-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 08/30/2017 05:46 PM, [email protected] wrote: >> Plus, you always need to disconnect all untrusted USB devices >> while rebooting Qubes, regardless of whether you have USB qube >> set up or not. >> > > I just want to make sure that this is not always the case - > according to https://www.qubes-os.org/doc/usb/, if you create the > USB VM automatically during install, then Qubes will be set to hide > USB devices from dom0 on boot. > >> (Note: Beginning with R3.2, rd.qubes.hide_all_usb is set >> automatically if you opt to create a USB qube during >> installation. This also occurs automatically if you choose to >> create a USB qube using the qubesctl method, which is the first >> pair of steps in the linked section.) >
The USB controllers are hidden only from dom0 (via Xen's PCI device blacklisting). BIOS or GRUB can, however, still process the device descriptors or filesystem headers during early boot stages and get exploited. Cheers, Patrik -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZpuS2AAoJEFwecd8DH5rllxMP/3wgSi7gD+2kVnbILbYhcrWn uqzLLYc0xie9B6ou7YwE8ZTDobY5VNDD8hfX5H51fDInhYcdmvkBio1Rd9nXePGO 4II9UYZdpQiKMtRSYpZ2tnjhp1ITtA755hSZOknJZ95o/HPsxqIVg3DYQeBT12jd ZGHNTIQX8OGGJ9NgR6D9dOPhTA4zJemiH7vlD+3zHV8AbMHCgbicOaN6ETNQoB2A 482QsQOERtRjM0qtyvTBhH/UGqQzwtbcTy4HV+3MBQZv3m3UgPXMoUpCVPAXRDqY VZvWPAS2nBayxyQ+2GCxFVFfej1YSfPTcUXfrRfxdbgSuAvmPwBPPrVOWRx8Q3QV NBHeucjLKVS2B/U7AU3OFKj+M5nacMGgMNIIWgNIerzXEq3/QO9M2VNSbc2odzHr PBzI2EGVPxR+OZcnN6QbXBAc+isY+02wWCiL1jtcTZ8WiDi6ZdMZpoGB98hCitCU 82s6aTQjcPm0/39+fUjywuPFne5bom4OIXKVz8W7IO1bTwDSPEUsJWnQMxnn5cJW fZXlm+ILyz55O02Ub6Rz08iK6nlBnjndRZ0P5ne/bawviWk7QVdpATjeVrAVzNKU hmmdQsxG58IXz8WxOIz2kbn+AeNYajkqWf8zLdgseJTUCA2K1m+LhLPWUuQO6uRf H9+OeJz6OMu0vDaN7lhh =LakE -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/950fe2ab-7185-dfb3-d0df-173405c3fe53%40gmail.com. For more options, visit https://groups.google.com/d/optout.
0x031F9AE5.asc
Description: application/pgp-keys
0x031F9AE5.asc.sig
Description: PGP signature
