I use an external keyboard and mouse, both currently connected to dom0.
After reading the USB doc I wanted to add an USB qube so I could "safely"
connect other devices (like untrusted pendrives, and my smartphone to an adb
qube).
Since untrusted devices will connected to this USB qube, it should be
considered untrusted. But I think I only have one USB controller...
This mean my keyboard and mouse will need to be connected to this untrusted
qube together with untrusted devices, right?
Is it worth it to create this extra USB qube this way?
Bellow are the outputs of two commands, if anyone can help me make sure I
really have only one USB controller. I pointed the devices I identified using a
">(device name)". All my 3 USB ports were in use when I ran the commands.
# lsusb
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 04f2:b2e3 >Internal Camera
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 002: ID 04e8:61b6 >External HDD
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 003: ID 0e6a:030c >External Keyboard
Bus 003 Device 006: ID 046d:c077 >External Mouse
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
# readlink /sys/bus/usb/devices/usb*
../../../devices/pci0000:00/0000:00:1a.0/usb1
../../../devices/pci0000:00/0000:00:1d.0/usb2
../../../devices/pci0000:00/0000:00:14.0/usb3
../../../devices/pci0000:00/0000:00:14.0/usb4
The most similar thread I found about this topic is this one:
https://groups.google.com/forum/#!searchin/qubes-users/usb|sort:relevance/qubes-users/a86st0lUgEw/2FH24xuBFAAJ
But in that case mojosam had 2 controllers.
Thanks for the attention!
not sure but if its like my pc when using xhci (usb 3.0) everything goes through thaT one controller. it look like you have ehci controller too but not sure. What I do with one controller is use a usb to pci adapter for the kb. For mouse you can use the qubes proxy, not as bad as also having kb in usbvm.
ehci is for older usb protocol. xhci is for 3.0, maybe there is option in bios to disable usb 3.0. then maybe it will have separate routed controllers? Thats how it works on my desktop pc. otherwise all controllers get routed through the xhci one. but then you will be giving up usb 3.0, but maybe worth it not to have kb in sys-usb.
what about using the internal kb, no good?
so I guess just take your chances with it on the usb qube. I do it with mouse never seen anything weird happen. a wireless mouse too. although I probably should put lock screen on I just realized I don't even have it on.
Hi, having problems creating sys-usb and want to use a usb keyboard, usb mouse, and a usb flash drive with the computer, that's it. What would be the most secure setup for that in terms of where to assign my usb devices too? Qubes page says using an Untrusted Qube for them is the most secure, but I don't know what that is and how it differs from a Disposable VM.