> usbs have microchips that accept code updates
USB "converters" should be considered suspect.
Plugging BadUSB's, BadHDD, CPU's, Flash, or any
other chipped / smart device or port with firmware, microcode,
chips etc between systems has potential to infect / attack them.
How would you set up an airgapped system, if your main system were already infected? There's some degree of number of microchips, times accessed, way and source of system installation and tools added ...
On a pi zero, you're likely going to have a keyboard, a display, and an SD card, all of which have additional chips, some even long wires that can act as radios. Then the communication medium; I guess using the existing display and keyboard adds the least complexity, but that's a lot of copying of encrypted text. I might start with a USB key even though it busts a hole in the system, and just recommend it be moved very rarely.
A second paired system could be used for data exchange, connected to a printer or a camera or a disk or whatnot, with an optoisolated gpio connection to the main system.
Assuming some random magical usb converter
cable sets do pass raw rs-232 between them
(ie: can cut/splice to a rs-232 port / modem / teletype)
The FTDI actually does this.
users often probably fuck up and cross infect
usb during the n-th insertion setup session.
That sounds concerning.
Various "air gap", all adaptable to 'cat hugefile > /device'...
Prefer tinyclearfile to hugefile, so auditing is reasonable.
Light
RF
Keyboard bots
Monitor display output to camera capture input,
a digital stream of bits thrown onscreen as fast
as the two can sync.
Simple RS-232 protocols, ECC codes, etc.
All assuming endpoint chipsets don't attack over the gap / wire.
Keep simple enough to see, log, debug, verify, filter, audit... like ASCII.
USB, optical disk, tape, hdd... often have media
based firmware update mechanisms, exploits,
special sectors, bootcode, emulation, etc.
> scrabble tiles
As received from the store... exhibit a non-random
character frequency count, should not be used without
adjustment down to 1:1.