Re: [qubes-users] Talk about HOPE about Qubes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-08-04 00:01, Andrew David Wong wrote: > On 2018-08-02 19:23, Micah Lee wrote: >> Hello, I just discovered the recording of my HOPE talk showing off >> many cool things about Qubes. Check it out if you're interested: >> https://livestream.com/internetsociety2/hope/videos/178431606 > > > Thanks, Micah! That was a great presentation! > > Announced on the Qubes website: > > https://www.qubes-os.org/news/2018/08/03/micah-lee-hope-conf-2018/ > Also added to the Video Tours page: https://www.qubes-os.org/video-tours/#micah-lee-presents-qubes-os-the-operating-system-that-can-protec - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAltlPoYACgkQ203TvDlQ MDDlPxAArZqzPZ6DBS2tiEcfcLCg66omm02LTs8HPxm+gDvNkAqZi2U75tW2I6PJ E2L1P9Eha68Sx2uYEMILSm66COYHLgfubexylMMut0iHTB0k4VHUruf2b2peDpzh lummuliM05QxFgz5Zthkn0ygKog9SJDI2DL5F0tAiBpluaedQRJQn4cfEBbWLiAU h2CRmojuQdxkHF+Ju9154IYTGhKWoZQ0GvHmNQOFpXAzxf6bK3zOJVWr1tJRAnJd wrQovLjaW7xMq8By7cd2se1exmyOvgkYTQhSTGsGqeN+RrSg9WKP7QF2Axm0KhbP hZZhSKPOcR2ib5gczSBB5Lgr9vYtmyuOJRSEzcKsD9vnIoF9tycFk5Sy3CHwGJ7N t31+XrfBwSlNNz8v6ZYnHsDUeEQXEwEMUYhSjBC2X4qi44TVsN/skYZPFRVi6pO4 x4fdMUK155nkJlbZf8V94vguNUlCeAgCkLhFbxQLUTP0QQ2B2rNvsWWZweVbf/jp 97Odb28tHkhyXem8ko8GKhGnMoYbFs+93rvRZcAhp3xTwbR/c/lTib8Kqgm9vgfn ZiZ11V5v0YQQ0ZcRrUFMibURC+4VMYlMiBLwvgpaQFiAjLciliZ8uHaoXM49SUAQ Z3CRk3FTowdKS5CMfSo5ZiBlcZnqvvDnoP9PJbGqN6O3TjAyWB8= =HmLh -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/11a2744c-560a-2717-3316-5b981538e5ae%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Talk about HOPE about Qubes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-08-02 19:23, Micah Lee wrote: > Hello, I just discovered the recording of my HOPE talk showing off > many cool things about Qubes. Check it out if you're interested: > https://livestream.com/internetsociety2/hope/videos/178431606 > Thanks, Micah! That was a great presentation! Announced on the Qubes website: https://www.qubes-os.org/news/2018/08/03/micah-lee-hope-conf-2018/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAltlMx0ACgkQ203TvDlQ MDApog/+I2poTywnuzG3osKLVz0nFIK1/qp3f1DHIfYecO0ahj1IjRaREPi38omL woBCBwN3ju1drIfmoag5IdAApnQpCkdsJajVGO8lIUvA/R9aH0W5752iAUVIEb7+ gnVpzBKMwVDO19IJN+dyggn5UJeSIko/opHmVCmMe95Q0FbJV+GA5QCrEf1KZ3DL pdbsBKyX9yUHFOGqf8NZ6zxvSpRNfs65t2/50wmPuARz6wvoYK+5SScKmv/Xq846 8DL2cMtfsrqxeHSuMOMOGhzgcMw81Oz2bVmnPSjfYfkkcIWLCR3LXpsIoRWlyq44 0uEvCGw+t/34B3MbWn6UOgMcPf0cyTWeWk2mx9LB7VV1kYH6AbXkymLJf+MpkwPm ZkTtDIlvBgo00DokQGHWNBFXowXq27HbLMT57Q+L6bRMP24Ix5T8CMOb/q4KP5Kl Eol+1Pe8pASIcqYADrwHyfdChdvgh/d//4Kij4VNL9d1dAU5ucxNxOJ6+Fvva929 cTF4YzFsEn4lkev66bNcn1KHjv30IoZEUuPDYWjtEQLsUXqhrbdNujsF+PaUcTqa TqjRCnvWVHEBcNFFA9B2tsk6WblbHDWz2+/Y8h6EaBJ9WbgptnNPmrtHzPNr85zq Fhh/rU1M7grlqA9E0QZ3fg0ArEL1P6jWJCqbmPqSS+tBslq2imA= =dFmD -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cbc14450-064c-ac60-f8d3-b24260fd0827%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes 4, copy/paste not working between AppVM's
On 08/03/2018 04:45 AM, max.militant-re5jqeeqqe8avxtiumw...@public.gmane.org wrote: >> If you open the VM Manager and go to Qube-> Keyboard Layout what is it >> set to ? > It's default on my individual VM's (set to qubes default layout). My Qubes > (Dom0) model is Generic 105-key (intl) PC on my Purism 13v2 laptop. The > layout is Danish. > I suppose you've tried setting dom0 to default to troubleshoot ? And sorry to ask but when was it last working, and did you change/install something etc ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/aedd11ea-6cb6-c9b1-13fc-30beb079beef%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Talk about HOPE about Qubes
torsdag den 2. august 2018 kl. 20.21.14 UTC-4 skrev Micah Lee: > Hello, I just discovered the recording of my HOPE talk showing off many > cool things about Qubes. Check it out if you're interested: > https://livestream.com/internetsociety2/hope/videos/178431606 Thank you very much for this. I was enlightened by you mentioning the thunderbird plugin. Awesome feature. Thank you, again. I'm now using it as a Qubes promotional video. Sincerely Max -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e45addee-ce71-4c7f-9a6d-f4d91c445efd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to Disable Wi-Fi in Qubes 4.0?
Tell me please the command in Dom0 or maybe somewhere in settings. How can I disable the Wi-Fi adapter? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e0d9546b-697f-482d-b758-6ee4f29379ab%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] [need help] how to restore domain: untrusted, work, vault, personal?
On Fri, Aug 03, 2018 at 03:28:13PM +0300, Ivan Mitev wrote: > Hi, > > On 08/03/2018 11:28 AM, x99nin...@gmail.com wrote: > > Hi all. > > > > I want to "grow down" private storage max size "untrusted" (switch back > > from 6048MiB to 2048MiB) > > > > Ok. Let's start > > > > qvm-volume info untrusted:private > > lvresize -L2G /dev/qubes_dom0/vm-untrusted-private > > > > It's done and qubes-manager (basic tab) show me that private storage max > > size changed to 2048M. > > > > Ok, now i'am start untrusted domain > > > > qvm-start -a untrusted gnome-terminal > > > > Domain started, but nothing happens. > > What i do wrong? What happened with "Untrusted" domain qube? > > Shrinking a volume is not a trivial thing to do. > > You should have first resized (shrinked) the filesystem itself, and then > resized the underlying volume. Data loss aside, you now have a broken > filesystem which is likely why you can't start your VM. > > The following page shows how it is done for Linux VMs: > > https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/shrink-volumes.md > > > > How to restore "Untrusted" domain ? > > - Did you do a backup with qvm-backup ? if yes, restore with > qvm-backup-restore > - Did you clone the vm ? if yes, delete (or rename) the broken vm and > clone/rename the original, backuped vm > > However since you're asking, I guess that you don't have any backups. > The probability that you lost data is ~100%, your best bet now is to > attach your untrusted VM's private volume to another VM (see the link > above for how to do that), run e2fsck, and hope that your important data > was at the beginning of the volume (by running lvresize -L2G on a 6G > volume, you trashed 2/3rd of the virtual disk without any easy way of > recovering it). > > > > > > Thanks. Also attached pic's related. > > > I rate the probability of recovering data without a backup somewhat higher, depending on what OP has done in the meantime. Kill all other qubes. Kill the qube, and then take a copy of the underlying storage, using dd, to an external device if possible. Set netvm of untrusted to none. Then restore the volume size to 6048. Start untrusted. I'm assuming that data occupied less than 2G in /home/user, or what was the point in resizing. If you are lucky, the qube will start and mount /dev/xvdb If you're unlucky then you will at least be able to get root access to the qube and you should be able to use standard recovery processes to recover at least some files from xvdb. When you are happy, shutdown, take a backup and resize the disk the *right* way. (I admire your boldness in ignoring the hefty warning about data loss.) unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180803173306.xxcmgljl5mqivoi5%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] QWT has effect in Dom0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Let me describe my issue once more, maybe a bit easier: - -> I have a Windows 7 HVM and when I install QWT 4.0.1.3 I get the shared clipboard and the ability to send/receive files from other VMs - -> but something in Dom0 seems stuck... -> when I try to launch another Fedora based VM nothing happens, until... -> ... I shutdown the Windows VM. Then the Fedora VM launches. -> Even qmv-ls on Dom0 is stuck "please wait \" until I shutdown the Windows VM. This is not a resource problem. I routinely run 20+ VMs, have 32 GB of memory and 800+ GB of free space. Any ideas? /Sven -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAltkke0ACgkQ2m4We49U H7ZNdQ/+LJdVH8EU2Yai+59XegxVx3lyoZ1JPVUDdnPUVG5Jx4WIWaEFfovxcUEx HectZ2jfPvtiQcr9Iu27Wa0DUGJZ5iuXfrLrmXco1/acfJmlaD/j+pCnhuK4IN3R 5ThoogsRvGIOnSd3XpFpMBiOxj4d1qe3Wo9vNPOegillTVWXGm1MmxFJj327oaoZ rcYNyshaBhet+P7MEDIWE/pbpFjJyE9uz7ADlcwkxdR/JkUJUFlwGLSg1jN8ZhoJ OLvRrbhuC1QORbbjyGKwdC5AKvJfxJZsHfAn0zkL+l8qd55tavTnFh0+i3QdoQ+4 uoQFsaoS4craZPejc8Aiwtr3xxD/2sBVrUyjH1UZi6Rv1ZjlhCXMNkU/4QiIYA64 SJ3M6+9HPNbGmXWZoeEqMiIHKUrmaNQRf0roN1TQw8d2em7OZ4o0z0u7F4gyE1lE HgqOK7TjfwKIBHV/ue3FG59mz79rpkc51Pr98MHK1SlVDR/prpK7/XN94DnrgzHH H2Ns76oLBJyIQeFRUvoC+bP6eLlf1adh3Al/s54+byxpYaRW9BFVQL1KvXDQEkJP 0y06xZf46qkXK/Yx2O66YEWOM048M5ChnDTO1lEbhT7BEAVoyKa5x1AhxVHmMBMe eqFDhjtZeEo6o7LiUeCJouTA7r6tQAFB14GmadZEKOXp2XB6xR0= =D3Tb -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f62e460b-db4e-63d7-8569-f2c8971e0f8a%40SvenSemmler.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: qubes-dom0-update borked laptop
On Fri, 3 Aug 2018, jm wrote: > On Friday, 3 August 2018 13:02:03 UTC-4, steve.coleman wrote: > > On 08/03/18 12:46, jm wrote: > > > /var/log/dnf.log tells me that this morning dom0 update > > > > > > Removed: > > > kernel.x86_64 1000:4.9.35-20.pvops.qubes > > > kernel-qubes-vm.x86_64 1000:4.9.35-20.pvops.qubes > > > > > > Installed: > > > kernel.x86_64 1000:4.14.57-1.pvops.qubes > > > kernel-qubes-vm.x86_64 1000:4.14.57-1.pvops.qubes > > > > > > > Check to see if your VM's are set to the latest Kernel just installed. > > If it is try setting it to the previous version vm. > > > > Also I once had a problem where kernels were being installed and > > uninstalled while the settings for the VM's never got updated to point > > each to a newer valid kernel. > > yes, this worked. I have to manually downgrade every vm by hand using > > qvm-prefs vm kernel -s oldkernelnumber > > ouch. half a day's work lost to a botched dom0 update. I will have to be more > wary of immediately installing dom0 updates in the future. It probably doesn't help for this particular problem any more but there would have been a global default for the kernel in the qubes manager "global settings". Also, now that you've manually set the kernel for all those vms into the older kernel, the vms will not automatically get a new kernel into those vms when you update kernel in the future but you need to do that operation once more. It will be it's quite easy with a simple bash for loop to avoid doing it manually though: for i in $(qvm-ls --raw-list); do qvm-prefs $i kernel -s ...; done ...You might want to set them all to default instead of a specific kernel version once you've a working kernel set as the default kernel. -- i. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/alpine.DEB.2.20.1808032021350.13783%40whs-18.cs.helsinki.fi. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: qubes-dom0-update borked laptop
On Friday, 3 August 2018 13:02:03 UTC-4, steve.coleman wrote: > On 08/03/18 12:46, jm wrote: > > /var/log/dnf.log tells me that this morning dom0 update > > > > Removed: > > kernel.x86_64 1000:4.9.35-20.pvops.qubes > > kernel-qubes-vm.x86_64 1000:4.9.35-20.pvops.qubes > > > > Installed: > > kernel.x86_64 1000:4.14.57-1.pvops.qubes > > kernel-qubes-vm.x86_64 1000:4.14.57-1.pvops.qubes > > > > Check to see if your VM's are set to the latest Kernel just installed. > If it is try setting it to the previous version vm. > > Also I once had a problem where kernels were being installed and > uninstalled while the settings for the VM's never got updated to point > each to a newer valid kernel. yes, this worked. I have to manually downgrade every vm by hand using qvm-prefs vm kernel -s oldkernelnumber ouch. half a day's work lost to a botched dom0 update. I will have to be more wary of immediately installing dom0 updates in the future. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cba4ad2d-0bff-4b59-9413-66656c7f2836%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: qubes-dom0-update borked laptop
Removing kernel 4.14.57-1 caused no issues, but removing kernel-qubes-vm 4.14.57-1 gives me the error: qvm-start foovm ERROR: VM kernel does not exist: /var/lib/qubes/vm-kernels/4.14.57-1/vmlinuz maybe there's a way to regenerate that list of kernels to rollback to an earlier one -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/226fd1c5-07aa-436b-bf27-67bad564e5d5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: qubes-dom0-update borked laptop
On 08/03/18 12:46, jm wrote: /var/log/dnf.log tells me that this morning dom0 update Removed: kernel.x86_64 1000:4.9.35-20.pvops.qubes kernel-qubes-vm.x86_64 1000:4.9.35-20.pvops.qubes Installed: kernel.x86_64 1000:4.14.57-1.pvops.qubes kernel-qubes-vm.x86_64 1000:4.14.57-1.pvops.qubes Check to see if your VM's are set to the latest Kernel just installed. If it is try setting it to the previous version vm. Also I once had a problem where kernels were being installed and uninstalled while the settings for the VM's never got updated to point each to a newer valid kernel. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0a0d5ae4-139f-db6c-bebe-f183c80adce9%40jhuapl.edu. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: qubes-dom0-update borked laptop
/var/log/dnf.log tells me that this morning dom0 update Removed: kernel.x86_64 1000:4.9.35-20.pvops.qubes kernel-qubes-vm.x86_64 1000:4.9.35-20.pvops.qubes Installed: kernel.x86_64 1000:4.14.57-1.pvops.qubes kernel-qubes-vm.x86_64 1000:4.14.57-1.pvops.qubes -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c988f5d4-28f3-4008-b3fb-e45a7727581c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: qubes-dom0-update borked laptop
On Fri, Aug 03, 2018 at 09:15:21AM -0700, jm wrote: > The key problem here seems to be that none of my vms will boot after the 3.2 > dom0 update this morning. > > I can get a dom0 shell, but I have no internet connectivity. I can read logs, > but I'm not sure what to do to regain access to the data in my vms. > > Any help much appreciated. Thanks. > What packages did you upgrade? If you dont recall you can check the dnf logs in /var/log. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180803163429.qwmyhrxxaky5kmqj%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: qubes-dom0-update borked laptop
On Aug 3, 2018 12:15 PM, jm wrote:The key problem here seems to be that none of my vms will boot after the 3.2 dom0 update this morning. I can get a dom0 shell, but I have no internet connectivity. I can read logs, but I'm not sure what to do to regain access to the data in my vms. Any help much appreciated. Thanks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a5ced6f1-ca01-4028-be0c-c4b309e0f80b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. Check to see what kernel the vms are trying to boot with, they may be using the new kernel as well and you may have to set them to the older kernel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e76448f8-0c73-4cd6-9042-e7c62743a525%40email.android.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: qubes-dom0-update borked laptop
The key problem here seems to be that none of my vms will boot after the 3.2 dom0 update this morning. I can get a dom0 shell, but I have no internet connectivity. I can read logs, but I'm not sure what to do to regain access to the data in my vms. Any help much appreciated. Thanks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a5ced6f1-ca01-4028-be0c-c4b309e0f80b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Encrypt only part of SSD or How to encrypt after installation?
On 08/03/18 03:56, Daniil .Travnikov wrote: I installed Qubes 4.0 and in process of installation I created only /boot/efi 400MB / 240GB Even I set passphrase in some reason the '/' did not encrypted (maybe I did some mistake) and now I have non-encrypted 240Gb drive with Qubes OS. That's not a mistake. A computer can not boot from an encrypted partition without a little magic to load the unencrypted executable image first. If its an Opal 2.0 compliant drive you can install a Pre-Boot Authentication (PBA) module that will run when the device it powered up, and prompt you for a password before the OS actually starts to boot, and the PBA will then unlock the boot partition so the OS boot cycle can start. There is source code for the PBA image so you can control what it actually does. How do you know if it's Opal? There will be a PSID number printed on the device. This PSID is the magic number/key needed to reset the device back to the factory default should you need to do so. It will *instantly* wipe everything on the device by changing the key, so be very careful. Actually using the device without doing anything special, the device is already encrypted but just using the default key. The tool to manage the device can be found here: sedutil-cli https://github.com/Drive-Trust-Alliance/sedutil/wiki/Command-Syntax Your distribution may have a similar utility by the name msed, but that is an older version of the above tool. To encrypt only part of the drive you will need to create a locking range that spans from the end of the partition table to the end of that region of the drive (your partition size), and set a password for that range, and install the PBA of your choice. After unlocking that range you then partition the drive, writing the disk tables/structures, and then install your stuff, after the range has already been encrypted. Locking ranges are very flexible and can even be use to make your boot partition read-only, or even hide the real partition table until after the drive has been unlocked. There is a lot of flexibility in the Opal design. I created this volumes manually because I need to install second OS - Windows 7 (multi-boot) on the rest of 250 GB on SSD drive. That's why I can't use the whole drive encryption. I need only the part of drive to be encrypted. Now as I can see I have 2 possible variations: 1. Encrypt this 240 GB part of Drive after Qubes 4.0 installation. 2. Re-install Qubes 4.0 with right options in installation process. Both ways I don't know how to realize. Could anybody knows? Thanks in advance. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0a85e774-45ec-efb7-5462-bd3e4034bd1e%40jhuapl.edu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Ubuntu templates
On 08/03/2018 04:56 PM, Chris Willard wrote: > On 03/08/18 15:31, Unman wrote: >> Works for me. >> Fri 3 Aug 15:30:28 BST 2018 >> Can you try again? >> > Works for me too. Yep, seems to work fine for me now as well. -- noor -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/58821db7-5cb1-6830-ed28-15cff9e19bc0%40fripost.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
[qubes-users] Re: qubes-dom0-update borked laptop
looking at the logs, /var/log/qubes/qrexec.netvm.log tells me: domain dead cannot connect to qrexec agent: No such process that sounds ominous. I've got a bad case of DOS by dom0 update. Help? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3b4af75c-1775-464e-b398-18f8002c21cb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Ubuntu templates
Hello All, On 03/08/18 15:31, Unman wrote: On Fri, Aug 03, 2018 at 03:47:45PM +0200, Noor Christensen wrote: On 08/03/2018 01:20 PM, Unman wrote: http://qubes.3isec.org/Templates. The URL gives 404 Not Found at the moment (2018-08-03 15:47). -- noor Works for me. Fri 3 Aug 15:30:28 BST 2018 Can you try again? Works for me too. Regards, Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/MTAwMDAxMi5hbmF0b21pYw.1533308172%40quikprotect. For more options, visit https://groups.google.com/d/optout.
[qubes-users] qubes-dom0-update borked laptop
The qubes-dom0-update this morning borked my laptop. I'm running 3.2. The latest kernel would show the splash screen, kernel selection, and then immediately reboot the device. Selecting an older kernel gets me to a desktop, but none of the vms will start, including the netvm. systemctl status qubes-netvm.service tells me: Active: failed. Process: .(code=exited, status=1/FAILURE) nothing jumping out at me here as a root cause. I can't start networkless vms either, everything returns "Cannot connect to 'vm' qrexec agent for 60 seconds" Ideas? My laptop is completely borked right now. thanks. (I know, I need to get a new laptop and upgrade to 4.0, but in the meanwhile) thanks, jmp -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f1769c55-f931-458a-9281-b00c03d58670%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes 4, copy/paste not working between AppVM's
fredag den 3. august 2018 kl. 03.32.59 UTC-4 skrev John S.Recdep: > On 08/02/2018 02:56 AM, > max.militant-re5jqeeqqe8avxtiumw...@public.gmane.org wrote: > > torsdag den 2. august 2018 kl. 01.28.12 UTC-4 skrev > > max.mi...-re5jqeeqqe8avxtiumw...@public.gmane.org: > >> Hi, > >> > >> I have a Qubes 4 installation on my laptop, and copy/paste between appVMs > >> is not working. > >> > >> I usually(on other Qubes installations) get an infobox on copy/paste to > >> the clipboard in upper right corner whenever I press the sequence (ctrl-c, > >> ctrl-shift-c) and again in the destination vm (ctrl-shift-v, ctrl-v). But > >> there is nothing and nothing gets copied. > >> > >> I tried the instructions here: https://www.qubes-os.org/doc/copy-paste/ > >> and removed the # on the 2 lines in /etc/qubes/guid.conf to enforce it's > >> usage: > >> > >> secure_copy_sequence = "Ctrl-Shift-c"; > >> secure_pate_sequence = "Ctrl-Shift-v"; > >> > >> I also checked the /etc/qubes-rpc/policy/qubes.ClipboardPaste and ensured > >> that it had the follwoing: > >> > >> dom0 $anyvm ask > >> $anyvm $anyvm ask > >> > >> Restarting the whole laptop, after changes did not help. > >> > >> Am I missing something somewhere, from the switch from 3.2 to 4, or is my > >> install broken? > >> > >> Any ideas are greatly appreciated. > >> > >> Sincerely > >> Max > > > > I do remember installing the laptop and having minor issues back then with > > language during install: > > (https://github.com/QubesOS/qubes-issues/issues/3753) > > > > Also I had some issues with purism, but maybe not directly related to this: > > https://forums.puri.sm/t/keyboard-layout-unable-to-recognize-pipe/2022/3 > > > > Is there any way to see what I should produce as output when pressing these > > 3 keys and compare it to the result on my laptop? > > > > Sincerely > > Max > > > > If you open the VM Manager and go to Qube-> Keyboard Layout what is it > set to ? It's default on my individual VM's (set to qubes default layout). My Qubes (Dom0) model is Generic 105-key (intl) PC on my Purism 13v2 laptop. The layout is Danish. > Sounds like you are aware cut/paste to terminals doesn't work with > keybinding, I have to use right-click IIRC Yes, and middle mouse to paste, usually. Thank you -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bc689243-f1bd-4f46-b12f-dc29342cb62a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Ubuntu templates
On Fri, Aug 03, 2018 at 03:47:45PM +0200, Noor Christensen wrote: > On 08/03/2018 01:20 PM, Unman wrote: > > http://qubes.3isec.org/Templates. > > The URL gives 404 Not Found at the moment (2018-08-03 15:47). > > -- noor > Works for me. Fri 3 Aug 15:30:28 BST 2018 Can you try again? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180803143142.riipfsv2s5azbciu%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] What exactly is 'private-cow.img' in appvms?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Rusty Bird: > Stickstoff: > > there is documentation about 'root-cow.img' online [1], but nothing > > about 'private-cow.img'. > > Am I right to assume that the 'private.img' is the writable part the VM > > sees, with the changes the VM wrote saved on 'private-cow.img' [...] > > It's kind of the other way around - foo.img stores the most current > live data for volume foo, and foo-cow.img stores differing old data > blocks that allow the corresponding device-mapper snapshot* device to > present a virtual view of the contents of volume foo from the time it > was snapshotted, i.e. before the live data started to diverge. > > > If [..] I backup only 'private.img' of a running VM > > This would result in inconsistent/damaged data. To be clear - what I meant by inconsistent is that that when the VM is running, some data blocks in private.img will change while your manual backup operation is copying that file. Rusty > * https://www.kernel.org/doc/Documentation/device-mapper/snapshot.txt -BEGIN PGP SIGNATURE- iQJ8BAEBCgBmBQJbZGVjXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0 NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfBzcP/jt0GN2azqrNqaP0jNoMmAJh gvZVI53QSxwyK93gGVi1MxECG3B5EA9yl6wEpqe7IJbNKPja6QdPVcJPyruyE+0i w+5aWuR81n8oAI2E1K2b/tJZ1Zha035d/6joRraQ6lkjIH+S2QdYAP5oUUx40ZWf xYAwR+FJZJVsf0dMLnzPgTpLyd7rV2sF3YK5l6InypgmaNB0OmYx/jU7HpSuN7zz w4jYEnfhXthwQS3uaEsuNXVTXln9bEgraR4n9G8emn6z2Xr1/HY6tvWQ2rZzkfRx ++kNrg9O2JrLuPx5mZlQPuZ3iki0wcqBbGNyFNNZ/2yYA5bmRTOYyof3Ux2zdZ9C fa43idV5slEVmprwOH6/iiS0ZLzaoRuQVIvNFVIW5gqteUMiHemqWjyzQm09gY6p QYCCimw48uYsgFyNxjJLp/F5ezdAl2qlbOyzZCK8gWY0zOpCoh1eywgM/04ZJVw9 M9rbHZZBBx4KxVGOkAKzW5LLXVgvpLtYPbdzkrkYqg3hP+Z06oXUqpJv6+TnbCnf JgemF543aSXVcNmwTiZncu+gYwBin8AwWthHhmBaOxDBGnFUOFFjlQcXchbT5hrd NOC0sm845KVgFYyOT+zWvkXJEg1PKTt2m/vQOwicaGF2/uY0Z5nBXBUHEzGkK+y0 rNBlQucepQa/7vJnLcZA =EMYK -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180803142331.GA1192%40mutt. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] What exactly is 'private-cow.img' in appvms?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Stickstoff: > there is documentation about 'root-cow.img' online [1], but nothing > about 'private-cow.img'. > Am I right to assume that the 'private.img' is the writable part the VM > sees, with the changes the VM wrote saved on 'private-cow.img' [...] It's kind of the other way around - foo.img stores the most current live data for volume foo, and foo-cow.img stores differing old data blocks that allow the corresponding device-mapper snapshot* device to present a virtual view of the contents of volume foo from the time it was snapshotted, i.e. before the live data started to diverge. > If [..] I backup only 'private.img' of a running VM This would result in inconsistent/damaged data. Rusty * https://www.kernel.org/doc/Documentation/device-mapper/snapshot.txt -BEGIN PGP SIGNATURE- iQJ8BAEBCgBmBQJbZGBeXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0 NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfERYP/ApX1aJuCoyueKURTwB8hCx/ GQsrqeflPsL9ohqjbEv6m19cVFXRK6G1vKkycxwPolfHqq/7bQ5U673jCHSzLwpr bdLbgupYBe7AosfrNJLgwvcm5LR3v8qK+VOyK1htzdmuEDkLPom0INlVcMPRVpvB G8uKjp9xnKfg7n2UaULsIdL8+IkQ4U1AlZ0Y/breR7q9Hivxzd9PZMoJL77NAdxD iKNN+Ac9fHczupUdBjQAlUCrLchjeZSSzgnAIifRjuXDthwTyoi+f1/aSWYZxd0B 5MXh7HnPI2JyZ/trZadpKvZVCNn0s9D9AsDugCNbQSxP+YFxerC5uukwHgnC1j7g ORtbs4c4NwP4jkytFJF/GtgCO77699FtyJFwPa5BU4hpspkjuJTSgaVAP7j2z4Jj oGDd+iF91mb6Gbv6syYPN8QmSdshuCSFkYH61bft+Odd1+QokeN2Sa+uJQGZ20gA xrM/lmmzo3TqtfLns7S7/FrsPok1njJaTyBsG7TdZf1A1rsu57mb0K6Vf9sPoI7t cO/+4WwUR02oNfxviWTPuyou6ZzIIblwqnCS74EsOlLopf1Ilc0i/S9bxIhotPIg grlKluk1QpWz4r/CWV8Ho7UzqrFQClWUBFkkEdtATkV7WAARFi5XS/efbTG4ita0 GkyInY0UAP9pk4FhPcQp =+FNE -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180803140206.GA1151%40mutt. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Ubuntu templates
On 08/03/2018 01:20 PM, Unman wrote: > http://qubes.3isec.org/Templates. The URL gives 404 Not Found at the moment (2018-08-03 15:47). -- noor -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6f9d3454-f7fa-c899-bc46-e5d002fced42%40fripost.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] [need help] how to restore domain: untrusted, work, vault, personal?
Hi, On 08/03/2018 11:28 AM, x99nin...@gmail.com wrote: > Hi all. > > I want to "grow down" private storage max size "untrusted" (switch back from > 6048MiB to 2048MiB) > > Ok. Let's start > > qvm-volume info untrusted:private > lvresize -L2G /dev/qubes_dom0/vm-untrusted-private > > It's done and qubes-manager (basic tab) show me that private storage max size > changed to 2048M. > > Ok, now i'am start untrusted domain > > qvm-start -a untrusted gnome-terminal > > Domain started, but nothing happens. > What i do wrong? What happened with "Untrusted" domain qube? Shrinking a volume is not a trivial thing to do. You should have first resized (shrinked) the filesystem itself, and then resized the underlying volume. Data loss aside, you now have a broken filesystem which is likely why you can't start your VM. The following page shows how it is done for Linux VMs: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/shrink-volumes.md > How to restore "Untrusted" domain ? - Did you do a backup with qvm-backup ? if yes, restore with qvm-backup-restore - Did you clone the vm ? if yes, delete (or rename) the broken vm and clone/rename the original, backuped vm However since you're asking, I guess that you don't have any backups. The probability that you lost data is ~100%, your best bet now is to attach your untrusted VM's private volume to another VM (see the link above for how to do that), run e2fsck, and hope that your important data was at the beginning of the volume (by running lvresize -L2G on a 6G volume, you trashed 2/3rd of the virtual disk without any easy way of recovering it). > > Thanks. Also attached pic's related. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b6f5ffd3-5483-1a82-27ad-ca132aa185ed%40maa.bz. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Ubuntu templates
I've posted some PRs to resolve the issues with building Ubuntu templates. If you can't wait for them to be merged, and want to try Ubuntu I've posted some minimal templates here: http://qubes.3isec.org/Templates. The templates are signed with my Qubes signing key. You can get this from keyservers. I certify it is mine at https://github.com/unman/unman I'll be putting in PRs to enable bionic builds in next day or so. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180803112031.s3aafhac7r3a5kvr%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] [need help] how to restore domain: untrusted, work, vault, personal?
On Fri, Aug 03, 2018 at 01:28:13AM -0700, x99nin...@gmail.com wrote: > Hi all. > > I want to "grow down" private storage max size "untrusted" (switch back from > 6048MiB to 2048MiB) > > Ok. Let's start > > qvm-volume info untrusted:private > lvresize -L2G /dev/qubes_dom0/vm-untrusted-private > > It's done and qubes-manager (basic tab) show me that private storage max size > changed to 2048M. > > Ok, now i'am start untrusted domain > > qvm-start -a untrusted gnome-terminal > > Domain started, but nothing happens. > What i do wrong? What happened with "Untrusted" domain qube? > How to restore "Untrusted" domain ? > > Thanks. Also attached pic's related. > After you have run that command what does "qvm-ls untrusted" show? (Incidentally, pics are no use for some readers so please summarise any error messages. ) I'm not sure what you expect to happen in this case. Have you tried using qvm-run rather than qvm-start? If that was a typo, (and I guess it was) then you should be aware that you cant start gnome-terminal like that. Try "qvm-run -a untrusted xterm" unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180803110544.au3f6jxiqd3hcieg%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Encrypt only part of SSD or How to encrypt after installation?
I installed Qubes 4.0 and in process of installation I created only /boot/efi 400MB / 240GB Even I set passphrase in some reason the '/' did not encrypted (maybe I did some mistake) and now I have non-encrypted 240Gb drive with Qubes OS. I created this volumes manually because I need to install second OS - Windows 7 (multi-boot) on the rest of 250 GB on SSD drive. That's why I can't use the whole drive encryption. I need only the part of drive to be encrypted. Now as I can see I have 2 possible variations: 1. Encrypt this 240 GB part of Drive after Qubes 4.0 installation. 2. Re-install Qubes 4.0 with right options in installation process. Both ways I don't know how to realize. Could anybody knows? Thanks in advance. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/87f74640-531c-40e2-843d-20850bafc8a1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes 4, copy/paste not working between AppVM's
On 08/02/2018 02:56 AM, max.militant-re5jqeeqqe8avxtiumw...@public.gmane.org wrote: > torsdag den 2. august 2018 kl. 01.28.12 UTC-4 skrev > max.mi...-re5jqeeqqe8avxtiumw...@public.gmane.org: >> Hi, >> >> I have a Qubes 4 installation on my laptop, and copy/paste between appVMs is >> not working. >> >> I usually(on other Qubes installations) get an infobox on copy/paste to the >> clipboard in upper right corner whenever I press the sequence (ctrl-c, >> ctrl-shift-c) and again in the destination vm (ctrl-shift-v, ctrl-v). But >> there is nothing and nothing gets copied. >> >> I tried the instructions here: https://www.qubes-os.org/doc/copy-paste/ and >> removed the # on the 2 lines in /etc/qubes/guid.conf to enforce it's usage: >> >> secure_copy_sequence = "Ctrl-Shift-c"; >> secure_pate_sequence = "Ctrl-Shift-v"; >> >> I also checked the /etc/qubes-rpc/policy/qubes.ClipboardPaste and ensured >> that it had the follwoing: >> >> dom0 $anyvm ask >> $anyvm $anyvm ask >> >> Restarting the whole laptop, after changes did not help. >> >> Am I missing something somewhere, from the switch from 3.2 to 4, or is my >> install broken? >> >> Any ideas are greatly appreciated. >> >> Sincerely >> Max > > I do remember installing the laptop and having minor issues back then with > language during install: (https://github.com/QubesOS/qubes-issues/issues/3753) > > Also I had some issues with purism, but maybe not directly related to this: > https://forums.puri.sm/t/keyboard-layout-unable-to-recognize-pipe/2022/3 > > Is there any way to see what I should produce as output when pressing these 3 > keys and compare it to the result on my laptop? > > Sincerely > Max > If you open the VM Manager and go to Qube-> Keyboard Layout what is it set to ? Sounds like you are aware cut/paste to terminals doesn't work with keybinding, I have to use right-click IIRC -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0c0b29dd-aac1-c16b-1442-e79a4367193b%40riseup.net. For more options, visit https://groups.google.com/d/optout.
