I bought my Librem Mini with the purpose of providing a solid hardware / firmware basis for a QubesOS setup. Unfortunately, I foolishly failed to consider how to l would pair the Mini with an external keyboard and mouse, while at the same time maintaining Qubes’ USB isolation.
Can anyone suggest a safer mechanism for interfacing a keyboard and mouse to the Mini, without using the (risky) USB?
There is a project which adds USB pairing to the Linux kernel. I don’t remember the name, but if you search the forum for securing the USB bus, you should find it. Basically, it makes you provide a whitelist of USB devices which are allowed to connect, and what USB protocols they can provide. It’s not as secure as disabling the USB subsystem, but it’s reasonably close for nearly any situation. (In theory, someone could steal your keyboard, modify it with a hardware keylogger, and compromise your system, but that’s a pretty high bar).
Sweet! I’ll look it up. Thank you kindly.
Did you read the original Qubes OS docs? They suggest to use two-factor authentification for example. Should work with a Librem Key. Also, if your USB qube does not have the network connection, it is already much more secure than any other system I guess.
would using a copyleft (CC) external-keyboard not mitigate at least SOME of the risks involved though ?
Not really… If you are in a situation where you have to worry about your USB keyboard pretending to be a NIC to snoop on your traffic, having the schematic doesn’t really help (unless you dis/assemble it yourself). The typical threat vector is external USB drives and the like. They often have terribly insecure firmware, so an attacker can reflash the firmware with one that will pretend to be a keyboard and network card, and these days an external monitor, and then use the keyboard to launch an automated attack on the system.
And no, using only CC USB drives doesn’t really help either, if the firmware can be updated on the drive. In part because someone could still upload a nefarious payload to the drive if you plug it into another machine, and in part because having a trusted USB drive does not prevent the “evil maid” from plugging in an untrusted USB drive.
Even with the USB keyboard/mouse you can use it with Qubes safely. Qubes can distinguish a keyboard and mouse from a NIC or other device. You can configure Qubes to automatically allow mice and keyboards or to prompt you in various cases. There are also guides with how to manage Qubes and unlock disks when you have a USB keyboard, which is a common problem others have already run into because their laptops happen to use a USB interface for the keyboard instead of PS/2.
Then if a rogue USB device was plugged into the system, it would still get isolated to sys-usb and you could choose how and whether to share it with other VMs.
Thanks for the reply, fslover. The problem I’m running into with the Librem Mini is that since it doesn’t have a built-in keyboard, I have to use an external USB keyboard, in which case I have to enter some muddy waters to use a USB Qube.
reC, lperkins2 … Thanks for the reply. I’m the only one that has physical access to my Librem Mini. My main concern is the threat you mentioned - malware altering the firmware of a USB device to make it spoof a keyboard, and then the spoofed-keyboard device owning my system.
That is very much the point behind the usbguard project. Any device which changes its endpoints will change its hash attribute and get blocked. You can also restrict devices to specific ports.
lperkins2 … Ah, OK. Thanks for the clarification. This looks promising. Thank you again.
Kyle_Rankin, thanks for the reply. I’m very encouraged by the mechanism you described and am reading up on that.
Hi all, I’ve started to research the great information you provided and am finding some exciting solutions from the techniques you suggested - revisiting the Qubes docs on USB, configuring Qubes to treat keyboards and mice differently, the USBGuard project, etc. Thank you all kindly for the help. Much appreciated.
with a fully free-software keyboard you can re-flash it’s firmware after you build it from source … not to mention there are some pretty freaky forks of the official firmware that have been altered by the community to do some crazy things the official flavor does not have the capability of doing … advanced macros and some other things that usually require a script or a full blown program to be written sometimes …
it’s pretty scary to think about what some of the things an on-board keyboard storage space can do …
Thanks for the response. That sounds not only very secure but fun with programmable key macros.
I am thinking about getting a mini mainly for the same reason as OP.
I was gonna ask for specific recommendations for an open source / fully free keyboard to choose from - or a recent list of projects etc.
But since this is technically a Librem forum I suppose I should ask instead this -
Does getting a keyboard and mouse directly from puri.sm alleviate these concerns?
That is - are the keyboard from purism open/free?
The shop page for the mini still lists them as being evaluated.
hello and welcome ! that is a good question. you might want to @ at somebody from Purism if you wish to have an official answer …
Could you make some notes about how did you manage to make these things?