When installing Qubes, I elected to use a
sys-usb VM. As an extra layer of security, I would like to make this VM disposable such that if a malicious USB is inserted, the damage would be limited to that disposable VM’s session.
- Does it make sense that using a disposable VM for
sys-usbwould improve security?
- Is it possible to make
sys-usbdisposable? Ideally it would automatically start upon OS startup, and my usb keyboard and mouse would be recognized automatically. Other
sys-usbfeatures would ideally operate the same in this disposable version.
- Could the same logic apply to other
sys-VMs, such as
sys-net(the perimeter networking VM),
sys-firewall(the internal networking VM), and
sys-whonix(the Tor proxy networking VM)?