It occurred to me that I might have better luck if I bought a actual USB card for my desktop computer instead of using the USB integrated on the motherboard. The question becomes “what should I buy?”. For example, do I need to find a USB card that handles “strict reset”? If so, how would i find out which ones handle that?
I see entire systems in the hardware compatibility list, but no “USB cards”
if possible “strict reset” would be ideal, because if you can’t reset then the controller can leak info when you attach it to another VM.
But you can use what you have.
To create a sys-usb VM you can just type in dom0
sudo qubesctl state.sls qvm.sys-usb
and if you can start sys-usb, probably you must give up of strict reset with
qvm-prefs sys-usb -s pci_strictreset false
and if you still have problems folow do docs
If you have several controller (and you will get that with another USB card) you can even have more than one sys-usb or attach one controller persistently to some VM. One case is Windows VM if you use that, of course. In a desktop that’s easy, not so on a laptop.
i had read through usb troubleshooting, but none of them seemed to help the case where sys-usb was working (the usb keyboard was getting passed through sys-usb, but the yubikey was not showing up in lsusb in the sys-usb.
it feels like i should be able to do some kind of insmod command inside the sys-usb to get the yubikey working like the keyboard worked.
I had assumed that hiding the USB controllers from dom0 was to enhance security and didn’t do it cause i didn’t want to cause problems. not hiding USB can actually cause problems?
in fact you could have done everithing just with that command (creat sys-ysb and enable usb keyboard.
BUT be sure to understand the security implications of such action. USB keyboards are a security concern. check the docs.
I would advise to use a PS/2 keyboard if you are on a desktop, or the laptop keyboard if you are on a laptop.
doing “sudo qubesctl state.sls qvm.usb-keyboard” makes the keyboard work, but the the yubikey stops working. (“keyboard working” is really “kinda working” with one out of every 20 or so keystrokes disappearing)
i have to attempt launching a sys-usb terminal more then one before it actually works. when i get in and do “w”, it says i have a system load of 2.5! is that normal for a sys-usb? doing lsusb in the sys-usb now just locks up and does not return
ya. I could test that by buying a USB card… if only i knew which ones worked. lol
But seriously, thanks for spending the time helping me get going.
and for USB cards, i suspect that everyone just lives with integrated ones so no one actually knows which ones work. If i do get a USB card working, is there somewhere I should report it? the “hardware compatibility list” seems to be for full systems.
Thanks. I did not realize that laptops still had expansion slots. (obviously i’m not a big laptop guy, but this is valuable information for other people who are searching for this.)
I am able to find PCIe cards available that use the Renesas USB chip.
Do you happen to know if the “no strict reset option” abilities is a property of the Renesas USB chip… I.E. do you know if the Renesas USB chip is special in any way, or are you just saying “works for me”?
I can vouch for the Sonnet Allegro Type A USB 3.2 4-Port
Part # USB3-4PM-E
I have two and both appear to handle strict reset properly. Working peripherals include USB Audio, Video, DVD, USBHDD etc. I have not used Nitro/Yubi keys with them but would expect them to just work once everything else was configured correctly.
I had originally hoped to get one “Pro version” USB3-PRO-4PM-E (which had four Fresco Logic FL1100EX controllers) but couldn’t find any to purchase. Ended up settling on two USB3-4PM-E
Not an expert, but I believe some controller chips are “special” in that they have proven to not have certain hardware bugs. My research suggested that some specific chipsets were more reliable.
I have found PCie device selection for QubesOS quite complicated.
My shortcut was to use the stringent POWER9 PCIe hardware requirements to identify prospective PCIe Devices.
I’d love to hear other ways people find good (peripheral) hardware to use with Qubes. @ddevz please let us know what ultimately works for you