Installed the system on an external SSD drive m2 nvme, the drive is connected to the computer via USB 3.0.
I also did a separate encrypted boot and header according to this guide:
Everything is fine, only I didn’t create sys-usb, I’ve read seemingly all the threads on the forum and documentation on the website, but I can’t figure out which commands to use to make one usb controller connected to dom0 (I have 3 usb controllers) and what to do for the flash drive which has the headers, the manual above is not really clear on this
I read that it is better to create sys-usb with this command to hide controllers: qubesctl state.sls qvm.sys-usb
(I have a laptop so I don’t need a usb keyboard)
In short, how do I give a particular usb controller dom0 for an external SSD and give all the others to sys-usb?
And what should I do for external encrypted media with boot and header? If yes what should I do?
I don’t know what to do next and I’m afraid to use a system without sys-usb.
I will be very grateful for help. Thanks in advance!
I found a solution for the external SSD, all you have to do is to create a sys-usb if it does not already exist with the command qubesctl state.sls qvm.sys-usb
If you have a USB keyboard, then qubesctl state.sls qvm.usb-keyboard
Then find out which USB controller you want to use for your external SSD lspci
and remove that USB controller so that it goes directly into dom0 qvm-pci detach sys-usb <backend>:<bdf>
But, I still do not understand what to do with flash drive on which are boot and header, for it also need to provide a separate USB controller? Is it necessary to have it in the notebook all the time or can it be taken out after booting?
you can remove it after boot, see the disclaimer, if you use sys-usb, you should turn off auto start sys-usb iff you want to upgrade kernel, so the boot and efi partition ain’t removed.
Thanks for the reply, it helped me a lot.
What do you mean by “Update Kernel”, does it mean that if I don’t add this parmeter, when I update my linux kernel in dom0, I will have /boot efi erased?
after you installing new kernel, you need to generate initramfs and boot config for your new kernel. But since our /boot and efi partition is removed (the default sys-usb will assign every usb controller), it would likely fail (the installation finished but you can’t boot to your newer kernel, since there’s no initramfs and boot config there).
Thank you. Does this mean that when upgrading dom0 the flash drive must be inserted and reassigned from sys-usb to dom0 (or can you just turn off sys-usb and the flash drive will automatically be assigned to dom0?)
Or does this have to be done manually after the upgrade?
Thanks again from the bottom of my heart
Great, thank you!
Do you have to disable the autostart with the kernel parameter qubes_skip.autostart or can you uncheck the autostart checkbox in the sys-usb settings ?
Or maybe you should do both?