I’ve been having a look through the documentation around the usb qube and assorted vectors of attack. Device handling security | Qubes OS
I have a few questions.
Why are PS/2 devices recommend? What makes a PS/2 device secure and a USB device insecure? I get the impression USB devices in general have more vectors for exploitation.
The main emphasis seems to be on protecting against untrusted USB devices, which makes sense. Then the thought arises what makes a device trusted. I’d say a completely trusted device is one that has only ever been used on a given device from the factory (if a middle man has fiddled with it). Then there would be varying degrees of trust from there, i.e a USB which has been used on another device but formatted, or a mouse you’ve never lent to anyone but used on other devices etc…
Are there concerns around other USB device, say a DVD drive? which obviously isn’t an input device, like a keyboard or mouse.
I’m under the impression qubes is built in such a way that if someone gets your device, plugs a usb device in that usb device is completely blocked from interacting with the device unless you log in and “attach” the usb device to a qube, is that correct?