I have an XP-PEN Deco 01 V2 device. I plug it to my Thinkpad X230 running QubesOS 4.1. Then, using the “Qubes Devices” tray icon tool, I assign it to one of my qubes based on debian 12 running Linux kernel 6.1.43-1.qubes.fc32.x86_64.
However, when I check the available input devices in that qube using xinput command, I do not see my drawing tablet in there.
I cannot draw using the drawing tablet and its pen on the xournal program.
Alright. Instead of attaching the USB drawing tablet to a qube, I have made drawing tablet I mentioned in my OP passthrough its inputs to dom0. That way, I am able to move to the target qube with a drawing whiteboard program running in, and draw on it.
I suppose I am a bit risking myself while I do a hardware passthrough to dom0. However, I think I can pay for that tradeoff in return getting me some cool whiteboard annotations via my drawing tablet.
I am doing the hardware passthrough to dom0 from a cloned and isolated version of sys-usb, anyways—I named it “usb-keyboard” qube, which is a clone of sys-usb, but with only certain USB port hardware assigned to it.
That way, I have a separation between which USB ports have passthroughs to dom0 and which don’t (and these get to be used as normal USB storage/stick device usecases).
In order to get the USB passthrough working with the drawing tablet, I had to modify the /etc/qubes-rpc/policy/qubes.InputTablet file as the following:
usb-keyboard dom0 allow
$anyvm $anyvm deny
The usb-keyboard is the name of the “sys-usb” clone of mine, which only contain the devices that I passthrough to dom0 (previously it was only my USBkeyboard device (check out my post history in this forum) and now it is also this drawing tablet).
After this, the mentioned drawing tablet works without needing to install some proprietary drivers.
Let me know if I am making a horrible mistake and shooting myself in the foot this way (privacy/securiy-wise).
One security implication of your solution is that if the tablet contains, e.g. malicious firmware or someone implants a malicious module into it, then, as a dom0 keyboard, it can compromise your entire system.
If it’s possible to just do all your stuff inside your “sys-keyboard” qube then that would certainly be preferable.