Re: [qubes-users] Acer Aspire E 15

2017-09-14 Thread taii...@gmx.com 

On 09/14/2017 11:47 PM, Feral-Fractals7 wrote:

Thank you for this. After a bit of research I've decided to purchase the T430.

Excellent choice, let me know if you need help installing coreboot or if 
you have any more questions - there is a how to guide on the coreboot 
wiki as well.


You will need:
USB CH341A - around $10 (this also supports DIP8 for that libre kcma-d8 
in your future)
SOIC-8 Test clip with cable (make sure to get one that comes with a 
cable) around $10-20


Notes:
Remember to properly orient the clip according to the various diagrams 
so that you don't short anything out (there is a little circle on the 
soic8 chip and the ch341a that needs to match on both ends of the cable)


If you want a new keyboard I would get the T420 keyboard and palmrest as 
it is slightly nicer (I don't like chiclet keyboards)


You can play video games in a VM on this with an ExpressCard eGPU setup 
and IOMMU-GFX


I recommend buying a docking station if you have a lot of peripherals at 
home.


There are a lot of counterfeit batteries and charging cords out there, 
so be careful you get the real thing if you wish to get another battery 
or a charging cord for the dock if it doesn't come with one.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3d4b9c2a-943c-313c-e044-8792f2972774%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Acer Aspire E 15

2017-09-14 Thread Feral-Fractals7 
Thank you for this. After a bit of research I've decided to purchase the T430.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/12f99a1b-1465-4b5d-adbc-7472e1a34d1e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Optimize Battery runtime with TLP for (Was [qubes-users] Lenovo X230 - List of USB-Ports and USB-Controllers (Layout))

2017-09-14 Thread taii...@gmx.com 

On 09/14/2017 08:30 PM, 'P R' via qubes-users wrote:


Hello Taiidan,

Am 14.09.2017 7:33 vorm. schrieb "taii...@gmx.com" :

It is because of the VM overhead (close ones you don't need), you should
also set cpu powersave to "on demand" and force pci-e aspm.

In comparison I get around 5 hours of battery life with a 65Wh battery.


I have no installed TLP in dom0 via 'sudo qubes-dom0-update tlp tlp-rdw'.

Next step was to start TLP via 'sudo tlp start' and went straight into
battery mode. You can always switch via 'sudo tlp bat' or 'sudo tlp ac'.
As far as I know TLP will do so automatically.

I have switched of all App/Sys-VMs and if dom0 is running the x230 is using
~7.000 - 7.700 mW.
Battery runtime is now given with ~12-13 hours, which sounds unrealistic to
me and of course it doesn't make sense to run Qubes without any AppVM :-)

With some AppVMs running like:
sys-net / sys-firewall / sys-usb / Webbrowser AppVM, attached USB Mouse,
Wifi enabled and doing some Webbrowsing battery is now using ~11.000-13.500
mW.
Battery runtime is now estimated with 7 hours.

So it seems that TLP makes big difference when it installed.

I have installed it not only in dom0, but also my AppVM templates.

- P

Excellent, so you are satisfied now? :D

Thanks for the info, I have never heard of TLP before.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e08efe8d-591e-5b12-f74a-1750b6fa4e7f%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes OS 4.0 without IOMMU

2017-09-14 Thread taii...@gmx.com 

On 09/14/2017 03:22 PM, damm swing wrote:


Hello,
Will it be possible to use the final version of Qubes OS 4.0 (at your own risk)
on hardware without IOMMU (only with SLAT)?
Regards

No it won't.

You can get a laptop (see my post in "Acer Aspire E15" thread for my 
recommended choices) that has all the features you need for only 
$100-200 so it isn't worth it for the developer team to make it possible 
for qubes to work without one of the key security measures.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4b1daceb-61ed-a5b6-7ba4-65827c92d8fc%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Acer Aspire E 15

2017-09-14 Thread taii...@gmx.com 

On 09/14/2017 07:39 AM, Feral-Fractals7 wrote:


Hello. I am in the market for a laptop that works with Qubes. I am aware of the 
Hardware compatibility list, however I did not see the Acer Aspire E 15 there. 
It uses the Core i3-7100U, which according to the site show it has VT-d and 
VT-x tech. Does this mean the main functions of Qubes will work without error?



I would instead buy a Lenovo G505S (owner controlled, open source init 
coreboot), or a Thinkpad X230 or T430. (T/X/W non-owner controlled due 
to ME, but open source init coreboot)


Pros:
Low cost - only $100 on ebay then $100 for a new keyboard and battery 
(maybe add an nice ssd too :D?)

Sturdy Construction
Ladies like the exotic industrial look
Docking station
Works with Qubes 4.0
Open source init coreboot

Info:
Coreboot for T/X series:
Non-owner controlled (ME present)
Open source init and me_cleaner (in comparison purism has an entirely 
blobbed coreboot and me_cleaner can't remove as much from theirs making 
their "coreboot" pointless and entirely non-free)


Coreboot for G505S:
Owner controlled
Open source init AND no ME/PSP, as it was AMD's last mobile CPU (Socket 
FT3) without it - performance is the same as a sandy/ivybridge intel laptop
Some blobs for video and power control but they are non-critical and can 
be removed as there is no evil hardware code signing enforcement


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2d99cc79-0b6a-ba11-cfcd-a99b51e438fb%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Linux will not load llinux.c32 at Installation

2017-09-14 Thread frank . douglas321 
While the problem is most likely that I only have 2 GB of RAM.  I wanted to see 
if this error message relates to RAM.  Else, why should I buy the RAM, and save 
that money to buy another laptop of a more usable hardware.

This is an Inspiron 3451, 2 GB RAM.
Intel(R) Celeron(R) CPU N2840 @ 2.16GHz.


I have used this computer with USB (UUI) and Puppy Linux.  

I am trying to install from a DVD that is plugged in by a USB Port.  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/723b9c9e-2f14-455b-b464-42efbc41cf52%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes OS 4.0 without IOMMU

2017-09-14 Thread dannswing6 
On Thursday, September 14, 2017 at 11:12:26 PM UTC+2, Yethal wrote:
> W dniu czwartek, 14 września 2017 21:22:52 UTC+2 użytkownik damm swing 
> napisał:
> > Hello,
> > 
> > 
> >  
> > 
> > 
> > Will it be possible to use the final version of Qubes OS 4.0 (at your own 
> > risk) on hardware without IOMMU (only with SLAT)?
> > 
> > 
> >  
> > 
> > 
> > Regards
> 
> PCI assignment won't work without IOMMU so no sys-net and no sys-usb

Is there no way to force PV mode in PCI VMs?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9c3d403a-c18e-4d16-b1f8-f2f19811157f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] paranoid mode backup

2017-09-14 Thread yrebstv 
Hello ,

So at this point using 3.2  I have 3 ProxyVMs for my VPN, that took a
bit of time to setup ,  from reading :
https://www.qubes-os.org/news/2017/04/26/qubes-compromise-recovery/

I'm trying to sort out, what might be best practice.


I've no reason to believe I've any compromise of any sort at all, but
are people out there  using this  backup tool regularly?  If so why ?

In plain English, what it seems to do  is what?   This is something for
when you KNOW your whole system is compromised OR  something to do from
time to time,  because your "paranoid" ?

If the latter,  then when . maybe its bit over my head, and I should
just forget about it . 

it doesn't seem like it would do much  harm  other than  I would lose 
the   VPN  ProxyVMs  because of the  CLI version that I used that 
tweaks the firewall 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f597af8eb5ef38ecf5b598ab2da2b457%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: qubes 4 partitioning/mount scheme

2017-09-14 Thread Unman 
On Sun, Sep 10, 2017 at 05:43:32AM -0700, Yethal wrote:
> W dniu sobota, 9 września 2017 13:58:55 UTC+2 użytkownik haaber napisał:
> > Hello,
> > 
> > I have one 32G SSD and a large HDD. In my present Q3.2 installation I am
> > a bit unhappy with the mount scheme of qubes: indeed, /var/lib/qubes
> > contains all large data. I would prefer such folders at root level, such
> > as /appvms  and /templatevms  etc. But this is my taste.
> > 
> > In any case things are like they are in Q3.2. What bothers is the
> > question if the directory structure the same in Q4? It is somehow wicked
> > that one needs to know how Q4 will install in order to kow how to
> > partition the drives *before* installing it :))
> > 
> > So: could some Q4 user find this out for me please? Most probably 'ls
> > /var/lib/qubes' will suffice :)
> > 
> > Thank you, Bernhard
> 
> Can't you just symlink the /var/lib/qubes folder to the secondary drive?
> 

Hello Bernhard

In answer to your original question the directory structure is the same
in 4rc1.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170914220344.vjddoxaphh5iuauy%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Error Creating Ubuntu VM in Qubes 3.2

2017-09-14 Thread Unman 
On Wed, Sep 13, 2017 at 05:40:48PM -0700, Person wrote:
> I tried again. The website qubes-os.org had instructions to enter this code: 
> --cdrom=[appvm]:[/path/to/iso/within/appvm] in dom0. How exactly do I find 
> the path to the ISO? 
> 

You said that you downloaded the iso on sys-net - where did you download
it TO?
If you really cant remember and you have many files on sys-net then you can use 
'find':
open a terminal in sys-net , 'find -name *iso' should do it.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170914215807.xlwjs7gpsg2ql73f%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Can't get disposable VMs to work

2017-09-14 Thread Unman 
On Tue, Sep 12, 2017 at 07:50:21PM -0700, Selton wrote:
> I guess this could be the problem.
> 
> /var/log/libvirt/libxl/libxl-driver.log produces the following 4 lines for 
> each try to start a disposable VM:
> 
> xc: error: X86_PV_VCPU_MSRS record truncated: length 8, min 9: Internal error
> xc: error: Restore failed (0 = Success): Internal error
> libxl: error: libxl_stream_read.c:749:libxl__xc_domain_restore_done: 
> restoring domain: Success
> libxl: error: libxl_create.c:1145:domcreate_rebuild_done: cannot (re-)build 
> domain: -3
> 
> So I guess this means I'm out of luck here and no workaround available? 

Although the bug still appears to be open it looks from the changelog
from Xen 4.9 that the issue with zero length records has been fixed.
Have you tried updating dom0?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170914215037.fp447mbpen67sabe%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes OS 4.0 without IOMMU

2017-09-14 Thread Yethal 
W dniu czwartek, 14 września 2017 21:22:52 UTC+2 użytkownik damm swing napisał:
> Hello,
> 
> 
>  
> 
> 
> Will it be possible to use the final version of Qubes OS 4.0 (at your own 
> risk) on hardware without IOMMU (only with SLAT)?
> 
> 
>  
> 
> 
> Regards

PCI assignment won't work without IOMMU so no sys-net and no sys-usb

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/40c4f7be-7589-478b-bf46-9346879f3829%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Reboot a VM that is connected as net/proxy VM

2017-09-14 Thread Adrian Rocha 
Hi,

Yes, I agree

It isn't a critical issue, but is too annoying to restore the VMs connections 
after this type of situations

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e35cb52f-d646-4531-bdf5-4795c5bc47f1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Reboot a VM that is connected as net/proxy VM

2017-09-14 Thread Chris Laprise 

On 08/14/2017 04:40 AM, mittend...@digitrace.de wrote:

Hi there,

from time to time a net or proxy vm crashes - connected App/Proxy-VMs
are obviously no longer able to connect to an (external) network.
In Qubes 3.2, the user has to disconnect connected VMs manually before
the user is allowed to reboot the crashed VM.

Suggestion: Qubes could and I think even should do this (disconnect,
reboot, reconnect) automatically. However, there should be a warning
telling the user which VMs (s)he is about to disconnect.

What do you thin?



I think its a good idea to support this use case, because having to 
manually re-connect many connected appVMs can be daunting. I wonder if 
this is already a feature request?


--

Chris Laprise, tas...@posteo.net
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bafef829-184b-080a-9b02-399e3dc54195%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Additional VPN destinations via CLI config?

2017-09-14 Thread Chris Laprise 

On 09/11/2017 01:37 PM, anguilla1...@gmail.com wrote:

I followed the tutorial here, specifically "Set up a ProxyVM as a VPN gateway using 
iptables and CLI scripts"

https://www.qubes-os.org/doc/vpn/

I like having the iptables anti-leak rules. However, it's connecting 
automatically to my VPN providers destination that I downloaded their .ovpn for.

Is it possible to compile multiple locations and be able to select which one?

OR perhaps I'm going about this the wrong way? Should I instead use the GUI way 
via NetworkManager? Can I configure that for multiple destination choices then 
perhaps still add the iptables anti-leak rules?

What's the best way?

Thanks!


If all the VPN links are the same provider or have the same trust 
profile, then switching with a menu should be OK. But there is no "best" 
way;  It depends greatly on how you use the VPNs.


With the VPN doc scripts, you could move the contents of rc.local to a 
custom script in /rw/config so it isn't directly executed on startup. 
Then at the start of the script read all the ovpn files from 
/rw/config/vpn into an array and print that as a menu, then read input 
from the user. Next, link the chosen file to openvpn-client.ovpn.


You could start this script automatically from rc.local using 
'systemd-run xterm ' etc.


--

Chris Laprise, tas...@posteo.net
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0f5aaa9d-773f-a48b-b69c-05b1e27608ee%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes OS 4.0 without IOMMU

2017-09-14 Thread damm swing 

Hello,

 

Will it be possible to use the final version of Qubes OS 4.0 (at your own risk) on hardware without IOMMU (only with SLAT)?

 

Regards




-- 
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/trinity-7bc4b58c-de1d-4138-8d39-bedffb81254d-1505416969553%403c-app-mailcom-lxa14.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Acer Aspire E 15

2017-09-14 Thread 'Aaron Dough' via qubes-users 
> Hello. I am in the market for a laptop that works with Qubes. I am aware of 
> the Hardware compatibility list, however I did not see the Acer Aspire E 15 
> there. It uses the Core i3-7100U, which according to the site show it has 
> VT-d and VT-x tech. Does this mean the main functions of Qubes will work 
> without error?

Sadly it's not that easy. For example, a 7th gen Intel APU will most probably 
not work with Qubes 3.2, since the kernel of the underlying Fedora (23 i think) 
does not yet support it. And since the textual installer is broken (it doesn't 
prompt for the encryption password), and the GPU is not recognized, you may not 
be able to install Qubes in the first place. Though I have read about 
workarounds, like installing via VNC and later upgrading to the experimental 
newer kernel for example.
So if you are set on Qubes and want to be sure, I'd suggest to just buy an 
older model that you find in the HCL, or maybe wait until Qubes 4 is stable.
If you are not entirely set on Qubes, but on your model instead, you can of 
course take the risk and be the one trying the E15 and submitting the HCL for 
it ;)
--Aaron

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/M5J0wdpg86fPC_EKuNJg9s96d_BkdfOQmrDF70sOujfV_-KiGCgtZMRDaNTxX33ErfKCYMUjIiD5Vg_Sa9-ad42bmbaO4gtOJkGNwwmfy28%3D%40protonmail.ch.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Acer Aspire E 15

2017-09-14 Thread Feral-Fractals7 
Hello. I am in the market for a laptop that works with Qubes. I am aware of the 
Hardware compatibility list, however I did not see the Acer Aspire E 15 there. 
It uses the Core i3-7100U, which according to the site show it has VT-d and 
VT-x tech. Does this mean the main functions of Qubes will work without error? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dbf113fb-1b46-44f6-9153-d0504ef6f39a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes 4.0 on Tuxedo BU1406

2017-09-14 Thread 'Aaron Dough' via qubes-users 
 Original Message 

> Subject: [qubes-users] Re: Qubes 4.0 on Tuxedo BU1406
> Local Time: September 13, 2017 11:53 PM
> UTC Time: September 13, 2017 9:53 PM
> From: grzegorz.chodzi...@gmail.com
> To: qubes-users 
>
> W dniu środa, 13 września 2017 12:39:13 UTC+2 użytkownik Aaron Dough napisał:
>> These are my experiences with Qubes 4.0rc1 on a Tuxedo BU1406-notebook with 
>> an i5-7200U-CPU and a NVMe-SSD. Some issues could be resolved (mostly using 
>> this mailing list, thanks to anyone contributing!), others remain:
>>
>>
>> 1. Resolved issues:
>>
>> 1.1 Unable to install Qubes in UEFI-Mode. Selecting "Install Qubes R4.0-rc1" 
>> just loops back to the same menu.
>> Solution: creating an MBR and installing in Bios-Mode worked fine
>>
>> 1.2 After the installation, the notebook kept rebooting. I got into the GRUB 
>> Boot Menu, but after selecting Qubes, it briefly showed the "Loading Xen..., 
>> Loading Linux... Loading ramdisk..."-message, and then rebootet the PC. 
>> (Much like this guy describes. Maybe someone link him here? I can"t respond 
>> to him, since I just subscribed...)
>> Solution: editing the menu-item and removing "iommu=no-igfx" in the 
>> multiboot-line allowed my to start the system and update dom0. This update 
>> then generated a new grub configuration file, which resolved the issue for 
>> good. I did this three times now, the first two times it worked at once, the 
>> last time I had to restart the update until I saw the "Generating grub 
>> configuration file ..."-message (maybe the dom0-update-server could not be 
>> reached at first?)
>>
>> 1.3 Sys-net could not be started. At first boot it showed me the 
>> error-message "["/usr/bin/qvm-start", "sys-firewall"] failed: Start failed: 
>> internal error: Unable to reset PCI device :03:00.1: internal error: 
>> Active 000:03:00.0 devices on bus with 000:03:00.1, not doing bus reset". 
>> This was really about Sys-net, to which 03:00.1 was attached.
>> Workaround: Removing the 03:00.1 ethernet controller in the sys-net vm 
>> settings worked, which means however that I don"t have Ethernet. I can live 
>> with that for now. Blocklisting the card-reader as suggested here was not 
>> tried yet.
>>
>> 2. Unresolved issues:
>>
>> 2.1 Touch-pad does not register taps as clicks. The physical buttons work 
>> however, as does multitouch scrolling, so this is not critical. It is 
>> strange though, as Fedora 25 is the base of dom0, and Fedora 25 itself has 
>> no problems with the touchpad.
>>
>> 2.2 Standby is not working properly. This is the last dealbreaking issue 
>> remaining.
>>
>> 2.2.1 With Sys-usb enabled, can"t unlock after Standby. I can go into 
>> standby, but waking the notebook results in a blank screen. The 
>> led-backlight comes up though.
>> Dirty Workaround: It looked like the keyboard and touch-pad did not 
>> reconnect. I reinstalled with sys-usb disabled, which allowed me to unlock, 
>> but lead to 2.2:
>>
>> 2.2.2 With Sys-usb disabled, Standby results in strange behavior when 
>> sys-net is running. The first "Suspend to RAM" after starting sys-net (or 
>> booting the machine) works perfectly fine, but kills my 
>> networking-capabilities ("NetworkManager is not running" when I click the 
>> red networking-icon). After that, Standby will lock the screen and nothing 
>> else happens at first. I can unlock the screen and go back to the Desktop. 
>> Then, after a minute or so the computer will go into standby. Waking will go 
>> directly to the Desktop, without the lock-screen. Restarting sys-net and 
>> sys-firewall will also reset this issue. Some rare times, the first standby 
>> will not result in the described problem, so this is only 90-95% 
>> reproducible. It maybe unrelated, but it seems sys-net is always at the 
>> minimum of 400MB, and sys-firewall at the maximum of 4000MB of used memory.
>> What did not work: Removing the WiFi-controller. However, without any 
>> attached networking-devices the NetworkManager keeps running after the first 
>> Standby.
>>
>> If you have any idea about one of the remaining issues, please let me know. 
>> Since the HCL-tool is missing in rc1, I will provide the report (and an 
>> update) once rc2 comes out.
>>
>> --Aaron
>
> 3. Try running sys-usb with pci_strictreset set to false. If that doesn"t 
> help attach both 03:00.0 and 03:00.1 devices to sys-usb and try again.

Thanks Yethal, but there doesn't seem to bee a pci_strictreset-property in 
Qubes 4.0. Or am I mistaken somehow?

Another error that happened before, but only a few times now more often, so I 
have to include it in the list of unresolved issues:

2.3 Most Qubes-commands don't work sometimes. Sometimes (more often than not 
recently) Qubes boots into xfce, but the Qubes-specific trayicons don't come 
up, vms don't start, selecting a Qubes-specific item in the menu doesn't do 
anything, and when executing a Qubes-command in the command line an error is