I also forgot to mention, if ultimately the sys-usb will have internet, then what's the difference between the sys-net or sys-usb? Why using two separated SysVMs if both can be used as a NetVM?
> On 12 July 2017 at 22:52 Franz <169...@gmail.com> wrote: > > > > On Wed, Jul 12, 2017 at 4:09 PM, Thomas Jefferson <myd...@mailbox.org > mailto:myd...@mailbox.org > wrote: > > > > > > Hi, > > > > I'm trying to use my ledger nano s and trezor with Qubes. I think > > the best approach, since I need to attach the entire USB controller for > > this to work, would be to use the existing sys-usb. However by default the > > sys-usb is not connected with any NetVM, hence I don't know if this would > > increase my attack vector. > > What's the safest way to use trezor or ledger nano s with Qubes? > > > > Should I use the sys-usb or should attach the USB controller to a > > different AppVM and use my HW wallet there? (The latter option will > > invalidate the use of my mouse, so if any other option is available, I'd > > glad hear it) > > > > > > > > I had to buy a working expresscard usb controller and then reboot. But if > you do not have the slot or do not want the extra hassle/battery consumption > probably the best way is to connect sys-usb to sys-net. At the end they are > both considered compromised, so which is the risk of connecting them? That > sys-usb can spread its malware using sys-net? Unless you use usb block > devices for strategic/important things, which is not advised, then it seems > an acceptable risk. > > Regarding specifically Trezor and I suppose also Ledger, they are > supposed to be safe even if the hardware on which they are mounted is > compromised. So even a compromised sys-usb may be acceptable. > Best > Fran > > > > > > Thanks > > > > > > > > -- > > You received this message because you are subscribed to the Google > > Groups "qubes-users" group. > > To unsubscribe from this group and stop receiving emails from it, > > send an email to qubes-users+unsubscr...@googlegroups.com > > mailto:qubes-users+unsubscr...@googlegroups.com . > > To post to this group, send email to qubes-users@googlegroups.com > > mailto:qubes-users@googlegroups.com . > > To view this discussion on the web visit > > https://groups.google.com/d/msgid/qubes-users/37511761.234.1499886552897%40office.mailbox.org > > > > https://groups.google.com/d/msgid/qubes-users/37511761.234.1499886552897%40office.mailbox.org?utm_medium=email&utm_source=footer > > . > > For more options, visit https://groups.google.com/d/optout > > https://groups.google.com/d/optout . > > > > > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1433568070.1489.1499894270570%40office.mailbox.org. For more options, visit https://groups.google.com/d/optout.
