SSD connected to USB-C does not work

[ThomasWaldmann]

Qubes OS version

R4.0 with all updates

Affected component(s) or functionality

Kernel? dom0? sys-usb?

Brief summary

HW: Thinkpad T470s, Orico NVME M.2 SSD enclosure

If I plug in the USB-C SSD into the USB-C/Thunderbolt port, there is no reaction at all. lsusb in sys-usb does not show it, the usb menu does not show it.

If I plug it into a normal USB3 port (using a cable that converts from USB-C to USB-A connector), it works as expected: shows up in lsusb, shows up in the usb menu, can be assigned to a VM, can be used in a VM.

The external SSD case is based on the JMicron 152d:0583 USB-C to PCIe bridge and has a Samsung M.2 NVME/PCIe SSD inside.

Solutions you've tried

I have installed all Qubes updates, did a cold boot of the machine.

Also checked the Thinkpad T470s' BIOS to see whether Thunderbolt/USB-C functionality is disabled (it is not, it is enabled, "no security" thunderbolt setting).

Also cold booted with the USB-C device already attached, did not help.

Also tried another USB-C cable, did not help.

[DemiMarie]

"no security" thunderbolt setting

This is a massive security risk, if I understand correctly.

The real problem is that dom0 does not support PCI hotplug. The correct approach is probably to enable PCI hotplug, but ensure (using the IOMMU) that DMA is only enabled for whitelisted PCI devices. This ensures that new PCI devices are visible, but cannot attack the system until they are explicitly assigned to a VM.

[marmarek]

Yes, this is true. And unfortunately PCI hotplug + IOMMU situation in Xen is not great and for this reason we have it disabled.

So, the answer for now is "this feature is not supported", sadly.

[ThomasWaldmann]

Please note that I attach a USB-to-PCIe bridge.

So, as far as the laptop is concerned, this is a USB device, not a PCIe device.

[DemiMarie]

Please note that I attach a USB-to-PCIe bridge.

So, as far as the laptop is concerned, this is a USB device, not a PCIe device.

On my laptop, plugging in a device into the USB-C port causes the USB controller to present a new PCI device. So it appears as if a new USB PCI card was just inserted.

[DemiMarie]

@marmarek are there any plans to fix this in Xen?

[ThomasWaldmann]

I diffed lspci output before vs. after plugging in the ssd.

No additional devices, the 5 devices have the same IDs as before, but their revision changes from rev ff to rev 01).

When unplugging, they change back to rev ff.

4x JHL6240 TB3 Bridge
1x USB Controller Intel 15c1

[ThomasWaldmann]

BTW (off-topic): are you at 36c3, @marmarek and @DemiMarie ?

[marmarek]

I diffed lspci output before vs. after plugging in the ssd.
No additional devices

In qubes - yes, of course, as we have PCI hotplug disabled.

but their revision changes from rev ff to rev 01).

Where do you observe it? In dom0? or sys-usb?

@marmarek are there any plans to fix this in Xen?

Unclear. There are people recognizing it as an important task, but without any specific timeline attached.

BTW (off-topic): are you at 36c3, @marmarek and @DemiMarie ?

I'll be there.

[ThomasWaldmann]

I did lspci in dom0.

I'll also be at 36c3. \o/