jrsmi...@gmail.com:
I just read Joanna’s 2011 article describing the challenges of USB security and
I think this answers my question. Connecting the PS/2 keyboard and mouse to a
USB device via an adapter still leaves the issue of securing the USB
controller, so it offers little or nothing in the way of increased security vs
simply using a USB keyboard and mouse. As she described, a separate domain
could be used to manage the controller and use PVUSB to allow dom0 access to
just the port(s) used by the keyboard and mouse. However, I don’t think this
would work in the case of entering the LUKS password at boot time since that
domain wouldn’t exist yet and dom0 would not have access to the keyboard.
So if I’ve understood this material correctly, if I want to avoid exposing dom0
to any USB controllers and I want to use passwords for LUKS, native PS/2
keyboard and port are a must.
Not exactly sure how that keyboard will show up but you have understood
the security warnings correctly. See
https://www.qubes-os.org/doc/usb-qubes/#automatic-setup too; you can use
a USB keyboard for LUKS passwords but there is risk involved.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/097e5f54-e544-ac79-d904-9761ca89f546%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.