I implemented my idea, but I also stopped using the USB keyboard and mouse.
Now I have sys-usb with the USB controller PCI device attached and sys-net with the USB-Ethernet device attached from sys-usb. The only glitch is that on boot up, sys-net will not start at all if the USB-Ethernet device is not available, but sys-usb starts after sys-net when they are both set to autostart. I think the autostart ordering for VMs is essentially arbitrary (possibly alphabetical). How can I specify an ordering for VM startup or a dependency on a USB device? ------- Original Message ------- On Tuesday, March 22nd, 2022 at 10:21 AM, Dan <anonymous....@pm.me> wrote: > Hello fellow Qubies, > > I have my USB controller (the PCI device) assigned to sys-net because I have > a USB-Ethernet device. I also have my USB keyboard and mouse in sys-net on > the same USB controller, and the keyboard and mouse can control dom0. My > system has only one USB controller. > > I want to isolate compromises of sys-net. Would there be any advantage to > creating sys-usb and then attaching only the USB-Ethernet device to sys-net? > My USB-Ethernet device shows up as a device in the device widget (currently > under sys-net as described above). > > So then my plan would be to put the USB controller in sys-usb, then attach > just the USB-Ethernet device to sys-net. Would that reduce the ability of > sys-net to compromise the USB controller and the keyboard? > > Thanks, > > Dan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/_6CJ5G1r2nHsCQsBsdDYlrxEhysz4TVXG6hhG42F6xeekEPLD9ChabO3Zpi4gZw_SwYC8ZUpY7AK59EaYVlNg3J48P9qp2-TguteQI3wrUo%3D%40pm.me.
