Usb in dom0 not restricted

edwin · December 21, 2022, 6:31pm

[ 1.743236] dracut-cmdline[265]: Warning: USB in dom0 is not restricted. Consider rd.qubes.hide_all_usb or usbcore.authorized default=0.

Just tried to get back on qubes and this warning comes after the grub. How can I fix this. No changes were made except that the computer was updated and then shutdown once but before it worked like normal.

ChrisA · December 21, 2022, 8:14pm

rd.qubes.hide_all_usb

is a kernel option - you test it by editing GRUB at boot and add it after eg. quiet. To make it permanent, look at dom0:/etc/default/grub

You can search the forum like:
https://forum.qubes-os.org/search?q=rd.qubes.hide_all_usb

edwin · December 21, 2022, 9:19pm

I tried this but it gives me a black screen right after

enmus · December 21, 2022, 9:53pm

Please give more info

http://www.catb.org/~esr/faqs/smart-questions.html

edwin · December 21, 2022, 10:17pm

I used this computer for months. A family member did an update and I moved the computer to a different room. Then when I logged in I got the warning listed above in the post.

On startup there are two options:

Qubes, xen hypervisor
Advanced options for qubes (with xen hypervisor)

I hit “e” for edit with the highlight on the first option “Qubes, xen hypervisor”

I scrolled to the bottom where I see “module 2 … rhgb quiet”

After quiet I entered a space and then the text “rd.qubes.hide_all_usb”

I then hit “crtl + x”.

Text flashed by so fast I couldnt see but it didnt look like any errors, just “Loading…” and then the screen is black and stays black.

I then went to the Advanced option at the blue startup screen I listed above “Advanced options for Qubes (with Xen hypervisor)” and was given a list:

Xen hypervisor, version 4.14.5
Xen hypervisor, version 4.14.5.config
Xen hypervisor, version 4.14.3
Xen hypervisor, version 4.14.3.config

We repeated the step of adding “rd.qubes.hide_all_usb” after “quiet” for the first 2 (“Xen hypervisor, version 4.14.5” and “Xen hypervisor, version 4.14.5.config”)

We get the black screen every time.

Edit: We moved HDMI cord from motherboard HDMI slot to the Graphics card HDMI slot and it fixed the issue.

fsflover · December 28, 2022, 11:20am

Some people, including some core developers, are interacting with this forum via email. They do not receive the edits made after 10 minutes. For them, it would be useful to make new posts instead of updating the original one. (My current post will let them see your update).