On Tue, March 20, 2018 1:28 pm, Yuraeitha wrote: > Also note if you for example link your drives directly into an AppVM for > example via qvm-block or qvm-usb, as far as I understand it, you're > essentially exposing the firmware of the drives/thumb-drives
That's partly (since the USB controller remains in sys-usb which I imagine restricts access somewhat) true of qvm-usb but not qvm-block. Ideally, when you use qvm-block you attach a partition to a VM. By attaching the whole block device instead, you additionally expose the VM to partition table level attacks, but still not firmware. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6ea0f4697c7ee0a0a2cdb9e92335bdd9.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.