From 73aba43da480f0e5ab7df15155231235e2b0a7be Mon Sep 17 00:00:00 2001
From: Axon <axon@openmailbox.org>
Date: Sat, 9 Apr 2016 02:52:37 +0000
Subject: [PATCH] Add section on attaching and using USB keyboards

---
 common-tasks/usb.md | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/common-tasks/usb.md b/common-tasks/usb.md
index 800a8145..2c545775 100644
--- a/common-tasks/usb.md
+++ b/common-tasks/usb.md
@@ -207,7 +207,7 @@ Supported USB device types
 As of Qubes R3.1, it is possible to attach:
 
  * USB mice
- * USB keyboards (after a few [modifications][1618])
+ * USB keyboards (see below)
  * USB block devices (such as USB mass storage devices)
    * When attaching one of these, you should get a notification about the
      new device, then you should be able to attach it to a qube in Qubes VM
@@ -217,6 +217,32 @@ Other devices, such as USB webcams, will also work, but they will be
 accessible only from the USB qube itself, as explained above.
 
 
+How to use a USB keyboard
+-------------------------
+
+In order to use a USB keyboard, you must first attach it to a USB qube, then
+give that qube permission to pass keyboard input to dom0. Note that allowing
+keyboard access from a USB qube gives it great power. In short:
+
+ * It will see whatever you type on that keyboard (including passwords).
+ * It will be able to inject keystrokes, which basically means that it will be
+   able to enter any command. For example, if some malware catches your
+   screenlocker password, it will be able to unlock the screen when you are not
+   present. (For more details, see [here][input-proxy].)
+
+If you are sure you wish to proceed, then you must edit the
+`qubes.InputKeyboard` policy file in dom0, which is located here:
+
+    /etc/qubes-rpc/policy/qubes.InputKeyboard
+
+Add a line like this one to the top of the file:
+
+    sys-usb dom0 ask
+
+(Change `sys-usb` to your desired USB qube.)
+
+You can now use your USB keyboard.
+
 
 [mass-storage]: https://en.wikipedia.org/wiki/USB_mass_storage_device_class
 [devices]: /doc/assigning-devices/
@@ -227,4 +253,5 @@ accessible only from the USB qube itself, as explained above.
 [1082]: https://github.com/QubesOS/qubes-issues/issues/1082
 [faq-usbvm]: /doc/user-faq/#i-created-a-usbvm-and-assigned-usb-controllers-to-it-now-the-usbvm-wont-boot
 [1618]: https://github.com/QubesOS/qubes-issues/issues/1618
+[input-proxy]: https://github.com/qubesos/qubes-app-linux-input-proxy