No sys-usb found

I cannot find sys-usb don’t I need that?
I am reading the documentation but I just started today and I have 2 things I need to get going pretty quick.
My wireless mouse dongle is usb right?
And my wireless head phones, it is tough trying to watch videos with not sound.
For right now I would like to get usb going, I see usb packages that I can install but questions is don’t I need sys-usb? If I need to create that myself where should I put it. I want to keep this install clean untill I know enough to really screw it up. : )


Usually. Did you select the option to create sys-net in onboarding? Did you select the option that combines sys-net with sys-usb (for USB ethernet adapters) in onboarding?

Xorg handles your mouse and PulseAudio handles your audio. Both of these are peripherals that run in dom0. It is not a good idea to connect devices like USB or Bluetooth controllers to dom0.

Don’t beat yourself up when you inevitably do. Screwing up is a really good way to learn. Unless you’re doing something mission-critical, but then you shouldn’t be learning as you go and should maybe talk to an expert.

Note that sys-usb qube is not installed by default if you have a usb keyboard. Read this before trying to create it: USB qubes | Qubes OS.

I am not sure what you mean by onboarding, when did that happen? I have not seen an option to combine sys-net with sys-usb, not during installation or since.
I have a wireless mouse and wireless headphone pulse audio does not handle the WiFi. Right now I have a mouse pluggin but I prefer to use wireless mouse.

By onboarding I refer to the installation of Qubes on your machine, when you’re prompted to partition your drives, configure your timezone, and set a password for your dom0 user.

This only appears during installation. If you wanted to set up a system like this after installation, you’d have to manually configure it.

Your wireless mouse connects via a USB dongle, which plugs into a USB port, controlled by a USB controller. Your USB controller is handled by Xen, which isolates it from dom0. Exposing a USB controller to dom0 is a bad idea, because USB controllers are often very highly privileged due to their having to interface with things like drivers. If your USB controller was exposed to dom0 and I plugged in a malicious USB drive, for example, I could gain almost complete (if not total) control over your system.

I made the assumption that your wireless headphones connected either by Bluetooth (very common) or by a wireless USB dongle. I’ve never heard of headphones that connect by WiFi.

You are correct in stating that WiFi is not handled by Pulse. Pulse runs in dom0. Your WiFi connections are handled by the domain attached to your network adapter, by-default sys-net.

If your wireless headphones connect via WiFi, then you might have to connect your network adapter to dom0. As far as isolation principles go, this is an extremely bad idea because it exposes dom0 to your not just your entire local network but to the entire internet, un-firewalled (except for router configurations).

It might be possible to put together some sort of isolated audio handler in dom0 that Pulse can interface with that transparently sends your audio to the domain attached to the controller which connects to your headphones (if this hasn’t already been done), sys-usb for a USB dongle, sys-net for WiFi headphones, or some other configuration for a Bluetooth controller (I would say just attach it to sys-usb too, because they’re the same thing as far as isolation principles go, requiring near-physical access and with high privilege in the system).

I don’t know what you mean by this. I assume you’re saying you have a mouse plugged in. Is this mouse plugged in to a USB port on your machine, or a PS/2 port?

It is completely possible that the standard configuration for sys-usb has a system of proxy handlers than can pipe around your USB mouse and keyboard input, but I’m not sure, I’ve never used either with Qubes.

I’m going to recommend some further reading of the documentation. Check this article out (you can probably skip the part on PCI (but it is interesting)):

Onion: http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/doc/device-handling-security/

And also this article, on specific pitfalls for USB devices:

Onion: http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/doc/usb-troubleshooting/

1 Like

Audio domain is coming in 4.1. Related issue. Related thread.

Thanks, and for the links! I was even going to mention this but blanked on it.

I installed Qubes 4 times trying to get the internet working and looking for any error I may have made during installation. I did not ever see and option for installing sys-usb or sys-net. The only installation options for extra software was for Ubuntu and Whonix nothing else.

Based on the feed back so far I will for awhile use a wired mouse and wired earbuds until I better understand the security implications. I do really want to get my Bluetooth headphones going though. I did say they were WiFi I think but of coarse they are Bluetooth. I will go ahead and create a sys-usb cube.
I am hell bent on better security for my computer and am willing to change bad habits if that is the price to pay for better security.
I chose Qubes after looking at the options for security focused OS’s and selected Qubes, it is going to take awhile to wrap my head around what I have here but I am locked in, I’m doing it.
Thanks for your support.
I am guessing I should create a sys-usb qube and then inside the cube using the terminal run the install script?

I see the directions say to install a usb cube in dom0 terminal.

sudo qubesctl state.sls qvm.sys-usb