Re: [qubes-users] Working with a BTC hardware wallet on Qubes

2017-07-12 Thread Franz 
On Wed, Jul 12, 2017 at 6:17 PM, Thomas Jefferson 
wrote:

> I also forgot to mention, if ultimately the sys-usb will have internet,
> then what's the difference between the sys-net or sys-usb? Why using two
> separated SysVMs if both can be used as a NetVM?
>
>
>
What I noted is that when you install Qubes you are given an option to
install sys-usb or not.  I suspect that if you select "not" then what
happens is that USB controllers are assigned to sys-net. So making it a
single sys-vm.

Also I wonder which place may a firewall have with that. I assigned my
expresscard USB controller to a TrezorVM which uses the standard firewall,
but sys-net has no firewall.

>
>
> On 12 July 2017 at 22:52 Franz <169...@gmail.com> wrote:
>
>
>
> On Wed, Jul 12, 2017 at 4:09 PM, Thomas Jefferson 
> wrote:
>
> Hi,
>
> I'm trying to use my ledger nano s and trezor with Qubes. I think the best
> approach, since I need to attach the entire USB controller for this to
> work, would be to use the existing sys-usb. However by default the sys-usb
> is not connected with any NetVM, hence I don't know if this would increase
> my attack vector.
> What's the safest way to use trezor or ledger nano s with Qubes?
>
> Should I use the sys-usb or should attach the USB controller to a
> different AppVM and use my HW wallet there? (The latter option will
> invalidate the use of my mouse, so if any other option is available, I'd
> glad hear it)
>
>
> I had to buy a working expresscard usb controller and then reboot. But if
> you do not have the slot or do not want the extra hassle/battery
> consumption probably the best way is to connect sys-usb to sys-net. At the
> end they are both considered compromised, so which is the risk of
> connecting them? That sys-usb can spread its malware using  sys-net? Unless
> you use usb block devices for strategic/important things, which is not
> advised, then it seems an acceptable risk.
>
> Regarding specifically Trezor and I suppose also Ledger, they are supposed
> to be safe even if the hardware on which they are mounted is compromised.
> So even a compromised sys-usb may be acceptable.
> Best
> Fran
>
> Thanks
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/ms
> gid/qubes-users/37511761.234.1499886552897%40office.mailbox.org
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qAUfdwgw%3D9LKB-f2T-Aaz-zko7R5NtA5rNSNXPf5E%3D%2BJQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Working with a BTC hardware wallet on Qubes

2017-07-12 Thread Thomas Jefferson 
I also forgot to mention, if ultimately the sys-usb will have internet, then 
what's the difference between the sys-net or sys-usb? Why using two separated 
SysVMs if both can be used as a NetVM?




> On 12 July 2017 at 22:52 Franz <169...@gmail.com> wrote:
> 
> 
> 
> On Wed, Jul 12, 2017 at 4:09 PM, Thomas Jefferson  mailto:myd...@mailbox.org > wrote:
> 
> > > 
> > Hi,
> > 
> > I'm trying to use my ledger nano s and trezor with Qubes. I think 
> > the best approach, since I need to attach the entire USB controller for 
> > this to work, would be to use the existing sys-usb. However by default the 
> > sys-usb is not connected with any NetVM, hence I don't know if this would 
> > increase my attack vector.
> > What's the safest way to use trezor or ledger nano s with Qubes?
> > 
> > Should I use the sys-usb or should attach the USB controller to a 
> > different AppVM and use my HW wallet there? (The latter option will 
> > invalidate the use of my mouse, so if any other option is available, I'd 
> > glad hear it)  
> > 
> > 
> > > 
> I had to buy a working expresscard usb controller and then reboot. But if 
> you do not have the slot or do not want the extra hassle/battery consumption 
> probably the best way is to connect sys-usb to sys-net. At the end they are 
> both considered compromised, so which is the risk of connecting them? That 
> sys-usb can spread its malware using  sys-net? Unless you use usb block 
> devices for strategic/important things, which is not advised, then it seems 
> an acceptable risk.
> 
> Regarding specifically Trezor and I suppose also Ledger, they are 
> supposed to be safe even if the hardware on which they are mounted is 
> compromised. So even a compromised sys-usb may be acceptable.
> Best
> Fran
> 
> > > 
> > Thanks
> > 
> >  
> > 
> > --
> > You received this message because you are subscribed to the Google 
> > Groups "qubes-users" group.
> > To unsubscribe from this group and stop receiving emails from it, 
> > send an email to qubes-users+unsubscr...@googlegroups.com 
> > mailto:qubes-users+unsubscr...@googlegroups.com .
> > To post to this group, send email to qubes-users@googlegroups.com 
> > mailto:qubes-users@googlegroups.com .
> > To view this discussion on the web visit 
> > https://groups.google.com/d/msgid/qubes-users/37511761.234.1499886552897%40office.mailbox.org
> >  
> > https://groups.google.com/d/msgid/qubes-users/37511761.234.1499886552897%40office.mailbox.org?utm_medium=email_source=footer
> >  .
> > For more options, visit https://groups.google.com/d/optout 
> > https://groups.google.com/d/optout .
> > 
> > > 
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1433568070.1489.1499894270570%40office.mailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Working with a BTC hardware wallet on Qubes

2017-07-12 Thread Thomas Jefferson 
Thanks for the update.
I was trying to attach a NetVM to sys-usb however it seems that sys-usb is 
already a NetVM in itself, hence I cannot add it to the sys-net.
Do you have any idea how can I have internet on the sys-usb ?


Thank you again


> On 12 July 2017 at 22:52 Franz <169...@gmail.com> wrote:
> 
> 
> 
> On Wed, Jul 12, 2017 at 4:09 PM, Thomas Jefferson  mailto:myd...@mailbox.org > wrote:
> 
> > > 
> > Hi,
> > 
> > I'm trying to use my ledger nano s and trezor with Qubes. I think 
> > the best approach, since I need to attach the entire USB controller for 
> > this to work, would be to use the existing sys-usb. However by default the 
> > sys-usb is not connected with any NetVM, hence I don't know if this would 
> > increase my attack vector.
> > What's the safest way to use trezor or ledger nano s with Qubes?
> > 
> > Should I use the sys-usb or should attach the USB controller to a 
> > different AppVM and use my HW wallet there? (The latter option will 
> > invalidate the use of my mouse, so if any other option is available, I'd 
> > glad hear it)  
> > 
> > 
> > > 
> I had to buy a working expresscard usb controller and then reboot. But if 
> you do not have the slot or do not want the extra hassle/battery consumption 
> probably the best way is to connect sys-usb to sys-net. At the end they are 
> both considered compromised, so which is the risk of connecting them? That 
> sys-usb can spread its malware using  sys-net? Unless you use usb block 
> devices for strategic/important things, which is not advised, then it seems 
> an acceptable risk.
> 
> Regarding specifically Trezor and I suppose also Ledger, they are 
> supposed to be safe even if the hardware on which they are mounted is 
> compromised. So even a compromised sys-usb may be acceptable.
> Best
> Fran
> 
> > > 
> > Thanks
> > 
> > --
> > You received this message because you are subscribed to the Google 
> > Groups "qubes-users" group.
> > To unsubscribe from this group and stop receiving emails from it, 
> > send an email to qubes-users+unsubscr...@googlegroups.com 
> > mailto:qubes-users+unsubscr...@googlegroups.com .
> > To post to this group, send email to qubes-users@googlegroups.com 
> > mailto:qubes-users@googlegroups.com .
> > To view this discussion on the web visit 
> > https://groups.google.com/d/msgid/qubes-users/37511761.234.1499886552897%40office.mailbox.org
> >  
> > https://groups.google.com/d/msgid/qubes-users/37511761.234.1499886552897%40office.mailbox.org?utm_medium=email_source=footer
> >  .
> > For more options, visit https://groups.google.com/d/optout 
> > https://groups.google.com/d/optout .
> > 
> > > 
> 
 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/895966372.1441.1499893709055%40office.mailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Working with a BTC hardware wallet on Qubes

2017-07-12 Thread Franz 
On Wed, Jul 12, 2017 at 4:09 PM, Thomas Jefferson 
wrote:

> Hi,
>
> I'm trying to use my ledger nano s and trezor with Qubes. I think the best
> approach, since I need to attach the entire USB controller for this to
> work, would be to use the existing sys-usb. However by default the sys-usb
> is not connected with any NetVM, hence I don't know if this would increase
> my attack vector.
> What's the safest way to use trezor or ledger nano s with Qubes?
>
> Should I use the sys-usb or should attach the USB controller to a
> different AppVM and use my HW wallet there? (The latter option will
> invalidate the use of my mouse, so if any other option is available, I'd
> glad hear it)
>
>
I had to buy a working expresscard usb controller and then reboot. But if
you do not have the slot or do not want the extra hassle/battery
consumption probably the best way is to connect sys-usb to sys-net. At the
end they are both considered compromised, so which is the risk of
connecting them? That sys-usb can spread its malware using  sys-net? Unless
you use usb block devices for strategic/important things, which is not
advised, then it seems an acceptable risk.

Regarding specifically Trezor and I suppose also Ledger, they are supposed
to be safe even if the hardware on which they are mounted is compromised.
So even a compromised sys-usb may be acceptable.
Best
Fran

> Thanks
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/qubes-users/37511761.234.1499886552897%40office.mailbox.org
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qCVVrw8My1TjZKDrq5F-uHahZP-kcYWZr-H5w8PyyCLng%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Working with a BTC hardware wallet on Qubes

2017-07-12 Thread Thomas Jefferson 
Hi,

I'm trying to use my ledger nano s and trezor with Qubes. I think the best 
approach, since I need to attach the entire USB controller for this to work, 
would be to use the existing sys-usb. However by default the sys-usb is not 
connected with any NetVM, hence I don't know if this would increase my attack 
vector.
What's the safest way to use trezor or ledger nano s with Qubes?

Should I use the sys-usb or should attach the USB controller to a different 
AppVM and use my HW wallet there? (The latter option will invalidate the use of 
my mouse, so if any other option is available, I'd glad hear it)  

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/37511761.234.1499886552897%40office.mailbox.org.
For more options, visit https://groups.google.com/d/optout.