Yet, you (nor anyone else, obviously) didn’t ask how can you trust to burn that ISO to an USB stick, to install Qubes from that very stick, only to create sys-usb (during install, or later manually) because you don’t trust any USB, including that very stick…