I should patent cryptographically secure keyboard hardware and then refuse to license the patent
the moment I plug in a keyboard to any kind of computer and the computer goes "sorry that's not a Secure Input Device, you can't use this for passwords or whatever", that computer is going into a lake.
this is all assuming it's not patented already.
I was at google in 2019 and I could already see it coming as the next obvious step of their security work
the problem is that you can have a highly secure workstation and every bit is locked down and you've got secure boot and everything and someone plugs in a keyboard and you have no idea what it's doing. is it saving those passwords? is it mailing them off to another country using a built in 4g modem? All you have is an easily spoofable ID to tell you what it is.
and the obvious solution is that you start sticking certificates in keyboards. the PC can verify it when the keyboard is connected, and reject keyboards not on some internal authorized CA list.
that makes it SLIGHTLY HARDER to do an evil-keyboard attack against PCs, but it's an improvement from the current "trivial, especially if you use mechanical keyboards"
anyway I look forward to the time when I have to mount an official Microsoft Licensed Keyboard in a case with servos for all the buttons, just to ensure I can still inject keypresses without violating yet another security barrier to keep me from using my own keyboard.
maybe they'll take the easy route: turn off USB support in the linux kernel, and design the world's first Thunderbolt Keyboard
@foone almost exactly a year ago, over xmas break, i designed an fpga PCIe keyboard.
@pyromuffin awesome! any pictures or info on that online? I'd love to know more!
@foone well, it used a zynq chip, and I wrote the pcie reciever logic and windows kernel mode driver (left as an exercise to the reader). Some of that pcie hdl is here https://github.com/Pyromuffin/Omniphone/blob/main/hw/spinal/projectname/Receiver.scala
the idea of this particular project was to dma pcm streams and write a simple user mode program to dump them out, but turning them into keystrokes is similar.
@pyromuffin very cool!