[qubes-users] Trezor in Qubes

Hello all, I would like to start to use Trezor with my qubes. I would like to follow this guide here Qubes OS - Trezor Wiki. My intention is to use the Trezor HW wallet in a anon-whonix AppVm with Trezor Suite qube through Tor. I run qubes on X230 Nitropad.

I would like to check if the guide to install the Trezor Bridge and Udev rules in the sys-usb (see the official Trezor guide) is advised by qubes community or is it good practice not to install anything in the sys-usb and instead install the packages (bridge, udev rules and suite) in the target anon-whonix AppVM.

It should be fine. See my pull request for step by step instructions:

tetrahedra via qubes-users:

tetrahedra@danwin1210.me:

Hello all, I would like to start to use Trezor with my qubes. I would like to follow this guide here https://wiki.trezor.io/Qubes_OS. My intention is to use the Trezor HW wallet in a anon-whonix AppVm with Trezor Suite qube through Tor. I run qubes on X230 Nitropad.

I would like to check if the guide to install the Trezor Bridge and Udev rules in the sys-usb (see the official Trezor guide) is advised by qubes community or is it good practice not to install anything in the sys-usb and instead install the packages (bridge, udev rules and suite) in the target anon-whonix AppVM.

It should be fine. See my pull request for step by step instructions:
add Trezor setup cheat-sheet by tetrahedras · Pull Request #145 · Qubes-Community/Contents · GitHub
Contents/docs/common-tasks/setup-trezor-cryptocurrency-hardware-wallet.md at 3e1785a11e90b52e086fb8b3b246e5c2de7faca5 · Qubes-Community/Contents · GitHub

Thank you for the guide. I tried to follow the official guide on trezor wiki, abstaining from fedora a bit more, but still erroring.

To your guide. The last 4 lines:

copy to fedora-3x

in fedora-3x sudo rpm -i /path/to/trezor.rpm

...are to be done in the fedora-3x template, right? Will it work on fedora-33-minimal too, or it needs to be full template?

All done, but I wasnt able to find any signed hash of the bridge or something and so I get this error:

[user@fedora-33-min-trezor ~]$ sudo rpm -i trezor-bridge-2.0.27-1.x86_64.rpm
warning: trezor-bridge-2.0.27-1.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID b9a02a3d: NOKEY
  package trezor-bridge-2.0.27-1.x86_64 does not verify: Header V4 RSA/SHA256 Signature, key ID b9a02a3d: NOKEY

Thank you for the guide. I tried to follow the official guide on trezor wiki, abstaining from fedora a bit more, but still erroring.

To your guide. The last 4 lines:

copy to fedora-3x

in fedora-3x sudo rpm -i /path/to/trezor.rpm

...are to be done in the fedora-3x template, right? Will it work on fedora-33-minimal too, or it needs to be full template?

I don't know.

All done, but I wasnt able to find any signed hash of the bridge or something and so I get this error:

[user@fedora-33-min-trezor ~]$ sudo rpm -i trezor-bridge-2.0.27-1.x86_64.rpm
warning: trezor-bridge-2.0.27-1.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID b9a02a3d: NOKEY
package trezor-bridge-2.0.27-1.x86_64 does not verify: Header V4 RSA/SHA256 Signature, key ID b9a02a3d: NOKEY

Weird. You have to install the Trezor verification key. I had to do this
the first time I installed, but after re-imaging my system, it wasn't
necessary on the most recent install, so I took the section out of my
notes. Unfortunately I don't remember what the steps were to install the
key!