Why are a PS/2 keyboard and mouse recommended out of curiosity?

Just asking why specifically. Also would a USB to PS/2 adapter work? My PS/2 mouse is very temperamental

The collection of firmware and software needed to handle USB devices is complex because there is a variety of very different USB devices. That complexity gives many opportunities for vulnerabilities to be exploited.

The PS/2 protocol does less, and as such is simpler and does offer a comparatively small attack surface.

Good starting point about USB security in the documentation:

If you use a USB keyboard, there is a high risk of locking yourself out of your system when experimenting with USB qubes. For example, if a USB qube takes over your sole USB controller (to which your USB keyboard is connected), then your keyboard will no longer be able to control dom0. This will prevent you from performing many essential tasks, such as entering your decryption and login passphrases, rendering your system unusable until you reinstall. This section covers various options for addressing this problem.

Most laptops use PS/2 connections internally for their input devices (i.e., keyboard and touchpad). On most desktops, however, USB-connected keyboards and mice have become standard. This presents a dilemma when the computer has only one USB controller. If that single USB controller is dedicated solely to the input devices, then no untrusted USB devices can be used. Conversely, if the sole USB controller is completely untrusted, then there is no way for the user to physically control the system in a secure way. In practice, Qubes users on such hardware systems are generally forced to use a single USB controller for both trusted and untrusted purposes — an unfortunate security trade-off. For this reason, we require that every Qubes-certified non-laptop device either (1) supports non-USB input devices (e.g., via PS/2) or (2) has a separate USB controller that is only for input devices.

would converting USB to PS/2 be ok?

If you’re plugging the adapter in the USB port, you’re using a USB device in practice. As far as I know there is no security advantage to be using a PS/2 mouse with a USB adapter over a regular USB mouse.

I meant convering USB to PS/2

1 Like

I’ve never seen a converter from USB to PS/2, it didn’t occur to me, apologies.

Thinking aloud (meaning I don’t know): such a converter would have to handle the USB device, wouldn’t it? I wonder if you’re not again dealing with a USB controller at that point.

I can imagine that the knowledge that the converter converts to PS/2 could, maybe be used to skip implementing some parts of the USB protocol that may not be relevant, but I must say I have a hard time imagining a situation in which such extra work makes business sense… and I would guess that most converters are very generic in their handling of the USB device. I may be lacking imagination. And again: I’m speculating here! :slightly_smiling_face:

1 Like

I wonder that too now that you mention it and I’ve been using these adapters for decades

(USB) mouses and keyboards are dying, so each next USB mouse/kb - new threat. PS/2toUSB adapters aren’t dying that easy. I have one for probably more than 20 years and still using it. I don’t care for my PS/2 mouse and keyboard dying. New ones aren’t new threat.

So, that is a clear security advantage for me.