Successfully added SD Card to Qubes, but different SD Card fails to load

natsirtdm · August 26, 2021, 4:15pm

My first foray with Qubes - trying to learn one small piece at a time.
I have not connected the machine to the internet in any fashion yet.

This is my objective.
Create a separate VM to connect/use SD Cards - isolated from networking, dom0 (and my understanding was even sys-usb)

These are the steps I have done
• I selected to clone the work VM, as vault is meant to never have any devices attached, alongside no networking, etc.
• Cloned VM to work-sdcard
• In qube settings, I made these changes
○ Basic tab: Set networking to “none”, checked “start qube automatically on boot”
○ Devices tab: Assigned PCI Express Card Reader.
○ Got the error “can’t attach PCI device to vm in pvh mode” - did some research and ended up making 2 changes to be able to apply my changes
○ Advanced tab: Unchecked “include in memory balancing” and selected HVM instead of PVH for virtualization mode (what I read implied HVM would be better than PV for SD Card/block device.
○ Could now successfully click Apply.
• Started the work-sdcard cube
• Inserted my SD card, it was recognized and appeared under device widget for work-sdcard domain
• My first read through had me assign the SD Card to sys-usb, then I mounted it to a folder I’d created within work-sdcard domain.
• Some reading suggested a reboot would be worthwhile to understand if the domain is working correctly and keeps the PCI device assigned - which it did today.
• Today, I did not assign to sys-usb and just tried mounting and it still worked.

My issue is, if I try to insert any other SD Card - the device itself is not recognized. I get no popup or anything about a new device and nothing appears under the device widget.

I went down this path because when I first tried to insert an SD Card to see what happened, it was connected automatically to dom0 - which it shouldn’t to keep dom0 uncompromised is my understanding. Is this understanding incorrect? If the sd card device is connected in dom0, is that a potential vulnerability? Or as long as I don’t mount it in dom0 it is ok? Regardless I feel if one sd card works in the work-sdcard domain, others should too - but they don’t appear I cannot find a /dev/? Block to mount.

I have read through the qubes documentation including these links - sorry forum won’t let me include them, majority from documentation (How to use devices | Qubes OS, How to use PCI devices | Qubes OS, How to use block storage devices | Qubes OS, AssigningDevices, How to use USB devices | Qubes OS, and as well found these two github issues where it seems a decision was made to not automatically assign PCI devices such as card readers to sys-usb. (Assign memory card readers to USB qube by default · Issue #2055 · QubesOS/qubes-issues · GitHub, Include all DMA-vulnerable controllers (FireWire, Thunderbolt, etc.) in sys-usb (or a separate domain) · Issue #2454 · QubesOS/qubes-issues · GitHub)

All my SD Cards are formatted to FAT32 and work if inserted to another device.

Does anyone have any suggestions? Any gaps in my understanding?

anon93834559 · August 30, 2021, 2:23am

I’m not sure, but I need to do the same for SD and PCI-E, will report back when I can finally finish a backup on my system before this testing. In the meantime I’ll be following this thread.

natsirtdm · September 4, 2021, 10:39pm

I would love any kind of comment, even if it is of the ilk “this is why nobody is replying…”

I feel like this is either A) a misunderstanding on my part or B) some relatively straightforward mistake. I have tried my best to add as much detail as I can and documented exactly the steps I have gone through. I would appreciate some assistance.

natsirtdm · September 11, 2021, 11:47pm

2 weeks and not a peep. Same thing on qubes subreddit. No help for beginners? Nobody interested in PCI / SD Card ? why?

Sven · September 12, 2021, 6:47am

My issue is, if I try to insert any other SD Card - the device itself is not recognized.

PCI devices are only recognized at boot. If in the process of inserting the other SD card you manage to accidentally disconnect and reconnect the PCI express card it won’t be recognized until the next reboot.

In my case I use a PCI express card for USB 3 and it’s the same thing: if I plug in another USB device and are not extremely careful, the PCI express card will “jump out” and if I reinsert it I have to reboot the whole machine to get it recognized again.

Pretty sure that’s what’s happening to you too.

unman · September 12, 2021, 11:11am

I replied last week -

Did you see that?
Can you test?

natsirtdm · September 12, 2021, 1:26pm

Hello - no, I do not see any post by you before this one. Strange. Unless you meant you replied on reddit but I did not get a notification.

I can give that a go.

natsirtdm · September 12, 2021, 1:27pm

Hi - thanks for this comment. It makes some sense, except that the other SD Card won’t work even from the start after I reboot. Is there a chance by assigning the PCI to that VM only (instead of dom0) that there is an issue or some specific assignment to the block device?

unman · September 13, 2021, 4:22pm

Strange that you didn’t see the comment - it’s in my “Sent” folder.

I suggested that you set up the work-sdcard with this other card, not
that you simply start with it installed.
I mean – delete work-sdcard, (optionally reboot), create it again, then
test the SD, reboot, test the SD that currently works.

natsirtdm · September 13, 2021, 4:51pm

Yes, understood - I was replying to Sven about the PCI getting disconnected when removing the device - if that was the issue then after reboot a different SD card should work is my interpretation.

Thanks for your comments - work is busy this week but I will try this out maybe weds. cheers