Thank you for pointing in the right direction. It was my fault in the script for dom0. It failed in some way, causing other scripts not being called. I am sorry for that. Now, I have a quick fix, but I should make it more robust.
On the keyboard: I had an idea about authenticated USB keyboard protocol. This would make inserting keystrokes impossible (either from usbvm or from other USB devices) and can also prevent some other modification attacks to some degree, but it can hardly prevent sniffing from USBVM, at least attacker can recognize timing of the keystrokes. But unfortunately: * This would be implementable for me, because I can flash custom firmware to Ergodox. (Well, this introduces some other risks, but they are manageable in some way.) it might be implementable for some others (even via a proxy), but it is far from universal solution. * lack of time for that 😔 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3e633d13-3211-4863-979e-d1175c98337d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
