I was initially trying to remove a device from sys-usb. However, I couldn’t do that while sys-usb was started. But, if I stopped it, I couldn’t use mouse or keyboard. So, what I tried was to clone sys-usb, removed the device from the clone, made sure the clone started on boot but sys-usb did not, and then rebooted.
But, now I’m stuck. After booting I can enter the password to decrypt the drive, but then when the login prompt shows up, the mouse and keyboard stop working. Clearly the sys-usb clone was not sufficient. I assume I needed to add the clone to other qubes in some way.
Is there a way to recover from this without reinstalling everything? All I need to do is make sys-usb start on boot again. Either that, or modify settings to not lock out the mouse or keyboard.
Also, once this is fixed, how am I supposed to alter the list of devices in sys-usb if I’m using a usb keyboard and mouse?
I’ve ordered a pcie card with ps2 ports. Is that likely to work in this situation to allow me to log in?
i had almost this exact problem once before but managed to fix it by editing the grub menu kernel parameters, this thread may be of use.
also the pcie card probably won’t work because most such cards connect to the motherboard via usb, i know this because i tried one with the same idea in mind.
Thanks, but I wasn’t able to make any of those things work. Modifying grub didn’t seem to change anything. And trying to mount the drive using a shell from the installer couldn’t even see the encrypted drive for some reason.
I ended up just reinstalling since I’m still in the early stages of setting things up.
However, once I’ve got everything set up, I’d like to back everything up so that if I fubar the system again, I can restore it to that point. I’ll have to try the stuff out here:
Incidentally, one of the weird things I ran into when reinstalling was that the multi disk encrypted raid partitions I set up were really sticky. The qubes installer really did not want to clear out the existing partitions. I’d go in and delete them all on all drives, then would set everything up again, but the installer would then fail when going forward because it’d complain about not being able to delete the partitions. I ended up needing to boot into a windows installer, using its partition management to clear everything (it was happy to just delete it all), then start over with qubes. Weird thing to have to do.
If I had known USB keyboards and mice were an issue, I’d have made sure to buy a motherboard with PS2 ports. Sadly, it’s too late to return the motherboard, so I’ll just have to live with it. I’ll just avoid touching sys-usb.
Maybe, we want a Qubes-OS “gamer” keyboard with encrypted data link (shared secret) and some fancy hardware to be plugged into the computer.
The 8042 shit of IBM times is not needed, but we could build something from an existing keyboard and remove the controller which is in the keyboard waits for key strokes and sends scan codes to 8042 which sits on the PC mainboard.
So we just need some arduino/small ARM / risc5 / something core which scans the keystrokes (matrix with Port drivers and Inputs) and has a secret storage for the encryption key to talk to the pc side interface
On the other side we need a receiver, the pc side interface which somehow interacts with the computer hardware, as we hate USB, Memory mapped I/O would be an option. But what to use if we only have PCI express for such a slow interface
Again pain…
ISA was such a nice bus for such stuff. Just add an address decoder and a latch for the data bus and you had your plug-in card.
Now you need fancy bridges and complicated software to do the same lame thing.
Remember first generation “AT-Bus” - “controllers” for IDE drives?
It was just a ISA-Bus with decoded address lines to be routed to the disk drive that had now their controller embedded on the board of the drive …
About 30 years ago
If you go for 8042, maybe some encryption could be implemented into the 8042 of the mainboard and the 8bit cpu in the keyboard.
Unfortunately you can not pull the 8042 off the socket as you could with old 80286 boards and replace it with some fancy other controller that is pin compatible but has more compute power.
Can we alter 8042 firmware of the 8042 on the mainboard? If so, we could use this and have a custom keyboard with custom firmware to talk to modified firmware in 8042 kbc.
But I think this may be mask rom embedded into the south bridge. But I never looked into it…
PC-Arch sucks. Remember A20, a GPIO operated by the Keyboard controller …
And the legacy shit, 8042 has been included into the southbridge chips more than 20 years ago, e.g. ICH3, ICH4 by Intel, and other southbridges made by via, winbond and others.
Infamous Gate A20.
Page 171 on datasheet of now legacy LPC-Super-IO
So hacking some easy legacy free secure keyboard for qubes would be fun if it is not prone to become obsolete soon.
Entering passwords using a secure keyboard is much more fun than looking every time under the desk if someone plugged a ps/2 adapter between my beloved workstation and the keyboard. Sparkling spray on the KBD screws and some stains from eating near the keyboard make it unique and unreplaceable
