Sys Usb

Qubes works through security by isolation. So to protect the system against USB attacks the USB controller is isolated into it's own qube by the IOMMU.

Implementation

If you have a non-usb keyboard (generally found on laptops, or some older desktops), a kernel option gets added, disabling the USB driver from dom0. The system is also configured so that on startup, a "sys-usb" qube is started. The usb controller is then "passed through" to the USB qube, so that it no longer appears in dom0, but is now only accessible (and can only access) the usb qube.

Why

To protect the system from malicious USB devices. These typically come in a few different flavors:

The last point is interesting because it requires no operating system exploits - because it's emulating a USB keyboard it can simply type in commands as the logged in user to then mount and run the malware embedded on the USB stick. As such it's an easy and accessible attack.

As the USB controller is in it's own VM, attacking it doesn't attack dom0 and doesn't compromise the rest of the system.

USB keyboards/Mice

It is possible to connect USB keyboards/mice, however you must accept a dom0 confirmation box using your existing keyboard/mouse in order to add in a new one. This prevents an unexpected device from being able to add itself and infect the machine before you can stop it. Currently USB keyboards work by default, USB mice require editing some config files. This is likely a bug that will be fixed upstream.

See also

* Qubes documentation

WhatIs/SysUsb (last edited 2018-11-21 04:43:11 by admin)