Usb mouse hardware security risk

I have a motherboard with 2x ps/2 ports however only the ps/2 keyboard works due to lack of support on my custom bios ( which i need for higher security ) all though there is a good chance it will be fixed in the future i can not wait around on patches .

Is there a possible way for me to use a usb mouse with a usb qube enabled from the beginning ( when the os is installed ) with the same risk level as if i were just using both ps/2 keyboard and mouse.

I understand there is a risk of connecting usb devices directly to dom0 incase there firmware is malicious which could infiltrate the dom0 operating system .

but at same time i need a away to securely use a usb mouse without risking my system security as for now only ps/2 keyboard works .

1 Like

With the same risk level? No.
But you can easily create a sys-usb with a USB controller attached, (if
you don’t already have one), and then set the policy in
/etc/qubes-rpc/policy/qubes.InputMouse to pass the Mouse movement
through to dom0.
Look here:

Does that mean that the usb mouse will be connected directly to dom0 ? or will it still be connected to sys usb with the movement of the mouse relayed over to dom0 ? by editing that policy ?

I dont want to ever attach usb devices directly to dom0 incase the firmware is malicious. I have no way to check firmwares of usb sticks and mouses so i would rather just not risk my system over something i can not check .

1 Like

The controller will be attached to sys-usb - setting the policy allows
the mouse control to be used in dom0, but the mouse itself remains
attached to (and working in) sys-usb.
I recommend using disposableVM as sys-usb - that’s covered in the docs.

1 Like

thanks for this unman . i appreciate your help .

sorry if this sounds like a stupid question . but how could i edit the policy without a working mouse in the first place ? surely i will need the mouse to make the edit.

If you take the time to learn the shortcuts for xfce, you can do everything you need to do within the xfce terminal and using only the keyboard. It’s not as daunting as it sounds, as it’s how I managed to get kernel-latest installed, and I’m not especially good or patient with computers (the 4.0.3 default kernel is too old to support my newer laptop so the touchpad wasn’t working, among many other things).

1 Like

cheers friend . i did suspect it would be something along those lines. i will start learning the keyboard keys for opening terminals etc.