AudioVM outside of dom0

[coypoop]

Currently, PulseAudio is running in the VMs and passing all the audio data over the network to a PulseAudio instance running on dom0.
However, this provides an unnecessary possibility for attacks on dom0, perhaps even between domU instances.
I believe that a similar set-up to NetVM can be equally powerful without providing this possibility for an attack.

I must say, this works very beautifully and is very user friendly. I've had Linux distros running on bare metal work less well out of the box with audio.

[marmarek]

Good idea. Dedicated SoundVM would be good idea. Reusing NetVM isn't good because this VM will have access to the audio hardware, including microphone.

A correction to the description:

• "over the network" - not a network (dom0 has no network), but vchan (socket-like inter-VM connection)
• there is no pulseaudio protocol there, only raw samples, with predefined format (2 channels, S16LE, 44.1kHz), so the attack surface is quite small

But still, having even less hardware "in dom0" is a good idea. It would also ease things like USB sound cards or bluetooth headphones - when you use USB VM as SoundVM.

[v6ak]

I don't think there is much attack surface there, but it still might be useful, e.g. for optional streaming audio output over network. In such case, sound output should probably use a different VM than sound input.

But I am not sure if a major improvement can be done there without too much of work. (E.g. I am not sure if network sound is so important for many users. And I am not sure if just moving the sound to a separate VM brings enough advantages.)

[marmarek]

But I am not sure if a major improvement can be done there without too much of work.

This is why I've assigned "Far in the future" milestone ;)

Anyway changes on pulseaudio side would be trivial - just change target domain ID. Much more work would be needed on configuration/management side, like tools to choose which VM would be sound VM.

[mattmccutchen]

I'm planning to work on this soon. See thread.

[olekli]

Has anything been implemented regarding this issue?

Has it been decided how to approach this issue? I would strongly propose any solution that allows using sys-usb as AudioVM to circumvent the need for USB forwarding of audio hardware.

I definitely want to do this for myself one way or another. (USB forwarding does not agree with my audio hardware.) So I'd be happy to contribute implementation.

@mattmccutchen @andrewdavidwong

[mattmccutchen]

I ended up deciding not to work on this.

[andrewdavidwong]

Thanks for the update, @mattmccutchen.

@tfm1, if you decide to start working on this, please let us know.

[marmarek]

This is partially implemented in:
QubesOS/qubes-gui-agent-linux#66
QubesOS/qubes-gui-daemon#27

Also, gui-daemon component (including backend side of pulseaudio) is already built for VM (as part of #833 ). I'll also add gui-agent-linux building for dom0, so the other side would also be available everywhere.
cc @xaki23

The missing part is some tooling to integrate it all together, with a simple switch for the user. This means:

• setting what should be SoundVM for each vm (a new property?)
• arranging appropriate pacat-simple-vchan processes (currently started by gui-daemon, probably should be extracted into separate tool similar to qvm-start-gui)
• setting appropriate module-vchan-sink parameters (no longer hardcoded dom0)
• controlling audio input (mostly done in Switch audio-input control to qrexec+QubesDB qubes-gui-daemon#26)
• possibly dynamic configuration with qvm-device - not only a single SoundVM set as a property, but dynamic (re)configuration, like switching between built-in sound card ("soundvm") and bluetooth speakers (sys-usb?)

[92VV3M42d3v8]

Is there a way to test this?

[TomGrozev]

Is there a way to implement this into an already running Qubes instance?

[schrorg]

During testing, I came to the point when I set up PCI passthrough for my audio device. Unfortunately, it seems to need ACPI NHLT table:

user@sys-audio: $ sudo dmesg | grep -i nhlt
[ 2.677896] snd_soc_skl 0000:00:07.0: NHLT table not found
[ 2.696007] sof-audio-pci 0000:00:07.0: NHLT table not found

Is there any way to enable NHLT table in DomU?

[marmarek]

You probably could copy it from dom0 (/sys/firmware/acpi/tables/) into VM's /boot and use grub in VM (not enabled by default) to load it. But I doubt it will be enough, the devices and addresses described in the table most likely won't match the VM's view of the system.
From what I see in the spec and in the kernel sources, it should be just a hint what audio channel is where, but not really necessary to have any audio at all. Can you post a bit broader set of kernel messages? Maybe there is some more info why it actually failed.

[schrorg]

I can't recognize more info about why it actually failed, so this is the full output of 'dmesg' in my debian 11 test-vm:

[    0.000000] Linux version 5.10.54-1.fc32.qubes.x86_64 (mockbuild@build-fedora4) (gcc (GCC) 10.3.1 20210422 (Red Hat 10.3.1-1), GNU ld version 2.34-6.fc32) #1 SMP Fri Jul 30 18:17:00 CEST 2021
[    0.000000] Command line: root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 xen_scrub_pages=0  apparmor=1 security=apparmor
[    0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
[    0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
[    0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
[    0.000000] x86/fpu: xstate_offset[2]:  576, xstate_sizes[2]:  256
[    0.000000] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'compacted' format.
[    0.000000] BIOS-provided physical RAM map:
[    0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
[    0.000000] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved
[    0.000000] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved
[    0.000000] BIOS-e820: [mem 0x0000000000100000-0x0000000017ffefff] usable
[    0.000000] BIOS-e820: [mem 0x0000000017fff000-0x0000000017ffffff] reserved
[    0.000000] BIOS-e820: [mem 0x00000000fc000000-0x00000000fc00afff] ACPI NVS
[    0.000000] BIOS-e820: [mem 0x00000000fc00b000-0x00000000ffffffff] reserved
[    0.000000] NX (Execute Disable) protection: active
[    0.000000] SMBIOS 2.4 present.
[    0.000000] DMI: Xen HVM domU, BIOS 4.14.2 07/09/2021
[    0.000000] Hypervisor detected: Xen HVM
[    0.000000] Xen version 4.14.
[    0.000000] Xen Platform PCI: I/O protocol version 1
[    0.000000] Netfront and the Xen platform PCI driver have been compiled for this kernel: unplug emulated NICs.
[    0.000000] Blkfront and the Xen platform PCI driver have been compiled for this kernel: unplug emulated disks.
               You might have to change the root device
               from /dev/hd[a-d] to /dev/xvd[a-d]
               in your root= kernel command line option
[    0.000005] HVMOP_pagetable_dying not supported
[    0.014604] tsc: Fast TSC calibration using PIT
[    0.014607] tsc: Detected 2112.226 MHz processor
[    0.014607] tsc: Detected 2112.274 MHz TSC
[    0.015216] e820: update [mem 0x00000000-0x00000fff] usable ==> reserved
[    0.015219] e820: remove [mem 0x000a0000-0x000fffff] usable
[    0.015222] last_pfn = 0x17fff max_arch_pfn = 0x400000000
[    0.015248] MTRR default type: write-back
[    0.015249] MTRR fixed ranges enabled:
[    0.015250]   00000-9FFFF write-back
[    0.015251]   A0000-BFFFF write-combining
[    0.015252]   C0000-FFFFF write-back
[    0.015253] MTRR variable ranges enabled:
[    0.015254]   0 base 00F0000000 mask 7FF0000000 uncachable
[    0.015254]   1 disabled
[    0.015255]   2 disabled
[    0.015255]   3 disabled
[    0.015256]   4 disabled
[    0.015256]   5 disabled
[    0.015256]   6 disabled
[    0.015257]   7 disabled
[    0.016343] x86/PAT: Configuration [0-7]: WB  WC  UC- UC  WB  WP  UC- WT  
[    0.020521] found SMP MP-table at [mem 0x000f5a60-0x000f5a6f]
[    0.020736] Using GB pages for direct mapping
[    0.020933] RAMDISK: [mem 0x177ba000-0x17feffff]
[    0.020941] ACPI: Early table checksum verification disabled
[    0.020943] ACPI: RSDP 0x00000000000F59B0 000024 (v02 Xen   )
[    0.020955] ACPI: XSDT 0x00000000FC00A650 000054 (v01 Xen    HVM      00000000 HVML 00000000)
[    0.020966] ACPI: FACP 0x00000000FC00A370 0000F4 (v04 Xen    HVM      00000000 HVML 00000000)
[    0.021004] ACPI: DSDT 0x00000000FC001040 0092A3 (v02 Xen    HVM      00000000 INTL 20190509)
[    0.021007] ACPI: FACS 0x00000000FC001000 000040
[    0.021010] ACPI: FACS 0x00000000FC001000 000040
[    0.021013] ACPI: APIC 0x00000000FC00A470 000070 (v02 Xen    HVM      00000000 HVML 00000000)
[    0.021017] ACPI: HPET 0x00000000FC00A560 000038 (v01 Xen    HVM      00000000 HVML 00000000)
[    0.021020] ACPI: WAET 0x00000000FC00A5A0 000028 (v01 Xen    HVM      00000000 HVML 00000000)
[    0.021024] ACPI: SSDT 0x00000000FC00A5D0 000031 (v02 Xen    HVM      00000000 INTL 20190509)
[    0.021027] ACPI: SSDT 0x00000000FC00A610 000031 (v02 Xen    HVM      00000000 INTL 20190509)
[    0.021029] ACPI: Reserving FACP table memory at [mem 0xfc00a370-0xfc00a463]
[    0.021030] ACPI: Reserving DSDT table memory at [mem 0xfc001040-0xfc00a2e2]
[    0.021031] ACPI: Reserving FACS table memory at [mem 0xfc001000-0xfc00103f]
[    0.021032] ACPI: Reserving FACS table memory at [mem 0xfc001000-0xfc00103f]
[    0.021033] ACPI: Reserving APIC table memory at [mem 0xfc00a470-0xfc00a4df]
[    0.021033] ACPI: Reserving HPET table memory at [mem 0xfc00a560-0xfc00a597]
[    0.021034] ACPI: Reserving WAET table memory at [mem 0xfc00a5a0-0xfc00a5c7]
[    0.021035] ACPI: Reserving SSDT table memory at [mem 0xfc00a5d0-0xfc00a600]
[    0.021036] ACPI: Reserving SSDT table memory at [mem 0xfc00a610-0xfc00a640]
[    0.021067] ACPI: Local APIC address 0xfee00000
[    0.022041] No NUMA configuration found
[    0.022043] Faking a node at [mem 0x0000000000000000-0x0000000017ffefff]
[    0.022052] NODE_DATA(0) allocated [mem 0x1778f000-0x177b9fff]
[    0.022884] Zone ranges:
[    0.022886]   DMA      [mem 0x0000000000001000-0x0000000000ffffff]
[    0.022888]   DMA32    [mem 0x0000000001000000-0x0000000017ffefff]
[    0.022889]   Normal   empty
[    0.022890]   Device   empty
[    0.022891] Movable zone start for each node
[    0.022893] Early memory node ranges
[    0.022894]   node   0: [mem 0x0000000000001000-0x000000000009efff]
[    0.022895]   node   0: [mem 0x0000000000100000-0x0000000017ffefff]
[    0.022897] Initmem setup node 0 [mem 0x0000000000001000-0x0000000017ffefff]
[    0.022898] On node 0 totalpages: 98205
[    0.022899]   DMA zone: 64 pages used for memmap
[    0.022900]   DMA zone: 21 pages reserved
[    0.022900]   DMA zone: 3998 pages, LIFO batch:0
[    0.022901]   DMA32 zone: 1472 pages used for memmap
[    0.022902]   DMA32 zone: 94207 pages, LIFO batch:31
[    0.022904] On node 0, zone DMA: 1 pages in unavailable ranges
[    0.022934] On node 0, zone DMA: 97 pages in unavailable ranges
[    0.023643] On node 0, zone DMA32: 1 pages in unavailable ranges
[    0.025837] ACPI: PM-Timer IO Port: 0xb008
[    0.025840] ACPI: Local APIC address 0xfee00000
[    0.025888] IOAPIC[0]: apic_id 1, version 17, address 0xfec00000, GSI 0-47
[    0.025891] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
[    0.025893] ACPI: INT_SRC_OVR (bus 0 bus_irq 5 global_irq 5 low level)
[    0.025895] ACPI: INT_SRC_OVR (bus 0 bus_irq 10 global_irq 10 low level)
[    0.025897] ACPI: INT_SRC_OVR (bus 0 bus_irq 11 global_irq 11 low level)
[    0.025900] ACPI: IRQ0 used by override.
[    0.025900] ACPI: IRQ5 used by override.
[    0.025901] ACPI: IRQ9 used by override.
[    0.025901] ACPI: IRQ10 used by override.
[    0.025902] ACPI: IRQ11 used by override.
[    0.025905] Using ACPI (MADT) for SMP configuration information
[    0.025906] ACPI: HPET id: 0x8086a201 base: 0xfed00000
[    0.025908] TSC deadline timer available
[    0.025913] smpboot: Allowing 2 CPUs, 0 hotplug CPUs
[    0.025921] [mem 0x18000000-0xfbffffff] available for PCI devices
[    0.025922] Booting paravirtualized kernel on Xen HVM
[    0.025925] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1910969940391419 ns
[    0.030182] setup_percpu: NR_CPUS:8192 nr_cpumask_bits:2 nr_cpu_ids:2 nr_node_ids:1
[    0.030268] percpu: Embedded 54 pages/cpu s184320 r8192 d28672 u1048576
[    0.030273] pcpu-alloc: s184320 r8192 d28672 u1048576 alloc=1*2097152
[    0.030274] pcpu-alloc: [0] 0 1 
[    0.030293] xen: PV spinlocks enabled
[    0.030296] PV qspinlock hash table entries: 256 (order: 0, 4096 bytes, linear)
[    0.030299] Built 1 zonelists, mobility grouping on.  Total pages: 96648
[    0.030299] Policy zone: DMA32
[    0.030301] Kernel command line: root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 xen_scrub_pages=0  apparmor=1 security=apparmor
[    0.030323] You have booted with nomodeset. This means your GPU drivers are DISABLED
[    0.030323] Any video related functionality will be severely degraded, and you may not even be able to suspend the system properly
[    0.030324] Unless you actually understand what nomodeset does, you should reboot without enabling it
[    0.030402] Dentry cache hash table entries: 65536 (order: 7, 524288 bytes, linear)
[    0.030411] Inode-cache hash table entries: 32768 (order: 6, 262144 bytes, linear)
[    0.030440] mem auto-init: stack:byref_all(zero), heap alloc:off, heap free:off
[    0.031048] Memory: 335484K/392820K available (16393K kernel code, 3433K rwdata, 5376K rodata, 3004K init, 4716K bss, 57076K reserved, 0K cma-reserved)
[    0.031053] random: get_random_u64 called from kmem_cache_open+0x20/0x210 with crng_init=0
[    0.031116] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1
[    0.031123] Kernel/User page tables isolation: enabled
[    0.031133] ftrace: allocating 49285 entries in 193 pages
[    0.043673] ftrace: allocated 193 pages with 3 groups
[    0.043735] rcu: Hierarchical RCU implementation.
[    0.043736] rcu: 	RCU restricting CPUs from NR_CPUS=8192 to nr_cpu_ids=2.
[    0.043737] 	Trampoline variant of Tasks RCU enabled.
[    0.043737] 	Rude variant of Tasks RCU enabled.
[    0.043738] 	Tracing variant of Tasks RCU enabled.
[    0.043739] rcu: RCU calculated value of scheduler-enlistment delay is 100 jiffies.
[    0.043740] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=2
[    0.046558] NR_IRQS: 524544, nr_irqs: 512, preallocated irqs: 16
[    0.046583] xen:events: Using FIFO-based ABI
[    0.046588] xen:events: Xen HVM callback vector for event delivery is enabled
[    0.046711] random: crng done (trusting CPU's manufacturer)
[    0.105668] Console: colour VGA+ 80x25
[    0.199055] printk: console [hvc0] enabled
[    0.199085] ACPI: Core revision 20200925
[    0.201693] clocksource: hpet: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 30580167144 ns
[    0.201774] APIC: Switch to symmetric I/O mode setup
[    0.202342] x2apic: IRQ remapping doesn't support X2APIC mode
[    0.204793] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=0 pin2=0
[    0.209369] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x1e727b7a76c, max_idle_ns: 440795311108 ns
[    0.209394] Calibrating delay loop (skipped), value calculated using timer frequency.. 4224.54 BogoMIPS (lpj=2112274)
[    0.209415] pid_max: default: 32768 minimum: 301
[    0.209444] LSM: Security Framework initializing
[    0.209461] Yama: becoming mindful.
[    0.209485] AppArmor: AppArmor initialized
[    0.209503] Mount-cache hash table entries: 1024 (order: 1, 8192 bytes, linear)
[    0.209520] Mountpoint-cache hash table entries: 1024 (order: 1, 8192 bytes, linear)
[    0.209773] Last level iTLB entries: 4KB 128, 2MB 8, 4MB 8
[    0.209785] Last level dTLB entries: 4KB 64, 2MB 0, 4MB 0, 1GB 4
[    0.209799] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization
[    0.209817] Spectre V2 : Mitigation: Full generic retpoline
[    0.209827] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch
[    0.209843] Spectre V2 : Enabling Restricted Speculation for firmware calls
[    0.209856] Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier
[    0.209874] Spectre V2 : User space: Mitigation: STIBP via seccomp and prctl
[    0.209888] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled via prctl and seccomp
[    0.209908] SRBDS: Unknown: Dependent on hypervisor status
[    0.209918] MDS: Mitigation: Clear CPU buffers
[    0.210107] Freeing SMP alternatives memory: 44K
[    0.211560] clocksource: xen: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
[    0.211585] Xen: using vcpuop timer interface
[    0.211591] installing Xen timer for CPU 0
[    0.211648] smpboot: CPU0: Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz (family: 0x6, model: 0x8e, stepping: 0xc)
[    0.211690] cpu 0 spinlock event irq 52
[    0.211804] Performance Events: unsupported p6 CPU model 142 no PMU driver, software events only.
[    0.211843] rcu: Hierarchical SRCU implementation.
[    0.212119] NMI watchdog: Perf NMI watchdog permanently disabled
[    0.212158] smp: Bringing up secondary CPUs ...
[    0.212222] installing Xen timer for CPU 1
[    0.212268] x86: Booting SMP configuration:
[    0.212277] .... node  #0, CPUs:      #1
[    0.212776] cpu 1 spinlock event irq 57
[    0.212776] smp: Brought up 1 node, 2 CPUs
[    0.212776] smpboot: Max logical packages: 1
[    0.212776] smpboot: Total of 2 processors activated (8449.09 BogoMIPS)
[    0.213533] devtmpfs: initialized
[    0.213533] x86/mm: Memory block size: 128MB
[    0.213579] PM: Registering ACPI NVS region [mem 0xfc000000-0xfc00afff] (45056 bytes)
[    0.213579] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1911260446275000 ns
[    0.213579] futex hash table entries: 512 (order: 3, 32768 bytes, linear)
[    0.213579] pinctrl core: initialized pinctrl subsystem
[    0.213617] PM: RTC time: 16:09:47, date: 2021-08-06
[    0.213730] NET: Registered protocol family 16
[    0.213824] DMA: preallocated 128 KiB GFP_KERNEL pool for atomic allocations
[    0.213842] DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations
[    0.213859] DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations
[    0.213879] audit: initializing netlink subsys (disabled)
[    0.213906] audit: type=2000 audit(1628266187.021:1): state=initialized audit_enabled=0 res=1
[    0.214400] thermal_sys: Registered thermal governor 'fair_share'
[    0.214401] thermal_sys: Registered thermal governor 'bang_bang'
[    0.214415] thermal_sys: Registered thermal governor 'step_wise'
[    0.214427] thermal_sys: Registered thermal governor 'user_space'
[    0.214449] cpuidle: using governor menu
[    0.214515] ACPI: bus type PCI registered
[    0.214928] PCI: Using configuration type 1 for base access
[    0.215808] Kprobes globally optimized
[    0.216448] HugeTLB registered 1.00 GiB page size, pre-allocated 0 pages
[    0.216448] HugeTLB registered 2.00 MiB page size, pre-allocated 0 pages
[    0.301492] cryptd: max_cpu_qlen set to 1000
[    0.302532] alg: No test for 842 (842-generic)
[    0.302532] alg: No test for 842 (842-scomp)
[    0.305509] raid6: skip pq benchmark and using algorithm avx2x4
[    0.305509] raid6: using avx2x2 recovery algorithm
[    0.305509] ACPI: Added _OSI(Module Device)
[    0.305509] ACPI: Added _OSI(Processor Device)
[    0.305509] ACPI: Added _OSI(3.0 _SCP Extensions)
[    0.305517] ACPI: Added _OSI(Processor Aggregator Device)
[    0.305528] ACPI: Added _OSI(Linux-Dell-Video)
[    0.305538] ACPI: Added _OSI(Linux-Lenovo-NV-HDMI-Audio)
[    0.305549] ACPI: Added _OSI(Linux-HPI-Hybrid-Graphics)
[    0.312754] ACPI: 3 ACPI AML tables successfully acquired and loaded
[    0.313378] xen: --> pirq=17 -> irq=9 (gsi=9)
[    0.315731] ACPI: Interpreter enabled
[    0.315749] ACPI: (supports S0 S3 S5)
[    0.315758] ACPI: Using IOAPIC for interrupt routing
[    0.315782] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug
[    0.316086] ACPI: Enabled 2 GPEs in block 00 to 0F
[    0.322531] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff])
[    0.322551] acpi PNP0A03:00: _OSC: OS supports [ASPM ClockPM Segments MSI EDR HPX-Type3]
[    0.322575] acpi PNP0A03:00: fail to add MMCONFIG information, can't access extended PCI configuration space under this bridge.
[    0.322844] PCI host bridge to bus 0000:00
[    0.322857] pci_bus 0000:00: root bus resource [io  0x0000-0x0cf7 window]
[    0.322870] pci_bus 0000:00: root bus resource [io  0x0d00-0xffff window]
[    0.322885] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff window]
[    0.322901] pci_bus 0000:00: root bus resource [mem 0xf0000000-0xfbffffff window]
[    0.322917] pci_bus 0000:00: root bus resource [bus 00-ff]
[    0.323133] pci 0000:00:00.0: [8086:1237] type 00 class 0x060000
[    0.325398] pci 0000:00:01.0: [8086:7000] type 00 class 0x060100
[    0.328038] pci 0000:00:01.1: [8086:7010] type 00 class 0x010180
[    0.329670] pci 0000:00:01.1: reg 0x20: [io  0xc300-0xc30f]
[    0.330296] pci 0000:00:01.1: legacy IDE quirk: reg 0x10: [io  0x01f0-0x01f7]
[    0.330314] pci 0000:00:01.1: legacy IDE quirk: reg 0x14: [io  0x03f6]
[    0.330328] pci 0000:00:01.1: legacy IDE quirk: reg 0x18: [io  0x0170-0x0177]
[    0.330343] pci 0000:00:01.1: legacy IDE quirk: reg 0x1c: [io  0x0376]
[    0.331029] pci 0000:00:01.3: [8086:7113] type 00 class 0x068000
[    0.333229] pci 0000:00:01.3: quirk: [io  0xb000-0xb03f] claimed by PIIX4 ACPI
[    0.333293] pci 0000:00:01.3: quirk: [io  0xb100-0xb10f] claimed by PIIX4 SMB
[    0.334271] pci 0000:00:02.0: [5853:0001] type 00 class 0xff8000
[    0.335396] pci 0000:00:02.0: reg 0x10: [io  0xc000-0xc0ff]
[    0.336324] pci 0000:00:02.0: reg 0x14: [mem 0xf0000000-0xf0ffffff pref]
[    0.340491] pci 0000:00:04.0: [1234:1111] type 00 class 0x030000
[    0.341397] pci 0000:00:04.0: reg 0x10: [mem 0xf1000000-0xf1ffffff pref]
[    0.342707] pci 0000:00:04.0: reg 0x18: [mem 0xf2116000-0xf2116fff]
[    0.345883] pci 0000:00:04.0: reg 0x30: [mem 0xf2100000-0xf210ffff pref]
[    0.346698] pci 0000:00:05.0: [8086:24cd] type 00 class 0x0c0320
[    0.347688] pci 0000:00:05.0: reg 0x10: [mem 0xf2117000-0xf2117fff]
[    0.352867] pci 0000:00:07.0: [8086:02c8] type 00 class 0x040380
[    0.355415] pci 0000:00:07.0: reg 0x10: [mem 0xf2110000-0xf2113fff 64bit]
[    0.361416] pci 0000:00:07.0: reg 0x20: [mem 0xf2000000-0xf20fffff 64bit]
[    0.367676] ACPI: PCI Interrupt Link [LNKA] (IRQs *5 10 11)
[    0.368005] ACPI: PCI Interrupt Link [LNKB] (IRQs 5 *10 11)
[    0.368294] ACPI: PCI Interrupt Link [LNKC] (IRQs 5 10 *11)
[    0.368519] ACPI: PCI Interrupt Link [LNKD] (IRQs *5 10 11)
[    0.370664] xen:balloon: Initialising balloon driver
[    0.371486] iommu: Default domain type: Translated 
[    0.371503] pci 0000:00:04.0: vgaarb: setting as boot VGA device
[    0.371517] pci 0000:00:04.0: vgaarb: VGA device added: decodes=io+mem,owns=io+mem,locks=none
[    0.371536] pci 0000:00:04.0: vgaarb: bridge control possible
[    0.371549] vgaarb: loaded
[    0.371619] SCSI subsystem initialized
[    0.371646] libata version 3.00 loaded.
[    0.371646] ACPI: bus type USB registered
[    0.371646] usbcore: registered new interface driver usbfs
[    0.371646] usbcore: registered new interface driver hub
[    0.371646] usbcore: registered new device driver usb
[    0.371646] pps_core: LinuxPPS API ver. 1 registered
[    0.371646] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <[email protected]>
[    0.371646] PTP clock support registered
[    0.371646] EDAC MC: Ver: 3.0.0
[    0.372910] NetLabel: Initializing
[    0.372910] NetLabel:  domain hash size = 128
[    0.372910] NetLabel:  protocols = UNLABELED CIPSOv4 CALIPSO
[    0.372910] NetLabel:  unlabeled traffic allowed by default
[    0.372910] PCI: Using ACPI for IRQ routing
[    0.372910] PCI: pci_cache_line_size set to 64 bytes
[    0.373923] e820: reserve RAM buffer [mem 0x0009fc00-0x0009ffff]
[    0.373925] e820: reserve RAM buffer [mem 0x17fff000-0x17ffffff]
[    0.373940] hpet: 3 channels of 0 reserved for per-cpu timers
[    0.373940] hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0
[    0.373940] hpet0: 3 comparators, 64-bit 62.500000 MHz counter
[    0.376422] clocksource: Switched to clocksource xen
[    0.386652] VFS: Disk quotas dquot_6.6.0
[    0.386674] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
[    0.386761] AppArmor: AppArmor Filesystem Enabled
[    0.386788] pnp: PnP ACPI init
[    0.386850] system 00:00: [mem 0x00000000-0x0009ffff] could not be reserved
[    0.386868] system 00:00: Plug and Play ACPI device, IDs PNP0c02 (active)
[    0.386919] system 00:01: [io  0x08a0-0x08a3] has been reserved
[    0.386934] system 00:01: [io  0x0cc0-0x0ccf] has been reserved
[    0.386947] system 00:01: [io  0x04d0-0x04d1] has been reserved
[    0.386961] system 00:01: Plug and Play ACPI device, IDs PNP0c02 (active)
[    0.386980] xen: --> pirq=18 -> irq=8 (gsi=8)
[    0.386988] pnp 00:02: Plug and Play ACPI device, IDs PNP0b00 (active)
[    0.387003] xen: --> pirq=19 -> irq=12 (gsi=12)
[    0.387011] pnp 00:03: Plug and Play ACPI device, IDs PNP0f13 (active)
[    0.387026] xen: --> pirq=20 -> irq=1 (gsi=1)
[    0.387033] pnp 00:04: Plug and Play ACPI device, IDs PNP0303 PNP030b (active)
[    0.387046] xen: --> pirq=21 -> irq=6 (gsi=6)
[    0.387047] pnp 00:05: [dma 2]
[    0.387054] pnp 00:05: Plug and Play ACPI device, IDs PNP0700 (active)
[    0.387100] system 00:06: [io  0xae00-0xae0f] has been reserved
[    0.387115] system 00:06: [io  0xb044-0xb047] has been reserved
[    0.387130] system 00:06: Plug and Play ACPI device, IDs PNP0c02 (active)
[    0.388211] pnp: PnP ACPI: found 7 devices
[    0.394950] clocksource: acpi_pm: mask: 0xffffff max_cycles: 0xffffff, max_idle_ns: 2085701024 ns
[    0.395004] NET: Registered protocol family 2
[    0.395034] IP idents hash table entries: 8192 (order: 4, 65536 bytes, linear)
[    0.395313] tcp_listen_portaddr_hash hash table entries: 256 (order: 0, 4096 bytes, linear)
[    0.395332] TCP established hash table entries: 4096 (order: 3, 32768 bytes, linear)
[    0.395351] TCP bind hash table entries: 4096 (order: 4, 65536 bytes, linear)
[    0.395372] TCP: Hash tables configured (established 4096 bind 4096)
[    0.395417] MPTCP token hash table entries: 512 (order: 1, 12288 bytes, linear)
[    0.395438] UDP hash table entries: 256 (order: 1, 8192 bytes, linear)
[    0.395453] UDP-Lite hash table entries: 256 (order: 1, 8192 bytes, linear)
[    0.395486] NET: Registered protocol family 1
[    0.395501] NET: Registered protocol family 44
[    0.395517] pci_bus 0000:00: resource 4 [io  0x0000-0x0cf7 window]
[    0.395531] pci_bus 0000:00: resource 5 [io  0x0d00-0xffff window]
[    0.395545] pci_bus 0000:00: resource 6 [mem 0x000a0000-0x000bffff window]
[    0.395558] pci_bus 0000:00: resource 7 [mem 0xf0000000-0xfbffffff window]
[    0.395662] pci 0000:00:01.0: PIIX3: Enabling Passive Release
[    0.395726] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
[    0.395788] pci 0000:00:01.0: Activating ISA DMA hang workarounds
[    0.396136] pci 0000:00:04.0: Video device with shadowed ROM at [mem 0x000c0000-0x000dffff]
[    0.396415] xen: --> pirq=22 -> irq=39 (gsi=39)
[    0.397414] PCI: CLS 0 bytes, default 64
[    0.397452] Trying to unpack rootfs image as initramfs...
[    0.493242] Freeing initrd memory: 8408K
[    0.570060] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x1e727b7a76c, max_idle_ns: 440795311108 ns
[    0.570472] Initialise system trusted keyrings
[    0.570490] Key type blacklist registered
[    0.570558] workingset: timestamp_bits=36 max_order=17 bucket_order=0
[    0.571262] zbud: loaded
[    0.571556] integrity: Platform Keyring initialized
[    0.577751] NET: Registered protocol family 38
[    0.577768] xor: automatically using best checksumming function   avx       
[    0.577784] Key type asymmetric registered
[    0.577794] Asymmetric key parser 'x509' registered
[    0.577815] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 245)
[    0.577874] io scheduler mq-deadline registered
[    0.577886] io scheduler kyber registered
[    0.577917] io scheduler bfq registered
[    0.577999] atomic64_test: passed for x86-64 platform with CX8 and with SSE
[    0.578077] intel_idle: Please enable MWAIT in BIOS SETUP
[    0.578173] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
[    0.578213] ACPI: Power Button [PWRF]
[    0.578247] input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1
[    0.578274] ACPI: Sleep Button [SLPF]
[    0.594812] xen: --> pirq=23 -> irq=24 (gsi=24)
[    0.595012] xen:grant_table: Grant tables using version 1 layout
[    0.595084] Grant table initialized
[    0.595320] Serial: 8250/16550 driver, 32 ports, IRQ sharing enabled
[    0.596557] Non-volatile memory driver v1.3
[    0.596599] Linux agpgart interface v0.103
[    0.604566] ata_piix 0000:00:01.1: version 2.13
[    0.604619] ata_piix 0000:00:01.1: enabling device (0000 -> 0001)
[    0.605892] scsi host0: ata_piix
[    0.606003] scsi host1: ata_piix
[    0.606027] ata1: PATA max MWDMA2 cmd 0x1f0 ctl 0x3f6 bmdma 0xc300 irq 14
[    0.606041] ata2: PATA max MWDMA2 cmd 0x170 ctl 0x376 bmdma 0xc308 irq 15
[    0.606127] libphy: Fixed MDIO Bus: probed
[    0.606198] usbcore: registered new interface driver usbserial_generic
[    0.606216] usbserial: USB Serial support registered for generic
[    0.606245] i8042: PNP: PS/2 Controller [PNP0303:PS2K,PNP0f13:PS2M] at 0x60,0x64 irq 1,12
[    0.609465] serio: i8042 KBD port at 0x60,0x64 irq 1
[    0.609481] serio: i8042 AUX port at 0x60,0x64 irq 12
[    0.609576] mousedev: PS/2 mouse device common for all mice
[    0.611488] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input2
[    0.614445] rtc_cmos 00:02: registered as rtc0
[    0.614581] rtc_cmos 00:02: setting system clock to 2021-08-06T16:09:47 UTC (1628266187)
[    0.614607] rtc_cmos 00:02: alarms up to one day, 114 bytes nvram, hpet irqs
[    0.614660] device-mapper: uevent: version 1.0.3
[    0.619664] device-mapper: ioctl: 4.43.0-ioctl (2020-10-01) initialised: [email protected]
[    0.619736] intel_pstate: CPU model not supported
[    0.619804] hid: raw HID events driver (C) Jiri Kosina
[    0.619836] usbcore: registered new interface driver usbhid
[    0.619848] usbhid: USB HID core driver
[    0.619940] intel_pmc_core intel_pmc_core.0:  initialized
[    0.619975] drop_monitor: Initializing network drop monitor service
[    0.620031] Initializing XFRM netlink socket
[    0.620099] NET: Registered protocol family 10
[    0.622307] Segment Routing with IPv6
[    0.622322] RPL Segment Routing with IPv6
[    0.622346] mip6: Mobile IPv6
[    0.622355] NET: Registered protocol family 17
[    0.622581] IPI shorthand broadcast: enabled
[    0.622597] AVX2 version of gcm_enc/dec engaged.
[    0.622608] AES CTR mode by8 optimization enabled
[    0.785243] sched_clock: Marking stable (630280304, 154716962)->(1015088087, -230090821)
[    0.785360] registered taskstats version 1
[    0.785376] Loading compiled-in X.509 certificates
[    0.785854] Loaded X.509 cert 'Build time autogenerated kernel key: 2428ff351d102734c5559109862cb45556e143e2'
[    0.785889] zswap: loaded using pool lzo/zbud
[    0.786017] Key type ._fscrypt registered
[    0.786027] Key type .fscrypt registered
[    0.786035] Key type fscrypt-provisioning registered
[    0.786165] Btrfs loaded, crc32c=crc32c-generic
[    0.787911] Key type encrypted registered
[    0.787924] AppArmor: AppArmor sha1 policy hashing enabled
[    0.787938] ima: No TPM chip found, activating TPM-bypass!
[    0.787951] ima: Allocated hash algorithm: sha256
[    0.787967] ima: No architecture policies found
[    0.787984] evm: Initialising EVM extended attributes:
[    0.787995] evm: security.selinux
[    0.788002] evm: security.apparmor
[    0.788010] evm: security.ima
[    0.788017] evm: security.capability
[    0.788026] evm: HMAC attrs: 0x1
[    0.788184] xenbus_probe_frontend: Device with no driver: device/vbd/51712
[    0.788199] xenbus_probe_frontend: Device with no driver: device/vbd/51728
[    0.788212] xenbus_probe_frontend: Device with no driver: device/vbd/51744
[    0.788225] xenbus_probe_frontend: Device with no driver: device/vbd/51760
[    0.788238] xenbus_probe_frontend: Device with no driver: device/vif/0
[    0.788258] PM:   Magic number: 1:775:185
[    0.788322] RAS: Correctable Errors collector initialized.
[    0.789367] Freeing unused decrypted memory: 2036K
[    0.789721] Freeing unused kernel image (initmem) memory: 3004K
[    0.793421] Write protecting the kernel read-only data: 24576k
[    0.793758] Freeing unused kernel image (text/rodata gap) memory: 2036K
[    0.793892] Freeing unused kernel image (rodata/data gap) memory: 768K
[    0.793922] rodata_test: all tests were successful
[    0.793938] Run /init as init process
[    0.793947]   with arguments:
[    0.793947]     /init
[    0.793948]     rd_NO_PLYMOUTH
[    0.793949]   with environment:
[    0.793949]     HOME=/
[    0.793949]     TERM=linux
[    0.800215] Invalid max_queues (4), will use default max: 2.
[    0.898357] blkfront: xvda: flush diskcache: enabled; persistent grants: enabled; indirect descriptors: enabled;
[    0.909015]  xvda: xvda1 xvda2 xvda3
[    0.923130] blkfront: xvdb: flush diskcache: enabled; persistent grants: enabled; indirect descriptors: enabled;
[    0.945010] blkfront: xvdc: flush diskcache: enabled; persistent grants: enabled; indirect descriptors: enabled;
[    0.952499] blkfront: xvdd: barrier or flush: disabled; persistent grants: enabled; indirect descriptors: enabled;
[    1.296926]  xvdc: xvdc1 xvdc3
[    1.324946] EXT4-fs (xvda3): mounted filesystem with ordered data mode. Opts: (null)
[    1.328851] EXT4-fs (xvdd): mounting ext3 file system using the ext4 subsystem
[    1.329679] EXT4-fs (xvdd): mounted filesystem with ordered data mode. Opts: (null)
[    1.354259] EXT4-fs (xvda3): re-mounted. Opts: (null)
[    1.431369] systemd[1]: systemd 247.3-6 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +ZSTD +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=unified)
[    1.431468] systemd[1]: Detected virtualization xen.
[    1.431482] systemd[1]: Detected architecture x86-64.
[    1.433112] systemd[1]: No hostname configured.
[    1.433128] systemd[1]: Set hostname to <localhost>.
[    1.486030] input: ImExPS/2 Generic Explorer Mouse as /devices/platform/i8042/serio1/input/input4
[    1.524363] systemd[1]: /lib/systemd/system/qubes-db.service:11: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether.
[    1.546012] systemd[1]: /lib/systemd/system/qubes-gui-agent.service:15: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether.
[    1.557995] systemd[1]: Queued start job for default target Multi-User System.
[    1.558698] systemd[1]: Created slice system-getty.slice.
[    1.558942] systemd[1]: Created slice system-modprobe.slice.
[    1.559148] systemd[1]: Created slice system-serial\x2dgetty.slice.
[    1.559322] systemd[1]: Created slice User and Session Slice.
[    1.559444] systemd[1]: Started Dispatch Password Requests to Console Directory Watch.
[    1.559543] systemd[1]: Started Forward Password Requests to Wall Directory Watch.
[    1.559706] systemd[1]: Set up automount Arbitrary Executable File Formats File System Automount Point.
[    1.559795] systemd[1]: Reached target Local Encrypted Volumes.
[    1.559874] systemd[1]: Reached target Remote File Systems.
[    1.559929] systemd[1]: Reached target Slices.
[    1.560037] systemd[1]: Listening on Device-mapper event daemon FIFOs.
[    1.560163] systemd[1]: Listening on LVM2 poll daemon socket.
[    1.560277] systemd[1]: Listening on Syslog Socket.
[    1.560381] systemd[1]: Listening on fsck to fsckd communication Socket.
[    1.560496] systemd[1]: Listening on initctl Compatibility Named Pipe.
[    1.560658] systemd[1]: Listening on Journal Audit Socket.
[    1.560772] systemd[1]: Listening on Journal Socket (/dev/log).
[    1.560896] systemd[1]: Listening on Journal Socket.
[    1.561227] systemd[1]: Listening on udev Control Socket.
[    1.561342] systemd[1]: Listening on udev Kernel Socket.
[    1.698577] systemd[1]: Mounting Huge Pages File System...
[    1.699201] systemd[1]: Mounting POSIX Message Queue File System...
[    1.699918] systemd[1]: Mounting Kernel Debug File System...
[    1.700602] systemd[1]: Mounting Kernel Trace File System...
[    1.700872] systemd[1]: Finished Availability of block devices.
[    1.701636] systemd[1]: Starting Enable swap on /dev/xvdc1 early...
[    1.702815] systemd[1]: Starting Set the console keyboard layout...
[    1.703670] systemd[1]: Starting Create list of static device nodes for the current kernel...
[    1.704380] systemd[1]: Starting Monitoring of LVM2 mirrors, snapshots etc. using dmeventd or progress polling...
[    1.705383] systemd[1]: Starting Load Kernel Module configfs...
[    1.706218] systemd[1]: Starting Load Kernel Module drm...
[    1.707131] systemd[1]: Starting Load Kernel Module fuse...
[    1.707891] systemd[1]: Condition check resulted in Set Up Additional Binary Formats being skipped.
[    1.709370] systemd[1]: Starting Journal Service...
[    1.710775] systemd[1]: Starting Load Kernel Modules...
[    1.711724] systemd[1]: Starting Coldplug All udev Devices...
[    1.712841] systemd[1]: Mounted POSIX Message Queue File System.
[    1.713013] systemd[1]: Mounted Kernel Debug File System.
[    1.713130] systemd[1]: Mounted Kernel Trace File System.
[    1.713326] systemd[1]: [email protected]: Succeeded.
[    1.713505] systemd[1]: Finished Load Kernel Module configfs.
[    1.714217] systemd[1]: Mounting Kernel Configuration File System...
[    1.715654] systemd[1]: Mounted Huge Pages File System.
[    1.724194] systemd[1]: Finished Create list of static device nodes for the current kernel.
[    1.739902] systemd[1]: Mounted Kernel Configuration File System.
[    1.742932] fuse: init (API version 7.32)
[    1.761225] systemd[1]: Started Journal Service.
[    1.775201] Adding 1048572k swap on /dev/xvdc1.  Priority:-2 extents:1 across:1048572k SSFS
[    1.943801] lp: driver loaded but no devices found
[    1.954803] ppdev: user-space parallel port driver
[    1.963424] xen:xen_evtchn: Event-channel device installed
[    1.967444] EXT4-fs (xvda3): re-mounted. Opts: discard
[    1.976544] systemd-journald[229]: Received client request to flush runtime journal.
[    2.014707] memmap_init_zone_device initialised 32768 pages in 0ms
[    2.209377] piix4_smbus 0000:00:01.3: SMBus Host Controller not enabled!
[    2.281899] FDC 0 is a S82078B
[    2.314809] EXT4-fs (xvdb): mounted filesystem with ordered data mode. Opts: discard
[    2.344720] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[    2.348074] ehci-pci: EHCI PCI platform driver
[    2.348888] ehci-pci 0000:00:05.0: EHCI Host Controller
[    2.351711] ehci-pci 0000:00:05.0: new USB bus registered, assigned bus number 1
[    2.353304] ehci-pci 0000:00:05.0: irq 39, io mem 0xf2117000
[    2.362122] ehci-pci 0000:00:05.0: USB 2.0 started, EHCI 1.00
[    2.362759] input: PC Speaker as /devices/platform/pcspkr/input/input5
[    2.373520] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 5.10
[    2.373541] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[    2.373557] usb usb1: Product: EHCI Host Controller
[    2.373568] usb usb1: Manufacturer: Linux 5.10.54-1.fc32.qubes.x86_64 ehci_hcd
[    2.373583] usb usb1: SerialNumber: 0000:00:05.0
[    2.373673] hub 1-0:1.0: USB hub found
[    2.373687] hub 1-0:1.0: 6 ports detected
[    2.441377] xen_netfront: Initialising Xen virtual ethernet driver
[    2.443608] Error: Driver 'pcspkr' is already registered, aborting...
[    2.599536] xen_netfront: backend supports XDP headroom
[    2.682681] usb 1-1: new high-speed USB device number 2 using ehci-pci
[    2.685922] audit: type=1400 audit(1628266189.570:2): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbin/haveged" pid=399 comm="apparmor_parser"
[    2.688914] snd_soc_skl 0000:00:07.0: DSP detected with PCI class/subclass/prog-if info 0x040380
[    2.688938] snd_soc_skl 0000:00:07.0: NHLT table not found
[    2.706925] audit: type=1400 audit(1628266189.589:3): apparmor="STATUS" operation="profile_load" profile="unconfined" name="libreoffice-oopslash" pid=406 comm="apparmor_parser"
[    2.709451] audit: type=1400 audit(1628266189.593:4): apparmor="STATUS" operation="profile_load" profile="unconfined" name="lsb_release" pid=419 comm="apparmor_parser"
[    2.713461] audit: type=1400 audit(1628266189.597:5): apparmor="STATUS" operation="profile_load" profile="unconfined" name="libreoffice-xpdfimport" pid=420 comm="apparmor_parser"
[    2.713559] sof-audio-pci 0000:00:07.0: DSP detected with PCI class/subclass/prog-if info 0x040380
[    2.713581] sof-audio-pci 0000:00:07.0: NHLT table not found
[    2.725098] audit: type=1400 audit(1628266189.609:6): apparmor="STATUS" operation="profile_load" profile="unconfined" name="nvidia_modprobe" pid=421 comm="apparmor_parser"
[    2.725131] audit: type=1400 audit(1628266189.609:7): apparmor="STATUS" operation="profile_load" profile="unconfined" name="nvidia_modprobe//kmod" pid=421 comm="apparmor_parser"
[    2.728227] audit: type=1400 audit(1628266189.612:8): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/man" pid=426 comm="apparmor_parser"
[    2.728290] audit: type=1400 audit(1628266189.612:9): apparmor="STATUS" operation="profile_load" profile="unconfined" name="man_filter" pid=426 comm="apparmor_parser"
[    2.728319] audit: type=1400 audit(1628266189.612:10): apparmor="STATUS" operation="profile_load" profile="unconfined" name="man_groff" pid=426 comm="apparmor_parser"
[    3.082426] usb 1-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
[    3.082448] usb 1-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
[    3.082464] usb 1-1: Product: QEMU USB Tablet
[    3.082474] usb 1-1: Manufacturer: QEMU
[    3.082483] usb 1-1: SerialNumber: 28754-0000:00:05.0-1
[    3.102838] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/0003:0627:0001.0001/input/input6
[    3.130523] hid-generic 0003:0627:0001.0001: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:05.0-1/input0

This is from a ThinkPad X13.

[adrelanos]

• SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit
• MOSQUITO: Jump air-gaps via speaker-to-speaker communication
• https://www.kicksecure.com/wiki/Hardware_Threat_Minimization

[DemiMarie]

So right now I think that:

• Moving PCI audio devices out of dom0 is probably of fairly limited value.
• USB audio devices are handled by Provide an easy way for users to have an audio qube (for wired USB audio devices) #8504.
• Bluetooth audio devices need to be dealt with separately.

Worth closing this issue?

[Nurmagoz]

#1590 (comment)

We just need controller for the speaker as well, not just for mics, due to this issue.

[meskio]

So right now I think that:

* Moving PCI audio devices out of dom0 is probably of fairly limited value.

* USB audio devices are handled by [Provide an easy way for users to have an audio qube (for wired USB audio devices) #8504](https://github.com/QubesOS/qubes-issues/issues/8504).

* Bluetooth audio devices need to be dealt with separately.

Worth closing this issue?

I'm using my sys-net as AudioVM so I can use a bluetooth headshet. I assume the alternative proposal will be to create a sys-bluetooth (#8994) that somehow will send the audio the dom0. I will love to see this working.