Operating without sys-usb: Practical concerns

I’ve all but given up solving the sys-usb issue, causing peripherals issues. I’m testing running without sys-usb now. I know a big security hole, but I simply have to have a working tablet for work, and I just could not get it to work with sys-usb.

The problem I’m having is attaching some devices to qubes. External harddrives are seen by dom0, and allow attaching to any qube. Phones and tablets don’t show in the devices tab.

Is there anyway I can attach phones, tablets to a qube without sys-usb?

No USB device can’t be passed to any qube without sys-usb qube. The only other option for you to access it without sys-usb is from dom0 directly. But, then, you don’t need Qubes any way. It’s not about sys-usb, but about the controller. Some qube has to have it attached to it in order to access external (and internal) USB devices.

What you want to do is to access your phone directly in sys-usb. You can create separate disposable sys-usb only for this and to “sacrifice” the controller which you can live without, when security concerns are. I don’t know about tablets.

Well you can with some caveats:

  • Use HVM mode for the target qube
  • Assign the whole usb controler to the qube

Oh, there you are after ages. welcome back.



Yes, you hinted at that, but i wanted to make it clear: It is certainly (depending on hardware) pretty feasible to do. Depends on how your USB ports are wired to the controllers, one does not need sys-usb at all, however it works also with sys-usb.

What i have done, is add printed labels to my ports indicating the name of the controller and hand them over to qubes for non block devices like scanners, printers, µC’s, serial over usb etc. Works flawless for me on my particular hardware.

Still, no phone can be passed to any other qube nor accessed but in the qube to which controller on which the phone is ported to is attached to.

Depends on what you mean by “passed to”-what aspect of the phone
do you want to use in that other qube?
camera? WiFi? data?
Most can be passed through, although hardware seems to count for a lot.
all phones are not the same and what works for one may not work
for another.

Well, she clearly wrote - attach the phone. I still do think “wifi”, or camera, or any part of it cannot be “attached” to any other qube.
So, we obviously need to know what exactly she’ trying to achieve - her goal.

Primary use cases are transferring data to/from the desktop to the phone, not so much tethering.

Storage then. Well, you cannot pass the phone’s storage to any other qube. What you can do is to mount it in “sys-usb”, or whatever is the name of the qube where USB controller is, then to copy data from the phone to unnamed dispVM and from there, be careful.
The other direction, you’d have to copy data from the source qube to sys-usb and from there to the phone attached. So, keep your eye on sys-usb’s private storage size…

Is there a way to do this without sys-usb, without attaching the phone to dom0?

The only thing that occurred to me is that if you have more than 1 USB controller, to do this in a standalone qube, while attaching controller to it. But, in general it is advised not to mount usb device in the qube where it’s controller is, but when the phone is this is unavoidable so I see no point doing this in a standalone. It’s even worse, to run programs in it beside device already mounted in it.
So, my previous scenario is lesser evil.
But, I hope I’m wrong.

1 Like

I’ve not used standalones (other than Windoze 7) so I’m a bit vague on this, but perhaps one could:

  1. Create a standalone, set it up however one likes. Shut it down.

  2. Clone the standalone.

  3. fire up the clone, attach USB to it and connect your phone.

  4. Do whatever it is (sending files to other VMs, etc).

  5. Disconnect phone, disconnect USB controller

  6. Delete the clone.

As I understand it the clone might have gotten contaminated, but you just nuked it from orbit to be sure.