Nitrokey and QubeOS

To use a nitrokey on QubeOS, a USB passhrough is required. This means, you need to have a sys-usb VM. This is mentioned in the Qubes Documentation.

Note, you cannot pass through devices from dom0
(in other words: a USB VM is required).

If you are using a USB keyboard, the sys-usb VM is not installed by default. If you are using a USB keyboard, you have 2 options:

Recovery: Mount disk

#!/bin/bash

########################################################
# Make a LVM image appear in qvm-block
# Create a disposable VM
# Attach the image to the newly created disposable VM
# Wait until the disposable VM is destroyed
# Remove the LVM image from the qvm-block list
######################################################

image=${1?Image file is required, example "/dev/qubes_dom0/vm-debian-9-tmp-root"}
dvm=${2?DVM template name is required, example: "fedora-29-dvm"}
dev=$(basename $(readlink "$image"))
qubesdb-write 
/qubes-block-devices/$dev/desc "$image"
list_before=$(qvm-ls | cut -d " " -f1 | sort)
qvm-run -v --dispvm=$dvm --service qubes.StartApp+xterm &
sleep 5
list_after=$(qvm-ls | cut -d " " -f1 | sort)
diff=$(comm -3 <(echo "$list_before") <(echo "$list_after"))
qvm-block attach $diff dom0:$dev
wait
qubesdb-rm /qubes-block-devices/$dev/

Then mount the volume.

mount /dev/xxxx /xxxxx

In some case, the volume is partitionned, so you need to mount the partition. First, print the partition table

sudo parted /dev/XXXXXXXXXX unit B print

Example:

$:sudo parted /dev/windows-vg/vg-game-root unit B print
Model: Linux device-mapper (thin) (dm)
Disk /dev/dm-138: 314572800000B
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:

Number  Start       End            Size           Type     File system  Flags
 1      1048576B    105906175B     104857600B     primary  ntfs         boot
 2      105906176B  314571751423B  314465845248B  primary  ntfs

Then mount the partition you want

sudo mount -o loop,offset=105906176 -t ntfs /dev/XXXXXXXXXX /mnt/