my sys-usb use my pci devices (usb controllers) with no-stict-reset option then Is it mandatory to shut down laptop after using a block device like sda1 to attach to vault and after detach and removal from PC. And if I don’t shut it, I shouldn’t shut down my Vault VM? Or this paragraph is meant only about that we shouldn’t shut down sys-usb VM. (or anything else) (sorry, I was unable to interpret)
And what is the real meaning of usage data may be leaked?
If you are asking something @wobo, then you should Highlight it somewhat. It’s looking like something is detailed here. Anyways, once a device get attached to a VM, it’s not released for dom0 by itself. So I presume ( although I may be wrong), It’s safe to not use same block device in same session to another VM and you can unmount from VM and detach also from same VM and probably should not shut down your vault VM until you shutdown laptop. Maybe @adw can put some light on it.
My understanding is that such practices regarding device handling are recommended for strict security hygiene, since it’s possible for a device shared with qube A then with qube B to be a vector for qube A to attack qube B.
Ok, I read the doc again and what I understood is that those instructions are for PCI devices, which we assign to like sys-net and sys-usb etc. So we shouldn’t shutdown sys-usb if those usb controllers are attached with no-strict-reset option.
My understanding here is that should we add some use case scenerio as example in device handling page of documentation, @adw?
Some devices do not implement a reset option. In these cases, Qubes by default does not allow attaching the device to any VM. If you decide to override this precaution, beware that the device may only be trusted when attached to the first VM. Afterwards, it should be considered tainted until the whole system is shut down. Even without malicious intent, usage data may be leaked.
In case device reset is disabled for any reason, detaching the device should be considered a risk. Ideally, devices for which the no-strict-reset option is set are attached once to a VM which isn’t shut down until the system is shut down.
As an example if your USB controller are attached to sys-usb with no-strict-reset option, ideally sys-usb should not be shut down until system itself is not shut down.