I setup using a PS/2 keyboard (which I’m using for passwords), just plugged my USB mouse and keyboard in (via KVM) and it’s asking me to allow sys-USB to do something (qubes.InputMouse) to dom0 with no other option for target. Will this expose dom0 to my potentially untrusted USB devices in an unsafe way? Why should or shouldn’t I do this?
I’m assuming this is normal since it’s not mentioned in any of the setup documentation that I can find, but from what I’ve read it seems unsafe unless I’m missing something. If possible I’d rather only expose isolated environments to my USB input devices.
Note, however, that this setup will expose dom0 to USB devices while you are entering your LUKS passphrase. While only input devices (keyboards, mice, etc.) are initialized at this stage, users are advised to physically disconnect other devices from the system during this vulnerable window in order to minimize the risk.
From what I know this is totally normal behavior. Passing your mouse/keyboard that way to dom0 does indeed expose it. PS2 keyboards should be preferred. Only alternativ is to create a new usb-qube and just allow keyboard/mouse from that qube or lock a whole usb-controller to dom0 (best way).
Qubes 4.1: How to enable a USB keyboard on a separate USB controller
that way you could still block other/all usb-devices during boot (but still best to unplug everything)
There is no way to get trusted input from an untrusted keyboard/mouse …