This will help many to revive broken qubes systems as I have wasted days and weeks of my time trying to revive my systems many times and nothing worked. I created sys-usb and got locked out few times. None of those instructions found in the internet worked as they may be outdated.
My system: Qubes OS 4.1.1
PC with no PS/2 mouse capability
Recovery process:
-
Make a bootable USB stick of 4.1.1 for a different computer or from a friend. You can download the iso file and use Rufus tool to make that.
-
Boot it and enter Troubleshooting and rescue mode.
-
In rescue mode press 1 and it will say your system is not linux and press Enter will give you a shell. (Directly pressing 3 may also work)
-
Run lvdisplay command to see all the logical volumes present. (my disk is not encrypted and I can see all of them. If you have encrypted disk you may go through further steps to decrypt it 1st)
-
All the logical drives seem to be ‘Inactive’ and they cannot be mounted now.
-
Run vgchange -ay qubes_dom0 to Activate those (please check the _ or - in qubes_dom0 on the lvdisplay, forgot the actual one)
-
Run lvscan will show them as ‘Active’ now
-
Run mkdir /mnt/root
-
Run mount /dev/qubes_dom0/root /mnt/root
-
Run vi /mnt/root/etc/qubes-rpc/policies/qubes.InputKeyboard and add ‘sys-usb dom0 allow’ as the first line without the quotes
-
Run vi /mnt/root/etc/qubes-rpc/policies/qubes.InputMouse and add ‘sys-usb dom0 allow’ as the first line without the quotes
-
Open the file /etc/default/grub and find the line GRUB_CMDLINE_LINUX and remove rd.qubes.hide_all_usb in that line if present
-
mkdir /mnt/root/etc/boot/grub2
-
Run grub2-mkconfig -o /mnt/root/etc/boot/grub2/grub.cfg
Item 13 and 14 may not be necessary but I did it.
Now, if you have encrypted disk you may use the following to decrypt the disk 1st and then follow the steps: