[qubes-users] What's the best way to share Firefox add-ons among VMs and have separate bookmarks and settings per VM?

[Qbert Qube]

I am new to Qubes OS.

My understanding is that TemplateVMs are for installing software, DVM
Templates are for configuring software, DispVMs and AppVMs are for running
software, and StandaloneVMs are kind of all of the above.

AppVMs are based on TemplateVMs.
DispVMs are based on DVM Templates.

I have a standard set of Firefox add-ons that I like to install
(particularly privacy-based ones). I'd ideally like all my Firefox
instances to have these add-ons. I assume I can do that by creating a DVM
Template, installing Firefox add-ons there, and then using DispVMs.

The problem is that I also want to have different sets of bookmarks and
settings depending on domain (for example, work, school, banking, etc.).
Since I want persistent bookmarks and settings, I assume I need to use an
AppVM (one per domain) instead of a DispVM, but then I can't get a shared
set of add-ons, since it's not recommended to configure anything in a
TemplateVM (what AppVMs are based on).

What are my options for my use case (Firefox add-ons shared among VMs and
separate bookmarks and settings per domain)?

I'm guessing the safest option would be to just set up Firefox from scratch
in a bunch of AppVMs. I'm hoping there's a more convenient solution, but
maybe this is a case where one has to sacrifice convenience for security.

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJrLjobCytiWcow5XR___BB3o%2BTCMdtWZu3mD2bFSRxdESJ7VA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] How to edit boot files on drive?

[Rory]

In the doc/uefi-troubleshooting/ it says under boot device not recognized after 
installing to manually edit the bootable. 

Ok so how do I do this since it wont boot or if I disconnect the drive and 
attached as a usb disk on another computer it doesnt show whatsoever?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6d71a122-0b3f-4c2b-b44e-ccc85918f769%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Unsolicited feedback on fedora 26 templates in Qubes R3.2

[freightened . linter]

Indeed, the changed font settings in Fedora26 are really irritating.
Comparing the rendering between Fedora25 and Fedora26 via gnome-tweak-tool,
that is, looking at them side-by-side, the Fedora26 fonts look fairly 
different. Have the default fonts changed for Sans Regular, Monospace Regular, 
or is it just the rendering?


Has somebody solved the problem yet?


Harald

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d5aa5df3-76bd-43e7-8188-ec2f7a4c0ae8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Cant set kernel to none

[Foppe de Haan]

On Sunday, December 3, 2017 at 10:46:42 PM UTC+1, eminem wrote:
> Hey, im using qubes 4 RC3
> Im trying to install android on a vm but i cant do it because i need to set 
> the kernel to none. I go to the VM settings and then try to change the 
> kernel, then save it, and when i go again to vm settings kernel is set to 
> default

try qvm-prefs VMNAME kernel ''.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3d95590a-4734-453e-9743-0fd6186200eb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: VPN Disconnects when Qubes goes to sleep (and does not reconnect when coming out of sleep)?

[Chris Laprise]

On 12/03/2017 10:30 PM, Michael Siepmann wrote:
  
On 12/02/2017 11:14 PM, Chris Laprise wrote:

Looking at openvpn entries in 'journalctl' can give you a better idea.
I've seen instances where openvpn versions starting with 2.4 have this
bad reaction to disconnection (which is what sleep/wake is in this
case); with openvpn 2.3 you could count on it to keep
going/re-connecting. But there may also be an issue with the way
Qubes/Xen are handling the virtual interfaces between VMs; the
symptoms remind me of basic networking problems many of us have
experienced with prior Qubes releases, where only VM restarts would
re-build inter-VM links correctly.

But if there isn't a basic networking problem, moving to a
service-based config will be more robust and should keep openvpn
running. One way to do this is to have your rc.local script start
openvpn with systemd-run (and the right options), but I've already
created a project that uses a full systemd config to manage VPN
processes...

https://github.com/tasket/Qubes-vpn-support

Setup is much easier than the vpn doc, though it currently only works
with Qubes 3.2 which I'm guessing you're using. The usual 'systemctl
start/stop/status' commands give you control over the
qubes-vpn-handler.service that manages openvpn.


Thank you! So far this seems to be working fine, automatically
reconnecting after resume. Any chance of getting this approach mentioned
on https://www.qubes-os.org/doc/vpn ?


Great! I think it could be linked in the revised doc once the Qubes R4.0 
issues are worked out.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6458cc1c-227b-482b-10a3-0037fad9ae2c%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes4.0 rc3 install error

[Shashank]

Hello everyone,
I tried installing Qubes4.0 rc-3, and installation went through halfway and 
caused error. The error said it was caused by anaconda installer. Second time 
the installation fails in the beginning after about a min. 

Error description says:
At least 3MB more required for /boot/efi

Any suggestions on what can be done? I tried installing it on a machine which 
had Qubes3.2 before.

Thank you

Shashank.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6fe4cb1b-de0c-45d8-b291-da4630a5c94d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Local network access when using ProxyVM as VPN gateway using iptables and CLI scripts?

[Michael Siepmann]

On 11/21/2017 02:07 PM, Michael Siepmann wrote:

Michael Siepmann, Ph.D.
*The Tech Design Psychologist*™
/Shaping technology to help people flourish/™
303-835-0501   TechDesignPsych.com
   OpenPGP: 6D65A4F7

 

> On 11/16/2017 09:50 PM, Michael Siepmann wrote:
>> On 11/16/2017 08:11 AM, Chris Laprise wrote:
>>> On 11/15/2017 10:17 PM, Michael Siepmann wrote:
 I've followed the instructions to "Set up a ProxyVM as a VPN gateway
 using iptables and CLI scripts" at https://www.qubes-os.org/doc/vpn/
 and it's working well so far but I need to be able to access my local
 network 192.168.x.x. That worked when I was connecting to the VPN
 with Network Manager in my NetVM. Is there a way to configure that
 when using a ProxyVM as a VPN gateway? I'm guessing I need to do
 something in /rw/config/qubes-firewall-user-script in my VPN ProxyVM
 to configure iptables to allow bypassing the VPN for 192.168.x.x but
 I'm not sure how to do that. Any help will be greatly appreciated!

>>> Hi Michael,
>>>
>>> You're not the first to ask about LAN access via a VPN VM. Various
>>> posters in qubes-users have found ways around the anti-leak
>>> configuration to access particular nets directly.
>>>
>>> What I usually advise is to think of VPN proxy, sys-firewall or any
>>> other proxyVM as Qubes network primitives: Let the VPN VM do its thing
>>> in guarding against non-tunnel access, and use sys-firewall or
>>> specific proxyVM to access the LAN. This implies that any given appVM
>>> can have access to only one type of network (or, only one type at a
>>> time). This IMHO is the best way.
>>>
>>> OTOH, yes you can make the compromise in the VPN VM and allow
>>> non-tunnel traffic. In the firewall script, you can start by
>>> commenting-out these two lines:
>>>
>>> iptables -I FORWARD -o eth0 -j DROP
>>> iptables -I FORWARD -i eth0 -j DROP
>>>
>>> This removes almost all leak protection, but should suffice for
>>> initial testing. You may also have to add a route pointing to your
>>> local net (see Linux "ip route" documentation) because the VPN may
>>> have added its route as a default. If you wish to eventually reinstate
>>> the above anti-leak rules you can try adding exceptions after those
>>> two (so they will be listed _first_ in the FORWARD chain), for instance:
>>>
>>> iptables -I FORWARD -o eth0 -d 192.168.0.0/16 -j ACCEPT
>>> iptables -I FORWARD -i eth0 -s 192.168.0.0/16 -j ACCEPT
>>>
>>> A word of caution: Once you start modifying rules like this its easy
>>> to make mistakes that compromise security, even if you generally know
>>> what you're doing. That's one reason to use the Qubes-oriented net
>>> security model I mentioned initially. Another reason is, of course,
>>> that even creating correct exceptions to tunnel enforcement opens you
>>> up to certain kinds of threats. If your use case does not call for an
>>> appVM accessing both VPN and LAN at the same time then there should be
>>> no reason to make the compromise.
>>>
>> Hi Chris,
>>
>> Thank you! I will try this and report back. My main use case here is
>> automatically doing an encrypted backup (with Borg Backup) of my files
>> once an hour to a NAS device, which in turn automatically copies the
>> backups to cloud storage at night, when I don't have competing needs for
>> the upload bandwidth. Another use case is file sync, e.g. with SyncThing
>> (which can work over the Internet, but much slower of course). However,
>> I can certainly see the security advantages of only letting an appVM
>> have access to one type of network, or only one type at a time.
> Hi Chris,
>
> I got it working! The changes I've made (to allow access only to
> 192.168.9.x, not 192.168.x.x) are:
>
> In my "sys-vpn" VPN Proxy VM...
>
> ...added the following lines to /rw/config/qubes-firewall-user-script,
> after the "Block forwarding of connections through upstream network
> device (in case the tunnel breaks)" section:
>
>   #    Allow forwarding of connections through upstream network device
>   #    if they're to 192.168.9.x
>   iptables -I FORWARD -o eth0 -d 192.168.9.0/24 -j ACCEPT
>   iptables -I FORWARD -i eth0 -s 192.168.9.0/24 -j ACCEPT
>
> ...added the following lines to /rw/config/vpn/qubes-vpn-handler.sh, at
> the end of the "up)" case:
>
>   # Allow access to home network for backup, etc.
>   ip route add 192.168.9.0/24 via 10.137.1.1 dev eth0
>
> ...where 10.137.1.1 is the gateway for my "sys-vpn" VPN ProxyVM.
>
> Please let me know if you see any problems with what I've done other
> than the general security caveat you mentioned before.
>
> Many thanks for your help!  I really appreciate it.

(I can see on the Web archive

that Chris Laprise replied to the message abov

Re: [qubes-users] Re: VPN Disconnects when Qubes goes to sleep (and does not reconnect when coming out of sleep)?

[Michael Siepmann]

 
On 12/02/2017 11:14 PM, Chris Laprise wrote:
> On 12/03/2017 12:09 AM, Michael Siepmann wrote:
>> On 11/30/2017 10:14 PM, Chris Laprise wrote:
>>> On 11/30/2017 11:44 PM, Michael Siepmann wrote:

 On Jun 12, 2017, Andrew Morgan wrote:

> Did you follow the "Set up a ProxyVM as a VPN gateway using
> iptables and
> CLI scripts" section of the Qubes VPN docs
> (https://www.qubes-os.org/doc/vpn/
>  )?
>
> If so you should be good just to execute the `/rw/config/rc.local`
> file
> on your VPN VM after every suspend either manually, through a
> keyboard
> shortcut (which I do personally with the following command):
>
> qvm-run -i root sys-vpn "/rw/config/rc.local"

 I followed the "Set up a ProxyVM as a VPN gateway using iptables
 and CLI scripts" instructions but for me executing
 "/rw/config/rc.local" doesn't make it work again.

 I've also tried commenting out or deleting "persist tun" from my
 OpenVPN config file, as Chris Laprise as suggested in the thread
 "is vpn made manually, not supposed to restart after suspend?" on
 May 21 but that isn't helping either.

 My current workaround is a script I wrote in dom0 that first does
 "qvm-prefs VMname -s netvm none" for all the VMs I normally have
 running that use sys-vpn (my ProxyVM VPN gateway), then shuts
 sys-vpn down, waits 10 seconds, starts sys-vpn, then does
 "qvm-prefs VMname -s netvm sys-vpn" for all those VMs.

 Any ideas what could be going on so that neither executing
 /rw/config/rc.local nor commenting out "persist tun" works in my case?

>>>
>>> I have a couple ideas as to workarounds. Instead of re-starting
>>> sys-vpn, you could:
>>>
>>>   qvm-run -u root sys-vpn 'pkill openvpn'
>>>   qvm-run -u root sys-vpn 'sh /rw/config/rc.local'
>>>
>>> ...before you re-enable the netvm prefs.
>>>
>>> Also, one thing that changing the netvm prefs does is to trigger
>>> qubes-firewall-user-script to run again. You might compare the state
>>> of iptables before and after your workaround to see if something
>>> went missing after waking from sleep. If that's the case, you could
>>> just trigger the script as a third command added to the above.
>>>
>>
>> Thanks! I tried those commands and they don't get it working again. I
>> still have to shut it down and restart it. I also checked the
>> iptables and that does not seem not to be the problem. However, I've
>> found out that after a brief suspend the VPN may continue working,
>> but in cases when it stops working, the process ends and can't be
>> restarted. In the following the first ps command was just after
>> resuming, and the second a few seconds later, after I'd seen the "VPN
>> is down" notification:
>>
>>     [user@sys-vpn ~]$ sudo sg qvpn -c "ps -leaf | grep openvpn | grep
>> -v grep"
>>     5 S root  1093 1  0  80   0 - 16371 poll_s 14:33 ?   
>> 00:00:42 openvpn --cd /rw/config/vpn/ --config openvpn-client.ovpn
>> --daemon
>>     [user@sys-vpn ~]$ sudo sg qvpn -c "ps -leaf | grep openvpn | grep
>> -v grep"
>>     [user@sys-vpn ~]$
>>     [user@sys-vpn ~]$ sudo sh /rw/config/rc.local
>>     [user@sys-vpn ~]$ sudo sg qvpn -c "ps -leaf | grep openvpn | grep
>> -v grep"
>>     [user@sys-vpn ~]$
>>
>> I also tried "pkill openvpn" when it is working, and I can't restart
>> it after that either:
>>
>>     [user@sys-vpn ~]$ sudo sg qvpn -c "ps -leaf | grep openvpn | grep
>> -v grep"
>>     5 S root  1134 1  0  80   0 - 16371 poll_s 21:26 ?   
>> 00:00:00 openvpn --cd /rw/config/vpn/ --config openvpn-client.ovpn
>> --daemon
>>     [user@sys-vpn ~]$ sudo sg qvpn -c "pkill openvpn"
>>     [user@sys-vpn ~]$ sudo sg qvpn -c "ps -leaf | grep openvpn | grep
>> -v grep"
>>     [user@sys-vpn ~]$ sudo sh /rw/config/rc.local
>>     [user@sys-vpn ~]$ sudo sg qvpn -c "ps -leaf | grep openvpn | grep
>> -v grep"
>>     [user@sys-vpn ~]$
>>
>> Any ideas why this might be happening?
>
> Looking at openvpn entries in 'journalctl' can give you a better idea.
>
> I've seen instances where openvpn versions starting with 2.4 have this
> bad reaction to disconnection (which is what sleep/wake is in this
> case); with openvpn 2.3 you could count on it to keep
> going/re-connecting. But there may also be an issue with the way
> Qubes/Xen are handling the virtual interfaces between VMs; the
> symptoms remind me of basic networking problems many of us have
> experienced with prior Qubes releases, where only VM restarts would
> re-build inter-VM links correctly.
>
> But if there isn't a basic networking problem, moving to a
> service-based config will be more robust and should keep openvpn
> running. One way to do this is to have your rc.local script start
> openvpn with systemd-run (and the right options), but I've already
> created a project that uses a full systemd config to manage VPN
> processes...
>
> https://github.com/tasket/Qubes-v

[qubes-users] HCL - ASUS H270 i7-7700

[Eric Grosse]

For testing U2F SecurityKey via sys-usb;  installed 4.0-rc3 with PS/2
keyboard and mouse.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAHfGVNc0JvM1ZLiMRQphvR0Tb_oF7vNed2Ldc4dhrStR_J05WQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-ASUS-i7-20171203-190028.yml
Description: Binary data

[qubes-users] Qubes4.0 rc-3 Installation Problem

[Shashank]

Hello everyone,

I tried installing Qubes4.0 rc-3, and installation went through halfway and 
caused error. The error said it was caused by anaconda installer.

Any suggestions on what can be done? I tried installing it on a machine which 
had Qubes3.2 before.

Thank you

Shashank.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/17fe9c0f-bc19-4319-a05d-fcb66c692b27%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] USB Keyboard thoughts...

[Robert Fisk]

On 12/03/2017 09:37 AM, Jean-Philippe Ouellet wrote:
> On Fri, Dec 1, 2017 at 1:10 PM, Matty South  wrote:
>> I love the Qubes project! I've been thinking of ways to improve the security 
>> when it comes to USB Keyboards.
>>
>> I'm sure a lot of us who use Qubes as our day-to-day OS have a nice keyboard 
>> attached to the system. Upon plugging in the USB keyboard for the first 
>> time, I rightfully got a security warning about the implications of passing 
>> USB Keyboard input into dom0 (think USB Rubber Ducky attack among others). 
>> OK, I'm on board so far. What surprises me is that I didn't just authorize 
>> THIS keyboard to pass through to dom0, I have authorized *ANY* USB keyboard 
>> to access dom0. I verified this with other keyboards and even a home-made 
>> Rubber Ducky attack using a teensy.
>>
>> Curious, is there a reason why we don't restrict the authorized USB keyboard 
>> based on USB Serial number or even VID or PID. Sure with PID/VID, a physical 
>> attacker who knows your brand of keyboard could still pass through 
>> keystrokes, but it would still up the bar a little for these style of 
>> attacks.
>>
>> I'm on Version 3.2 so forgive me if this has been addressed in 4.0.
>>
>> Secondly, I don't want to be the guy begging for improvements, I would like 
>> to contribute. Can anyone point me to a good place to start if I want to add 
>> this feature? I'm thinking here maybe? 
>> https://github.com/QubesOS/qubes-app-linux-usb-proxy
> See https://github.com/QubesOS/qubes-issues/issues/2518
>

Hi Matty and all,

I am the developer of the USG hardware firewall mentioned in issue 2518.
On its own this gadget can do most of what you want - it blocks hidden
hubs so a flash drive cannot also supply keystrokes, and it blocks
devices re-enumerating as a keyboard after first enumerating as
something else.

Issue 2518 is about encrypting keystrokes from the keyboard to dom0, so
that a compromised sys-usb cannot sniff or spoof them. Jean-Philippe
suggested borrowing ideas from CrypTech's HSM design, which is worth
looking into. However I don't have time to look into this myself right
now. I would also require help with the qubes-side implementation of
whatever secure channel we choose. You are welcome to look through the
thread and let us know what you think!

Regards,
Robert

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a64e8e14-1378-e0ee-89d2-65433414f17f%40fastmail.fm.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Hibernate Lenovo X1

[Jean-Philippe Ouellet]

On Sun, Dec 3, 2017 at 5:36 PM, beso  wrote:
> "systemctl hibernate:
> Failed to execute operation. Sleep verb not supported."
>
> How to solve this issue?

Xen does not support hibernating, therefore Qubes does not either.

Use suspend instead of hibernate.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_DbXuf-vBrKykcXGh7XUC5n6cLXzz19TFq3UDwzDNkBLg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Q4RC3 - win7 install problems

[gangwerz]

On Sunday, December 3, 2017 at 3:43:06 AM UTC-8, Jean-Luc Duriez wrote:
> Hi Qubists
> 
> This is my first attempt to install Windows 7 in my Qubes system (Q4RC3):
> 
> ---
> [jl@dom0 ~](0) qvm-create win7 --class StandaloneVM --label yellow
> 
> [jl@dom0 ~](0) qvm-ls
> NAME   STATECLASS LABEL   TEMPLATE   NETVM
> ...
> win7   Halted   StandaloneVM  yellow  -  sys-firewall
> 
> [jl@dom0 ~](0) qvm-block
> BACKEND:DEVID  DESCRIPTION   USED BY
> dom0:sr0   CDDVDW_GP70N (GSP1RMCHPXFRER_FR_DVD)  
> 
> [jl@dom0 ~](0) qvm-start win7 --crom dom0:sr0
> ---
> 
> 
> I get a console terminal from the win7 VM with a brief message and it closes 
> after a few seconds (see attached sreenshot). I also tried with a .iso file 
> but the same issue occurs. Am I doing things wrong ?
> 
> Of course I checked the Win7 DVD and it is readable and fine.
> 
> Any clue appreciated. Thanks.
> 
> Jean-Luc

I am experiencing the exact same issue. I also tried the "Boot Qube From 
CD-ROM" option in the VM settings applet, but the "OK" option after selecting 
sr0 has no response.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3df514f5-01a9-483c-8897-0dd1927dbe47%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Upgrade Fedora-24 template to Fedora-25

[beso]

"Error: Error downloading packages:
  Cannot download libdvdcss-1.4.0-2.fc25.x86_64.rpm: All mirrors were tried"

How to solve this issue?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5dceae6e-e1a5-402a-9c2a-e6a1f422e303%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Hibernate Lenovo X1

[beso]

"systemctl hibernate:
Failed to execute operation. Sleep verb not supported."

How to solve this issue?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1d9c5ee6-d8a4-4b79-a5af-d3b04c7d5836%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Cannot assign USB radio peripheral with qvm-usb

[p . o . mosier]

Hello,

I am running Qubes 3.2, with a Fedora 25 sys-usb.  I have a HackRF One SDR that 
I am trying to attach to an appvm, with no luck.

When I run qvm-usb in dom0 to attach the USB device the command hangs and there 
is the following in the appvm's dmesg output:

[  490.254687] vhci_hcd vhci_hcd: pdev(0) rhport(0) sockfd(0)
[  490.254701] vhci_hcd vhci_hcd: devid(131091) speed(3) speed_str(high-speed)
[  490.463076] usb 2-1: new high-speed USB device number 93 using vhci_hcd
[  490.674105] usb 2-1: new high-speed USB device number 94 using vhci_hcd
[  490.885282] usb 2-1: new high-speed USB device number 95 using vhci_hcd
[  490.885332] usb 2-1: SetAddress Request (95) to port 0
[  490.900735] usb 2-1: device descriptor read/8, error -71
[  491.022552] usb 2-1: device descriptor read/8, error -71
[  492.007163] usb usb2-port1: Cannot enable. Maybe the USB cable is bad?
[  492.007176] usb usb2-port1: unable to enumerate USB device
[  492.991256] usb usb2-port1: Cannot enable. Maybe the USB cable is bad?
[  493.879245] usb usb2-port1: Cannot enable. Maybe the USB cable is bad?

The last message continues for some time before vhci_hcd gives up and 
disconnects the device.  qvm-usb in dom0 never returns.

The SDR works just fine if I use it from sys-usb directly, so the problem 
appears limited to how Qubes handles USB forwarding.

Can anyone help with this error?

I suspect not many people have an SDR to test.  I am willing to help debug this 
but I will need help knowing what to do.

Thanks,
- Paul

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ff9d6e30-dd3e-4906-bb91-a07ba4abef03%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Failing BT Proximity Check

[jasonles]

I used my ORWL all day after receiving it with problem. However, after taking a 
break at night and returning to it, I was no longer able to pass the BT 
Proximity Check.

I've only set up one keyfob, and when I present the keyfob I see the "NFC 
Authenticated" message. However, after the 30 seconds or so of BT proximity 
check I get a lock image and am prompted to press power again.

Any ideas how to remedy this problem?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bccd94af-724d-4e58-a9fd-562b0458505c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Cant set kernel to none

[eminem]

Hey, im using qubes 4 RC3
Im trying to install android on a vm but i cant do it because i need to set the 
kernel to none. I go to the VM settings and then try to change the kernel, then 
save it, and when i go again to vm settings kernel is set to default

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f09cc1e7-ad91-4728-8224-6959eab12538%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Please help list of supported graphics cards

[Mike Keehan]

On Sun, 3 Dec 2017 10:22:54 -0800 (PST)
r...@tuta.io wrote:

> Hey Mike. I did took the drive out and moved to my laptop. I run
> qubes on there with 3.2. I can install 3.2 with no errors on laptop.
> But when i tried to install 4 on the drive with laptop I get the same
> errors. I cant seem to install the version 4 iso on anything. 
> 
> What I was hoping to do was install 4 on laptop and try to get
> working on desktop but that seems to a problem now.
> 
> Im wondering if I should install version 3.2 and attempt to change
> the kernels there and move the drive over?
> 

Yes, 4.0 needs the vtd/iommu stuff to work.  I haven't tried installing
it on a machine without those capabilities.

If you install 3.2 on the drive, and then can use it OK on the other
system, you should be able to upgrade the kernel to 4.11 or more.
However, you still won't be able to install 4.0 on that system until
the graphics issue is fixed or worked around.

Mike.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171203202500.577c7ec3.mike%40keehan.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Enable usb-qube and now my keyboard and mouse are not responding

[carre89]

Hi, 

I enabled the usb-qube in 4.0rc2 and now my keyboard and mouse are not 
responding. Now I have to start over to fix it. 

Does anyone know what may have caused this?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e066a5ad-9cce-4ded-949e-0427b0bd8bcd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Please help list of supported graphics cards

[Rory]

Hey Mike. I did took the drive out and moved to my laptop. I run qubes on there 
with 3.2. I can install 3.2 with no errors on laptop. But when i tried to 
install 4 on the drive with laptop I get the same errors. I cant seem to 
install the version 4 iso on anything. 

What I was hoping to do was install 4 on laptop and try to get working on 
desktop but that seems to a problem now.

Im wondering if I should install version 3.2 and attempt to change the kernels 
there and move the drive over?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ba54459d-f5bd-4fb3-888d-00b6ebd53f24%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Please help list of supported graphics cards

[Mike Keehan]

On Sun, 3 Dec 2017 08:14:47 -0800 (PST)
r...@tuta.io wrote:

> Didnt think about how new it was. I even attempted linux mint
> cinnamon and didnt install. Viewed fine on usb but wouldnt finish
> install. 
> 
> Do you suggest the 4.0-rc3 install or is there a link to upgrading
> kernal manually before install?
> 
> I did google search to upgrade kernal in Qubes but only saw how to
> update while installed. 
> 

Hi,

Ah right, I didn't realise that you couldn't install Qubes.

As for 4.0-rc3, if your chip is i7700 then it should support Qubes
requirements properly.  You may have to make changes in your Bios
to allow virtualisation, iommu and vtd.

Mike.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171203180347.3a035fe8.mike%40keehan.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Please help list of supported graphics cards

[Rory]

Seem to be a little further trying again. After creating the user it goes 
awhile and gets an error. I press debug and this is output. Sorry im typing on 
mobile and cant copy paste over.

https://i.imgur.com/VzEBtra.jpg

If I try to install thru troubleshooter It fails to pane every time.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f3101a6f-993e-4733-8cc2-2b08f8b73694%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Please help list of supported graphics cards

[Rory]

I tried the test release for 4 and got this.

https://i.imgur.com/dU0BjnJ.jpg

I then press continue and it gives me this on next page. 

https://i.imgur.com/0nIoYLX.jpg

Any help on what I should do from here? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/88da6fe7-a322-45b3-86c5-cc31e6327b2c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Please help list of supported graphics cards

[Rory]

Didnt think about how new it was. I even attempted linux mint cinnamon and 
didnt install. Viewed fine on usb but wouldnt finish install. 

Do you suggest the 4.0-rc3 install or is there a link to upgrading kernal 
manually before install?

I did google search to upgrade kernal in Qubes but only saw how to update while 
installed. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/67c0baa1-31bd-4652-9cab-ef5a8f6e23d5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Please help list of supported graphics cards

[Mike Keehan]

On Sun, 3 Dec 2017 05:52:14 -0800 (PST)
r...@tuta.io wrote:

> I have a asus strix 270g board with Intel I7 7700k chip. Monitor is
> Ultra Hd.
> 
> My asus rx580 doesnt work and cant seem to set my display to use
> Intel graphics. 
> 
> Keep getting pane dead or lux key errors.
> 

You probably need a more recent kernel - 4.11 or 4.12 handle the
newer Intel graphics devices.  There are more up to date kernel in
the testing repositories.
(there have been a number of posts in the mailing list about
 upgrading to newer kernels and how to do it.)

Mike.
 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171203154422.2df11a1d.mike%40keehan.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Please help list of supported graphics cards

[Roy Bernat]

Hi 

use this lin: 

https://www.qubes-os.org/hcl/


Roy 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/014575fb-b4e5-4cf8-aa70-6ebb95a6e965%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Please help list of supported graphics cards

[Rory]

I have a asus strix 270g board with Intel I7 7700k chip. Monitor is Ultra Hd.

My asus rx580 doesnt work and cant seem to set my display to use Intel 
graphics. 

Keep getting pane dead or lux key errors.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b3424130-60d7-4a26-b57e-429f62925660%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Q4RC3 - win7 install problems

[Jean-Luc Duriez]

Hi Qubists

This is my first attempt to install Windows 7 in my Qubes system (Q4RC3):

---
[jl@dom0 ~](0) qvm-create win7 --class StandaloneVM --label yellow

[jl@dom0 ~](0) qvm-ls
NAME   STATECLASS LABEL   TEMPLATE   NETVM
...
win7   Halted   StandaloneVM  yellow  -  sys-firewall

[jl@dom0 ~](0) qvm-block
BACKEND:DEVID  DESCRIPTION   USED BY
dom0:sr0   CDDVDW_GP70N (GSP1RMCHPXFRER_FR_DVD)  

[jl@dom0 ~](0) qvm-start win7 --crom dom0:sr0
---


I get a console terminal from the win7 VM with a brief message and it closes 
after a few seconds (see attached sreenshot). I also tried with a .iso file but 
the same issue occurs. Am I doing things wrong ?

Of course I checked the Win7 DVD and it is readable and fine.

Any clue appreciated. Thanks.

Jean-Luc

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1bbdbb16-41dd-4d62-b465-0f956f1f4ec4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] New HCL Entry: Lenovo ThinkPad T470 (20HDCTO1WW)

[Mike Keehan]

On Sun, 3 Dec 2017 03:03:59 +0100
Marek Marczykowski-Górecki  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On Sat, Dec 02, 2017 at 01:02:52AM -0800, Joe Hemmerlein wrote:
> > Danke, Stephan, your pointers were very valuable!
> > 
> > At first, I decided to just borrow an external DVD drive and boot
> > off a DVD burned from the ISO, in UEFI mode. The result however was
> > the same as when booting from my previously-created USB stick: grub
> > boots, but no matter what i select, the screen briefly flashes and
> > takes me back to grub. So.. yeah, the ISO image does not appear to
> > be usable out of the box on some UEFI devices, even when burning it
> > to a DVD.
> > 
> > Your description of the livecd-tools helped make good progress, but
> > still without ability to boot the installer completely, but they
> > sent me in the right direction. I then found
> > https://groups.google.com/forum/#!topic/qubes-users/4VsKdxnKHBk,
> > which described a process very similar to yours (it omits the part
> > about using dosfslabel, but has a part about also updating the
> > xen.cfg file).
> > 
> > Altogether, this did the trick!  
> 
> Thanks for posting detailed instruction. And for the pull request for
> qubes-doc!
> 
> > In condensed form, this is what i did to create a USB install stick
> > that works with UEFI on the T470: 1. Use the "livecd-iso-to-disk"
> > utility from fedora livecd-tools to put the ISO image onto an USB
> > stick 2. rename the USB stick's partition label to BOOT 3. edit
> > the /BOOT/EFI/xen.cfg file on the USB stick's partition to make
> > sure all LABEL= instances are replaced with LABEL=BOOT  
> 
> Does anyone have an idea what the difference livecd-iso-to-disk make,
> compared to isohybrid? If possible, we'd like to installation iso work
> out of the box on UEFI systems, including new ones...
> 
> I wonder if Fedora netinst iso (_not_ Live iso) boot on such new
> hardware, after directly dd-ing it to USB stick. Can you check that?
> Just see if installer starts. It's here:
> 
> https://alt.fedoraproject.org/
> 
> If that would work, I can try to find what is different about those
> images and fix Qubes iso.
> 
> - -- 

Hi Marek,

Even using that network iso to boot my Dell XPS 15 (2017), I still need
to add the option "modprobe.blacklist=nouveau" to the boot command line
to allow the installer to work.  Without that option, the installer
gets a 'stuck cpu' error, with the stack trace showing the nouveau
driver as the culprit.

I could not figure out how to edit the xen.cfg file to add the option
there - others seem to have managed to do that though.

Best wishes,

Mike.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171203111553.2909b06d.mike%40keehan.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] refresh rate

[Roy Bernat]

Hi 

Someone succeeded  to solve the refresh rate issue ? 

Roy  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f5662ead-1c32-4405-825d-472295e0ef0a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: USB Keyboard thoughts...

[Yethal]

W dniu niedziela, 3 grudnia 2017 06:29:51 UTC+1 użytkownik tai...@gmx.com 
napisał:
> I would consider purchasing one of unicomps excellent mechanical 
> keyboards, they don't have re-writable firmware so a malicious computer 
> can't install a virus (unlike most keyboards) and they are also made in 
> america thus much more trustworthy.
> 
> Truly a pleasure to type on, they are made with the original IBM Model M 
> tooling.

Try Bathroom Epiphanies. These are replacement keyboard controllers for select 
mechanical keyboards. Fully open source, fully open hardware. Allow full 
control over the keyboard and the code that it runs.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/df757748-f106-4c03-855b-2be873aeb294%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] mount root.img files

[haaber]

> 
> I see you've already managed to fix the issue, but for anyone else: you
> can access root using qvm-run command. For example:
> 
> qvm-run -u root debian-8 xterm
> 
That is pretty cool and quick I admit. Notice however that my solution
works even in a no-longer starting template (if this problem is due to
config files). In more complicated situations one could even install a
clone of a damaged system, chroot from the working one into the damaged
one to run apt-get  ..   best, Bernhard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6569d6ed-5ed9-8839-2f96-745c9f174512%40web.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Suggestions (for forum posts)

[Leo Gaspard]

On 12/03/2017 04:02 AM, Andrew David Wong wrote:>> No, a Google Account
is not required. Many people who use the
>> Qubes mailing lists never create one. If you're subscribed to one
>> of the lists, you should be receiving every message sent to that
>> list. (Of course, you won't retroactively receive emails that were
>> sent to the list before you subscribed.)
> 
>>> Really? I must be doing something wrong. I had origonally sent a
>>> message to qubes-users+subscr...@googlegroups.com and got a
>>> confirmation message but I dont get any messages except some of
>>> the responses to my posts that I sent to
>>> qubes-users@googlegroups.com I will read the mailing list page
>>> again because I think I have missed an important detail
> 
> I just tried to search for your email address in the list of
> qubes-users subscribers, and it's not there. So, it looks like your
> address was never successfully subscribed, or it was unsubscribed at
> some point. I recommend that you try to subscribe again.

Hmm, just a suggestion: if people aren't expected to Cc: everyone
involved in a thread when replying, maybe it'd be better to set the
google groups to only allow incoming messages from subscribed email
addresses only? The error message is not very informative, but it would
avoid issues like this one, by forcing people to subscribe before asking
questions? Then it's less user-friendly, so there's a choice to be made,
if it hasn't been made already.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2bcba28b-42ad-85bc-ab29-e34f3efc2d6d%40gaspard.ninja.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] New HCL Entry: Lenovo ThinkPad T470 (20HDCTO1WW)

[Joe Hemmerlein]

On Saturday, December 2, 2017 at 6:04:08 PM UTC-8, Marek Marczykowski-Górecki 
wrote:
> Does anyone have an idea what the difference livecd-iso-to-disk make,
> compared to isohybrid? If possible, we'd like to installation iso work
> out of the box on UEFI systems, including new ones...
> 
> I wonder if Fedora netinst iso (_not_ Live iso) boot on such new
> hardware, after directly dd-ing it to USB stick. Can you check that?
> Just see if installer starts. It's here:
> 
> https://alt.fedoraproject.org/
> 
> If that would work, I can try to find what is different about those
> images and fix Qubes iso.

Hi Marek,

I just tried the Fedora netinst image, dd'd it onto an USB stick, and it 
successfully booted.

One minor observation i made i the process: the Qubes ISO9660 volume label 
includes a dot/period; the netinst image doesn't.

This triggered a deja-vu from understanding why we need to update the volume 
label and edit xen.cfg after using livecd-iso-to-disk: this approach creates a 
FAT32 to hold everything, but the xen.cfg file uses the Qubes volume label 
"Qubes-R4.0-rc3-x86_64" to identify where to load inst.stage2 from, and FAT32 
volumes can't have labels that are this long and they also have trouble with 
periods in the label. Sure, FAT32 isn't ISO9660, but ISO9660 is also a bit 
troubled with a few different interpretations of the standard and restrictions.

Also, a Qubes dd'd USB stick contains an ISO9660 partition and a FAT16 
partition with a stub; I could validate that my T470 boots directly from 
ISO9660, ignoring the FAT16 partition.

Speaking of which... I found a way to make a USB install stick, much easier 
than using livecd-iso-to-disk tools:
- create a FAT32 partition (not too big) on the USB stick
- mark the partition as active (if MBR; not needed if GPT)
- mount the ISO image
- mirror the file system structure from the mounted ISO image to the FAT32 
volume
- give the FAT32 volume a meaningful label (not to exceed 11 chars)
- update EFI/BOOT/xen.cfg on the FAT32 volume to match that label

You can even do that on Windows without needing Rufus :) I'll update the doc 
one more time to include instructions for Windows users. Maybe even remove the 
livecd-iso-to-disk instructions again, I'm not sure.
-joe

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7ca2e559-d1a6-4a75-a3a4-abb9eb3b3fe1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.