the thread right after you kind of answers your question too. Another purpose is also to protect dom0 from a malicious usb device. which is the most important core of the system.
im fully aware of how sys-usb protects the rest of system from malicious devices. what id like to know is how sys-usb protects itself.
for example, could a dma attack compromise sys-usb, and cause it to install malicious firmware on a usb device that then gets passed to dom0 or an appvm.
the compromised device is then passed to dom0 or the appvm and infects those when its attached. for example, a bash bunny might have a payload to infect an already plugged in mouse, or wait for the next device that gets plugged in. some mice are fancy enough to have firmware settings, so i wouldnt be surprised if these could more easily be compromised.
one possibility, which may already be in effect (i dont have a working laptop to look) is to make sys-usb filter out anything "not mouse" on a "mouse" device etc, or manage it in a similar manner to block devices.
> intended to also handle not-mouse devices. Perhaps it could be done by
> monitoring every insertion? I dont know.
filter out anything that is not an HID mouse event packet. as i understand it, the usb device is attached over a userspace socket so sys-usb is constantly sending the usb data to the target. this is where said data can be filtered.
in my faded memory (qubes 3.2 until last november), connecting mice and keyboards were recognized as such in the pop-up, and keyboards with built in pointing devices would have separate pop ups for those.
I think just at least separating them from dom0 is a step up. In other words don't allow any usb device to dom0. whether or not they can infect the vm or other devices is another story.
I tried once to have two sys-usb's and swap the same controller but apparenlty it doesn't work or I might have to disable a security feature for it to work so I said why bother. I consider anything I plug a usb device into untrusted anyways.
Which brings us to the good point you bought, many of us have thought about before, which is the safest kb's and mice to use? I guess the simplest and most legacy like? is pci>usb or does it matter at all? I really have no idea and would like to know myself.
But one things for sure I do consider storage devices, phones and tablets way more insecure then keyboards and mice. But when I get to that point I soon assume my other hardware is probably way more likely infected then my kb. And then I just start to wonder why bother, do I have to buy all new electronics hardware for my home top to bottom every year. Is security only for rich people?
anyone know whats the safest model kb's to use?
Actually I think if really paranoid might have to go buy it off the shelf in person in the store.
> anyone know whats the safest model kb's to use?
if your using a laptop, then your laptops pointing input devices are probably safest. next would be usb keyboards or ps2 keyboard through a usb converter.
qubes does have special support for mouse and keyboard specifically for dom0, so this should protect the host from those input devices doing other things. havent read that code yet.
i hope that keyboards and mice are not easily flashed with firmware, especially from the host its plugged into. but, this is possible with at least some flash drives, because thats how badusb works.
theres a counter project called goodusb which might be good for sys-usb. https://github.com/daveti/GoodUSB its from 2 years ago