R4.2 is the first version of Qubes that I have had a sys-usb qube. I guess previous version I had used had usb devices hooked to Dom0.
In any case, I want to nuke the sys-usb qube, but don’t want to lock myself out of Qubes. Today I added a new card to pass through to an AppVM and the devices passed into the sys-usb all changed mappings preventing it from starting (and usb devices were reverted to Dom0, I guess).
I corrected the devices being passed though, but then I get no mouse or keyboard upon boot. For the moment, removing the card again breaks the device mapping, so I can post this.
I just want to remove the sys-usb and go back to letting Dom0 handle USB. In the docs, they only mention up to R4.0, so I would like to confirm that deleting the sys-usb qube is the right approach. The docs mention about rebuilding grub after removing the rd.qubes.hide_all_usb line, but I don’t have the line in my grub config (in R4.2). So can I forego rebuilding grub?
Thanks. That seems to have worked. The only odd thing I noticed is that a USB network dongle I have no longer shows up under the USB devices like it did when there was a sys-usb.
Only input USB devices (mouse, keyboard) and storage-block USB devices (like flash drive) will work being connected to dom0 without usb qube. This change was in R4.1 or something.
Wifi and Bluetooth USB dongles require to be attached to some other qube (like sys-usb or any other than dom0).
Ah that explains it. Previously I had not used sys-usb before, and had added an extra USB card to specifically to pass that ethernet dongle into a specific qube. I will just revert to that behaviour then.
I dont know how many USB controllers you have.
If more than one, I’d suggest reinstating sys-usb, and using it for the
dongle.
You havent said why you want to “nuke the sys-usb qube” - in general
features like this are there to enhance the security of using Qubes, and you
remove them at your own risk.
Ok, so I was a bit annoyed at sys-usb for failing over and taking my input devices with it when I wrote that. A hardware bug was the culprit, though a bit hard to track down with no ability to determine what happened other than powering off.
Simply put, I have been using Qubes without sys-usb since 3.1 and was accustomed to the way it operated and am comfortable with the risks.
Of the USB devices that I currently employ, some USB drive enclosures have to be passed through directly to a qube if I want Smart to work (I do), that only leaves the dongle, which I had previously been passing through to a qube, and am again.
So the only thing that remains on Dom0 is my keyboard and a couple of mice. Which is what has handled them for years. I am OK with that.
Interestingly, the qubes I am passing the USB devices to, re-export them just like a sys-usb would. Though of course I don’t make use of that feature.
I am curious what the process for reinstating sys-usb under 4.2 is? The docs on the subject appeared to not be up to date for 4.2.
The restrictions on using any USB device other than a keyboard and mouse on Dom0 after removing sys-usb, was this always the case or a new development under 4.2? I am wondering if this restriction is in place on 4.2 even when people chose to forego a sys-usb during install?