as far as i understand general method(control everything in data stream), adding support for new type of device is difficult, IF such HW firewall is connected to HW USB. i recall some device which transfers USB data over LAN, so user can connect any USB HW over LAN. by this way it is possible to have special VM with fresh state for every USB dev connection. after device is used, every possible not wanted effects are gone with the reset of VM. such VM could start automatically upon each USB plugin event. there is no real reason also to store such mini temp VM in SSD. it can be located in RAM.
i believe Gbit LAN has potential. right now am considering some perverted "immortal SSD" idea based on following: SODIMM CHEAP (used) RAM modules (1,2,4 GB) in few motherboards. RAM disc is created in such motherboard upon boot and then shared over Gbit LAN. i believe it is possible to make very compact version for notebook(thats what am planning to do after i figure out how to connect about 16 RAMs. without having lots of notebook motherboards). motherboards are backed up by battery. how to use: before actual task, the contents of SSD copied to LAN disk. before shutdown, HW SSD (or even HDD actually) gets only updated data from this shared over LAN RAM disk. on RAM disk user can have VMs. WHY? there are plenty of cheap 1 2 4 GB used RAM modules. as far as i can remember RAM module have long lifespan. so user actually gets cheap SSD which capacity only gets bigger over time. i believe there can be one trusted HW machine and lots of untrusted HW devices shared over LAN or SPI. LAN or SPI opensource HW. LAN speed is just fine unless you want USB display or Kinect. again: main idea is to transport original HW USB data stream to the emulated (Virtual) USB connected to VM, _without firewalling it at all_. using LAN or other means. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fb160e8a-c1e5-413b-88f3-b097a2f2d5b1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
