Ledger Nano On KVM

In order to keep my cryptocurrencies as secure as possible, I only interact with those within a virtual machine located on an encrypted USB stick. I own both a Ledger Nano S and a Ledger Nano X, which connect using USB. Also I don’t use libvirt for this as I want it to be as easily and quickly usable as possible. So here’s the secret formula in order to access those hardware wallets from a GNU/Linux KVM VM via USB pass through:

sudo qemu-system-x86_64 -enable-kvm -m 4096 -smp 2 -usb -cpu host \
-device virtio-vga,xres=1920,yres=960 \
-device usb-host,bus=usb-bus.0,vendorid=0x2c97,productid=0x0004 \
-device usb-host,bus=usb-bus.0,vendorid=0x2c97,productid=0x0001 \
-device usb-host,bus=usb-bus.0,vendorid=0x2c97,productid=0x1011 \
-device usb-host,bus=usb-bus.0,vendorid=0x2c97,productid=0x1005 \
-device usb-host,bus=usb-bus.0,vendorid=0x2c97,productid=0x1015 \
-device usb-host,bus=usb-bus.0,vendorid=0x2c97,productid=0x4015 \
-device usb-host,bus=usb-bus.0,vendorid=0x2c97,productid=0x4005 \
-device usb-host,bus=usb-bus.0,vendorid=0x1209,productid=0x53c1 \
-hda /media/imil/supersecurekey/myownbank.qcow2

“wtf?” you may ask, well, the various applications on the Ledger use a different product ID. For example, when first plugging & unlocking the Ledger Nano X, it has the following vendor:productid: 2c97:0004, but when starting the Bitcoin app, it becomes 2c97:4015, and when starting the Tron app, 2c97:4005. Same goes with the Ledger Nano S, except it uses 0x0001 / 0x100{0,1}5…

Happy hodling.