Is anyone using a USB Qube with a USB keyboard and mouse?
The Qube Manager makes it look like I have multiple USB controllers, so could I keep my keyboard and mouse in Dom0 and have all other USB devices in a USB Qube?
Does anyone have experience with a setup like this?
The way to do this is described in docs:
Thanks, but Iâd like to hear the experience of someone who has done it.
Perhaps itâs janky, or works well. I donât know.
Iâm using a dedicated USB controller for dom0, works just fine.
Just remove the controller from sys-usb and add the following lines to grub, xx:yy.z being the id of the controller you want to use.
usbcore.authorized_default=0
rd.qubes.dom0_usb=xx:yy.z
It enables usbguard for dom0, preventing anything but input devices from connecting to dom0. If you want to connect other device types, you need to add their id to /etc/usbguard/rules.d/02-qubes.conf
@renehoj is right. Itâs not necessarily the concern of someone you donât know/trust having physical access to your machine (known as an âEvil Maid Attackâ, just in case anyone reading this didnât know that 
). but also the fact that the USB devices you own and use regularly might also have some things in the firmware that would slip past most OSes.
For example, quite a lot of USB Bluetooth dongles and USB sound cards also tell your machine that theyâre a HID device. This is so that headphones with play/pause/volume buttons can get recognised more easily by your computer. But you can probably easily see how this could be misused 
Check to see that theyâre not the same physical ports, but different versions of USB controllers. Some motherboards will list them as multiple controllers. I have a few machines that list the same 2 ports as 3 different controllers (USB 2.0, USB3.2, and Thunderbolt 4), and it does not like it when they are not all together in the same VM
Youâre probably going to have to do some experimenting to see which ports are which.
In terms of whether a USB Qube works well with a desktop computer, for sure it works well.
The only issue is that if your computer has a single USB controller, then your machine is pretty much forced to trust at least the first HID device that it encounters. Otherwise you canât really give it any input. Youâll be stuck at the XFCE login screen
On a few laptops that I have with a single USB controller and a USB keyboard and trackpad hardwired to it, Iâm forced to automatically trust all USB keyboards (otherwise I canât log in!), but I have at least told dom0 to ask for all mice and tablet devices. Not the ideal scenario, but at least itâs better than nothing.
You have multiple USB controllers, so while you will avoid this problem, you will also be forced to have USB ports on your machine that trust everything plugged into them.
As long as you remember which ports youâre using exclusively for HID devices (maybe label them?), you should be fine. Youâre basically going to be allowing anything that claims to be a HID device direct access to dom0.
Youâre also going to have to inherently trust the devices that you plug into those ports, so if you arenât sure that a keyboard/mouse isnât doing anything suspicious, I probably wouldnât plug it into those portsâŚ
What I would recommend is following that guide to allow additional USB HID devices to be passed through to dom0 from your USB Qube with the default of âaskâ.
This would allow you to establish whether a USB device was doing anything weird, before you then unplugged it and put it straight into those dom0 ports.
Hope this helps