mirror of https://github.com/ben-grande/qusal.git synced 2024-10-01 02:35:49 -04:00

History

Ben Grande 040594ae74 fix: do not remove created dvm The removal was first implemented to get a clean state of the qube, but there are side effects, it fails if the user created a named disposable based on the dvm and also removes the (dvm) entry from the appmenu. The sys-usb case is a workaround in case the user selected a non-disposable, an appvm sys-usb during system installation.		2024-01-10 14:27:44 +01:00
..
files/admin/policy	fix: organize sys-usb policy per service	2024-01-10 12:49:20 +01:00
clone.sls	refactor: initial commit	2023-11-13 14:33:28 +00:00
clone.top	refactor: initial commit	2023-11-13 14:33:28 +00:00
create.sls	fix: do not remove created dvm	2024-01-10 14:27:44 +01:00
create.top	refactor: initial commit	2023-11-13 14:33:28 +00:00
init.top	refactor: initial commit	2023-11-13 14:33:28 +00:00
install-client-cryptsetup.sls	refactor: initial commit	2023-11-13 14:33:28 +00:00
install-client-cryptsetup.top	refactor: initial commit	2023-11-13 14:33:28 +00:00
install-client-fido.sls	fix: modify package names to match Qubes 4.2	2023-12-27 20:00:15 +01:00
install-client-fido.top	refactor: initial commit	2023-11-13 14:33:28 +00:00
install-client-proxy.sls	refactor: initial commit	2023-11-13 14:33:28 +00:00
install-client-proxy.top	refactor: initial commit	2023-11-13 14:33:28 +00:00
install-client.sls	refactor: initial commit	2023-11-13 14:33:28 +00:00
install-client.top	refactor: initial commit	2023-11-13 14:33:28 +00:00
install.sls	fix: modify package names to match Qubes 4.2	2023-12-27 20:00:15 +01:00
install.top	refactor: initial commit	2023-11-13 14:33:28 +00:00
keyboard.sls	feat: policy support for multiple sys-usb qubes	2024-01-09 18:44:50 +01:00
keyboard.top	refactor: initial commit	2023-11-13 14:33:28 +00:00
README.md	doc: missing access control for sys-usb	2024-01-10 12:50:02 +01:00

README.md

sys-usb

PCI handler of USB devices in Qubes OS.

Description
Installation
Access control
Usage
Credits

Description

Setup named disposables for USB qubes. During creation, it tries to separate the USB controllers to different qubes is possible.

Installation

Top:

qubesctl top.enable sys-usb
qubesctl --targets=tpl-sys-usb state.apply
qubesctl top.disable sys-usb

State:

qubesctl state.apply sys-usb.create
qubesctl --skip-dom0 --targets=tpl-sys-usb state.apply sys-usb.install

If you use an USB keyboard, also run:

qubesctl state.apply sys-usb.keyboard

Install the proxy on the client template:

qubesctl --skip-dom0 --targets=tpl-QUBE state.apply sys-usb.install-client-proxy

If the client requires decrypting a device, install on the client template:

qubesctl --skip-dom0 --targets=tpl-QUBE state.apply sys-usb.install-client-cryptsetup

If the client requires a FIDO device, install on the client template:

qubesctl --skip-dom0 --targets=tpl-QUBE state.apply sys-usb.install-client-fido

And enable the CTAP Proxy service for the client qubes:

qvm-features QUBE service.qubes-ctap-proxy 1

Access control

No extra services are implemented, consult upstream to learn how to use the following services:

qubes.InputMouse, qubes.InputKeyboard, qubes.InputTablet;
ctap.GetInfo, ctap.ClientPin, u2f.Register, u2f.Authenticate, policy.RegisterArgument.

Usage

Start a USB qube an connect a device to it. USB PCI devices will appear on the system tray icon qui-devices. From there, assign it to the intended qube.

Credits

Unman