[qubes-users] RE: Mssing WiFi capabilities Qubes OS R3.2

[helangen]

Hi,

I just installed Qubes R3.2 on a Lenovo Ideapad Yoga i7 with a Realtek RTL8732 
NIC. I can't see the NIC under  sys-netvm and hence can't change it to a 
managed device. dmesg shows that it finds it, but the kernel module for the NIC 
does not seem loaded. In the menu I can only see 'Device not managed' for 
networking as would be expected.

I have read a few posts about Realtek cards being troublesome to use under 
Qubes.

Unfortunately I'm not by my Qubes laptop writing this so I cant' post any 
outputs from the machine.

Anyone have any ideas how to proceed ?

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e9e60623-12f4-4471-9e93-8a8041069a5b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Cannot get grub to load on EFI system

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Tue, Feb 28, 2017 at 02:53:24PM -0800, awesomeand...@gmail.com wrote:
> I have Qubes installed alongside a Kali Linux installation. I have my system 
> configured to use UEFI and Qubes boots fine. I installed Qubes first and 
> haven't had any major problems. I installed Kali after from a live usb and 
> haven't been able to boot into it after installation. 
> 
> Grub in Qubes wont work, so I can't pick Kali as a boot option, Qubes always 
> automatically boots. I've tried installing grub2-efi, grub2-xen, grub2, and 
> running grub-update on all of them and also adding Kali as a boot option 
> manually. Nothing works.
> 
> I can't ever even get grub to show when I boot into Qubes, no matter what 
> version of grub I install in dom0, Qubes skips grub and just boots to the 
> password decryption screen. 
> 
> Any advice?

Currently you can't boot Qubes OS from grub2-efi (this is mostly Xen
limitation). So, if you need grub menu, you need to switch to legacy
mode.
Alternatively, check if your UEFI do not support boot menu itself - some
does. Then you can use efibootmgr (or UEFI built-in setup program) to
configure boot entries. Qubes OS add one for itself automatically. Maybe
Kali Linux too?

You may also want to read this:
https://www.qubes-os.org/doc/multiboot/

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYuLXOAAoJENuP0xzK19csB/EH/RBXpDc3YREVG7gaWiJaLi48
ozjHg7ibx9/JEzQ1ogVcRnjrGRPEWNFtckxCPF8bOArO600mwBcY9Klyq2ojiF32
Xmz166ru7Wjca7GkG/QmvKNyNsN01jq20pj61K51u8Q+Otjq1SL9VRtD3cSTXgw3
ACqt2o0JoGA5hMg3cW71eVh7Wy8ZFarVfXzczl8eZdV3f52MslQK0LHPhAwnlEYz
xFW2OQq49b4LGUNKbDKi8qi10iFhU7a/gFPznm45ieUJvljBYslU97tJzsAGn84y
lCv8QMyT5HinjcmVa6BaaMcr0U4kIAHfqrOJgHDo3Qkw4NPqeBI1kflSpQXJ7/8=
=kWn9
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170303001614.GD2506%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Creating a qubes hidden system with Veracrypt

[Unman]

On Wed, Mar 01, 2017 at 09:56:06PM -0800, skyne...@gmail.com wrote:
> Just as the title says. I wish to create a qubes hidden system in Veracrypt, 
> but I'm not entirely sure what the process for that would be. Do I run 
> veracrypt on Dom0, and from there the hidden volume that is created, will be 
> a clone of the whole OS? How would I run Veracrypt on Dom0?
> 

I'm pretty sure that Veracrypt documentation says that only Windows
system encryption is supported, and I don't recall seeing anyone creating
a hidden Linux system using Truecrypt.
Probably wrong about that.

On the other hand, you can fairly easily find guides on installing a
hidden Linux system using LUKS. It isn't particularly easy but it is
doable. Then you would want to install Qubes on to the hidden volume.

Remember that Qubes uses disk encryption by default.
An alternative approach might be to install Veracrypt in dom0 and create
hidden volumes in which you store qubes. You could do this by creating
base qubes, copying the files from /var/lib/qubes/appvms to the hidden
volumes. Then you can use the qubes as normal.
When you want the "secret" qube, decrypt the hidden volume and bind
mount the qube folder over the folder in /var/lib/qubes/appvms.
Could be worth a try, and relatively simple to do.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170302231502.GA30721%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] do I really need these packages in dom0 :?

[Oleg Artemiev]

On Thu, Mar 2, 2017 at 11:01 PM, Marek Marczykowski-Górecki
 wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Mon, Feb 27, 2017 at 06:23:22AM +0300, Oleg Artemiev wrote:
>> After installing qubes 3.2 looked into dom0 updates.
>>
>> Found some that I possibly ok to remove:
>>
>> [olli@dom0 ~]$ rpm -q --whatrequires tigervnc-server-minimal
>> anaconda-gui-23.19.10-4.fc23.x86_64
>> [olli@dom0 ~]$ rpm -q --whatrequires anaconda-gui
>> initial-setup-gui-0.3.37-1.fc23.x86_64
>> [olli@dom0 ~]$ rpm -q --whatrequires initial-setup-gui
>> no package requires initial-setup-gui
>> [olli@dom0 ~]$
>
> It is used during fist system startup. Later can be removed.
>
>> Also, do I really need this in Dom0:
>>
>> [root@dom0 olli]# rpm -q --whatrequires openssh
>> openssh-askpass-7.2p2-3.fc23.x86_64
>> [root@dom0 olli]# rpm -q --whatrequires openssh-askpass
>> no package requires openssh-askpass
>> [root@dom0 olli]#
>>
>> ?
>>
>> Also I've Network Manager in Dom0 - why - it is designed never have
>> networking. It is left by anaconda - setup program. Why not to delete
>> it?
>
> See above.
>
>> lli@dom0 ~]$ rpm -qa |grep -i net
>> NetworkManager-wifi-1.0.12-2.fc23.x86_64
>> NetworkManager-libnm-1.0.12-2.fc23.x86_64
>> NetworkManager-1.0.12-2.fc23.x86_64
>> NetworkManager-glib-1.0.12-2.fc23.x86_64
>> glib-networking-2.46.1-1.fc23.x86_64
>> libnetfilter_conntrack-1.0.4-5.fc23.x86_64
>> nettle-3.2-1.fc23.x86_64
>> netcf-libs-0.2.8-3.fc23.x86_64
>> NetworkManager-team-1.0.12-2.fc23.x86_64
>> libnfnetlink-1.0.1-7.fc23.x86_64
>> [olli@dom0 ~]$ rpm -q --whatrequires NetworkManager-wifi
>> anaconda-gui-23.19.10-4.fc23.x86_64
>> [olli@dom0 ~]$ rpm -q --whatrequires NetworkManager-libnm
>> no package requires NetworkManager-libnm
>> [olli@dom0 ~]$ rpm -q --whatrequires NetworkManager-glib
>> anaconda-core-23.19.10-4.fc23.x86_64
>> nm-connection-editor-1.0.10-1.fc23.x86_64
>> [olli@dom0 ~]$ rpm -q --whatrequires nm-connection-editor
>> anaconda-gui-23.19.10-4.fc23.x86_64
>> [olli@dom0 ~]$ rpm -q --whatrequires anaconda-core
>> anaconda-tui-23.19.10-4.fc23.x86_64
>> anaconda-gui-23.19.10-4.fc23.x86_64
>> [olli@dom0 ~]$ rpm -q --whatrequires anaconda-tui
>> anaconda-core-23.19.10-4.fc23.x86_64
>> initial-setup-0.3.37-1.fc23.x86_64
>> [olli@dom0 ~]$ rpm -q --whatrequires initial-setup
>> initial-setup-gui-0.3.37-1.fc23.x86_64
>> initial-setup-gui-0.3.37-1.fc23.x86_64
>> initial-setup-launcher-1.0-1.fc23.x86_64
>> [olli@dom0 ~]$ rpm -q --whatrequires initial-setup-gui
>> no package requires initial-setup-gui
>> [olli@dom0 ~]$ rpm -q --whatrequires initial-setup-launcher
>> no package requires initial-setup-launcher
>> [olli@dom0 ~]$ rpm -q --whatrequires NetworkManager-team
>> anaconda-core-23.19.10-4.fc23.x86_64
>> [olli@dom0 ~]$ rpm -q --whatrequires nettle
>> no package requires nettle
>> [olli@dom0 ~]$ rpm -q --whatrequires libnfnetlink
>> no package requires libnfnetlink
>> [olli@dom0 ~]$
>>
>> from above only netcf-libs is required indirectly by xen related
>> package. So is it safe to drop all other from above w/ rpm -e  ?
>
> Yes. You can start with 'dnf remove initial-setup-gui' - it will propose
> additional packages not needed anymore. But carefully review that list
> before confirming.
Shouldn't those be removed by default as a postinstall step?

-- 
Bye.Olli.
gpg --search-keys grey_olli , use key w/ fingerprint below:
Key fingerprint = 9901 6808 768C 8B89 544C  9BE0 49F9 5A46 2B98 147E
Blog keys (the blog is mostly in Russian): http://grey-olli.livejournal.com/tag/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABunX6Pj4h-Gjimd9VeXoJGjpE10pjSpisJgtE%3DipMkV3vvNAg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes 3.2 on Macbook Pro Retina 11,5 [SOLVED]. Maybe useful for other Macbook models

[Marco Pozzato]

Hi 

I am using Qubes 3.2 since a couple of months on a daily basis on Intel NUC 
NUC6i5SYK and it is amazing.

I would like to use it also on one of my MacBooks:
* MacBook Pro 15" early-2011 8,2: my first attempt and I was not even able to 
start the installer. At that time I did not have enough knowledge and 
abandoned. Maybe, in the forthcoming weeks, I will retry
* MacBook Pro 15" mid-2015 11,5: I have been able to install Qubes booting with 
rEFInd, despite a lot of issues.

The two main issues I faced are:
* no boot, due to empty xen.cfg file
* system freeze, due to Broadcom BCM43602 wifi adapter.

I spent many hours and nights googling, experimenting, reading git tickets and 
messages in the ML. None provided the final guide, but many little pieces that 
I am assembling in the Macbook troubleshooting document.

I came up with a running system, that still need more work. For the time being 
I have a working setup and I hope to be helpful to other macbook users.

Dear Qubes developers: please, review my guide and maybe let's open some 
specific mail/ticket to discuss and troubleshoot specific issues. I am more 
than willing to help. 

Thanks
Marco

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fbbc9f59-8373-49dc-b323-02aef137ff53%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Feedback request: Incremental file-based backup PoC

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Tue, Feb 28, 2017 at 10:49:43PM -0800, Vít Šesták wrote:
> Hello,
> 
> I've implemented some changes, most notably initial support for restores. I 
> haven't updated the README yet.

How do you handle restore? File-based backup was considered some time
ago, here:
https://groups.google.com/d/msg/qubes-devel/Gcrb7KQVcMk/CK-saQU_1HYJ

And restore process is a major problem there - you need some VM (with
appropriate trust) to extract the data into filesystem. While this can
be achieved for some template-based VMs (as long as you have those
templates), it gets really tricky for standalone VMs. And even more
tricky for non-Linux VMs. Especially when you want to have backup as
accurate as possible, including all file attributes etc (think of
restoring Windows system partition).

As for trusting particular DispVM - in Qubes 4.0 you can create DispVM
out of any AppVM, which means a backup for some VM may be handled by
DispVM based on this very VM - which should guarantee the same level of
trust. No need to select "most trusted DispVM" (until you think of
dom0...).

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYuH6mAAoJENuP0xzK19csIxAH/0+XBOjaOyE4ad2lRmwpeQxW
MgYKFmxh7HW0iGeA1ckvbSmc7qcA2nhhG9cOWNfp5qzNVyIb1KPO3w3RhUwyQvOd
Mj+3YlOQ9dHbLw1MHazXSndf3MNV5XXlyCCrjwRamNCVhqXwXVD6oZQyV3kAKXHc
p1jV0Gg7UfDEo809mn/O4+e1orim69fQCck4CbCqs7YkwvkIsx9uPRqHfRf1lpPh
85D1XmsTrM7Qe2CgREHC5xRqGk8rjh/V34sg9s5OAxoz2a8KGCcsTksYidTELfwv
+x6DiUnYeJYGrbDx6FfdzVc+o98040551LZjwvb9kP4qayYC03d4+5aBiCsao14=
=cbmM
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170302202055.GC2506%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Feedback request: Incremental file-based backup PoC

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Mon, Feb 27, 2017 at 01:59:37PM +, Manuel Amador (Rudd-O) wrote:
> On 02/27/2017 01:53 PM, Manuel Amador (Rudd-O) wrote:
> >
> > I am terrified that Qubes 4.0 will force me to use LVM, because LVM is
> > frankly a disaster for data recovery and for data integrity as well.  I
> > would be willing to write an adapter to use ZFS zvols instead.  That
> > would be the right thing to do.
> >
> Honestly, ZFS on Linux should be integrated into the Qubes OS installer,
> and the system should ship and be installed with it.  But if that's too
> much work, then btrfs should be the default.
> 
> Inferior volume management systems with no data integrity protection
> should not be used these days.

See for example here[1] why btrfs is not a good idea as a default
filesystem. But we already have some support for it (qvm-clone use cp
- --reflink=auto). And same should apply to storage layer in Qubes 4.0
too. So, if you want to use it, go ahead. Just few issues needs to be
fixes, like this one:
https://github.com/QubesOS/qubes-issues/issues/1871

[1] https://github.com/QubesOS/qubes-issues/issues/2340#issuecomment-263562644

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYuHtjAAoJENuP0xzK19csSnIH/2BDWXF+N2MiselU1qPK6OW5
YDpjbulfQFk5edqw9Tr9JOjgEQxVx0hgtoeGwZ4iE5MjUMY0ptcGa6w2OfA7FhZE
sixhqgWPBjLgmALwAjBqMR7SkCA8/xtKTF3I1ArkEfc5bxBiSKNxYs0xuqmG6gZz
ZYiaH7xHnuSaRYYlR+D0YMOniX/JmoDA5yuH6si4VhhvTNE/S3UKDbpmyF32Pp+z
VFESy1u6aLoTXk2W5A8+mi9rR/TpyWGXL9pWM2L1FCVNR+IhlsTqn1af2v9BbOnb
bhbAL/pr2c1yY5V804dqIrfl3LlR3ELyeaAMm7j5D6mBRGq3kX12NuvYH2IGzW8=
=JE3h
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170302200659.GU13371%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] do I really need these packages in dom0 :?

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Mon, Feb 27, 2017 at 06:23:22AM +0300, Oleg Artemiev wrote:
> After installing qubes 3.2 looked into dom0 updates.
> 
> Found some that I possibly ok to remove:
> 
> [olli@dom0 ~]$ rpm -q --whatrequires tigervnc-server-minimal
> anaconda-gui-23.19.10-4.fc23.x86_64
> [olli@dom0 ~]$ rpm -q --whatrequires anaconda-gui
> initial-setup-gui-0.3.37-1.fc23.x86_64
> [olli@dom0 ~]$ rpm -q --whatrequires initial-setup-gui
> no package requires initial-setup-gui
> [olli@dom0 ~]$

It is used during fist system startup. Later can be removed.

> Also, do I really need this in Dom0:
> 
> [root@dom0 olli]# rpm -q --whatrequires openssh
> openssh-askpass-7.2p2-3.fc23.x86_64
> [root@dom0 olli]# rpm -q --whatrequires openssh-askpass
> no package requires openssh-askpass
> [root@dom0 olli]#
> 
> ?
> 
> Also I've Network Manager in Dom0 - why - it is designed never have
> networking. It is left by anaconda - setup program. Why not to delete
> it?

See above.

> lli@dom0 ~]$ rpm -qa |grep -i net
> NetworkManager-wifi-1.0.12-2.fc23.x86_64
> NetworkManager-libnm-1.0.12-2.fc23.x86_64
> NetworkManager-1.0.12-2.fc23.x86_64
> NetworkManager-glib-1.0.12-2.fc23.x86_64
> glib-networking-2.46.1-1.fc23.x86_64
> libnetfilter_conntrack-1.0.4-5.fc23.x86_64
> nettle-3.2-1.fc23.x86_64
> netcf-libs-0.2.8-3.fc23.x86_64
> NetworkManager-team-1.0.12-2.fc23.x86_64
> libnfnetlink-1.0.1-7.fc23.x86_64
> [olli@dom0 ~]$ rpm -q --whatrequires NetworkManager-wifi
> anaconda-gui-23.19.10-4.fc23.x86_64
> [olli@dom0 ~]$ rpm -q --whatrequires NetworkManager-libnm
> no package requires NetworkManager-libnm
> [olli@dom0 ~]$ rpm -q --whatrequires NetworkManager-glib
> anaconda-core-23.19.10-4.fc23.x86_64
> nm-connection-editor-1.0.10-1.fc23.x86_64
> [olli@dom0 ~]$ rpm -q --whatrequires nm-connection-editor
> anaconda-gui-23.19.10-4.fc23.x86_64
> [olli@dom0 ~]$ rpm -q --whatrequires anaconda-core
> anaconda-tui-23.19.10-4.fc23.x86_64
> anaconda-gui-23.19.10-4.fc23.x86_64
> [olli@dom0 ~]$ rpm -q --whatrequires anaconda-tui
> anaconda-core-23.19.10-4.fc23.x86_64
> initial-setup-0.3.37-1.fc23.x86_64
> [olli@dom0 ~]$ rpm -q --whatrequires initial-setup
> initial-setup-gui-0.3.37-1.fc23.x86_64
> initial-setup-gui-0.3.37-1.fc23.x86_64
> initial-setup-launcher-1.0-1.fc23.x86_64
> [olli@dom0 ~]$ rpm -q --whatrequires initial-setup-gui
> no package requires initial-setup-gui
> [olli@dom0 ~]$ rpm -q --whatrequires initial-setup-launcher
> no package requires initial-setup-launcher
> [olli@dom0 ~]$ rpm -q --whatrequires NetworkManager-team
> anaconda-core-23.19.10-4.fc23.x86_64
> [olli@dom0 ~]$ rpm -q --whatrequires nettle
> no package requires nettle
> [olli@dom0 ~]$ rpm -q --whatrequires libnfnetlink
> no package requires libnfnetlink
> [olli@dom0 ~]$
> 
> from above only netcf-libs is required indirectly by xen related
> package. So is it safe to drop all other from above w/ rpm -e  ?

Yes. You can start with 'dnf remove initial-setup-gui' - it will propose
additional packages not needed anymore. But carefully review that list
before confirming.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYuHoEAAoJENuP0xzK19csTcsIAIjwVAaWfPUOr4Fl01Dg60rA
OERnEoiFtEBwjPsHksDLuA1EiNWFUg8Rzh9hNtG0KlPjbBxNct8fzMGlfPtn8W4j
1ZXMaif+RaQiEYWDECSFTOL4g7rWcZ2Pk7blJ5ytPFCIGQ1aaivlA7EvPBPkOQlb
+2vQ4zl6f0VenDbFX8gB9fInjySbMeBefMDe9HHQW3cdOn0cSix53WUqZ2KZ0W1f
UBVm6nSqZGA49bPcXrs/YtD1sz+PED0GinW/xsxAStxRL5ao1ZNVwyzjLMWyeWwr
0rEMEkXaMLlvVQHNqenKEXODmPlHcGL1OjgL1zi0pe/Sh2xi2rS3Q0Ab68yzF1Q=
=FnPv
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170302200109.GB2506%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - Supermicro SYS_5038A_I

[Ir Jean-Charles de Longueville]

Hi,
the AMD card has 2 DP. For now only one is connected. It works but the 
display is sometimes laggy and the radeon driver already crashed once 
(the install is from last night).
During the 2 first runs, the sound was flapping between detected and 
not-detected. Now is seems stable. Did not try the mic yet.
I notice a lot (thousands) of errors in dmesg about AER. I googled a bit 
and added pci=noaer in the grub command line. so far so good...

For now, Qubes is installed and use only part of the Samnsung SSD.
My plan is to pass each WDC HDD with passtrough to some VM acting as 
block server...

--
Have a nice day.
Jean-Charles

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/74e75c77-9290-b22f-737b-dcec79274c95%40hellea.eu.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-Supermicro-SYS_5038A_I-20170302-204138.yml
Description: application/yaml

[qubes-users] Re: When qubes will support modern nvdia Graphic cards ?

[Grzesiek Chodzicki]

W dniu czwartek, 2 marca 2017 19:13:54 UTC+1 użytkownik codeu...@gmail.com 
napisał:
> Le mercredi 1 mars 2017 23:24:12 UTC+1, Grzesiek Chodzicki a écrit :
> > W dniu środa, 1 marca 2017 19:59:33 UTC+1 użytkownik codeu...@gmail.com 
> > napisał:
> > > Le mardi 28 février 2017 23:31:37 UTC+1, Grzesiek Chodzicki a écrit :
> > > > W dniu wtorek, 28 lutego 2017 23:19:09 UTC+1 użytkownik 
> > > > codeu...@gmail.com napisał:
> > > > > When qubes will support GTX 1060 ? Or how qubes can support it ? 
> > > > > Because it's laggy with several opened browser tabs with the only CPU 
> > > > > graphic working.
> > > > 
> > > > Which kernel are You running? If You're on 4.4 try updating to 4.8 and 
> > > > see if it gets better.
> > > 
> > > Upgrated to 4.8.12-12 following this : 
> > > https://www.qubes-os.org/doc/managing-vm-kernel/#installing-different-kernel-using-qubes-kernel-package
> > > But still does not work screen freeze on boot.
> > 
> > https://www.phoronix.com/scan.php?page=news_item=Novueau-Pascal-Consumer-Accel
> 
> Ok thank you for these precious informations. Installing proprietary driver 
> in dom0 seems to be difficult 
> (https://www.qubes-os.org/doc/install-nvidia-driver/). 
> 
> According to your link, ('Sadly this code is coming just too late for making 
> the Linux 4.11 merge window, so this support likely won't be merged until 
> Linux 4.12') the other option is to wait qubes support Linux 4.12 ?

Or for the code to be backported to older kernels.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3dbfa760-eac4-485e-860e-4576d48b2259%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] removed qubes-core-dom0 by accident

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Mar 02, 2017 at 03:55:37AM -0800, sofoob...@gmail.com wrote:
> thanks Bernhard.
> 
> Is there a way to reinstall core Qubes packages?
> 
> Marek?

You can grab it from installation image. You can use this image for
recovery - choose this option in startup menu, then when you get shell,
install the package using rpm --root=/mnt/sysimage -i PATH_TO_PACKAGE.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYuHAvAAoJENuP0xzK19csXrsH/RjKgL5mnsFed4d2aRswzxWd
fuLP58GE105G8qZT7P8HQkbTl0kJyj2fs9mHPi2wvO9wb5+exUBA5YpERvch3JRX
JBfbwF8cE9sJrcrVHB8AT4BJ5oh+CqM/ao1AaZbUpQ5xDKsRlCZ4Z2mE5uS2HBb1
DUf8yaiiY6iGqx+6IY4+0FgA2DqZiiKO6/G3S7dnD9oZ98YUqOoJPHKgNYwuR09H
mp58edlpd+9e58QjZBzbzRCdMIqDoweRz0UJ6Q9Qk8sC5bDizHT2LU0UhinrsJzS
UXAd/Jgjtl/jZLCyRD7K6TL/9tAY7WmdLhPCQ1XQom9owIx1ranZ4O/mTIKaFIg=
=X87k
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170302191911.GA2506%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] sys-net stopped working after update

[Steve Coleman]

I ran into this and found my issue was the fedora-24-minimal did not 
have tinyproxy installed.



On 02/28/2017 04:27 PM, Ray Brainer wrote:

It starts. But there is no ip resolution.



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cff14bbc-e255-0d25-4fa7-0e1359ef970e%40jhuapl.edu.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] How to install proprietary gpu driver?

[Ir Jean-Charles de Longueville]

Hi,
I'm installing my second desktop with Qubes-OS 3.2.
The first one has a NVidia gpu and the other an AMD one.
Both are connected to 4K display trough display port.
And both have problem with display.
It looks like nor nouveau nor radeon can properly manage 4K displays :(
I read a lot of docs (twice) and googled quite a bit but did not find 
official doc nor any blog on this topic:


How to install proprietary gpu driver in Qubes-OS ? (nVidia or AMD)

Thanks for reading,
Jean-Charles

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d821efa0-bb44-dafd-17e8-6454dbf36b8c%40hellea.eu.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: When qubes will support modern nvdia Graphic cards ?

[codeur4life]

Le mercredi 1 mars 2017 23:24:12 UTC+1, Grzesiek Chodzicki a écrit :
> W dniu środa, 1 marca 2017 19:59:33 UTC+1 użytkownik codeu...@gmail.com 
> napisał:
> > Le mardi 28 février 2017 23:31:37 UTC+1, Grzesiek Chodzicki a écrit :
> > > W dniu wtorek, 28 lutego 2017 23:19:09 UTC+1 użytkownik 
> > > codeu...@gmail.com napisał:
> > > > When qubes will support GTX 1060 ? Or how qubes can support it ? 
> > > > Because it's laggy with several opened browser tabs with the only CPU 
> > > > graphic working.
> > > 
> > > Which kernel are You running? If You're on 4.4 try updating to 4.8 and 
> > > see if it gets better.
> > 
> > Upgrated to 4.8.12-12 following this : 
> > https://www.qubes-os.org/doc/managing-vm-kernel/#installing-different-kernel-using-qubes-kernel-package
> > But still does not work screen freeze on boot.
> 
> https://www.phoronix.com/scan.php?page=news_item=Novueau-Pascal-Consumer-Accel

Ok thank you for these precious informations. Installing proprietary driver in 
dom0 seems to be difficult 
(https://www.qubes-os.org/doc/install-nvidia-driver/). 

According to your link, ('Sadly this code is coming just too late for making 
the Linux 4.11 merge window, so this support likely won't be merged until Linux 
4.12') the other option is to wait qubes support Linux 4.12 ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fa5bb6de-4817-4490-8715-5d3640973ee7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] removed qubes-core-dom0 by accident

[sofoobard]

so I tried to run

sudo xl console sys-net

but this returns

sys-net is an invalid domain identifier (rc=-6)

is there some other way of addressing guest VMs in Xen? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/77fa0060-fb58-49b3-8800-c4c4cdbc9c93%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] removed qubes-core-dom0 by accident

[sofoobard]

rebooting in current state gives me splash screen, error FAILED to start Qubes 
DB

login takes me to usual Qubes desktop, konsole but minus qubes-manager

qvm-* tools are all gone

no internet connection

I can drop to xl console but not sure what to do once I get there

is there a way to manually connect to repos and re-install missing core dom0 
packages?

thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ab5969f7-1cd5-437e-a495-7c0f7458226f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Using RDP to control windows HVM

[Grzesiek Chodzicki]

W dniu czwartek, 2 marca 2017 12:28:59 UTC+1 użytkownik Cytrom5g napisał:
> Hi
> 
> Do I have the ability to connect to windows HVM using RDP client? It asks 
> server, domain, and RD gateway server, what do I insert? Admin and password 
> are already compiled

You installed RDP client in the WIndows HVM (which allows Windows HVM to 
control other machines, not the other way around), you need to install RDP 
server in Windows HVM, install the client in another AppVM, allow networking 
between the two and then launch the client.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3aed2c4f-7026-464c-9fd6-1b23536bfdfe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] removed qubes-core-dom0 by accident

[sofoobard]

thanks Bernhard.

Is there a way to reinstall core Qubes packages?

Marek?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ecfdd829-b1ab-437d-b711-0425cdeb4866%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Creating a qubes hidden system with Veracrypt

[Franz]

On Thu, Mar 2, 2017 at 2:56 AM,  wrote:

> Just as the title says. I wish to create a qubes hidden system in
> Veracrypt, but I'm not entirely sure what the process for that would be. Do
> I run veracrypt on Dom0, and from there the hidden volume that is created,
> will be a clone of the whole OS? How would I run Veracrypt on Dom0?
>
>
Why you do not consider using  Veracrypt in an applVM?


> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/qubes-users/78282345-1667-4f91-ba09-193fe1c74a2f%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qAgUDkjwagbcikvxwWc7ON_h9ms8hsDR5Eo%3DNToCJNPRw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Using RDP to control windows HVM

['Cytrom5g' via qubes-users]

Hi
Do I have the ability to connect to windows HVM using RDP client? It asks 
server, domain, and RD gateway server, what do I insert? Admin and password are 
already compiled

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/U4VsegHXphuyVw93Aq3jspQx70yctJ8Cj9lIXrrb_gkXbCQOz8r035FucKH0tMyOnW9c1whL-rF8IE8d2R1D8gVb4zsSdxfZGZaepBTo16o%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Touchscreen not working on Qubes 3.2

[atlahua]

ISSUE: Touchscreen and all other USB devices assigned to the same USB
bus stop working 

On Qubes 3.1 I found a workaround solution assining the USB bus that
manages the touchscreen to dom0 (on sys-usb services tab). The touch
screen started working. The disadvantage in terms of security is that
the other devices assigned to this bus (USB port and built-in camera
were also assigned to dom0. 

The news is that after upgrading to Qubes 3.2, this workaround solution
does not work anymore. Thinking that it might be related to having Xfce
instead of KDE I swaped the desktop environment to KDE as instructed in
your help pages but it seems that was not the issue. Also all other
devices on the same bus stopped working, that is, the computer does not
even detect a pendrive to one of the USB ports on the computer. 

All the USB devices work fine when re-assinged to sys-usb, except from
the touchscreen, that is. 

___Laptop: Asus TP300LA
4GB

[user@sys-usb /]$ lsusb
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
**Bus 002 Device 005: ID 03eb:8b03 Atmel Corp.** 
Bus 002 Device 004: ID 064e:9700 Suyin Corp. Asus Integrated Webcam
Bus 002 Device 003: ID 8087:07dc Intel Corp. 
Bus 002 Device 002: ID 8087:8000 Intel Corp. 
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6da00514ffb16769c1de1be83a1ea4f3%40krutt.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] removed qubes-core-dom0 by accident

[Bernhard]

> upgrading from 3.1 to 3.2 broke with several hundred dupe packages. 
> package-cleanup didn't work, so I had to remove dupes by hand one by one.
>
> clicking through many y/N questions, I inadvertently removed libxml dupe, 
> which in turn removed qubes-core-dom0, all templates, and borked my system.
>
> I'm hurting here. Is there any way to restore my Qubes to a working system?
>
> No backups. (of course.)
>
> Any suggestions for system recovery?
>
> Or at least recovering my data?
I can only give some limited backup help (from memory, I did it some
moment ago). Use a live linux WITH luks support (tails is great). Boot
it (in tails activate root at startup!), open terminal, enter sudo su -
to make it a root terminal.
0) with lsblk you should see your partitions & sizes. Normally it allows
to guess which ones are the encrypted disks.
The procedure I use is (before retyping any command, read the manpage
top know / verify you do want you want to do).
1) cryptsetup luksOpen /dev/[dev-name]  ALIAS
typically  cryptsetup luksOpen /dev/sda1  HDD  and / or cryptsetup
luksOpen /dev/sdb1  SDD
2) standard installs will use a "volume group". Before mounting you may
need to activate it:
vgchange -a y   (a='available', y=yes=activate, n=no=deactivate)
3) mount them: mount /dev/mapper..[ qubes-volume-name ]   /somepath
4) mount your recue disc as well. You may want to encrypt your backups :
 (a) generate a huge sparse filetruncate -s 200G backup.luks
 (b) lopsetup -d   will give you a free loopback slot, like loop5
for example.
 (c) losetup  backup.luks   /dev/loop5
 (d) cryptsetup luksFormat /dev/loop5
 (e) cryptsetup luksOpen /dev/loop5  backup
 (f)  |mkfs.ext2 /dev/mapper/backup
(g) mkdir /backup && mount /dev/mapp/er/backup  /backup
||Now you have /backup that can be written to. Content will be
stored encrypted in your backup.luks file.
|
5) data is in  /var/lib/qubes/ 

But (here someone may expolain it to me at the same time): the
appvms seem to be in files actually,
with strange names, like qubes-0 qubes-1 or something of this type.
I presume they are loop-mounted
by qubes into their respective dirs at startup. If you want to fetch
data selectively, I guess you have
to do the same:  lopsetup -d   will give you a free loopback slot,
like loop5 for example.
losetup file  /dev/loop5   will then generate a "device" /dev/loop5
that points to your file.
Now mount /dev/loop5 /some-other-path allows to mount a filesystm
inside a file. Then you may go to
/some-other-path and grab data.

when done, close your encrypted disks correctly cryptsetup luksClose
ALIAS and shutdown live-linux
samefor backup !

Good luck, Bernhard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/63332bb7-d326-a715-15e1-84bb9adcec35%40web.de.
For more options, visit https://groups.google.com/d/optout.