On Tuesday, 2 January 2018 06:20:46 CET [email protected] wrote: > So from the installation security guide I read the following:
> And for USB Drive: > "Untrustworthy firmware. (Firmware can be malicious even if the drive is > new. Plugging a drive with rewritable firmware into a compromised machine > can also compromise the drive. Installing from a compromised drive could > compromise even a brand new Qubes installation.)" > > Do usb optical drives not also have the same problem firmware wise? The problem with USB is that its universal. An attacker can make his device look like its anything USB based. For intance a rarely used web-camera. The problem with that is that each brand has its own driver in the Linux Kernel and most of those drivers are hardly checked for exploits. As such, an innocent looking thing that connects on USB could root your kernel with unknown exploits in any usb driver shipped by the kernel. Just using a different firmware. This is why there is the suggestion to have a sys-usb qube to isolate those drivers, should you fear your hardware in future falling in the hands of bad people. > What about sata? I hope someone else can answer this. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/12053226.DA0ORK4ZM7%40cherry. For more options, visit https://groups.google.com/d/optout.
