Re: [qubes-users] Spilt-GPG help - 3.2
On 03/25/2018 07:58 PM, vel...@tutamail.com wrote: I love Qubes! Kudus to those developing and helping on this forum...I am sure others would agree that the effort is greatly appreciated. I am hoping I can get some help with "split-GPG" setup and signing emails. Some notes and questions about my configuration: * I plan to use Thunderbird. * I have since created a new vault from default during installation - I have some files in this vault, documents, some passwords...I consider this non-networked VM my "vault", although I am just getting into certificates for email signing and email encryption. - Should I use this VM for my certificates(or a dedicated certificate VM) or is it a big no? Should be no problem with using vault for both gpg keys and passwords (keepassx) and even small lists that you create in that vm. The only files you should import from other vms into vault are gpg keys. * I found a good tutorial on creating certificates using GnuPG with QubesOS: https://apapadop.wordpress.com/2013/08/21/using-gnupg-with-qubesos/ ( a little dated but did create test certificates...thanks Apapadop!) * I followed the steps in this Qubes-OS wiki: https://www.qubes-os.org/doc/split-gpg/ , however I get lost here: Setting up the GPG backend domain Make sure the gpg is installed there and there are some private keys in the keyring, e.g.: [user@work-gpg ~]$ gpg -K /home/user/.gnupg/secring.gpg - sec 4096R/3F48CB21 2012-11-15 uid Qubes OS Security Teamssb 4096R/30498E2A 2012-11-15 (...) How do I create this file: /home/user/.gnupg/secring.gpg ? Where do I keep my certificates in the "vault"? What commands or folders do I need to create? The gpg -K command is just a way to look at your keyring. The keyring is created automatically whenever you generate new keys or import existing ones. I tried finding more basic instructions but my "Googling" had no luck...how do I put private keys in my "vault" keyring and use Thunderbird in a seperate, dedicated VM to sign and encrypt my emails utilizing split GPG? Excuse me if this has already been answered or clarified in another post I couldn't find. Greatfully, V -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9c6bc302-858e-87e6-3e41-6fce4b503860%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Enhancing Template security?
On 03/25/2018 08:14 PM, vel...@tutamail.com wrote: I am trying to harden my Fedora and Debian templates and was hoping for some basic help and commands to do the following: How would I enable sudo authentication in a Template? There are two ways to do this now: 1. Follow this Qubes doc to get the yes/no auth prompts for sudo: https://www.qubes-os.org/doc/vm-sudo/#replacing-password-less-root-access-with-dom0-user-prompt 2. Remove the 'qubes-core-agent-passwordless-root' package. This second way means that sudo no longer works for a normal user. Instead, any root access in the VM must be done from dom0 with a command like 'qvm-run -u root vmname command'. I like the first method better because I'm used to sudo. How would I add a service like Qubes-VM-hardening ? https://github.com/tasket/Qubes-VM-hardening/tree/systemd The instructions are pretty vague - I should rewrite them soon. For now the version in the 'systemd' branch (linked above) is much more robust. You start by copying the two files (as root/sudo) to: /lib/systemd/system/vm-sudo-protect.service /usr/lib/qubes/init/vm-sudo-protect.sh After you copy them set execute bit and enable the service: $ sudo chmod +x /usr/lib/qubes/init/vm-sudo-protect.sh $ sudo systemctl daemon-reload $ sudo systemctl enable vm-sudo-protect.service The final step is adding either 'vm-sudo-protect' or 'vm-sudo-protect-root' as a Qubes service to each VM you want to protect. (Qubes services are added in the VM settings window on the Services tab.) The latter offers the most protection because it prevents rootkits from running when your VM starts. Should I enable AppArmor in a template and VM? You can try but depending on how fresh/accurate the AppArmor profiles are, it may prevent some of your apps from running properly. A long time ago I created a custom profile for Firefox with limited success but I doubt it works with FF 57+. AppArmor was supposed to be a way to pre-package security profiles along with apps. But it didn't work out that way and so users were left to themselves to guess what settings required changes in an app's profile whenever an app had an update. IIRC there is a GUI app called 'firejail' that can limit Firefox and other apps in a similar way. If they are more focused on keeping their limited repertoire of apps correctly profiled then it may work better than AppArmor. Also, Whonix keeps AppArmor profiles of Torbrowser, etc. but I don't think they enable it by default. Any other hardening best practices? Some people prefer to start with minimal templates as a form of 'hardening'. FWIW the regular Debian template is slightly less 'minimal' than Fedora-minimal. Overall I recommend Debian 9 because (like almost all other distros) it has a more secure update configuration than Fedora. That's because Fedora doesn't know if an attacker is trying to hold back some packages from being updated. So just switching to Debian is a type of hardening. There are other options that try to harden the VM kernels by patching them. My take on this is they're fraught with controversy, left unmaintained and/or difficult to install. At this point I don't think its worth it even for most Qubes users, and it may be better to wait for these features to be incorporated into the main kernel. You can also research 'unikernels' on Qubes as a way to harden the firewall. (Again, may not be worth it for most people at this point.) Other ways to increase safety include subscribing to a reputable VPN service and setup a VPN qube, and/or use Whonix with onion sites, and also add safety-oriented extensions to your web browser. In Firefox I recommend uBlock Origin and HTTPS Everywhere. Thanks you in advance...I am hoping these are easy for the layperson! V -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a1166456-7b00-8e9e-3303-cf2918aed9d7%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Is Template concept unique to Qubes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/26/2018 05:08 AM, franco.g...@tutamail.com wrote: > Security considerations aside, it's so convenient having shared > root filesystems that can be updated once for multiple child-VMs. > Is this feature unique to Qubes or is something like this often > replicated when using other hypervisor systems? VMware using similar solution for handling snapshots, and non-persistent disk images. VMware VDI also using this for provisioning new (disposable) desktops. Don't know about the others. - -- Zrubi -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEw39Thm3rBIO+xeXXGjNaC1SPN2QFAlq4eXwACgkQGjNaC1SP N2SxFA//Wr33HvkNh6J5hUbs42K54lpMJI+7eNKwwwcSxoH+Fh6oPSZ67tlrUHWB HWeFGFZeq6ZwPiQ4dIkL5fx9gl+8SjaZaz1Ypb2HNwlzOP3PutRnYQMraeCdbKbF UkR+JMFfb0xkxPNYIT9GyK4h4C0IGxAShP6V4rmzASKSgY7QCcSAPWyZNs1bSQ7R 7ZIU66G50Szc/YUbcpAUeaWfWNXS5YMvwnC4Oc7/trOp+AXuBPnwenNE17dtNw2r wfkb8UMrEEjQiYmc+N3WiyXMMwX0kRdTQz+SLm/CgzvxoOBjnnHWKfnoXSsmc/tA /SGMqj++/eLzSJPDJUTtGLp48vrPZee7NRz9Vkmn6144ziK3t75GCHPLr/rTnJf0 KPindCCo+6QWLmV9lycrbOJ9o+uYKHZtDUi1QZJt+KopQbWhFqMRj0KDa888vViY pTl4Dgm8LZYyjP9HUs/Z1ZLWkbcNqiCm/JA65335BtxisSh5lQwLSQMePIil2cO2 mRLwxcNBUqylYHfEXUa760ygsJ9DIOr7Ceb3+5RnqTa+RW38D/qegxgP495OPstO J9JaU4QMgwab37YaXb3J1eHf9/aQtnENVA00to/74x0PEu2y+ctdyA0ouKiAlb7A OZP4ztMSaXM1vfPE9twir9xzlpObQ2Sn76M7m96wkpUEnZge3M0= =PVM2 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/15a37a8c-35c0-3a03-dd2d-9b15c2f36b7c%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Partitioning Scheme
On Sunday, March 25, 2018 at 7:20:29 AM UTC-4, awokd wrote: > On Sun, March 25, 2018 3:07 am, sevas wrote: > > I had qubes installed without it. I wanted to install android. Android > > didnt recognize the virtual machines. So, I plugged in a 2nd disk. I was > > able to qvm-pci attach my SSD. Android recognized it and was able to > > install. > > I'm surprised this actually worked without trouble! lol! > The options I see for you are: > > A) Go back to 3.2 with the emulated disk controller Android can detect > (see https://github.com/QubesOS/qubes-issues/issues/3651). Not a chance! > B) Wait for someone to add a feature to 4.0/4.1 to change the emulated > disk controller type per VM (or find out if there is a more direct means > to change it). This would let you add both your drives to the same LVM > pool and encryption, and use regular drive images for your HVM. > > C) Dedicate and passthrough the single SSD only for your Android HVM > without encryption etc. Im now thinking about doing this with an SD card. Do you think that would work? Well, Im going to test it tomorrow. > I'm not exactly sure I follow what you've done to this point, so that > might be the safest approach. Fdisk the SSD (assuming there's nothing you > need to keep on it), shutdown your computer, physically disconnect/remove > the SSD, power on and reinstall Qubes if needed. Then power back down and > reattach it. You can then use it with one of the above options. If option > B, suggest manually setting up cryptsetup on it with the same password and > then a separate LVM pool. I could encrypt it from within qubes and decrypt it before use with VM, right? Qubes manages encryption and android is none the wiser. -With Qubes on 2 drives: --Ive tried trimfs and --allow-discard on root and luks --shrinking the pool= no info on google about this --qvm-create BIGVM && dd if=/dev/random of=/BIGFILE.img count=250GB && qvm-remove BIGVM >>shrink pool no cigar >>I'm not exactly sure I follow what you've done to this point, PVcreate: Qubes installation with one m.2 only. Added SSD later. $ sudo pvcreate /dev/sdb #Error device not found (or ignored by filtering) Am I supposed to use $ sudo pvcreate /dev/sdb1 ? I wanted to PV the entire device and not just the partition(s). $ nano /etc/lvm/lvm.conf >#global-filtering = [devices] #No change. >global-filtering = [sdb] #did not fix. >global-filtering = [devices] #did not fix, of course. 'devices' is just >generic for 'add your device here'. But I un-commented it anyway. And >restarted. Im pretty sure Im just misunderstanding the pvcreate tool. I will read up on the correct methods tomorrow too. But some people were using 'global-filtering=sdb' and they could suddenly 'pvcreate sdb' device without partition without errors. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/67cfe244-23b4-414d-97c6-e0d494f27887%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Enhancing Template security?
On Sunday, March 25, 2018 at 8:14:12 PM UTC-4, vel...@tutamail.com wrote: > I am trying to harden my Fedora and Debian templates and was hoping for some > basic help and commands to do the following: > How would I add a service like Qubes-VM-hardening ? Look at Tresnor. > Should I enable AppArmor in a template and VM? One or the other, I think... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bab3592c-d7bf-4ee9-af97-7a1f8de803fb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Spilt-GPG help - 3.2
I recommend a dedicated vm(not your vault). I also recommend installing kgpg. Thats all I have. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/59e48702-6490-4aa2-85cb-6d72473d4847%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Is Template concept unique to Qubes?
Security considerations aside, it's so convenient having shared root filesystems that can be updated once for multiple child-VMs. Is this feature unique to Qubes or is something like this often replicated when using other hypervisor systems? Specifically, I want to run a **not**-secure bleeding edge testbox that has gpu acceleration in dom0. (Example: archlinux + KVM). I know thin-provisioning (COW?) will allow one copy of OS on the filesystem to be re-used but is it possible to base multiple VM's on a single template like Qubes? Thanks for reading. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/L8VGlJg--3-0%40tutamail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Enhancing Template security?
I am trying to harden my Fedora and Debian templates and was hoping for some basic help and commands to do the following: How would I enable sudo authentication in a Template? How would I add a service like Qubes-VM-hardening ? Should I enable AppArmor in a template and VM? Any other hardening best practices? Thanks you in advance...I am hoping these are easy for the layperson! V -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6206c49f-fb01-4163-9437-e0ed9560f4c8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Spilt-GPG help - 3.2
I love Qubes! Kudus to those developing and helping on this forum...I am sure others would agree that the effort is greatly appreciated. I am hoping I can get some help with "split-GPG" setup and signing emails. Some notes and questions about my configuration: * I plan to use Thunderbird. * I have since created a new vault from default during installation - I have some files in this vault, documents, some passwords...I consider this non-networked VM my "vault", although I am just getting into certificates for email signing and email encryption. - Should I use this VM for my certificates(or a dedicated certificate VM) or is it a big no? * I found a good tutorial on creating certificates using GnuPG with QubesOS: https://apapadop.wordpress.com/2013/08/21/using-gnupg-with-qubesos/ ( a little dated but did create test certificates...thanks Apapadop!) * I followed the steps in this Qubes-OS wiki: https://www.qubes-os.org/doc/split-gpg/ , however I get lost here: Setting up the GPG backend domain Make sure the gpg is installed there and there are some private keys in the keyring, e.g.: [user@work-gpg ~]$ gpg -K /home/user/.gnupg/secring.gpg - sec 4096R/3F48CB21 2012-11-15 uid Qubes OS Security Teamssb 4096R/30498E2A 2012-11-15 (...) How do I create this file: /home/user/.gnupg/secring.gpg ? Where do I keep my certificates in the "vault"? What commands or folders do I need to create? I tried finding more basic instructions but my "Googling" had no luck...how do I put private keys in my "vault" keyring and use Thunderbird in a seperate, dedicated VM to sign and encrypt my emails utilizing split GPG? Excuse me if this has already been answered or clarified in another post I couldn't find. Greatfully, V -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7e9a52d7-1a30-45cf-ac17-f396280620cd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: [Q4-rc5] Blank screen on boot after installation on Lenovo
On Sun, March 25, 2018 10:24 pm, gluv...@gmail.com wrote: > On Sunday, March 25, 2018 at 4:29:40 AM UTC-7, awokd wrote: > >> Did you try step #11 under >> https://www.qubes-os.org/doc/uefi-troubleshooting/#cannot-start-installa >> tion-installation-completes-successfully-but-then-bios-loops-at-boot-de >> vice-selection-hangs-at-four-penguins-after-choosing-test-media-and-ins >> tall-qubes-os-in-grub-menu ? If it didn't help, you could also try to >> reinstall in legacy mode. > > Thanks @awokd! That also worked! Now UEFI also works. :) Thanks for reporting back! Unfortunately, there are a lot of buggy UEFI implementations out there so it's good to know this work-around can still help in some cases under 4.0. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b97b7d21dc133dfaa9dde42dc9fb52a1.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: [Q4-rc5] Blank screen on boot after installation on Lenovo
On Sunday, March 25, 2018 at 4:29:40 AM UTC-7, awokd wrote: > Did you try step #11 under > https://www.qubes-os.org/doc/uefi-troubleshooting/#cannot-start-installation-installation-completes-successfully-but-then-bios-loops-at-boot-device-selection-hangs-at-four-penguins-after-choosing-test-media-and-install-qubes-os-in-grub-menu > ? If it didn't help, you could also try to reinstall in legacy mode. Thanks @awokd! That also worked! Now UEFI also works. :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1d4c5202-7908-4232-8f17-f26d0a4bb4dd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] can't download qubes 4.0 how to raise 4.3gb download limit.
alot of people use whonix as their updatevm now. But those that are right now are having weird problems as i'm sure you've noticed. I never trusted Tor, Joanna used to not use it much either... Privacy and security are two diff things. But if thats the only way they could get to us, then that says alot for how secure Qubes is. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b418ec42-cb07-403b-91a6-6c6d153d2062%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] can't download qubes 4.0 how to raise 4.3gb download limit.
The reason I think it happened is because first there was a failed update. Then had to update it a second time. Then all of us regular posters at the time were posting and we all had the same anomalies and bugs going on. Alot of weird things going wrong with the system. Even on Andrew Wongs machine. But hey man. Qubes protected me for 2 years before that and thats a record in my book. My windows machine gets compromised in a month. And my linux machines usually in one day lol. Just hunches :), always loved how Joanna is one of the few to admit thats all we ever got. Oh, she also came out with idea of paranoid recovery mode after the whole fiasco. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/48536938-f798-47e3-a2b0-857f4a5cf021%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] can't download qubes 4.0 how to raise 4.3gb download limit.
If they are focusing on gpu passthrough, for wider adoption, their focus isn't on security. Its also silly and ironic that 4.0 is way less user friendly then 3.2. There are many statements from Joanna about secure boot and ME in general, and closed source code in general. Which means they will never use secure boot. disappointing, because IMO its pretty necessary even for a reasonable secure machine. Hey man, like I said. Alot of us were already compromised by a bad dom0 update. I don't remember you posting during that time so maybe your machine is ok. And it came from them unintentionally, or fedora repos, who knows. I could be wrong though, of course I have no proof. Just a paranoid hunch. Intel patched ME for backdoors that have been in their machines for 8 years a week after that. It was during a time when there was friction between Subgraph and Qubes, and when spender was having nervous breakdowns and who already basically threatened Joanna in the past with such an attack. If you want to talk about rude vindictive losers, look no further then spender and the subgraph dev Xsmurf aka Bruce Leidl. That guy is nuts and gives me the creeps. Super vindictive. And whats so crazy about them is David Mirza Amahd is such a nice friendly guy I don't think he even has any idea what goes on underneath his nose. Which also makes them kind of fake and all marketing hype. Laughed when him and the rapist Applebaum, who i could never stand, cringed at Joannas comments at the LoganCIJ6 panel. Because her comments were so brutally honest and I guess they just wanted her to be the typical salesperson. She actually looked depressed. She used to work for the nsa so maybe they have approached her and that upset her, maybe they also target us. But hey i'm just crazy so don't mind me lmao... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/aeaaf376-4cab-4173-bbfc-50542152d335%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] update from rc04
On Sun, March 25, 2018 6:17 pm, Roy Bernat wrote: > Hi all > > > > should i install the new version or can update from rc04 Either should work. If you aren't sure, they always say in the release notes too. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4edb00ac1f57dd777d4ea6d66e575265.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: [Q4-rc5] Blank screen on boot after installation on Lenovo
After setting UEFI/Legacy Boot to "Legacy Only" and Boot Priority to "Legacy First", I was able to complete the installation and setup process. Qubes is now running, although with a bunch of errors. I'm going to experiment to see if I can get it working with UEFI. I'll try @awokd's advice and post my results. Also, in case it's relevant, the system is using a Samsung 860EVO 500GB SSD. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ceebc1a7-2947-4520-9f14-02d63eacfade%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] update from rc04
Hi all should i install the new version or can update from rc04 R -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4c4c014c-7eb2-4fb6-b2ce-896dd4ed9297%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Macbook Pro - Broadcom WLAN adapter BCM43602 causing freezing under Qubes OS 4.0 rc5
在 2018年3月25日星期日 UTC+8上午7:54:49,Greg写道: > > Hi, hopes I'm not bothering you and thanks for your tips I finally got > > Qubes running on my MBP. However, I can't get the wifi card working using > > methods you discussed above, after running "sudo xl pci-attach sys-net > > '02:00.0,permissive=1'" (02:00.0 is the network controller pci address), > > sys-net still don't have the network controller attached and using "qvm-pci > > attach" still cause the system to freeze, how do you finish the attach > > phase? > > I now do the following to attach the BCM43602 to sys-net: > I disabled "Start qube automatically on boot" for sys-net and sys-firewall in > the qubes manager. I now manually start sys-net using "qvm-start sys-net" and > immediately after executing that command (well about 2 seconds later) I > execute "sudo xl pci-attach sys-net '03:00.0,permissive=1'" to attach the > device to sys-net while it is still starting up. It seems that I have to > attach the device to sys-net before it has fully booted, because if I attach > it too late it doesn't seem to be detected by the VM. > > Note that my particular BCM43602 has a PCI ID of 14e4:43ba which is supported > by the brcmfmac driver. Your particular device might need another driver (I > can't help with that I'm afraid). That was...tricky, I'll have a try, hope to be successful. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/113ae84f-660a-4593-9c7d-b3ecdacce3f4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] power9 and qubes os
Le dimanche 25 juin 2017 08:09:04 UTC-4, tai...@gmx.com a écrit : > On 06/24/2017 08:16 PM, Johnysecured88 wrote: > > > Are you a developer? > No. > > Can we get input from a developer on this issue? > You should email the community liaison, as it is definitely a question > worth asking. > a...@qubes-os.org > If you want a supported build done by them you would probably have to > provide the funds for a new/used recent POWER system. Xen doesn't support Power9 for the moment. Qubes still depends on Xen for compartmentalization. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4949fc86-fa89-4332-8dca-dfc6059cf1e2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Lenovo G505s A10-5750m / qubes 4.0rc5 / Unsupported Hardware Detected
You upgraded to the factory BIOS 3.00 and it is overheating in Qubes 4rc5 and locking up the computer? I have never been able to successfully install Qubes 4rc5, 4rc1. end installation> reboot> black screen! (and for the 4rc5 I had the unsupported hardware message, not on 4rc1) Coreboot might fix the problems you are having with your current laptop. You can flash it back to the factory BIOS if it does not. I also think that coreboot could fix the problem (I feel that the bios is buggy) but I must give back the G505s quickly, after that will not be possible, I do not take the risk of finding myself with a problem on this PC. I will order the material in advance (soic 8 and CH341A), when I find a new PC G505s, I already have the hardware to flash in coreboot quickly, I could see if everything goes well with qubes. Another person told me that this PC sometimes has problems with overheating, it seems common. Look forward to hearing back from you! Yes of course. I would always have an eye on the forum. you would not get rid of me so easily! :) P.S. Did you check your spam folder for my emails? I was in spam, nothing at all ... (except for the mails of the forum) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4fbbcb93-5c75-40f1-9618-f6d08996bc3e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: [Q4-rc5] Blank screen on boot after installation on Lenovo
On Sun, March 25, 2018 9:15 am, berto0...@gmail.com wrote: > I'm having the same issue on a Thinkpad X230 with the latest Lenovo BIOS > (2.71). Installation went fine, XEN is booting and throwing many lines > without any obvious errors (please let me know how to obtain that log as > text if possible, else I have an actual photo of the screen), the the > screen is going black. > > This is my XEN.cfg: > > > [global] > default=4.14.18-1.pvops.qubes.x86_64 > > [4.14.18-1.pvops.qubes.x86_64] > options=loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M iommu=no-igfx > kernel=vmlinuz-4.14.18-1.pvops.qubes.x86_64 > root=/dev/mapper/qubes_dom0-root > rd.luks.uuid=luks-8dd628c2-8acf-4452-8935-b580856aeed6 > rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap i915.alpha_support=1 > rhgb quiet ramdisk=initramfs-4.14.18-1.pvops.qubes.x86_64.img > > [4.14.18-1.pvops.qubes.x86_64] > options=loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M iommu=no-igfx > kernel=vmlinuz-4.14.18-1.pvops.qubes.x86_64 > root=/dev/mapper/qubes_dom0-root > rd.luks.uuid=luks-8dd628c2-8acf-4452-8935-b580856aeed6 > rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap i915.alpha_support=1 > rhgb quiet ramdisk=initramfs-4.14.18-1.pvops.qubes.x86_64.img Did you try step #11 under https://www.qubes-os.org/doc/uefi-troubleshooting/#cannot-start-installation-installation-completes-successfully-but-then-bios-loops-at-boot-device-selection-hangs-at-four-penguins-after-choosing-test-media-and-install-qubes-os-in-grub-menu ? If it didn't help, you could also try to reinstall in legacy mode. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8c72a22d8b55a3bdf8e8dca3d60a9b73.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Lenovo G505s A10-5750m / qubes 4.0rc5 / Unsupported Hardware Detected
On Sun, March 25, 2018 10:33 am, caropeli...@gmail.com wrote: > I think my PC has a problem, it heats a lot too much, I will make it > (maybe the cause of my concern, CPU that would put itself in security, > although I also ask the question of bios). You upgraded to the factory BIOS 3.00 and it is overheating in Qubes 4rc5 and locking up the computer? > I will still look for another > G505s and I will still order in advance the material (soic 8 and CH341A). Coreboot might fix the problems you are having with your current laptop. You can flash it back to the factory BIOS if it does not. > Thank you very much to AWORD and the other intervener for their help. > I will go back to share some that I would have a new PC. Look forward to hearing back from you! P.S. Did you check your spam folder for my emails? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/10c32d5bfecd4972039e8b6b582c3fba.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Partitioning Scheme
On Sun, March 25, 2018 3:07 am, sevas wrote: > Heres what Im trying to do. > > > I had qubes installed without it. I wanted to install android. Android > didnt recognize the virtual machines. So, I plugged in a 2nd disk. I was > able to qvm-pci attach my SSD. Android recognized it and was able to > install. I'm surprised this actually worked without trouble! > However, my disk was not encrypted and I wanted to move it into the qubes > LVM > so it would be encrypted and then pci attach it. You can't do this. Encryption and volume management are handled in dom0. By PCI attaching it to a VM, you are effectively unplugging it from dom0 which means it can no longer manage or decrypt the drive, and I can see why a surprise removal of it would crash your computer if you had it set up for that. The options I see for you are: A) Go back to 3.2 with the emulated disk controller Android can detect (see https://github.com/QubesOS/qubes-issues/issues/3651). B) Wait for someone to add a feature to 4.0/4.1 to change the emulated disk controller type per VM (or find out if there is a more direct means to change it). This would let you add both your drives to the same LVM pool and encryption, and use regular drive images for your HVM. C) Dedicate and passthrough the single SSD only for your Android HVM without encryption etc. > My idea to fix this is one of two. > Either figure out how to PVCreate /dev/sda which means reinstalling > everything again. I'm not exactly sure I follow what you've done to this point, so that might be the safest approach. Fdisk the SSD (assuming there's nothing you need to keep on it), shutdown your computer, physically disconnect/remove the SSD, power on and reinstall Qubes if needed. Then power back down and reattach it. You can then use it with one of the above options. If option B, suggest manually setting up cryptsetup on it with the same password and then a separate LVM pool. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b528626fc649c0c3533497c5cfc0aaad.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Lenovo G505s A10-5750m / qubes 4.0rc5 / Unsupported Hardware Detected
I think my PC has a problem, it heats a lot too much, I will make it (maybe the cause of my concern, CPU that would put itself in security, although I also ask the question of bios). I will still look for another G505s and I will still order in advance the material (soic 8 and CH341A). Thank you very much to AWORD and the other intervener for their help. I will go back to share some that I would have a new PC. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d247f63b-6c16-4ceb-b80f-3d37987d8319%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: [Q4-rc5] Blank screen on boot after installation on Lenovo
I'm having the same issue on a Thinkpad X230 with the latest Lenovo BIOS (2.71). Installation went fine, XEN is booting and throwing many lines without any obvious errors (please let me know how to obtain that log as text if possible, else I have an actual photo of the screen), the the screen is going black. This is my XEN.cfg: [global] default=4.14.18-1.pvops.qubes.x86_64 [4.14.18-1.pvops.qubes.x86_64] options=loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M iommu=no-igfx kernel=vmlinuz-4.14.18-1.pvops.qubes.x86_64 root=/dev/mapper/qubes_dom0-root rd.luks.uuid=luks-8dd628c2-8acf-4452-8935-b580856aeed6 rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap i915.alpha_support=1 rhgb quiet ramdisk=initramfs-4.14.18-1.pvops.qubes.x86_64.img [4.14.18-1.pvops.qubes.x86_64] options=loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M iommu=no-igfx kernel=vmlinuz-4.14.18-1.pvops.qubes.x86_64 root=/dev/mapper/qubes_dom0-root rd.luks.uuid=luks-8dd628c2-8acf-4452-8935-b580856aeed6 rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap i915.alpha_support=1 rhgb quiet ramdisk=initramfs-4.14.18-1.pvops.qubes.x86_64.img Any help is appreciated. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8fc2eec9-1746-497f-9acb-3212535d6c99%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Partitioning Scheme
Red Hat says use vgreduce. vgreduce says theres no space. Ubuntu says enable discard on root. Fedora says discard is dangerous to enable. Qubes says there is no current solution. Confusious says make qube and dd if=/dev/random and delete qube. A liar said fallocate would allocate all the memory. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f9de2557-6c97-42df-9deb-948dce3730b8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Yubikey for OTP password manager 2FA only ...with Q4.5 sys-usb please
Hello, using Q4.5 I have been reading the various yubikey howto problem-solving, but remain confused what to expect for my use of the Yubikey, which is, I believe OTP for 2FA for lastpass On my desktop I have Q3.2 and no sys-usb and I have NOT had to install any particular packages in dom0 or the Fed26 template etc. in Q4.5 I do note the widget to attach the Yubikey to the AppVM example: EmailVM , and I see it attached with lspci in the AppVM , using the widget, however it is nonfunctional. Typically, the Yubikey at times asks you to detach and reattach it, which probably in hindsight is not a good idea, as after doing that the widget will no longer allow any detaching. when I go into dom0 and do qvm-device attach email sys-usb:2-1.1 at current it is freezing and I can't Ctl+c out of the command I have 8gb Ram in an i7 thinkpad here, and for some reason I can't even get sys-usb to launch a Terminal, guess I'll be rebooting , maybe an SSD in the future is going to make Q4.5 usable ? (sorry added some commentary here) :O I believe at one point it told me the qubes usb proxy was not installed, then I went and tried to dnf install qubes proxy in the sys-usb and it said it *Was already installed. I find sys-usb the most difficult aspect of Qubes use, on Q3.2 after locking myself out I gave up on sys-usb ... and don't feel for my purposes a huge worry re: security ..can I do the same in Q4 or ... what do you suggest .. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/51f6fd3d-aa10-9734-bde3-402a70dda983%40riseup.net. For more options, visit https://groups.google.com/d/optout.