Hello community. hope someone can help figure that out. i have done all as writen in costum installation, but with /boot on external usb device for extra layer of security. i need the sys-usb for yubikey and some extra devices, but if i enable sys-usb, devices are working but my /boot usb also get restricted.
the problem:
create sys-usb: /boot gets restricted. can only access system with enryqubes.skip_autostartin grub, but after system starts my /boot in dom0 is emty. thats not a solution. i can not make rd.qubes.dom0_usb=<BDF>, becouse i only have 1 controller, so all devices would been ignored. it makes me cracy.
my installation:
/boot - external usb drive
all other/ internal ssd
How can i tell sys-usb to ignore my /boot usb device ? Or can i map that device as a system device or how tell sys-usb to that usb device just go like my usb keyboard. Or something with sys-net ? whats that for an option. i get my system perfect configured so i really dont want to destroy it again to install /boot to internal to. hope someone can help. thanks
no mate, i had installed sys-usb first time i installed qubes. than all the trobles with the /boot partition, so i decidet to reinstall whole system again. now i have the “clean” install without created the sys-usb. but if you think we gonna make it, i can install sys-usb now.
Did you run it with or without the $ at the beginning?
without
last time, if i make now without modyfi anything, system will not boot, couse usb is restricted and
the luks partition will not opened after enter passphrase
yes, at first time qubes did not installed sys-usb automaticly couse i have an usb keyboard attached and it was greyed out, but with here: USB qubes | Qubes OS
i install it afterwards
How to create a USB qube for use with a USB keyboard
If you’re reading this section, it’s likely because the installer did not allow you to create a USB qube automatically because you’re using a USB keyboard. This section will explain how to create a USB qube that you can use with your USB keyboard. This section assumes that you have only a single USB controller. If you have more than one USB controller, see how to enable a USB keyboard on a separate USB controller.
First, make sure you have the latest qubes-mgmt-salt-dom0-virtual-machines package by updating dom0. Then, enter the following command in dom0:
yes, it would been ok, but
the problem here is only that /boot in dom0 is empty completely after boot, not mounted. and i think on updates or something qubes need to write dada on /boot or not ?