Hi, I have Qubes OS installed on a 64gb USB 3.2 Flash drive, which I use on my laptop. As a result I keep sys-usb permanently disabled, which as I understand is a security risk. The thing is, my laptop only has 1 working USB port, which is obviously used for the USB with Qubes on it.
So is there any real security risk of keeping sys-usb disabled if it is physically impossible for any other devices to connect while using Qubes? The only risk I can imagine is a malware “pretending” to be an input device and using one of the spare USB controllers (I assume they still exist ? since only the physical port is broken), but I can’t imagine a scenario where a malware can achieve this without having dom0 access anyway.
Worth mentioning that the laptop keyboard and touchpad is PS/2, and that I run Qubes on USB because windows is on the internal HDD, although this is only used for playing steam games (I appreciate this is its own risk, although the Qubes USB drive is unplugged when booting windows, so I can only imagine a malware could attack Qubes through the BIOS, and I’ll likely just get AEM or the sort).
I’m new to Qubes and Linux in general, so sorry if I missed something. Thanks for the help!
I think that theoretically this is not correct. Because your keyboard and touchpad can be on USB controller. So, I would check my internal keyboard and touchpad.
As far as i understood, one of those risks is that there are some increasing ways to infect keyboard firmware. So there might be a similar risk like using a USB stick that could have been infected, even keyboard infections are more rare than USB infections. So if you use the same keyboard on different OS / Computers, there might be a chance the keyboard gets infected (on windows for example) and when using the same keyboard on Qubes, the infected keyboard is in direct contact with dom0 if sys-usb is disabled. It is al rare, and it must be a targeted infection, but that might be a risk. To make this chance smaller is to use the trusted keyboard only on your Qubes computer. And if you are extra paranoid, never let your keyboard somewhere, cause an attacker who knows you are a Qubes user, could infect it physically and wait till you connect it on Qubes to target Dom0. This kind of attack would had been much harder if sys-usb was active and had prevented direct contact with dom0. But again, all those attack are rare, but possible.
USB keyboard and mouse can be in direct contact with dom0 even if sys-usb isn’t disabled, via correspondent RPC policy found in /etc/qubes-rpc/policy/.
Yes, but we are talking about the common recommended use of sys-usb to prevent a keyboard pointing to dom0 vs pointing a keyboard directly to dom0. Of course you can disable the rules if you want that.
Yes, but we are talking about the common recommended use of sys-usb to prevent a keyboard pointing to dom0 vs pointing a keyboard directly to dom0. Of course you can disable the rules if you want that.