Qubes OS updates Weekly Review - Y2024-W46

Introduction

Weekly review of new packages uploaded to Qubes OS repositories. Link to previous version here.

Alphabetically sorted list of new packages uploaded to Qubes OS repositories
amd-gpu-firmware-20241110-1.fc37.noarch.rpm
amd-gpu-firmware-20241110-1.fc41.noarch.rpm
amd-ucode-firmware-20241110-1.fc37.noarch.rpm
amd-ucode-firmware-20241110-1.fc41.noarch.rpm
atheros-firmware-20241110-1.fc37.noarch.rpm
atheros-firmware-20241110-1.fc41.noarch.rpm
brcmfmac-firmware-20241110-1.fc37.noarch.rpm
brcmfmac-firmware-20241110-1.fc41.noarch.rpm
cirrus-audio-firmware-20241110-1.fc37.noarch.rpm
cirrus-audio-firmware-20241110-1.fc41.noarch.rpm
dvb-firmware-20241110-1.fc37.noarch.rpm
dvb-firmware-20241110-1.fc41.noarch.rpm
initial-setup-0.3.101-8.fc41.x86_64.rpm
initial-setup-gui-0.3.101-8.fc41.x86_64.rpm
initial-setup-gui-wayland-generic-0.3.101-8.fc41.x86_64.rpm
intel-audio-firmware-20241110-1.fc37.noarch.rpm
intel-audio-firmware-20241110-1.fc41.noarch.rpm
intel-gpu-firmware-20241110-1.fc37.noarch.rpm
intel-gpu-firmware-20241110-1.fc41.noarch.rpm
intel-vsc-firmware-20241110-1.fc37.noarch.rpm
intel-vsc-firmware-20241110-1.fc41.noarch.rpm
iwlegacy-firmware-20241110-1.fc37.noarch.rpm
iwlegacy-firmware-20241110-1.fc41.noarch.rpm
iwlwifi-dvm-firmware-20241110-1.fc37.noarch.rpm
iwlwifi-dvm-firmware-20241110-1.fc41.noarch.rpm
iwlwifi-mvm-firmware-20241110-1.fc37.noarch.rpm
iwlwifi-mvm-firmware-20241110-1.fc41.noarch.rpm
kernel-515-5.15.172-1.qubes.fc37.x86_64.rpm
kernel-515-devel-5.15.172-1.qubes.fc37.x86_64.rpm
kernel-515-modules-5.15.172-1.qubes.fc37.x86_64.rpm
kernel-515-qubes-vm-5.15.172-1.qubes.fc37.x86_64.rpm
kernel-6.6.60-1.qubes.fc37.x86_64.rpm
kernel-6.6.60-1.qubes.fc41.x86_64.rpm
kernel-devel-6.6.60-1.qubes.fc37.x86_64.rpm
kernel-devel-6.6.60-1.qubes.fc41.x86_64.rpm
kernel-modules-6.6.60-1.qubes.fc37.x86_64.rpm
kernel-modules-6.6.60-1.qubes.fc41.x86_64.rpm
kernel-qubes-vm-6.6.60-1.qubes.fc37.x86_64.rpm
kernel-qubes-vm-6.6.60-1.qubes.fc41.x86_64.rpm
libertas-firmware-20241110-1.fc37.noarch.rpm
libertas-firmware-20241110-1.fc41.noarch.rpm
linux-firmware-20241110-1.fc37.noarch.rpm
linux-firmware-20241110-1.fc41.noarch.rpm
linux-firmware-whence-20241110-1.fc37.noarch.rpm
linux-firmware-whence-20241110-1.fc41.noarch.rpm
liquidio-firmware-20241110-1.fc37.noarch.rpm
liquidio-firmware-20241110-1.fc41.noarch.rpm
microcode_ctl-2.1.20241112-58.qubes1.fc37.x86_64.rpm
microcode_ctl-2.1.20241112-58.qubes1.fc41.x86_64.rpm
mlxsw_spectrum-firmware-20241110-1.fc37.noarch.rpm
mlxsw_spectrum-firmware-20241110-1.fc41.noarch.rpm
mrvlprestera-firmware-20241110-1.fc37.noarch.rpm
mrvlprestera-firmware-20241110-1.fc41.noarch.rpm
mt7xxx-firmware-20241110-1.fc37.noarch.rpm
mt7xxx-firmware-20241110-1.fc41.noarch.rpm
netronome-firmware-20241110-1.fc37.noarch.rpm
netronome-firmware-20241110-1.fc41.noarch.rpm
nvidia-gpu-firmware-20241110-1.fc37.noarch.rpm
nvidia-gpu-firmware-20241110-1.fc41.noarch.rpm
nxpwireless-firmware-20241110-1.fc37.noarch.rpm
nxpwireless-firmware-20241110-1.fc41.noarch.rpm
python3-dnf-plugins-qubes-hooks-4.3.12-1.fc39.noarch.rpm
python3-dnf-plugins-qubes-hooks-4.3.12-1.fc40.noarch.rpm
python3-qubesadmin_4.2.17-1+deb12u1_amd64.deb
python3-qubesadmin_4.2.17-1+deb13u1_amd64.deb
python3-qubesadmin-4.2.17-1.fc37.noarch.rpm
python3-qubesadmin-4.2.17-1.fc39.noarch.rpm
python3-qubesadmin-4.2.17-1.fc40.noarch.rpm
python3-qubesadmin-4.2.17-1.fc41.noarch.rpm
python3-qubesadmin_4.3.7-1+deb12u1_amd64.deb
python3-qubesadmin_4.3.7-1+deb13u1_amd64.deb
python3-qubesadmin-4.3.7-1.fc39.noarch.rpm
python3-qubesadmin-4.3.7-1.fc40.noarch.rpm
python3-qubesadmin-4.3.7-1.fc41.noarch.rpm
python3-qubesadmin_4.3.7-1+jammy1_amd64.deb
python3-qui_4.3.6-1+deb12u1_amd64.deb
python3-qui_4.3.6-1+deb13u1_amd64.deb
python3-qui_4.3.6-1+jammy1_amd64.deb
python3-qui_4.3.7-1+deb12u1_amd64.deb
python3-qui_4.3.7-1+deb13u1_amd64.deb
python3-qui_4.3.7-1+jammy1_amd64.deb
python3-xen-4.17.5-4.fc37.x86_64.rpm
qcom-firmware-20241110-1.fc37.noarch.rpm
qcom-firmware-20241110-1.fc41.noarch.rpm
qed-firmware-20241110-1.fc37.noarch.rpm
qed-firmware-20241110-1.fc41.noarch.rpm
qubes-app-shutdown-idle-1.0.11-1.fc39.noarch.rpm
qubes-app-shutdown-idle-1.0.11-1.fc40.noarch.rpm
qubes-app-shutdown-idle-1.0.11-1.fc41.noarch.rpm
qubes-audio-daemon_4.3.5-1+deb12u1_amd64.deb
qubes-audio-daemon_4.3.5-1+deb13u1_amd64.deb
qubes-audio-daemon-4.3.5-1.fc39.x86_64.rpm
qubes-audio-daemon-4.3.5-1.fc40.x86_64.rpm
qubes-audio-daemon-4.3.5-1.fc41.x86_64.rpm
qubes-audio-daemon_4.3.5-1+jammy1_amd64.deb
qubes-audio-daemon-dbgsym_4.3.5-1+deb12u1_amd64.deb
qubes-audio-daemon-dbgsym_4.3.5-1+deb13u1_amd64.deb
qubes-audio-dom0-4.3.5-1.fc39.x86_64.rpm
qubes-audio-dom0-4.3.5-1.fc40.x86_64.rpm
qubes-audio-dom0-4.3.5-1.fc41.x86_64.rpm
qubes-core-admin-client_4.2.17-1+deb12u1_amd64.deb
qubes-core-admin-client_4.2.17-1+deb13u1_amd64.deb
qubes-core-admin-client-4.2.17-1.fc37.noarch.rpm
qubes-core-admin-client-4.2.17-1.fc39.noarch.rpm
qubes-core-admin-client-4.2.17-1.fc40.noarch.rpm
qubes-core-admin-client-4.2.17-1.fc41.noarch.rpm
qubes-core-admin-client_4.3.7-1+deb12u1_amd64.deb
qubes-core-admin-client_4.3.7-1+deb13u1_amd64.deb
qubes-core-admin-client-4.3.7-1.fc39.noarch.rpm
qubes-core-admin-client-4.3.7-1.fc40.noarch.rpm
qubes-core-admin-client-4.3.7-1.fc41.noarch.rpm
qubes-core-admin-client_4.3.7-1+jammy1_amd64.deb
qubes-core-agent_4.3.12-1+deb12u1_amd64.deb
qubes-core-agent_4.3.12-1+deb13u1_amd64.deb
qubes-core-agent-4.3.12-1.fc39.x86_64.rpm
qubes-core-agent-4.3.12-1.fc40.x86_64.rpm
qubes-core-agent-4.3.12-1.fc41.x86_64.rpm
qubes-core-agent_4.3.12-1+jammy1_amd64.deb
qubes-core-agent-caja_4.3.12-1+deb12u1_amd64.deb
qubes-core-agent-caja_4.3.12-1+deb13u1_amd64.deb
qubes-core-agent-caja-4.3.12-1.fc39.x86_64.rpm
qubes-core-agent-caja-4.3.12-1.fc40.x86_64.rpm
qubes-core-agent-caja-4.3.12-1.fc41.x86_64.rpm
qubes-core-agent-caja_4.3.12-1+jammy1_amd64.deb
qubes-core-agent-dbgsym_4.3.12-1+deb12u1_amd64.deb
qubes-core-agent-dbgsym_4.3.12-1+deb13u1_amd64.deb
qubes-core-agent-dom0-updates_4.3.12-1+deb12u1_amd64.deb
qubes-core-agent-dom0-updates_4.3.12-1+deb13u1_amd64.deb
qubes-core-agent-dom0-updates-4.3.12-1.fc39.noarch.rpm
qubes-core-agent-dom0-updates-4.3.12-1.fc40.noarch.rpm
qubes-core-agent-dom0-updates-4.3.12-1.fc41.noarch.rpm
qubes-core-agent-dom0-updates_4.3.12-1+jammy1_amd64.deb
qubes-core-agent-nautilus_4.3.12-1+deb12u1_amd64.deb
qubes-core-agent-nautilus_4.3.12-1+deb13u1_amd64.deb
qubes-core-agent-nautilus-4.3.12-1.fc39.x86_64.rpm
qubes-core-agent-nautilus-4.3.12-1.fc40.x86_64.rpm
qubes-core-agent-nautilus-4.3.12-1.fc41.x86_64.rpm
qubes-core-agent-nautilus_4.3.12-1+jammy1_amd64.deb
qubes-core-agent-networking_4.3.12-1+deb12u1_amd64.deb
qubes-core-agent-networking_4.3.12-1+deb13u1_amd64.deb
qubes-core-agent-networking-4.3.12-1.fc39.noarch.rpm
qubes-core-agent-networking-4.3.12-1.fc40.noarch.rpm
qubes-core-agent-networking-4.3.12-1.fc41.noarch.rpm
qubes-core-agent-networking_4.3.12-1+jammy1_amd64.deb
qubes-core-agent-network-manager_4.3.12-1+deb12u1_amd64.deb
qubes-core-agent-network-manager_4.3.12-1+deb13u1_amd64.deb
qubes-core-agent-network-manager-4.3.12-1.fc39.noarch.rpm
qubes-core-agent-network-manager-4.3.12-1.fc40.noarch.rpm
qubes-core-agent-network-manager-4.3.12-1.fc41.noarch.rpm
qubes-core-agent-network-manager_4.3.12-1+jammy1_amd64.deb
qubes-core-agent-passwordless-root_4.3.12-1+deb12u1_amd64.deb
qubes-core-agent-passwordless-root_4.3.12-1+deb13u1_amd64.deb
qubes-core-agent-passwordless-root-4.3.12-1.fc39.noarch.rpm
qubes-core-agent-passwordless-root-4.3.12-1.fc40.noarch.rpm
qubes-core-agent-passwordless-root-4.3.12-1.fc41.noarch.rpm
qubes-core-agent-passwordless-root_4.3.12-1+jammy1_amd64.deb
qubes-core-agent-selinux-4.3.12-1.fc39.noarch.rpm
qubes-core-agent-selinux-4.3.12-1.fc40.noarch.rpm
qubes-core-agent-selinux-4.3.12-1.fc41.noarch.rpm
qubes-core-agent-systemd-4.3.12-1.fc39.x86_64.rpm
qubes-core-agent-systemd-4.3.12-1.fc40.x86_64.rpm
qubes-core-agent-systemd-4.3.12-1.fc41.x86_64.rpm
qubes-core-agent-thunar_4.3.12-1+deb12u1_amd64.deb
qubes-core-agent-thunar_4.3.12-1+deb13u1_amd64.deb
qubes-core-agent-thunar-4.3.12-1.fc39.x86_64.rpm
qubes-core-agent-thunar-4.3.12-1.fc40.x86_64.rpm
qubes-core-agent-thunar-4.3.12-1.fc41.x86_64.rpm
qubes-core-agent-thunar_4.3.12-1+jammy1_amd64.deb
qubes-core-dom0-4.3.11-1.fc41.noarch.rpm
qubes-core-dom0-4.3.12-1.fc41.noarch.rpm
qubes-core-dom0-linux-4.3.4-1.fc41.x86_64.rpm
qubes-core-dom0-linux-kernel-install-4.3.4-1.fc41.x86_64.rpm
qubes-core-dom0-vaio-fixes-4.3.4-1.fc41.x86_64.rpm
qubes-desktop-linux-manager_4.3.6-1+deb12u1_amd64.deb
qubes-desktop-linux-manager_4.3.6-1+deb13u1_amd64.deb
qubes-desktop-linux-manager-4.3.6-1.fc39.noarch.rpm
qubes-desktop-linux-manager-4.3.6-1.fc40.noarch.rpm
qubes-desktop-linux-manager-4.3.6-1.fc41.noarch.rpm
qubes-desktop-linux-manager_4.3.6-1+jammy1_amd64.deb
qubes-desktop-linux-manager_4.3.7-1+deb12u1_amd64.deb
qubes-desktop-linux-manager_4.3.7-1+deb13u1_amd64.deb
qubes-desktop-linux-manager-4.3.7-1.fc39.noarch.rpm
qubes-desktop-linux-manager-4.3.7-1.fc40.noarch.rpm
qubes-desktop-linux-manager-4.3.7-1.fc41.noarch.rpm
qubes-desktop-linux-manager_4.3.7-1+jammy1_amd64.deb
qubes-gui-daemon_4.3.5-1+deb12u1_amd64.deb
qubes-gui-daemon_4.3.5-1+deb13u1_amd64.deb
qubes-gui-daemon-4.3.5-1.fc39.x86_64.rpm
qubes-gui-daemon-4.3.5-1.fc40.x86_64.rpm
qubes-gui-daemon-4.3.5-1.fc41.x86_64.rpm
qubes-gui-daemon_4.3.5-1+jammy1_amd64.deb
qubes-gui-daemon-dbgsym_4.3.5-1+deb12u1_amd64.deb
qubes-gui-daemon-dbgsym_4.3.5-1+deb13u1_amd64.deb
qubes-gui-daemon-pulseaudio_4.3.5-1+deb12u1_amd64.deb
qubes-gui-daemon-pulseaudio_4.3.5-1+deb13u1_amd64.deb
qubes-gui-daemon-pulseaudio_4.3.5-1+jammy1_amd64.deb
qubes-gui-daemon-selinux-4.3.5-1.fc39.x86_64.rpm
qubes-gui-daemon-selinux-4.3.5-1.fc40.x86_64.rpm
qubes-gui-daemon-selinux-4.3.5-1.fc41.x86_64.rpm
qubes-gui-dom0-4.3.5-1.fc39.x86_64.rpm
qubes-gui-dom0-4.3.5-1.fc40.x86_64.rpm
qubes-gui-dom0-4.3.5-1.fc41.x86_64.rpm
qubes-input-proxy-1.0.39-1-x86_64.pkg.tar.zst
qubes-manager_4.3.6-1+deb12u1_amd64.deb
qubes-manager_4.3.6-1+deb13u1_amd64.deb
qubes-manager-4.3.6-1.fc39.noarch.rpm
qubes-manager-4.3.6-1.fc40.noarch.rpm
qubes-manager-4.3.6-1.fc41.noarch.rpm
qubes-manager_4.3.7-1+deb12u1_amd64.deb
qubes-manager_4.3.7-1+deb13u1_amd64.deb
qubes-manager-4.3.7-1.fc39.noarch.rpm
qubes-manager-4.3.7-1.fc40.noarch.rpm
qubes-manager-4.3.7-1.fc41.noarch.rpm
qubes-mgmt-salt-dom0-qvm-4.3.1-1.fc41.noarch.rpm
qubes-mgmt-salt-dom0-update-4.2.1-1.fc37.noarch.rpm
qubes-mgmt-salt-dom0-update-4.3.2-1.fc41.noarch.rpm
qubes-usb-proxy-1.3.3-1.fc39.noarch.rpm
qubes-usb-proxy-1.3.3-1.fc40.noarch.rpm
qubes-usb-proxy-1.3.3-1.fc41.noarch.rpm
qubes-usb-proxy-1.3.3-1-x86_64.pkg.tar.zst
qubes-usb-proxy_1.3.3+deb12u1_amd64.deb
qubes-usb-proxy_1.3.3+deb13u1_amd64.deb
qubes-usb-proxy_1.3.3+jammy1_amd64.deb
qubes-usb-proxy-4.3.0-1.fc39.noarch.rpm
qubes-usb-proxy-4.3.0-1.fc40.noarch.rpm
qubes-usb-proxy-4.3.0-1.fc41.noarch.rpm
qubes-usb-proxy-4.3.0-1-x86_64.pkg.tar.zst
qubes-usb-proxy_4.3.0+deb12u1_amd64.deb
qubes-usb-proxy_4.3.0+deb13u1_amd64.deb
qubes-usb-proxy_4.3.0+jammy1_amd64.deb
qubes-usb-proxy-dom0-1.3.3-1.fc37.noarch.rpm
qubes-usb-proxy-dom0-4.3.0-1.fc41.noarch.rpm
qubes-vm-core-4.3.12-1-x86_64.pkg.tar.zst
qubes-vm-keyring-4.3.12-1-x86_64.pkg.tar.zst
qubes-vm-networking-4.3.12-1-x86_64.pkg.tar.zst
qubes-vm-passwordless-root-4.3.12-1-x86_64.pkg.tar.zst
qubes-vm-xen-4.17.5-4-x86_64.pkg.tar.zst
realtek-firmware-20241110-1.fc37.noarch.rpm
realtek-firmware-20241110-1.fc41.noarch.rpm
tiwilink-firmware-20241110-1.fc37.noarch.rpm
tiwilink-firmware-20241110-1.fc41.noarch.rpm
xen-4.17.5-4.fc37.x86_64.rpm
xen-devel-4.17.5-4.fc37.x86_64.rpm
xen-doc-4.17.5-4.fc37.noarch.rpm
xen-hypervisor-4.17.5-4.fc37.x86_64.rpm
xen-libs-4.17.5-4.fc37.x86_64.rpm
xen-licenses-4.17.5-4.fc37.x86_64.rpm
xen-runtime-4.17.5-4.fc37.x86_64.rpm

Highlights

  • Extremely busy week with major focus on self-identity oriented assignment project to finally utilize the capabilities of the new devices API.

Details

In addition to the usual minor fixes and patches:

  • core-admin-client v4.2.17 (r4.2)
    . Fixing two minor issues with cloning of qubes and space in qube name.

  • desktop-linux-manager v4.3.7 (r4.3)
    . self-identity oriented assignment related patches.
    . Confirmation dialog when you assign a device to specific qube with --ask option or assign the device to more than one qube:
    AttachConfirmationWindow
    I can see other advanced options in the .glade file for the above dialog which are not yet implemented.
    . The new qubes-gui-agent works in the background for this new improvements.
    . Qubes Devices systray widget is patched to support new improvements.
    . Global Config is not yet patched to allow configuration of USB & Block devices for the new improvement. Users have to use CLI tools for the time (covered below).

  • manager v4.3.7-1 (r4.3)
    . self-identity oriented assignment patches for Qubes Manager. Mostly minor changes.

  • gui-daemon v4.3.5 (r4.3)
    . self-identity oriented assignment patches for GUI Daemon. Mostly for Microphone.

  • app-linux-usb-proxy v4.3.0 (r4.3)
    . self-identity oriented assignment patches front-end and back-end of USB Proxy.

  • mgmt-salt-dom0-qvm v4.3.1 (r4.3)
    . Adjusting salt formulas for the new devices API.

  • core-admin v4.3.12 (r4.3)
    . self-identity oriented assignment patches
    . Devices are identified by back-end domain, port-id and device-id.
    . You can force auto-attachment of specific device only via specific port or any port.
    . You can assign a device to one or more qubes. A dialog will pop-up and ask you to confirm which qube to use.
    . You can assign an entire (USB) port to specific qube!
    . You can persistently depend a qube to specific device (--required option).

  • core-admin-client v4.3.7 (r4.3)
    . self-identity oriented assignment patches. These are the user-end tools for core-admin
    . Updated qvm-device and its manual.
    . GUI related features will be validated and invalid ones will be ignored with a notification (e.g. invalid secure copy/paste key sequences).

  • core-agent-linux v4.3.12 (r4.3)
    . Improvements to qvm-copy and its --help output.
    . Fix for transfer of files with emojis

  • desktop-linux-manager v4.3.6 (r4.3)
    . New Qube window will resize to screen size.
    . Global Config will have --open option for opening specific page or location.

  • core-admin-linux v4.3.4 (r4.3)
    . option to exclude specific TemplateVMs or StandaloneVMs from update checks with skip-update feature.

  • manager v4.3.6-1 (r4.3)
    . A warning label for qubes skipped from update checks.
    . Option to show only ā€œuserā€ qubes in Qube Manager
    . All storage and memory units are MiB and GiB
    . Better info on upgradable templates in template manager.
    . Qube Manager will refresh disk stats every minutes if focused (vs. every 5 minutes).

  • vmm-xen v4.17.5-4 (r4.2)
    . XSA-464 security fix for QSB-106.

  • core-admin v4.3.11 (r4.3)
    . OpenZFS version bump.
    . Fix for UEFI HVM guests.

  • linux-kernel-515 v5.15.172-1 (r4.2), linux-kernel v6.6.60-1 (r4.2 & r4.3)
    . Weekly Linux Kernel updates and patches. For more details refer to Greg Kroah-Hartman announcements on LWN.net. Summary of individual PRs are available after the bottom of the page.

  • linux-firmware v20241110-1 (r4.2 & r4.3)
    . updates and patches mostly submitted by hardware vendors (Realtek, AMD, Medatek, Intel, Dell, Qualcomm, ā€¦) to Kernel dot org. Details here.

  • intel-microcode v20241112 (r4.3)
    . Fixes CVE-2024-23918 for Intel Xeon processors.

Epilogue

The new devices API and self-identity oriented (device) assignment is one of the major improvements to Qubes OS r4.3 (if not the most important). It is a relatively gigantic patch considering the number of files and lines. Ordinary users will benefit a lot from its security and usability features.

There could be individual 3rd party programs developed by community or certified hardware vendors for self-identity oriented assignment. Such as GUI programs to visualize device attachments to individual USB ports (I might write one for my HP Elitebook 820 G1 test laptop & its docking station).

Notes for Electronics Engineers: Qubes might be appealing to embedded engineers who need multiple versions of EDA tools on the same machine. Unfortunately USB reset while flashing firmware/bitstreams was a setback, TILL NOW. With the self-identity oriented assignments, a USB port could be dedicated to the EDA qube. For example, AMD/Xilinx is currently distributing their old ISE 14.7 as a VirtualBox image with an ancient version of Oracle OS. Qubes OS might be the perfect OS for distributing turnkey EDA suits. I am going to test In-Circuit programmers & debuggers I have in my hand (from Microchip/Atmel, STMicro, Xilinx, Altera, ā€¦) and report back. This is going to take some timeā€¦

Notes for Android firmware developers & people who need Android MTP: Assigning a dedicated port to qube with Android Studio might fix issues such as this one.

15 Likes

Thanks for your useful report, as usual :clap: :clap:

Although, I must be dumb, I donā€™t understand what the self-identity oriented assignment device is doing exactly. Iā€™ve read it in two ways, which one is it?

  • we can write a list of devices with automatic qube assignement
  • devices connected to physical USB slots can automatically be assigned to qubes depending on user defined rules, depending on the slots
  • something else?
3 Likes

This one. qvm-usb will have assign command now (on 4.3 testing). And it has --required, --ask, --port options for it. And it works.

2 Likes

whatā€™s this ā€œself-identity orientationā€ thing about? Briefly, what does it do that the current ā€œattach to deviceā€ sys tray widget doesnā€™t?

Let imagine if your laptop has 3 USB ports. One at left, one at right and one in back.

You could assign the port on right for automatic connection to Untrusted qube (whatever connects to it).

Other use case: You have specific external USB SSD for backup. You could assign it for automatic connection to Vault via either of left or back ports. And make vault dependent on it. So vault wonā€™t start unless that drive is connected.

Then you have a FIDO key. You could force it to work only via the back port and assign it to personal & work qubes. If you connect it, a popup will appear with just two qubes as targets.

3 Likes

Yeah that makes sense, and seems like a valuable functionality.

1 Like

however, Qubes OS has a CTAP proxy that should handle FIDO key with interesting features like restricting generated passkeys to the qubes where it was generated, but it seems broken

1 Like

So, if Iā€™m correct, these updates about the ā€œself-identity oriented assignmentā€ are the continuation of what you described about the core-admin v4.3.0 update, in your awesome review of june?

The v4.3.0 contained some things I was looking for but this new version seems to add some really great feature too ā€¦ and will help me to make my setup more simple.

I donā€™t take the time to say this, but I mean it each time : thank you so much for all of your reviews!!!

1 Like

Exactly. Those were fundamental changes to the API and internals. The new changes this week are user end tools to finally utilize them.

These updates will be very very useful, just like these fantastic Weekly Review posts - I only just discovered them both. Huge thanks!
I wonder if it will be possible to have a qube which can continue to run only while a specific device is present? It seems like an interesting use-case, for an innocent device to behave as a ā€˜dead manā€™s handleā€™.
I looked at the discussion on GitHub, but I did not find any mention of the behaviour when a device disappearsā€¦ only when it becomes available.

2 Likes

I believe the feature you need might already exists. It is a called udev rule on detach. It should be possible to write a udev rule to shutdown the vm based on UUID or similar parameters.