Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow creating sys-usb in installer even when USB keyboard is used #7674

Closed
marmarek opened this issue Aug 2, 2022 · 3 comments
Closed

Allow creating sys-usb in installer even when USB keyboard is used #7674

marmarek opened this issue Aug 2, 2022 · 3 comments
Labels
C: installer P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. release notes This issue should be mentioned in the release notes. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
Milestone
Release 4.2

Comments

@marmarek
Copy link
Member

marmarek commented Aug 2, 2022

How to file a helpful issue

The problem you're addressing (if any)

Most modern machines have just one USB controller, when it's left in dom0, all USB devices will be presented to dom0 (whether they will be useful is another question). It means that even on systems with primary keyboard on USB, having sys-usb improves overall security (it reduces impact of USB compromise from "unrestricted access to all the data" to "control over user input" - the latter makes the attack at least user-visible).
Secondly, there are cases where the is some USB keyboard (or device that looks like one, #7239, #3203) connected during installation, but the primary keyboard isn't there at all. In those cases, user should be able to enable sys-usb normally.

Besides security implications, having sys-usb when primary user input devices are on USB has also reliability implications. If sys-usb breaks, user has no way to interact with the system, in most cases leaving just hard reboot option. Example issues:

This is continuation of #3516

The solution you'd like

  1. Do not block creating sys-usb even if USB keyboard is detected.
  2. Add an option to allow USB keyboard (Ease creating USB VM even if USB keyboard is used #3516) in initial setup
  3. Enable the option above if USB keyboard is detected

And finally, until reliability issues listed above are solved, do not enable sys-usb by default if USB keyboard is detected (but allow the user to choose creating it).

The value to a user, and who that user might be

More consistent USB devices handling, slightly better dom0 isolation even if USB keyboard is used.
@marmarek marmarek added T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality. C: installer release notes This issue should be mentioned in the release notes. P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. labels Aug 2, 2022
@marmarek marmarek added this to the Release 4.2 milestone Aug 2, 2022
@arkenoi
Copy link

arkenoi commented Aug 8, 2022

why not to whitelist just the specific keyboard that was available during the boot?

@DemiMarie
Copy link

@arkenoi If only it were that simple. It turns out that USB device handling is generally a disaster.

marmarek added a commit to marmarek/qubes-mgmt-salt-dom0-virtual-machines that referenced this issue Jan 25, 2023
@marmarek
Add optional USB keyboard setup also during initial sys-usb setup
a041d19 
This basically performs what qvm.usb-keyboard does, but while applying
initial qvm.sys-usb state, not after it.

QubesOS/qubes-issues#7674
marmarek added a commit to marmarek/qubes-mgmt-salt-dom0-virtual-machines that referenced this issue Jan 25, 2023
@marmarek
Add optional USB keyboard setup also during initial sys-usb setup
b783d1d 
This basically performs what qvm.usb-keyboard does, but while applying
initial qvm.sys-usb state, not after it.

QubesOS/qubes-issues#7674
marmarek added a commit to marmarek/qubes-mgmt-salt-dom0-virtual-machines that referenced this issue Jan 25, 2023
@marmarek
Add optional USB keyboard setup also during initial sys-usb setup
712051f 
This basically performs what qvm.usb-keyboard does, but while applying
initial qvm.sys-usb state, not after it.

QubesOS/qubes-issues#7674
marmarek added a commit to marmarek/qubes-anaconda-addon that referenced this issue Jan 25, 2023
@marmarek
Allow enabling sys-usb even if USB keyboard is detected
5574ba8 
Allow enabling sys-usb with USB keyboard, but also allow enabling input
proxy for keyboard. If USB keyboard is detected, enable input proxy by
default.

QubesOS/qubes-issues#7674
marmarek added a commit to marmarek/qubes-anaconda-addon that referenced this issue Jan 25, 2023
@marmarek
Show list of impacted USB keyboards
6408d26 
QubesOS/qubes-issues#7674
@marmarek marmarek mentioned this issue Jan 25, 2023
Merged
marmarek added a commit to marmarek/qubes-anaconda-addon that referenced this issue Jan 25, 2023
@marmarek
Show list of impacted USB keyboards
fb190ac 
QubesOS/qubes-issues#7674
@marmarek marmarek mentioned this issue Jan 28, 2023
Merged
This was referenced Jan 28, 2023
Closed
Closed
Closed
Closed
@marmarek
Copy link
Member Author

marmarek commented Jan 28, 2023
edited

The initial-setup screen when USB keyboard is detected looks now like this:
image

@marmarek marmarek mentioned this issue Jan 29, 2023
Closed
@hast0011 hast0011 mentioned this issue Sep 20, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C: installer P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. release notes This issue should be mentioned in the release notes. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
Projects
None yet
Milestone
Release 4.2
Development

No branches or pull requests
3 participants
@marmarek @arkenoi @DemiMarie