I am a long time QubesOS user and made the OS my main driver some years ago. However, I have never used QubesOS on a desktop PC, but always on my laptop. As my computing tasks become more and more demanding, I am considering a QubesOS desktop build. The board I want to choose has only one PS/2 connector, which I want to use for my keyboard.
Using the single PS/2 port for my keyboard means that I will have to use a USB mouse. Here are my questions.
However, it is not entirely clear to me what the workflow would be. Let’s say I don’t have sys-usb running (because I misconfigured it, or because I don’t start it automatically), how would I boot my PC? I would type in my password from the keyboard and then run sys-usb, which would then ask me if I wanted to add my USB mouse to dom0 to use it? Is this the way to do it?
How well does QubesOS work with a USB mouse?
Is a USB mouse a major security risk?
Can I accidentally lock myself out if I crash the USB qube?
Also, I am not sure about a paragraph in the docs: “Handling a USB mouse isn’t as critical as handling a keyboard, since you can log in and proceed through confirmation prompts using the keyboard alone.”
Does this mean it is not as critical because I cannot lock myself out, or is this also a security rating?
Your guess is correct, sys-usb will allow the mouse to work after it’s started, not before. Qubes add a kernel option that hides all usb devices from dom0 for security reasons, so the only way for the mouse to work is through the sys-usb input proxy service.
It works fine. I’ve been using Qubes on a desktop computer with a USB mouse for years and never had a problem.
Any USB device can be, but with the way sys-usb and the service behind it handles the actions it does, it’s a bit safer than having them connected directly to dom0. The dom0 service uses a filter that only allows mouse clicks through.
If sys-usb is not running, you won’t be able to use your USB devices. So your mouse won’t work. You can create a systemd service to check if sys-usb is running and restart it to make sure this doesn’t happen. You will still be able to use your keyboard too, so you can use it to restart sys-usb from a terminal for example.
USB keyboards are considered critical because all keyboard actions are allowed on dom0. This means that a rogue keyboard could write and execute commands or allow things (like the qrexec policy validation window) without your permission, since dom0 will allow anything it receives from it.
Today I figured out that since my board supports PS/2 combo, I can just use a PS/2 mouse and keyboard with a cheap Amazon PS/2 Y cable. Just for the next person reading this thread, this is honestly the best approach due to way less headaches, better security and a cost of about 10 USD.