@renehoj is right. Itâs not necessarily the concern of someone you donât know/trust having physical access to your machine (known as an âEvil Maid Attackâ, just in case anyone reading this didnât know that
). but also the fact that the USB devices you own and use regularly might also have some things in the firmware that would slip past most OSes.
For example, quite a lot of USB Bluetooth dongles and USB sound cards also tell your machine that theyâre a HID device. This is so that headphones with play/pause/volume buttons can get recognised more easily by your computer. But you can probably easily see how this could be misused ![:stuck_out_tongue: :stuck_out_tongue:](https://forum.qubes-os.org/images/emoji/twitter/stuck_out_tongue.png?v=12)
Check to see that theyâre not the same physical ports, but different versions of USB controllers. Some motherboards will list them as multiple controllers. I have a few machines that list the same 2 ports as 3 different controllers (USB 2.0, USB3.2, and Thunderbolt 4), and it does not like it when they are not all together in the same VM ![:stuck_out_tongue: :stuck_out_tongue:](https://forum.qubes-os.org/images/emoji/twitter/stuck_out_tongue.png?v=12)
Youâre probably going to have to do some experimenting to see which ports are which.
In terms of whether a USB Qube works well with a desktop computer, for sure it works well.
The only issue is that if your computer has a single USB controller, then your machine is pretty much forced to trust at least the first HID device that it encounters. Otherwise you canât really give it any input. Youâll be stuck at the XFCE login screen ![:stuck_out_tongue: :stuck_out_tongue:](https://forum.qubes-os.org/images/emoji/twitter/stuck_out_tongue.png?v=12)
On a few laptops that I have with a single USB controller and a USB keyboard and trackpad hardwired to it, Iâm forced to automatically trust all USB keyboards (otherwise I canât log in!), but I have at least told dom0 to ask for all mice and tablet devices. Not the ideal scenario, but at least itâs better than nothing.
You have multiple USB controllers, so while you will avoid this problem, you will also be forced to have USB ports on your machine that trust everything plugged into them.
As long as you remember which ports youâre using exclusively for HID devices (maybe label them?), you should be fine. Youâre basically going to be allowing anything that claims to be a HID device direct access to dom0.
Youâre also going to have to inherently trust the devices that you plug into those ports, so if you arenât sure that a keyboard/mouse isnât doing anything suspicious, I probably wouldnât plug it into those portsâŚ
What I would recommend is following that guide to allow additional USB HID devices to be passed through to dom0 from your USB Qube with the default of âaskâ.
This would allow you to establish whether a USB device was doing anything weird, before you then unplugged it and put it straight into those dom0 ports.
Hope this helps ![:slight_smile: :slight_smile:](https://forum.qubes-os.org/images/emoji/twitter/slight_smile.png?v=12)