whoami
November 27, 2022, 10:55am
1
I try to make a new USB Qube (usb-dvm ) based on a Debian minimal disposable template.
I have the following error:
Package which has been installed:
qubes-usb-proxy
qubes-input-proxy-sender
qubes-core-agent-nautilus
nautilus
zenity
policykit-1
libblockdev-crypto2
exfat-fuse
exfat-utils
ntfs-3g
eject
Templates and AppVM configuration:
# ${1} "standard" templateVM name (deb-xx-m-usb)
# ${2} disposable templateVM name (deb-xx-m-usb-dvm)
# ${3} disposable serviceVM name (usb-dvm)
# ${4} label (red)
# create disposable templateVM (based on the "standard" templateVM)
qvm-create ${2} --template ${1} --label gray
# configure template as disposableVM
qvm-prefs ${2} autostart false
qvm-prefs ${2} netvm ''
qvm-prefs ${2} template_for_dispvms true
qvm-prefs ${2} default_dispvm ${2}
qvm-prefs ${2} virt_mode pvh
# create disposable serviceVM
qvm-create ${3} --class DispVM --template ${2} --label ${4} --property virt_mode=hvm --property provides_network=true --property netvm="" --property autostart=true
# attach pci
USB="dom0:00_14.0"
qvm-pci attach --persistent usb-dvm ${USB}
PS: My old sys-usb is still listed as backup but I unchecked Start qube automatically on boot . I also used it to verify my USB device (PCI settings).
1 Like
You need to add the no strict reset flag:
$ qvm-pci detach -v sys-usb dom0:00_14.0
$ qvm-pci attach -v --persistent --option no-strict-reset=True sys-usb dom0:00_14.0
1 Like
enmus
November 27, 2022, 9:05pm
3
Or, if that doesn’t work to set the qube in virt_mode pv
whoami
November 29, 2022, 8:51am
4
Thanks @BEBF738VD your proposal worked for me.network-dvm instead of sys-usb here:
My usb-dvm is working fine, but now my keyboard and mouse is still blocked. Previously, this one-liner did the job (for sys-usb):
sudo qubesctl state.sls qvm.usb-keyboard
But I guess, this works only for a usb qube which is named sys-net .
Now, I wonder which policies do I need to update:/etc/qubes-rpc/policy/ are obsolete and I cannot find the corresponding file or line in /etc/qubes/policy.d/ directory.
The old policy format will still be supported until at least Qubes 5.0.
So you should be fine just updating those.
Did you mean sys-usb?/srv/formulas/base/virtual-machines-formula/qvm/usb-keyboard.sls:
include:
- qvm: sys-usb
Or just remove those two lines entirely (since that’ll require another state)
Then in the same file you’ll have to replace 'sys-usb' accordingly.
whoami
November 29, 2022, 9:04am
7
BEBF738VD:
Did you mean sys-usb ?
yeah, sorry typo. Correct, I meant sys-usb .
I cannot find this file. My directory ends here /srv/formulas/ I do not have a base folder.
You need to be root. Run sudo -i before.
whoami
November 29, 2022, 9:25am
9
I got an error message…
So, I decided to redo the modifications manually on the obsolete /etc/qubes-rpc/policy/ files. This works, now.
Thanks for your support!
Now, I can check:
network- dvm
firewall-dvm
usb-dvm
all automatally created via a Debian minimal script.
Next, on my list
1 Like
No worries. Out of curiosity, why this whole effort? Wouldn’t it be easier to create dvm templates and use those for sys vms?
whoami
November 29, 2022, 9:54am
11
I want to have a minimal template for each Qube (= Application).
My network-dvm requires i.e. qubes-core-agent-networking, qubes-core-agent-network-manager, firmware-iwlwifi, gnome-keyring whereas my usb-dvm requires qubes-usb-proxy, qubes-input-proxy-sender, exfat… ntfs… eject …
Some of my major to dos are still:
apt-cacher (auto setup and auto-vm configuration)
audio-dvm
Currently, it looks like this:
1 Like
What I was saying is, instead of replacing (for example) sys-usb with usb-dvm, why not just replace the template?
