Should we have one "sys-usb" per USB Controller?

Hello, I am hoping to get some clarification regarding this line in the recommended system specs:

Peripherals: A non-USB keyboard or multiple USB controllers

  1. Is this intended to recommend that we place each USB controller in its own USB qube?

  2. Assuming I only have two USB controllers and the keyboard is the highest risk device, would it be best to place the keyboard isolated on its own usb controller/qube?

  3. Would it be more secure to use PCI-E cards to add USB controllers so that USB devices can be further compartmentalized?

Thanks

(tried to make the title a bit more specific. If you feel it’s not exactly correct, feel free to change it)

That depends on your hardware and what are you trying to do. For USB-Armory, Arduino, GPS or other devices you need one setup…

That is one time I do agree with the moderator…

Thank you for taking the time to reply.

My setup is a usb keyboard/mouse, a yubikey, and block devices.

Currently, the ports for my keyboard/mouse are in sys-usb while everything else is in another USB qube. I haven’t tested the yubikey yet but otherwise the setup seems to work great!

Just curious if this could be set up better a different way and if the security could be improved by getting PCI-E cards to further compartmentalize the USB controllers.

Consider one controller for the usb-keyboard and and never attach there anything else (to avoid ruberducky type attacks to dom0, wich would be game-over.

Ideally one controller for trusted devices and one for untrusted devices, because firmware atack to the controller is an issue…
Besides, QubesOS approach is to put things in different containers as much as possible.
on the desktop, add pci-E cards can be a good practice, I think. While you are at it, consider PCI-E PS/2 controller if you can get PS/2 keyboards and mouse

related thread: Proposed procedure for using untrusted USB drives

This thread is related if you decide to buy a seperate USB card:

I thought that I should just reply in order to help those who use search and get here.

Yes, such approach goes along with the main point of Qubes OS: security through compartmentalization.

Yes. However, it also depends on your threat model. For instance, if you have some USB device as trusted as the keyboard, you could also use it on the same USB controller as the keyboard.

Yes, people are doing this.

Some additional thoughts:

  1. Every additional USB domain consumes additional memory (and certain higher throughput devices may require a usb domain with bumped up memory). If the machine has memory to spare that might not be a concern.

  2. For high performance devices I’ll often just attach the usb pcie controller to an hvm disposable instead of attempting to use usb device routing.

B

1 Like