Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support disabling firmware USB stack, while allowing the OS to use USB devices #561

Closed
DemiMarie opened this issue Jul 3, 2024 · 1 comment
Closed

Support disabling firmware USB stack, while allowing the OS to use USB devices #561

DemiMarie opened this issue Jul 3, 2024 · 1 comment
Labels
priority:low

Comments

@DemiMarie
Copy link

Qubes OS isolates USB devices in a dedicated virtual machine. This prevents a malicious USB device from compromising the entire system. However, this protection fails if USB keyboards and mice are supported in the firmware, because a malicious device can inject keystrokes into GRUB or trigger system recovery.

To prevent this attack, firmware could have a configuration option to ignore all attached USB devices. This blocks the above attack: the malicious device will be ignored by firmware, and Qubes OS limits the damage the device can do.
@crawfxrd
Copy link
Member

Duplicate of #589

@crawfxrd crawfxrd marked this as a duplicate of #589 Dec 19, 2024
@crawfxrd crawfxrd closed this as not planned Won't fix, can't repro, duplicate, stale Dec 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority:low
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@crawfxrd @DemiMarie