Locked myself out after creating Sys-USB

I am a beginner to Qubes and Linux.
I created a Sys-USB and locked myself out. I am running Qubes on a NUC set up, without any PS/2 port.
I don’t think I have legacy boot. I see commands that I can press prior to the screen requesting a login, but it won’t register any inputs.
Any idea how to proceed?
Thank you

I see you have already found this thread and the advice given there is sound. There are many ways for you to obtain a “LiveCD” … which means a CD or USB stick with a live Linux system you could boot into. A friend or colleague could create one for you or maybe you can by a Linux magazine … they often have such media attached to them.

Thanks. I saw the other documentation on how to create a LiveCD and used Rufus to create it according to the documentation.
When I plug in the USB, the system does not recognize it and it just skips to the screen requiring the password.

qubes.skip_autostart is the answer you seek :slight_smile:

1 Like

@alzer89 I understand his trouble to be much earlier: actually getting the computer to boot from the LiveCD system.

@rapidtest … did you press F10 and select the media when booting?

Thanks. F10 worked. Was able to select my Live USB.
Now I enter the GMU GRUB version 2.04 menu.

With several options:
Troubleshooting - verbose boot and Install Qubes
-Rescue a Qubes OS system

I could also press c for a command line

Simply add kernel parameter, on grub menu press e to edit, then add qubes.skip_autostart in line that has rhgb quiet, in the same line if there’s rd.qubes.hide_all_usb delete that, then f10 to boot with this parameter.


Thank you!!! This solved it

Would the following two functions recreate the sys usb and allow keyboard to work

qvm-remove sys-usb

sudo qubesctl state.sls qvm.usb-keyboard

EDIT - Removed because it was posted in the wrong thread. My apologies for the confusion.

Yes, @Sven is right. to enter the BIOS.

@rapidtest, there isn’t really any need to do this.

What I would recommend is:

In dom0 add the following line to the file /etc/qubes-rpc/policy/qubes.InputKeyboard:

sys-usb dom0 allow
$anyvm $anyvm deny

This means that you are telling dom0 to automatically accept keystrokes from anything that presents itself as a keyboard on any of your USB buses (including “rubber duckies”, or any other device that you plug in and tells your machine that it has keyboard functionality).

(It’s important that you fully understand what this means, and the secondary consequences of this, to prevent unnecessary avoidable self-pwnage)

After you do this, your sys-usb should function properly.

As long as sys-usb start on boot, you should be fine.

No actually it’s right thing to do to run qvm.usb-keyboard, what he don’t need is, removing current sys-usb vm.

it’s delete the rd.qubes.hide_all_usb from grub config, and add qubes.inputkeyboard policy, then regenerate grub config. He still locked out from entering disk encryption because sys-usb not yet started.

Correct. @51lieal is right. I forgot the rd.qubes.hide_all_usb grub kernel parameter. I knew I forgot something…