An idea would an automatic one sys-usb per USB controller with one dedicated "trusted" sys-usb-input for input devices keyboards mice etc and when you unplug a device the sys-vms is restarted to a blank slate and an FLR issued to the usb controller attached so that you never can have a contagious sys-usb. Many devices now support issuing infinite resets like this.
You can also buy a PCI-e usb card from sonnet (not sure what model tho) right now that has 4 ports with one controller per port - all "real" pci-e devices via an ACS switch...as opposed to one controller that pretends to be more than one like on the classic qubes intel laptops like the x230, t420, w530 etc vs with real dual usb controllers on the amd stuff like g505s kcma-d8 kgpe-d16 but if you are using the first category you can install a usb controller via the expresscard slot...I myself am using my EC slot for a quad port nic via a EC>PCI-e media converter. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/13e9873f-e86f-ffb1-833c-995638fbc38c%40gmx.com. For more options, visit https://groups.google.com/d/optout.
