qusal/salt/sys-usb
2024-02-23 16:55:11 +01:00
..
files/admin/policy chore: copyright update 2024-01-29 16:49:54 +01:00
clone.sls refactor: initial commit 2023-11-13 14:33:28 +00:00
clone.top refactor: initial commit 2023-11-13 14:33:28 +00:00
create.sls chore: copyright update 2024-01-29 16:49:54 +01:00
create.top refactor: initial commit 2023-11-13 14:33:28 +00:00
init.top refactor: initial commit 2023-11-13 14:33:28 +00:00
install-client-cryptsetup.sls refactor: initial commit 2023-11-13 14:33:28 +00:00
install-client-cryptsetup.top refactor: initial commit 2023-11-13 14:33:28 +00:00
install-client-fido.sls fix: modify package names to match Qubes 4.2 2023-12-27 20:00:15 +01:00
install-client-fido.top refactor: initial commit 2023-11-13 14:33:28 +00:00
install-client-proxy.sls refactor: initial commit 2023-11-13 14:33:28 +00:00
install-client-proxy.top refactor: initial commit 2023-11-13 14:33:28 +00:00
install-client.sls refactor: initial commit 2023-11-13 14:33:28 +00:00
install-client.top refactor: initial commit 2023-11-13 14:33:28 +00:00
install.sls fix: modify package names to match Qubes 4.2 2023-12-27 20:00:15 +01:00
install.top refactor: initial commit 2023-11-13 14:33:28 +00:00
keyboard.sls chore: copyright update 2024-01-29 16:49:54 +01:00
keyboard.top refactor: initial commit 2023-11-13 14:33:28 +00:00
README.md doc: prefix qubesctl with sudo 2024-02-23 16:55:11 +01:00

sys-usb

PCI handler of USB devices in Qubes OS.

Table of Contents

Description

Setup named disposables for USB qubes. During creation, it tries to separate the USB controllers to different qubes is possible.

Installation

  • Top:
sudo qubesctl top.enable sys-usb
sudo qubesctl --targets=tpl-sys-usb state.apply
sudo qubesctl top.disable sys-usb
  • State:
sudo qubesctl state.apply sys-usb.create
sudo qubesctl --skip-dom0 --targets=tpl-sys-usb state.apply sys-usb.install

If you use an USB keyboard, also run:

sudo qubesctl state.apply sys-usb.keyboard

Install the proxy on the client template:

sudo qubesctl --skip-dom0 --targets=tpl-QUBE state.apply sys-usb.install-client-proxy

If the client requires decrypting a device, install on the client template:

sudo qubesctl --skip-dom0 --targets=tpl-QUBE state.apply sys-usb.install-client-cryptsetup

If the client requires a FIDO device, install on the client template:

sudo qubesctl --skip-dom0 --targets=tpl-QUBE state.apply sys-usb.install-client-fido

And enable the CTAP Proxy service for the client qubes:

qvm-features QUBE service.qubes-ctap-proxy 1

Access control

No extra services are implemented, consult upstream to learn how to use the following services:

  • qubes.InputMouse, qubes.InputKeyboard, qubes.InputTablet;
  • ctap.GetInfo, ctap.ClientPin, u2f.Register, u2f.Authenticate, policy.RegisterArgument.

Usage

Depending on you system, one or more USB qubes will be created to hold the different controllers. The qube names are disp-sys-usb, disp-sys-usb-left, disp-sys-usb-dock.

Start a USB qube an connect a device to it. USB PCI devices will appear on the system tray icon qui-devices. From there, assign it to the intended qube.

Credits