On Wed, Jul 12, 2017 at 4:09 PM, Thomas Jefferson <myd...@mailbox.org> wrote:
> Hi, > > I'm trying to use my ledger nano s and trezor with Qubes. I think the best > approach, since I need to attach the entire USB controller for this to > work, would be to use the existing sys-usb. However by default the sys-usb > is not connected with any NetVM, hence I don't know if this would increase > my attack vector. > What's the safest way to use trezor or ledger nano s with Qubes? > > Should I use the sys-usb or should attach the USB controller to a > different AppVM and use my HW wallet there? (The latter option will > invalidate the use of my mouse, so if any other option is available, I'd > glad hear it) > > I had to buy a working expresscard usb controller and then reboot. But if you do not have the slot or do not want the extra hassle/battery consumption probably the best way is to connect sys-usb to sys-net. At the end they are both considered compromised, so which is the risk of connecting them? That sys-usb can spread its malware using sys-net? Unless you use usb block devices for strategic/important things, which is not advised, then it seems an acceptable risk. Regarding specifically Trezor and I suppose also Ledger, they are supposed to be safe even if the hardware on which they are mounted is compromised. So even a compromised sys-usb may be acceptable. Best Fran > Thanks > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/qubes-users/37511761.234.1499886552897%40office.mailbox.org > <https://groups.google.com/d/msgid/qubes-users/37511761.234.1499886552897%40office.mailbox.org?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qCVVrw8My1TjZKDrq5F-uHahZP-kcYWZr-H5w8PyyCLng%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
