I have a problem to update the nitrokey in QubesOS.
I made a standaloneVM, installed everything and it works… BUT…
when the update process want to reboot the stick to the bootloader mode, the process crashes.
I think, the problem is, that QubesOS manages USB via sys-usb, so I can not reboot sticks within the VM.
So, I must create something like a second sys-usb, install nitropy there and then use it for the update process of the nitrokey. I think, this could solve the issue, isn’t it?
Is there no official workaround for that?
The keys are sometimes shipped with QubesOS, so there should be an official workaround for that.
you are right you need to attach the usb controller directly to the qube you use for the update. But I recommend to do it within the sys-usb qubes steps would be:
open qubes settings for sys-usb: give it at least 1 GB Ram + connect the Network from none to sys-firewall
Hey, thanks a lot!
Just as I supposed. The thing is, I have sys-usb running as dvm, so I need to attach the usb controller to the extra VM I already made. The thing is, if I attach the usb controller to the new made “nitrokeyVM”, the VM doesn’t start (unable to reset PCI device X). If I detach the X device, it shows me “libxenlight failed to create new domain nitrokeyVM”. So it seems to be not so easy to make another sort of sys-usb.
yeah that can happen. There are a lot of ongoing problems with that in Qubes, which will probably not be solved fast since this is more of a general problem of usb controller. It should work but since nobody else expect of Qubes uses these things like that, a lot of issues are popping up.
I’m on the way to solve this issue.
You should go to the settings of the new made nitrokey-usb-VM and set “strict reset” for all PCI devices you attached. So I can start the VM… next I’ll try to update.
