Re: [qubes-users] Re: What CPU are you running for Q 4.0?
I would suggest a pre-PSP AMD 16 core 6386SE on a KGPE-D16 board running coreboot-libre or libreboot - 100% open source firmware with no blobs, the D16 and D8 also have cool stuff like OpenBMC, IOMMU-GFX etc. An 8 core 6328 is also a good fast choice. The D16 supports max 2x16 cores, so 32 cores and 192GB RAM total. I play the latest games in a VM at max settings on mine and they support crossfire for maximum graphics power. For a laptop there is also the G505S pre-PSP with the only blobs for video, EC and power management - there is a free EC replacement in progress. This would be the best, most secure and most free option for qubes 4.0 - the above are all the last and best owner controlled x86_64 options; the future of freedom performance computing is OpenPOWER eg: the TALOS 2 but xen doesn't support POWER so you would have to use it for your non-qubes virtualization needs. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4eabbd34-ea4f-344d-fece-0efd10f6a604%40gmx.com. For more options, visit https://groups.google.com/d/optout. 0xDF372A17.asc Description: application/pgp-keys
Re: [qubes-users] Re: What CPU are you running for Q 4.0?
Generally NVIDIA hates linux so it would be a good idea to purchase an AMD card instead in the future to avoid problems... NVIDIA artificially hobbles IOMMU-GFX on their geforce products by adding bugs to their drivers and they have ruined the nouveau project in a variety of ways. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3cd7de00-d9e8-72d2-4db9-af7e64d5ee92%40gmx.com. For more options, visit https://groups.google.com/d/optout. 0xDF372A17.asc Description: application/pgp-keys
[qubes-users] failed to start SSD after installing Qubes 4
Hey! I have updated my Qubes 3.2 to the 4.0 over the USB (used DD in a live-CD to burn the iso). Now i can not start the Harddrive, the screen stays black (also if i go to other console Strg+Alt+F2 or something else) after i choose the drive to boot. i disabled secure boot in BIOS and any other security. it just shows no grub as it seems, so something is wrong with the /boot partition on the partition i can not find any grub and maby thats the point. But i failed to install it over live CD Laptop: Thinkpad W530 as i understood it supports VT-x with ETP and VT-d on the board and in BIOS can somebody help please? best regards wdoof Schon gewusst?! Neben dem E-Mail-Postfach bietet freenet.de auch eine integrierte Cloud-Lösung mit 3 GB Speicher und das alles komplett kostenfrei. https://email.freenet.de/index.html -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fb5a2ee1e359fefa55f7aaa1f8da1c19%40email.freenet.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] failed to start SSD after installing Qubes 4
i also noticed that the directories are not as they will be describted on the trouble shooting page of qubes this should be: /boot/efi/EFI/qubes/xen.cfg but if i mount the partition on the live CD i just get diretly EFI/qubes/xen.cfg without the first efi Sichern Sie sich mit freenet Mail start 50 GB Cloud-Speicher zusätzlich zu Ihrem werbefreien Postfach sowie höchste Sicherheitsstandards. https://email.freenet.de/start/index.html -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7b41d83e1af9621ff63189ab99ef36a9%40email.freenet.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] failed to start SSD after installing Qubes 4
in BIOS i have both modes UEFI/Legacy with CMS and UEFI first maby it went something wront with this setting Schon gewusst?! Neben dem E-Mail-Postfach bietet freenet.de auch eine integrierte Cloud-Lösung mit 3 GB Speicher und das alles komplett kostenfrei. https://email.freenet.de/index.html -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/41397ea1ed59e7874536ae5e92d1272b%40email.freenet.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Librem 13v2: Qubes 4.0 stuck at loading the desktop
Le mardi 22 mai 2018 01:39:38 UTC+2, sevas a écrit : > I'm using kde and everything works. Thanks for the info! @awokd finally I've reinstalled Qubes 4.0 and I'll recreate my documents. Thank you so much for your support and patience! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f1fd4a94-0ec7-40b3-81c1-d6214c1b8fbe%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] failed to start SSD after installing Qubes 4
i think thats the problem with the GPT formating and UEFI and BIOS settings Something goes wrong there. should i install it in only UEFI mode?? or just leave it in "both" mode with CMS? Schon gewusst?! Neben dem E-Mail-Postfach bietet freenet.de auch eine integrierte Cloud-Lösung mit 3 GB Speicher und das alles komplett kostenfrei. https://email.freenet.de/index.html -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/97c113129fd3af1705d0285b13b46f81%40email.freenet.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] failed to start SSD after installing Qubes 4
just reinstalled Qubes with UEFI-Mode only (without CMS) in BIOS... but i get still the blackscreen after reboot... so it doesnt want to start the SSD the thing is... i don't see the start screen (grub2 or whatever it is) if i install from USB. It just start the USB without showing me the screen with possibilities to choose. Normally it should show me "test media and install qubes". so do i understand it right, that the grub or MBR is dead? Schon gewusst?! Neben dem E-Mail-Postfach bietet freenet.de auch eine integrierte Cloud-Lösung mit 3 GB Speicher und das alles komplett kostenfrei. https://email.freenet.de/index.html -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/98fb9549196778b1387602b921fb1f12%40email.freenet.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] failed to start SSD after installing Qubes 4
sorry for so many postings, but i work here on the problem :) the thing is... the partition on the USB is GPT, so it doesnt use MBR. It seems to be the problem with grub AND with UEFI/GPT-boot please help somebody! :) Sichern Sie sich mit freenet Mail start 50 GB Cloud-Speicher zusätzlich zu Ihrem werbefreien Postfach sowie höchste Sicherheitsstandards. https://email.freenet.de/start/index.html -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8cfbbb03afc9ddd9a4c80b9885e47bba%40email.freenet.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes 3.2 can't install Windows 7: libvirt.libvirtError
I have almost the problem when i am trying to install Windows .ISO like standalone machine: [user@dom0 ~]$ qvm-start win7new --custom-config=/tmp/win7new.conf --cdrom=dom0:/home/user/win7.iso --> Loading the VM (type = HVM)... Traceback (most recent call last): File "/usr/bin/qvm-start", line 136, in main() File "/usr/bin/qvm-start", line 120, in main xid = vm.start(verbose=options.verbose, preparing_dvm=options.preparing_dvm, start_guid=not options.noguid, notify_function=tray_notify_generic if options.tray else None) File "/usr/lib64/python2.7/site-packages/qubes/modules/01QubesHVm.py", line 335, in start return super(QubesHVm, self).start(*args, **kwargs) File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py", line 1955, in start self._update_libvirt_domain() File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py", line 767, in _update_libvirt_domain raise e libvirt.libvirtError: operation failed: domain 'win7new' already exists with uuid 727dd680-3dd3-4891-8997-2100da932efc But when i try this command without: --custom-config=/tmp/win7new.conf Installation process in stuck because of xen instead of cirrus (of course in /tmp/win7new.conf I put cirrus, but in some reason with this config i got this error) What I must try? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/98c76640-c28e-4b25-b9d7-13be14e793bf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to Install Android on Qubes 3.2 --/-- (4.0)
In need to run a couple android apps on my qubes os. how can I do this? -install android HVM -install bluestacks on windows hvm I tried both and it did not work for me. bluestacks needs access to my graphic card, cant get it to work. can someone post a way to run android apps on your qubes os? (for dummies) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/97c49890-e2d4-49c8-ae58-79d026fbd707%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Lenovo G505S Coreboot
I think: at the moment, the only possible way to become confident that a new 15h microcode at linux-firmware.git is the same (or at least close to being the same) as being offered to us under an NDA, without signing this NDA, is to install this microcode to your coreboot and then run some tests to see the degree of vulnerability to the various spectres. Also, that AMD person has uploaded only 15h and 17h - meanwhile, there are some nice desktop coreboot-supported 16h boards like ASUS AM1I-A (they are early-16h so they do not have PSP backdoor, only late-16h has), and these 16h boards are still vulnerable. I will try to contact to "remind" about 16h. Maybe they don't share the microcodes publicly until they have fully tested them, and NDA is a way for OEMs to get the not-publicly-released-yet microcodes to test on their hardware. It could be that AMD's guidelines require fully testing a new microcode at all the compatible platforms before releasing it publicly even if its just a matter of setting a few bits - to make sure that all the other functions are still working correctly Best regards, Ivan 2018-05-22 8:19 GMT+03:00 taii...@gmx.com : > *ML thread reply* > Hey guys you can install the latest microcode now from linux-firmware, > no NDA or w/e I believe this is the latest version. > See my thread on the coreboot ML for more info. > > Remember folks the G505S has a piledriver cpu and thus it NEEDS a > microcode update to have IOMMU (and thus work for V4) and be secure due > to various exploits. > > before: > microcode: CPU0 patch_level=0x0600084f > > after: > microcode: CPU0: new patch_level=0x06000852 > > I think this is the latest version but I don't know for sure. > > -- > You received this message because you are subscribed to a topic in the Google > Groups "qubes-users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/qubes-users/WEppbuqRpfY/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/e14e74a7-044f-41c2-0dad-90438aacc1cf%40gmx.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAaskFB-Y8ZWHzwb0tq-KT3qFEJD%3DxfWWhP4oEMxyZKCwBxXNg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Lenovo G505S Coreboot
Alternatively, it could be that NDA is required not exactly to get these updated microcode files for our a-bit-old CPUs, but to understand - against what vulnerabilities these microcodes are trying to give the protection. Maybe there are some secret release notes that usually come with these microcodes to the OEMs. If you would look at the commit message which came with 15h/17h files, you would not notice any mention of the vulnerabilities and spectre - or any other mention of what has been changed or improved. Its "just an update" - https://marc.info/?l=linux-kernel&m=152651230014241&w=2 . More messages from this author - https://marc.info/?a=13724479713&r=1&w=2 Best regards, Ivan 2018-05-22 15:34 GMT+03:00 Ivan Ivanov : > I think: at the moment, the only possible way to become confident that > a new 15h microcode at linux-firmware.git is the same (or at least > close to being the same) as being offered to us under an NDA, without > signing this NDA, is to install this microcode to your coreboot and > then run some tests to see the degree of vulnerability to the various > spectres. Also, that AMD person has uploaded only 15h and 17h - > meanwhile, there are some nice desktop coreboot-supported 16h boards > like ASUS AM1I-A (they are early-16h so they do not have PSP backdoor, > only late-16h has), and these 16h boards are still vulnerable. I will > try to contact to "remind" about 16h. Maybe they don't share the > microcodes publicly until they have fully tested them, and NDA is a > way for OEMs to get the not-publicly-released-yet microcodes to test > on their hardware. It could be that AMD's guidelines require fully > testing a new microcode at all the compatible platforms before > releasing it publicly even if its just a matter of setting a few bits > - to make sure that all the other functions are still working > correctly > > Best regards, > Ivan > > 2018-05-22 8:19 GMT+03:00 taii...@gmx.com : >> *ML thread reply* >> Hey guys you can install the latest microcode now from linux-firmware, >> no NDA or w/e I believe this is the latest version. >> See my thread on the coreboot ML for more info. >> >> Remember folks the G505S has a piledriver cpu and thus it NEEDS a >> microcode update to have IOMMU (and thus work for V4) and be secure due >> to various exploits. >> >> before: >> microcode: CPU0 patch_level=0x0600084f >> >> after: >> microcode: CPU0: new patch_level=0x06000852 >> >> I think this is the latest version but I don't know for sure. >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "qubes-users" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/qubes-users/WEppbuqRpfY/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> qubes-users+unsubscr...@googlegroups.com. >> To post to this group, send email to qubes-users@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/qubes-users/e14e74a7-044f-41c2-0dad-90438aacc1cf%40gmx.com. >> For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAaskFD7KPUiVOBJFCgN2JprZ1oB2Yr2CPh4Z3bkLcrynqRFgA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] unknown HID "Adomax" found in sys-usb while all USB-ports empty
Hi, On a machine with sys-usb configured and mouse/keyboard connected through "old" PS2-connections, I've noticed this when running lsusb -v Michal Lee has pointed this out earlier (https://groups.google.com/d/msg/qubes-users/EANuL9rj_6w/-tjgYcThBAAJ), but I still lack an explanation of what is going on here. Best regards Ed Alvarez [code] [someuser@sys-usb]$ sudo lsusb -v (...) Bus 005 Device 002: ID 0627:0001 Adomax Technology Co., Ltd Device Descriptor: bLength18 bDescriptorType 1 bcdUSB 2.00 bDeviceClass0 bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 8 idVendor 0x0627 Adomax Technology Co., Ltd idProduct 0x0001 bcdDevice0.00 iManufacturer 1 QEMU iProduct3 QEMU USB Tablet iSerial 5 42 bNumConfigurations 1 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 34 bNumInterfaces 1 bConfigurationValue 1 iConfiguration 7 HID Tablet bmAttributes 0xa0 (Bus Powered) Remote Wakeup MaxPower 100mA Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber0 bAlternateSetting 0 bNumEndpoints 1 bInterfaceClass 3 Human Interface Device bInterfaceSubClass 0 bInterfaceProtocol 0 iInterface 0 HID Device Descriptor: bLength 9 bDescriptorType33 bcdHID 0.01 bCountryCode0 Not supported bNumDescriptors 1 bDescriptorType34 Report wDescriptorLength 74 Report Descriptors: ** UNAVAILABLE ** Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x81 EP 1 IN bmAttributes3 Transfer TypeInterrupt Synch Type None Usage Type Data wMaxPacketSize 0x0008 1x 8 bytes bInterval 10 Device Qualifier (for other device speed): bLength10 bDescriptorType 6 bcdUSB 2.00 bDeviceClass0 bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize064 bNumConfigurations 1 can't get debug descriptor: Resource temporarily unavailable Device Status: 0x (Bus Powered) (...) [/code] -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/68a8f333584bef7a2b2a8d2a69719b3b%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to Install Android on Qubes 3.2 --/-- (4.0)
https://groups.google.com/forum/m/#!topic/qubes-users/0N7sLHBRIdk Here are my notes on this. I was unable to run Android from the qubes virtual system. But adding a second hdd, manually encrypting it, manually mounting and unmounting it after boot... Worked. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3767b733-740c-4ee8-bd95-607ca2003ecc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HCL - Dell Inspiron 7472
Qubes release 4.0 is working flawless on Dell Inspiron 7472 with a few tweaks in BIOS to install and to boot system in EFI mode. Legacy boot was not necessary on this setup (only for system recovery). Devices tested and working: usb, sound, network, wifi, touchpad, external display, keyboard, suspend/ resume. For overall use (in BIOS settings): - Sata Operation set to AHCI. - Secure boot disabled. - Legacy mode set to off. - PTT security is enabled. - Intel VT-x enabled. - Auto OS Recovery Threshold set to off. - SupportAssist OS Recovery disabled. For Qubes installer, *HyperThread Control must be DISABLED in BIOS*, otherwise it freezes and won't boot in EFI mode. Turn it on after installing it on your computer. Hardware report (*.yml) is attached, and details follows: - Dell Inspiron 7472, i7-8550U cpu, 16GB RAM - HVM/ IOMMU/ HAP/ SLAT: active. - TPM: device not found. Note: PTT, or Intel Platform Trust Technology, is enabled, but it won't work with TPM support on Qubes, I think. - Xen: 4.8.3 - Kernel: 4.14.18-1 Notes regarding EFI boot mode: - After installing Qubes R4.0, EFI recognizes the system, but soon after upgrading dom0 or any other linux distro on laptop, it will disappear from boot menu. There's a workaround, though: change from EFI to Legacy Mode in BIOS, boot from USB Qubes Installer in Legacy Mode, select Recovery System, and follow the steps described in "Boot device not recognized after installing" and "Installation finished but Qubes boot option is missing and xen.cfg is empty", on Qubes Documentation (https://www.qubes-os.org/doc/uefi-troubleshooting/). Finally, restart your system, set Legacy boot to off again in BIOS, and add manually a EFI entry: select BOOTX64.efi from file manager for this new entry. And it's done! - dezese -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a0381df0-af8b-5d4e-5ff0-8aba9cdd3f1f%406x79.org. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-Dell_Inc_-Inspiron_7472-20180522-000518.yml Description: application/yaml signature.asc Description: OpenPGP digital signature
[qubes-users] Is it possible to create a fast clone/copy-on-write Qube?
I want to do the following. 1. Create an HVM Qube. This Qube contains a clean install of an OS such as Windows 8 or Arch. 2. Clone the Qube from #1. The files that make up this Qube should just contain the delta from the parent Qube. Writes are made to the child Qube; reads go to the child Qube (if the data being read was written previously) or to the parent Qube if not (in other words, copy-on-write.) I want to install applications in this Qube, so changes should persist. Hyper-V does this with differencing disks (see https://technet.microsoft.com/en-us/library/cc720381.aspx.) It looks like Xen does this also, with fast cloning (see https://docs.citrix.com/en-us/xencenter/6-2/xs-xc-vms/xs-xc-vms-copy.html.) My question is, can this be done in Qubes? From searching the Web and the docs, it looks like not, but I thought I'd see if I've overlooked anything. One way would be to have a TemplateVM and a TemplateBasedVM, but have changes to the TemplateBasedVM (outside of /home) be persistent. I don't know if Qubes allows that. One possible way (I think) would be to use Btrfs as the dom0 file system, but I don't know if that's allowed either. Otherwise, I'll have to create the parent Qube and then clone it with qvm-clone, but it looks like that creates a full copy, which I'd rather avoid if possible due to the disk space consumption. Thank you for any suggestions! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9e1e5425-58e3-40f4-9919-e08d16723bd1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes v4.0 - no network except in sys-net
Hello. Recently installed Qubes OS 4.0 to my laptop, connected an Ethernet cable and expected it to work... But: 1. I was forced to switch sys-net from HVM to PV (because no VT-d, so it would not start without IOMMU) 2. There is no network in any other domain, gateway IP is inaccessible. Even in sys-firewall. NetworkManager icon is present, pings from sys-net do pass. All routes are set (seemingly) correctly, and no configuration was made except for the HVM->PV transition stated above. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/B0AA638C-44FE-4253-B527-E8DF409C5A5F%40fireburn.ru. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] No boot after dom0 security repo update on may 15
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, May 17, 2018 at 11:54:03AM -, awokd wrote: > On Wed, May 16, 2018 1:51 pm, pony...@keemail.me wrote: > > Hi all. My machine directly boots into BIOS screen if my Asus Zenbook > > UX303 after updating Qubes 4.0 dom0, security repo enabled. I don't > > remember the error messages (s.th. with keys). > > So I boot from rescue USB Stick. Have to choose (3), going directly to > > shell. — > > And here I'm stuck, since many, many hours. No really helpful, _accurate_ > > instructions for medium talented users found. ;) > > How to replace dom0? Or restore boot files?I've got a pretty fresh > > complete backup on external USB drive, but don't want to install > > everything anew. > > Reinstall/restore might be fastest. If you want to try to fix it, search > this mailing list for "efibootmgr" assuming you have UEFI boot. Sounds > like something got corrupted. Reinstall GRUB if not using UEFI. If that's UEFI, verify content of /boot/efi/EFI/qubes/xen.cfg (/boot/efi is a separate partition, the first one on default install). Verify that default= entry points at existing section and it is the newest one. Also verify if files referenced there looks sane (if you've run out of disk space, those might be smaller than the rest). By editing this file you can also boot earlier kernel. Here is example xen.cfg file: https://www.qubes-os.org/doc/uefi-troubleshooting/#installation-finished-but-qubes-boot-option-is-missing-and-xencfg-is-empty - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlr/GFoACgkQ24/THMrX 1yyCfQf+Ltm7cIZmPvqdDKZXHdsuNOWPVw09lAZ7p/BMEf5WVd4iIkb/5muuRn7C YmNjttaiDDcNd5u6teNCs3xHMyC3sxcjaqNwyyWAK8eZ2RACo1rYryCPZiirNbGp Tzf5fkmrQZHvEN7n6EAolx6B+G3GBiiAEDM+TmDnqEMDXsML8HwGh0T7Fh8H+IBe YqsigU7zqQGC/kWeUfbLgdaBbe+jUUioJQWBEb5xvmbzdn7kfQuzGmTBqqqyTIkY +iDZbNl9UaD1SqHLzfqtjeFKo9l21FV1HVm6NG90AwPbTWIGHLppKEMICEKEmUcM EerCf238hhUi6+gkOLeLOTRIG5yaOQ== =eBH7 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180518181555.GB20125%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: U2F on Gmail not working (using Chrome on Personal AppVM)
-END PGP SIGNATURE- not so surprising in Fed28 , FF60, Q4.0, adding this package, attached the key to the AppVM, logging into webmail (gmail) this does nothing , it immediately fails ; however it does work ! in chromium surprise surprise , now if OTP would work would be nice Found out in FF60 one must do about:config and enable U2f , then my blue U2F yubikey works on gmail , but NOT my Yubi Neo, I am guessing because the Neo supports > 1 format, and haven't tried it by disabling the other functions/slots too bad OTP couldn't work same way, as it's the more important one to me ..**BUMP -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/256aaf76-22ff-5179-d655-2fb3b5f48a74%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Is it possible to create a fast clone/copy-on-write Qube?
On 05/22/2018 05:51 PM, fsharpn...@gmail.com wrote: I want to do the following. 1. Create an HVM Qube. This Qube contains a clean install of an OS such as Windows 8 or Arch. 2. Clone the Qube from #1. The files that make up this Qube should just contain the delta from the parent Qube. Writes are made to the child Qube; reads go to the child Qube (if the data being read was written previously) or to the parent Qube if not (in other words, copy-on-write.) I want to install applications in this Qube, so changes should persist. Hyper-V does this with differencing disks (see https://technet.microsoft.com/en-us/library/cc720381.aspx.) It looks like Xen does this also, with fast cloning (see https://docs.citrix.com/en-us/xencenter/6-2/xs-xc-vms/xs-xc-vms-copy.html.) My question is, can this be done in Qubes? From searching the Web and the docs, it looks like not, but I thought I'd see if I've overlooked anything. One way would be to have a TemplateVM and a TemplateBasedVM, but have changes to the TemplateBasedVM (outside of /home) be persistent. I don't know if Qubes allows that. One possible way (I think) would be to use Btrfs as the dom0 file system, but I don't know if that's allowed either. Otherwise, I'll have to create the parent Qube and then clone it with qvm-clone, but it looks like that creates a full copy, which I'd rather avoid if possible due to the disk space consumption. By default, the Qubes 4.0 volume manager will always create COW (not full) clones. If you choose btrfs instead, the effect will also be the same. One Qubes 3.2, you have to choose btrfs (or prepare a pool with a similar filesystem having COW reflinks) for this type of cloning to work. Keep in mind that (as with Hyper-V) these block level differencing volumes will diverge increasingly over time as updates are applied. That means the initial space savings will begin to shrink. I don't know if Hyper-V has a solution to this, but on Linux one way to help prevent divergence is deduplication (such as in btrfs). Overall, these cloning options (using LVM or btrfs) should work more smoothly than Hyper-V storage. Note the warnings re: volume spoilage on the Microsoft page don't apply to Qubes; you still have to update each cloned OS, but there is no need for you to keep track of volumes to avoid spoilage. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/18714794-db7d-7b0f-a810-4ff8f2fbbbc0%40posteo.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: off topic - invite codes to 'riseup'
need 1 code -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/86dc6341-7e9e-4847-b83c-cd1fa4dd7215%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] gpg --recv currently broken in debian-9 templates (w/ workaround)
Magic strings for people searching the archives to be able to find this: $ gpg --keyserver ... --recv 0x... gpg: keyserver receive failed: Connection refused or $ gpg --keyserver ... --recv 0x... gpg: keyserver receive failed: No keyserver available The problem is with dirmngr (a new component of gnupg2 responsible for interacting with keyservers) failing DNS lookups. More information at [1]. A workaround is to put "standard-resolver" in ~/.gnupg/dirmngr.conf & restart dirmngr: $ cat > ~/.gnupg/dirmngr.conf
Re: [qubes-users] unknown HID "Adomax" found in sys-usb while all USB-ports empty
On 05/22/2018 05:42 PM, edalva...@riseup.net wrote: > Hi, > > On a machine with sys-usb configured and mouse/keyboard connected > through "old" PS2-connections, I've noticed this when running lsusb -v > > Michal Lee has pointed this out earlier > (https://groups.google.com/d/msg/qubes-users/EANuL9rj_6w/-tjgYcThBAAJ), > but I still lack an explanation of what is going on here. The adomax device is a virtual qemu "tablet" used to provide absolute mouse coordinates. In other words it helps with mouse pointer synchronization between the host and vms. You may have noticed that the device is picked up by sys-usb's input-proxy sender as a HID device, which is why you may get a popup dialog (if qubes.InputKeyboard policy is set to 'ask') - even if you don't have a usb keyboard. > > > Best regards > Ed Alvarez > > > > [code] > > [someuser@sys-usb]$ sudo lsusb -v > > (...) > > Bus 005 Device 002: ID 0627:0001 Adomax Technology Co., Ltd > Device Descriptor: > bLength18 > bDescriptorType 1 > bcdUSB 2.00 > bDeviceClass0 > bDeviceSubClass 0 > bDeviceProtocol 0 > bMaxPacketSize0 8 > idVendor 0x0627 Adomax Technology Co., Ltd > idProduct 0x0001 > bcdDevice0.00 > iManufacturer 1 QEMU > iProduct3 QEMU USB Tablet > iSerial 5 42 > bNumConfigurations 1 > Configuration Descriptor: > bLength 9 > bDescriptorType 2 > wTotalLength 34 > bNumInterfaces 1 > bConfigurationValue 1 > iConfiguration 7 HID Tablet > bmAttributes 0xa0 > (Bus Powered) > Remote Wakeup > MaxPower 100mA > Interface Descriptor: > bLength 9 > bDescriptorType 4 > bInterfaceNumber0 > bAlternateSetting 0 > bNumEndpoints 1 > bInterfaceClass 3 Human Interface Device > bInterfaceSubClass 0 > bInterfaceProtocol 0 > iInterface 0 > HID Device Descriptor: > bLength 9 > bDescriptorType33 > bcdHID 0.01 > bCountryCode0 Not supported > bNumDescriptors 1 > bDescriptorType34 Report > wDescriptorLength 74 > Report Descriptors: >** UNAVAILABLE ** > Endpoint Descriptor: > bLength 7 > bDescriptorType 5 > bEndpointAddress 0x81 EP 1 IN > bmAttributes3 > Transfer TypeInterrupt > Synch Type None > Usage Type Data > wMaxPacketSize 0x0008 1x 8 bytes > bInterval 10 > Device Qualifier (for other device speed): > bLength10 > bDescriptorType 6 > bcdUSB 2.00 > bDeviceClass0 > bDeviceSubClass 0 > bDeviceProtocol 0 > bMaxPacketSize064 > bNumConfigurations 1 > can't get debug descriptor: Resource temporarily unavailable > Device Status: 0x > (Bus Powered) > > (...) > > [/code] > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/185d542e-7472-df8b-6951-ba9d26f27e62%40maa.bz. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: why Whonix and not Tails or the anon-vm?
On 05/20/18 18:43, cooloutac wrote: On Monday, May 21, 2018 at 12:43:19 AM UTC-4, cooloutac wrote: On Sunday, May 20, 2018 at 9:16:09 PM UTC-4, john wrote: On 05/20/18 12:26, Name wrote: On 05/19/18 22:07, awokd wrote: On Sat, May 19, 2018 12:45 pm, qubes-fan-q7wo9g+UVklWk0Htik3J/w...@public.gmane.org wrote: Qubes is not amnesic, and therefore not suitable for running amnesic Tails. Therefore the decission for non- amnesic Whonix, running itself by default, in a virtual environment loved by Qubes. Disposable VMs (including whonix-ws-dvm) are at least partly amnesic. Once you shut it down, you aren't going to recover the contents easily. Tails running directly on hardware is more amnesic. Tails running in an HVM is somewhere in between. See https://github.com/QubesOS/qubes-issues/issues/2024 and links in there. well, it's not really my question, but I did notice that in these semi-permanent fedora-27-dvm and whonix-dvm that if I make bookmarks in firefox they persist which surprises me, as I thought the whole point was that with dvm's nothing persisted, I'm not sure I really understand why I even have these domains listed fedora-27-dvm etc, IIRC, in Q3.2 when you went to make a DVM it started and initially took a while, and then told you next time it would be faster, but when you closed whatever was using the DVM no domain persisted in the qvm-ls / VM manager, etc ; much less things like browser bookmarks ... I expect with whonix-appqubes that bookmarks would persist, but not whonix-dvm's * actually they persist in fedora-dvm but not in whonix-dvm fwiw :) I've been wondering why my whonixdvm for me right now keeps asking me to update. even though i'm updating the template. the torbrowser I meant. ya, same here , persistent green arrow , -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3b113e00-43ce-b665-c096-68ec41c0d90d%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] unknown HID "Adomax" found in sys-usb while all USB-ports empty
> You may have noticed that the device is picked up by sys-usb's > input-proxy sender as a HID device, which is why you may get a popup > dialog (if qubes.InputKeyboard policy is set to 'ask') - even if you > don't have a usb keyboard. sorry - scrap that bit, it's not true. (I thought the qemu tablet was actually the reason I had a recurring usb keyboard popup dialog [1] but the device is properly blacklisted in sys-usb). [1] https://github.com/QubesOS/qubes-issues/issues/3604 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3c27dc7b-ac98-b294-6487-cc116de0b346%40maa.bz. For more options, visit https://groups.google.com/d/optout.
