Hi all, I’m back!!! 
It’s been a couple years, but I’m happy to be back.
I just installed 4.1.0 on a Lenovo T430, and right away, something doesn’t look right.
Why would sys-usb and sys-firewall have an IP address assigned to them by default? sys-firewall should go thru sys-net, and sys-usb shouldn’t have any IP address at all.
, there are still many steps I need to take, before this laptop can be considered secure enough to store valuable/sensitive data on it. Replacing the BIOS with coreboot is a big one, haven’t gotten to that step yet, but looking forward to it. Eventually, I will also create a sys-usb VM, and test it. I’m also looking forward to the coming sys-gui? VM and will test it too.
For now, I simply won’t take this laptop anywhere, let alone leave it unattended for someone to steal (most likely) or tamper with.
You are welcome.
It’s not that I insist, but all you plan to do with your laptop may fail whem meanwhile you compromise your whole hardware buy attaching USB devices directly to dom0, especially keyboard…
But, if you trust enough your USBs, give it a go, of course…
This is not why you need defense from USB attack. Any USB device you already have might be compromised and compromise dom0. Then it’s game over™.
Game over LOL yeah I’m doomed. Turn off the electricity, and go back to stones and arrows. Only way to be sure!
You are right, of course. Fortunately, this laptop does have a built-in keyboard, mouse pad and even a track point, so no usb devices will be necessary when I’m done testing it.
When I finally do reach the point of wanting to ensure it’s “safe and secure”, I’ll start over, new drive, wipe/replace the BIOS, and re-install Qubes from scratch, following my notes.
Of course, I’ll have to ensure the installation source hasn’t been compromised, but that’s achievable.
