On Friday, November 10, 2017 at 11:38:47 AM UTC, blacklight wrote: > > > > >> >> As long as that is the case, it's not worth the complexity IMO. Note >> however that the storage subsystem API for R4 has still been designed >> to be compatible with moving storage out of dom0 in the future. >> > > In https://github.com/QubesOS/qubes-issues/issues/1293 @Marek mentions > that it would protect against malicious disk firmware, since this could own > Dom0 via an DMA attack, is Qubes currently still vulnerable against this > type of an attack? >
You could install a template with a microkernel and slim it down so it barely has nothing installed. For example a minimal template. Then pass through your entire USB controller, assuming you got more than one controller. Typically, many systems have at least two controllers, even laptops, but many also only have only one USB controller. Most modern day motherboards have minimum two controllers by default, without adding extra PCI USB cards with one or more USB controllers. Basically, if you pass the entire USB controller, then it shouldn't be able to reach dom0 through firmware DMA attacks. But I'm no expert, it's just my understanding of it. Furthermore, if the USB controller / Card has no PCI reset, then malware may survive when switching between domains. So it may be a good idea to keep this USB controller strictly for that domain only and never move it, if it has no PCI reset feature. BadUSB? I guess this one can't be avoided even with PCI reset.. at which case, again, keep the same USB controller on the same domain, forever and ever, and you should be okay. Remember to block it in the USB controller from the booting process, as well as in dom0 once booted, so it never touches anything outside the domain, ever. I'm not sure if each USB controller has their own firmware or if they share firmware with other USB controllers, i.e. on the motherboard or on the same PCI card with multiple USB controllers. Someone who knows more will have to answer that one, if they are separate or not on the firmware level. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/428e62a5-7ea4-4ccc-a26f-5b1f69fbc6ed%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
