On Mon, Apr 08, 2019 at 09:49:28PM -0400, taii...@gmx.com wrote: > I have stated this many times before. > > The PS/2 thing is from 2011 which is 8 years ago and applies to systems > without more than one USB controller. > > Using PS/2 sends your keystrokes out on the ground wire. > > It is far better to purchase a motherboard with a second USB controller > with separate IOMMU groups or a PCI-e supporting USB card with one > controller per port and an ACS PCI-e switch to tie them together, of > course all must have libre firmware and preferably made somewhere > trustworthy. > > I would only trust hardware Made in USA or Switzerland since both are > the only places in the world right know where you can say no to a demand > to put a backdoor in your product and have nothing come of it. (Heres to > hoping for Xen/Qubes on OpenPOWER for usa made computing) Unfortunately > recent cases have proven the EU majority no longer has freedom of speech > (such as the man who went to jail for criticizing a certain foreign > leader in germany) and code is speech, hdls are speech and freedom of > speech means freedom to be silent (and thus not code a backdoor) > > Ideally you would have 4 IOMMU separate usb controllers total. > > USB controllers: > dom0/sys-usb-keyboard (you enter your passwords and then it gets > assigned to sys-usb-inputs later which is for your keyboard and mouse) > sys-usb-mouse (off at boot - since I know of no secure mice it should be > separate) > sys-usb-trusted-stuff (off at boot, assigned to sys-usb later) your > flash drives > sys-usb-untrusted-stuff (off at boot, assigned to sys-usb later) other > peoples flash drives > > I use a PCL/PS network printer so I don't need a 5th for that. > > In terms of USB devices you want stuff without re-writable firmware > which many keyboards have and AFAIK the only OEM that attests to its > products security and lack of re-writable firmware is Unicomp (and of > course the original Model M's can't be re-written either) > > The most secure input device is the USB Unicomp Model M pointer which is > an made in usa mechanical keyboard with a laptop style mouse nub in the > middle of the keyboard and two mouse buttons - unicomp makes the rare > high quality keyboard that will never break and never need replacing due > to wear. >
Ideally, yes, but most people aren't in a position to have the ideal. I've pointed out before that your comments on PS/2 are misleading. With some keyboards, (but not all), there can be leakage to ground. But it's possible to mitigate the effects of this or to clean signal from the earth (ground) wire. It's important to make this clear so that people can make informed decisions about their choices between USB and PS/2. Incidentally, your touching faith in "Made in USA" components seems strange to me -I see no more reason to trust that label more than any other. The USA has a long and inglorious history of snooping and subversion. (This isn't intended to provoke any discussion on the Qubes mailing list, so please don't argue the point on list. It's my opinion.) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190409125131.krnqo4g4cf5huhtq%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
