Not so long ago, a new feature was added for USB management: being able to automatically attach devices connected to a given USB port to a given qube.
This is highly specific as you can imagine, it does not filter by device, only by USB port.
This is slightly documented here How to use USB devices | Qubes OS but it’s very light in my opinion. I may write a PR to update the official doc with the guide if people find it ok.
USB port identification
First, you need to have plugged any USB device on the USB port you want to use. Then, you need to identify the USB port identifier from dom0:
[user@dom0 ~]$ qvm-usb list --all
BACKEND:DEVID DESCRIPTION USED BY
sys-usb:3-1.3 0bda:8153_Realtek_USB_10_100_1000_LAN_000001
sys-usb:4-10 8087:0026_8087_0026
sys-usb:4-6.2 041d:01e5_025f_HD_Pro_Webcam_C920_6E2F6104
sys-usb:4-6.5 0bda:1100_Realtek_HID_Device
sys-usb:4-7 5986:9102_Sonix_Technology_Co.__Ltd._BisonCam_NB_Pro
Attach
Secondly, you need to tell Qubes OS which qube should receive USB devices connected to a given port.
qvm-usb attach --persistent $MyQube sys-usb:4-6.2
Each time the qube $MyQube will start, the device on port 4-6.2 will be attached to it (a webcam is currently connected to this port). The qube won’t be able to start if no device is plugged, or if the usb port is attached to another qube.
Be aware that if the qube $MyQube is running, anything you connect to that USB port will be attached to the qube. It does not filter by device, but by port.
But is there a way to tweak this to work based on the device itself instead of the port? For example, could I set it up so my USB WiFi adapter always attaches to sys-net whenever it’s plugged in, no matter which port I use?
This would be useful. Currently I have script that, given one of two possible thuderbolt docking setups, finds and attaches the ethernet NIC when the system boots. It works, but it’s a bit kludgy.
I made a small edit as I was trying to identify a USB port without anything plugged in…
Isn’t the end misleading?
Doesn’t it prevent the qube to start if there is nothing plugged on the port like qvm-device?
I believe that Qubes 4.3 will provide a lot of new features like that (with the new devices API), and that it will be easier to automate this kind of thing.
For R4.3, we are going to have really cool interesting improvements. There is qvm-usb assign [--required]. The qube will not boot if --required is specified. Otherwise the qube will start, and the device will be automatically attached to the assigned qube as soon as it is connected to sys-usb. There is also going to be --ask option. Which will show you a pop-up and asks for your confirmation before attaching it.
I’m not a native speaker either, so it’s an extra layer for misunderstanding!
As a second though, maybe my expectations were higher than what Qubes OS allows us to do right now so I thought that by plugging something in a USB port, it will automatically start a qube. (yeah, it’s nonsense since qvm-device doesn’t allow us to do this right now…)
As for the qube not booting: I persistently attached a USB port to a test-usb-attach qube. Unplugging the device prevents the qube from starting (so the --required option is currently the default one?):
[user@dom0 ~]$ qvm-usb attach --persistent test-usb-attach sys-usb:2-2.1
[user@dom0 ~]$ # Unplug USB device
[user@dom0 ~]$ qvm-start test-usb-attach
usb device sys-usb:2-2.1 not available
Same thing with a device plugged on the port but attached to another qube before.
If test-usb-attach qube is started with a device plugged, it’s impossible to detach it while the qube is running, but it is possible to unplug the device from the USB port:
[user@dom0 ~]$ qvm-usb detach test-usb-attach sys-usb:2-2.1
Can not remove a persistent attachment from a non halted vm
