-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2016-12-10 14:36, Robert Fisk wrote:
> On 12/10/2016 08:25 AM, Marek Marczykowski-Górecki wrote:
>> This project have great potential! The USB proxy hardware can be
>> used for somehow more secure USB keyboard usage on Qubes OS, when
>> only a single USB controller is available. Take a look at this
>> idea[1]:
> 
>> Have a piece of hardware plugged between USB keyboard and PC (based
>> on https://github.com/robertfisk/USG?), to encrypt and
>> integrity-protect the events. And then decrypt them in dom0 and
>> check integrity protection, and only then pass them down to input
>> devices stack. This should at least partially guard against
>> malicious USB VM. It still will be able to perform timing based
>> attacks to guess what you're typing - not sure how accurate such
>> attacks are currently. Such device could introduce artificial delay
>> (like - inject queued events every 50ms) to at least partially
>> mitigate such attacks.
> 
>> What do you think about it? I think the hardware you've designed
>> is perfect for this!
> 
>> [1] 
>> https://github.com/QubesOS/qubes-issues/issues/2507#issuecomment-265894809
> 
> This sounds like a great idea, and I am keen to be involved. There is
> plenty of flash space available on the embedded CPUs to implement some
> form of encryption, although the best method of doing so on bare-metal
> ARM is certainly open for discussion.
> 
> A recent batch of hardware samples sold out in November. Due to Real
> Life(TM) the next batch of hardware is likely to be ready late January
> or early February. Pricing is currently NZ$80 each (approx US$57).
> 
> Regards,
> Robert
> 

Tracking this as a community-developed feature:

https://github.com/QubesOS/qubes-issues/issues/2518
https://www.qubes-os.org/qubes-issues/#usg-keyboard-hardware-proxy

Please keep us posted as to your progress, and let us know how we can
help. :)

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYT6Z0AAoJENtN07w5UDAwXNsP/j0KrGEyjCHq0h3v7/nmlTwx
YGn05f+Bh7L7r9HSGOeH9PMgKkFr85btXdXPhG5+swCSdFgmhbkcad0lgy8hX2mz
uZND7Z/wnEI99kK7D2EN3Kl9vM4fHM4/I8jV6ulwXPrMfr8xNvdDiQn9JLfcUTwU
SvL4VzP92JKZTss2ILfjK8TsH7cIoFek72+Bn9dQKyppDmrlxi9xu0Y67m0B8NkW
L94YLLIQGO4Qq2vuuVlTIJmw6DGN8AXbwMwOixBtirM1AzeAZGt9GB3ZtTU438EE
xFXc9Ould67L2sqluuj7rkLoAE6QnkhzeyCbsgfS6OcE2rCXCNdQkmjx8zXzLrgL
DZg+D/PPCwSSyV2tzeGfsxTX4bY1w7dc8ecPHcgeuAV7L7UjL7hSrNJj3Y49jEtR
XBmleAq9XCaStYl29MkpYNLddCI3grLMwRFnW9adg85PU2Zay7q64Ay8OSjZDa72
wuO57t6UchbHRURth5P8Sa2SmjzenohPPWeWOqETa6O1ZMj+4+P+X2F+cS1pawio
EAggf4y/brbQkAAyC5eYpO7RxmzvbWN2Ciu0csYD8GEHBvvcJC2N/bENRBUujI8i
J9AjU2E1hoYwRbghwk7iNRFzCcPr1WJW3sbhibKjaTrIwKVsib/3XkgeXM5e6bU1
yGJ9eVDpcb/ekzvzM5qm
=kZIF
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0a10c703-9bef-1878-363c-41d0705c4734%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Reply via email to