@fsflover Thank you, sounds reasonable to make the USB and other stateless qubes disposables. I’ll try that approach with a bit more experience.
@unman This is a great idea, probably the simplest solution to just clean its state!
Might elaborate on this? Do you mean a compromise of the hardware side (USB controller) of the PC?
My understanding is, a malicious device plugged in to an USB controller jailed inside the qube might lead to a compromise of this VM software-wise. As the VM also manages keyboard + mouse (I only have one USB controller), it would be able to write arbitrary input and also sniff all my inputs. But I still could anticipate malicious, generated keystrokes using that PC at the same time, as a script using the USB proxy cannot run in background as opposed to a dom0 script. (I read that last part from an issue created by marmarek, can search for it, if needed.)
So I would believe, an USB qube reset solves the software-side infection and doesn’t do any harm, as long as you don’t type your password at the time of the compromise, assumed that malcious device could report these keystrokes over internet or similar.