W dniu środa, 17 października 2018 02:19:32 UTC+2 użytkownik tai...@gmx.com napisał: > On 10/16/2018 12:21 PM, Yethal wrote: > > W dniu wtorek, 16 października 2018 01:22:58 UTC+2 użytkownik > > tai...@gmx.com napisał: > >> On 10/15/2018 02:09 PM, Yethal wrote:> It also has a PS/2 port > >> (extremely important in Qubes and often overlooked) > >> Misinformation. > >> > >> You instea dwant more than one USB controller on a system so you can > >> have both trusted for keyboard/mice and untrusted for random stuff (all > >> my recs in my other reply have this, the D16/D8's have a second > >> controller via a few onboard usb headers) > >> > >> PS/2 is not secure at all - your keystrokes are outputted on the ground > >> wire. > >> > >> I suggest purchasing a usb keyboard that doesn't have firmware such as > >> the excellent us made unicomp model m mechanical keyboard, to prevent > >> use of a keyboard virus. > >> > >> Definitely agreed with not buying nvidia junk though, they artificially > >> hamper virt with their geforce stuff and they also hate linux drivers > >> and FOSS. > > > > If I have more than one USB controller and I leave one controller in dom0 > > and all the other ones in sys-usb that is all fine and dandy except there > > is still a usb controller in dom0 which kinda defeats the purpose of even > > having sys-usb unless the keyboard and mouse wires were to be soldered > > directly to the ports. > > Also, if an attacker is capable of tapping into the ground wire of your > > keyboard to listen to the keystrokes then they are more than capable of > > simply plugging a usb keylogger and/or usb hub and a flashdrive. IMHO a usb > > controller in dom0 poses much bigger security risk due to reduced attack > > complexity. > > > > Why would you have one in dom0? the idea is that you make one sys-usb > per controller so for example one trusted for inputs and one not trusted > for random stuff. > > Ground wires where I live go far away from where I am sitting as they do > in any large office complex so that is not so good. Any secure facility > has ground wire isolation for that reason.
Because if you don't and you blacklist the controller in dom0 then it's not possible to type the disk passphrase as sys-usb is not active this early in boot process. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ac9e0748-952a-4231-b566-a6da01ef510d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
