What template should sys-usb have? I currently have default-dvm on qubes 4.2. Is this an issue? Because my sys-usb qube just shut down itself without user input and I found nothing in logs after hard restarting with power down button. I also have some questions about the security implications of using it, if I disallow auto keyboard/mouse access from settings, how can I allow them after I startup qubes? I wouldn’t like to be locked from my os. And if I can create a USB qube that gets malicious USB, what in the devices section should I give it?I appreciate if anyone could explain it to me or link me specific documentation to these issue.
Thanks for the help and happy new year!
No reply 
You ask a community forum a question the last day of the year, you shouldn’t be surprised to have to wait for an answer 
sys-usb can use any template, they should all work. Having your sys-usb shutting down itself is not something normal. Is it a disposable vm ?
You could try switching it to another template to see if it helps (the biggest difference would be to switch between fedora and debian).
Does it happen when you connect/disconnect some USB peripherals? Maybe the VM crashes because of an USB issue 
4 Likes
Sorry for that.
It’s not disposable or at least ‘is DVM template’ doesn’t say yes.
But has default-dvm has the template.
I currently don’t want to this, I would like to keep system qubes as stock as possible.
But if the shutdown happens again, maybe I will think about that.
System was basically idling so no.
A disposable is a VM which is reset every reboot. It’s based on a Disposable template, which provides its /home partition, and the Disposable template in turn is based on a Template which provides its /root partition.
Switching a template is a quick and easily revertible action. It can be done in the Template Manager (in Qube Manager).
It’s defined in the Qube Manager / Global Settings. Fedora by default.
Which logs did you try to check? Did you try journalctl -f in dom0?
You can choose that Qubes asks you every time you boot if you want to use the connected keyboard/mouse. It’s chosen in the corresponding Policy file, /etc/qubes-rpc/policy/qubes.InputMouse. See also: Hardened option for single USB keyboard · Issue #8820 · QubesOS/qubes-issues · GitHub.
This question is not very clear. You USB devices are connected to sys-usb by defaut. Only after that you can use Qubes Devies widget to connect them to another qube. If you have more than one USB controller, you should create separate sys-usb VMs for each controller, thus isolating your keyboard and mouse from other devices.
1 Like