Attaching a USB printer scanner to Windows HVM via usbip (a workaround)

43 views
Skip to first unread message

daltong defourne

unread,
Jan 23, 2017, 3:28:47 AM1/23/17
to qubes-users
Hi!
I've managed to plug a USB printer/scanner into Windows HVM via usbip (as workaround to current USB/PCI passthrough woes)

Sharing with community:
https://github.com/QubesOS/qubes-issues/issues/2597#issuecomment-274347172

NB! This thing requires that you have networking between windows HVM and your usbvm (or whatever the USB controller has been passed through to)


raah...@gmail.com

unread,
Jan 23, 2017, 2:00:09 PM1/23/17
to qubes-users

can other appvms bet attacked by the usbvm after this setup?

daltong defourne

unread,
Jan 23, 2017, 4:28:17 PM1/23/17
to qubes-users, raah...@gmail.com

in my humble opinion, usbip from usbvm is bearable, but definitely not very good security-wise.
(it's a complex piece of software with obscure, occult behavior, and a daemon running as root on usbvm)

using it to take over the usbvm from a compromised windows box is definitely within possibility.

If your usbvm doesn't manage dom0's input devices and if it has no networking beyond windows-vm <-> usbvm path, attacker will be likely limited to dropping malware on flash drives you connect to usbvm and such

So IMHO (don't quote me on this) it's not very bad and most of increased susceptibility happens on windows7<->usbvm path

It's a trade-of (most things in life are :()

Reply all
Reply to author
Forward
0 new messages