Booting with dom0 exposed to usb controllers.
99 views
Skip to first unread message
Alan Got
Jun 24, 2017, 11:16:21 AM6/24/17
to qubes...@googlegroups.com
Hi,
I'm using usb mouse and keyboard attached to InputVM (usb controler 1). Another usb controller (2) is attached to UntrustedVM. When I need to restart computer I'm disconnecting physically all usb devices attached to controller (2). It is possible that controller (2) would compromise Qubes at boot time?
My mainboard don't have any PS/2 ports and my processor don't support TXT (to use AEM), it only support IOMMU.
I'm using usb mouse and keyboard attached to InputVM (usb controler 1). Another usb controller (2) is attached to UntrustedVM. When I need to restart computer I'm disconnecting physically all usb devices attached to controller (2). It is possible that controller (2) would compromise Qubes at boot time?
My mainboard don't have any PS/2 ports and my processor don't support TXT (to use AEM), it only support IOMMU.
Franz
Jun 24, 2017, 2:10:09 PM6/24/17
to Alan Got, qubes...@googlegroups.com
On Sat, Jun 24, 2017 at 12:16 PM, Alan Got <alan.g...@mail.com> wrote:
Hi,
I'm using usb mouse and keyboard attached to InputVM (usb controler 1). Another usb controller (2) is attached to UntrustedVM. When I need to restart computer I'm disconnecting physically all usb devices attached to controller (2). It is possible that controller (2) would compromise Qubes at boot time?
I suppose that with the word "attached" you mean what in Qubes definitions is called "assigned".
In this case can tell that when I tried to assign two different USB controllers to two different VMs, dom0 refused to do that claiming that the controllers were sharing some resources and so there was a security risk. So, if in your case you were allowed to do that, then your controllers should be really separated and that may be encouraging.
best
Fran
My mainboard don't have any PS/2 ports and my processor don't support TXT (to use AEM), it only support IOMMU.
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/trinity-3093bf13-e38c-4a32-ac84-39474894bdd3-1498317379448%403capp-mailcom-lxa06.
For more options, visit https://groups.google.com/d/optout.
Unman
Jun 25, 2017, 9:41:59 AM6/25/17
to Alan Got, qubes...@googlegroups.com
On Sat, Jun 24, 2017 at 03:10:07PM -0300, Franz wrote:
> On Sat, Jun 24, 2017 at 12:16 PM, Alan Got <alan.g...@mail.com> wrote:
>
> > Hi,
> > I'm using usb mouse and keyboard attached to InputVM (usb controler 1).
> > Another usb controller (2) is attached to UntrustedVM. When I need to
> > restart computer I'm disconnecting physically all usb devices attached to
> > controller (2). It is possible that controller (2) would compromise Qubes
> > at boot time?
> >
>
> I suppose that with the word "attached" you mean what in Qubes definitions
> is called "assigned".
>
> In this case can tell that when I tried to assign two different USB
> controllers to two different VMs, dom0 refused to do that claiming that the
> controllers were sharing some resources and so there was a security risk.
> So, if in your case you were allowed to do that, then your controllers
> should be really separated and that may be encouraging.
>
> best
> Fran
>
>
> > My mainboard don't have any PS/2 ports and my processor don't support TXT
> > (to use AEM), it only support IOMMU.
The boot option rd.qubes.hide_all_usb is intended to stop dom0 from
> On Sat, Jun 24, 2017 at 12:16 PM, Alan Got <alan.g...@mail.com> wrote:
>
> > Hi,
> > I'm using usb mouse and keyboard attached to InputVM (usb controler 1).
> > Another usb controller (2) is attached to UntrustedVM. When I need to
> > restart computer I'm disconnecting physically all usb devices attached to
> > controller (2). It is possible that controller (2) would compromise Qubes
> > at boot time?
> >
>
> I suppose that with the word "attached" you mean what in Qubes definitions
> is called "assigned".
>
> In this case can tell that when I tried to assign two different USB
> controllers to two different VMs, dom0 refused to do that claiming that the
> controllers were sharing some resources and so there was a security risk.
> So, if in your case you were allowed to do that, then your controllers
> should be really separated and that may be encouraging.
>
> best
> Fran
>
>
> > My mainboard don't have any PS/2 ports and my processor don't support TXT
> > (to use AEM), it only support IOMMU.
being compromised by a malicious controller. Since you have VT-d you
should be all right. (Check that you are booting with that option
obviously.)
unman
Alan Got
Jun 26, 2017, 6:08:05 AM6/26/17
to Unman, qubes...@googlegroups.com
Unfortunately, in option rd.qubes.hide_all_usb, I will not be able to enter the LUKS password using the USB keyboard. Is it possible to hide a set of USB controllers (not all) from dom0?
Alan
Sent: Sunday, June 25, 2017 at 3:41 PM
From: Unman <un...@thirdeyesecurity.org>
To: "Alan Got" <alan.g...@mail.com>
Cc: "qubes...@googlegroups.com" <qubes...@googlegroups.com>
Subject: Re: [qubes-users] Booting with dom0 exposed to usb controllers.
From: Unman <un...@thirdeyesecurity.org>
To: "Alan Got" <alan.g...@mail.com>
Cc: "qubes...@googlegroups.com" <qubes...@googlegroups.com>
Subject: Re: [qubes-users] Booting with dom0 exposed to usb controllers.
Unman
Jun 26, 2017, 7:06:41 PM6/26/17
to Alan Got, qubes...@googlegroups.com
On Mon, Jun 26, 2017 at 12:08:03PM +0200, Alan Got wrote:
> Unfortunately, in option rd.qubes.hide_all_usb, I will not be able to enter the LUKS password using the USB keyboard. Is it possible to hide a set of USB controllers (not all) from dom0?
>
Ah, I didn't know you only had two controllers. - now I see the
> Unfortunately, in option rd.qubes.hide_all_usb, I will not be able to enter the LUKS password using the USB keyboard. Is it possible to hide a set of USB controllers (not all) from dom0?
>
significance in the PS/2 comment.
Have you considered a Bluetooth keyboard?
As to hiding specific controllers from dom0, you can boot with
rd.qubes.hide_pci parameter.You could do this with one of the
controllers, I would have thought.
unman
Tai...@gmx.com
Jun 26, 2017, 10:54:50 PM6/26/17
to Unman, Alan Got, qubes...@googlegroups.com
The issue is with foreign USB devices such as flash drives not your own
keyboard although some keyboards feature re-programmable firmware (ex:
crapple) which is pretty dangerous, it has never been done AFAIK but
theoretically a virus could re install itself via this method to survive
an OS wipe.
Improved security means more than one sys-usb, one for input devices and
another for flash drives.
Ylu would get another USB card on a desktop for flash drives or w/e,
quality laptops usually have two controllers and if they don't you can
use an expresscard device.
FYI:
Unicomp's Model M mechanical keyboards are secure, the only way to
reprogram the firmware is to solder in a new ROM chip. they are also a
dream to type on and made in america - very high quality user
replaceable wires drain holes and they will last at least 20 years. I
have had my one for 10 years and it still looks great worth the price
for sure.
keyboard although some keyboards feature re-programmable firmware (ex:
crapple) which is pretty dangerous, it has never been done AFAIK but
theoretically a virus could re install itself via this method to survive
an OS wipe.
Improved security means more than one sys-usb, one for input devices and
another for flash drives.
Ylu would get another USB card on a desktop for flash drives or w/e,
quality laptops usually have two controllers and if they don't you can
use an expresscard device.
FYI:
Unicomp's Model M mechanical keyboards are secure, the only way to
reprogram the firmware is to solder in a new ROM chip. they are also a
dream to type on and made in america - very high quality user
replaceable wires drain holes and they will last at least 20 years. I
have had my one for 10 years and it still looks great worth the price
for sure.
cooloutac
Jun 26, 2017, 11:06:43 PM6/26/17
to qubes-users, un...@thirdeyesecurity.org, alan.g...@mail.com, Tai...@gmx.com
right yes exactly, was just thinking this. thats the main issue, like getting a virus in the retail from the factory hp driver disks years ago lol. Who knows if you get a bad usb mouse or kb with virus. whether its made in china or made in america nowadays i'm not sure whats more risky though lol.
wow those kb's are expensive.
Tai...@gmx.com
Jun 26, 2017, 11:20:34 PM6/26/17
to cooloutac, qubes-users, un...@thirdeyesecurity.org, alan.g...@mail.com
can't say the same for made in china. (there are actually a lot of
american made electronics, they just aren't consumer grade stuff)
I trust the NSA way more than the MSS.
> wow those kb's are expensive.
Not so much when you consider the fact that they never break and never
get old, my 10 year old unicomp looks just as nice as the day I got it.
It could be the last keyboard you ever buy.
If I never bought mine I would have spent way more on crappy keyboards
that are uncomfortable to type on as chinese keyboards always break or
the letters wear off and they get that gross shiny look.
Have you ever had a mechanical keyboard before? they are the best! look
at some youtube vids for the sound + mine is a dream to type with.
True False
Jun 30, 2017, 9:35:18 PM6/30/17
to qubes...@googlegroups.com
- If the motherboard has pinout for KB/MS header, then there is a way to connect the PS/2 keyboard (link). Alternatively, you can buy the KB/MS - PS/2 adapter.
- Probably there is also the possibility to map the serial port to PS/2, although I don't know if such a keyboard would allow to enter the LUKS password during boot (additional drivers may be required).
- Of course, you can also buy a PCI card with PS/2 ports, but keep in mind this may be a faulty configuration: PCI-> USB-> PS/2.
Reply all
Reply to author
Forward
0 new messages