[email protected] wrote on 4/10/19 7:13 PM:
To be concrete and transparent, the mobo with PS/2 is a Gigabyte X299 Designare
ex with four USB controllers and a header for a hardware TPM, which I’ve
populated. The other mobo is an ASUS X299 Prime Deluxe II with no PS/2, five
USB controllers and only supports a firmware TPM. Both are fantastic boards,
but one is going back. If isolating USB kb and mouse to one controller that
dom0 has exclusive access to is actually more secure than native PS/2 then I
would lean toward keeping the ASUS and do without TPM.
I'd keep the Gigabyte after confirming Qubes works on it and lspci lists
those 4 USB controllers individually and sys-usb works as expected. You
could still dedicate a USB controller if you wanted, and keep the
options open for TPM and PS/2. USB vs. PS/2 keyboard is a judgment call.
Check the papers linked to in
https://www.pcworld.com/article/161166/article.html, and Qubes
documentation
https://www.qubes-os.org/doc/device-handling-security/#security-warning-on-usb-input-devices.
Don't know if there's any newer research. Consider too that small video
camera bugs to record keystrokes are inexpensive, or that the entire
keyboard could be replaced with a bugged version, which would make the
PS/2 vs. USB distinction moot. You need to balance the likelihood of
possible attacks with your comfort level.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/911ffeff-74e0-3a91-8059-12cbfae51612%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.
