[qubes-users] HCL - Lenovo ThinkPad T580

[Łukasz Milewski]

Works out of the box with R4.0 except for suspend/resume.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/62b827fc-5242-4d79-9d88-4a5f0065939a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-LENOVO-20L9CTO1WW-20180822-214442.yml
Description: Binary data

[qubes-users] Connect 2 Windows HVM for Windows networking

[Who Cares]

I try to connect a Windows 2012 Server R2 essentials with a win 7 professional. 
I want that they can communicate just like they were 2 seperate PC's connected 
via LAN.

Any thoughts on this ?

Thanks! 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5ff048b7-4a59-41d4-8a0b-4d14f3939d14%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - Librem 13 v3

[2837692837462938]

Everything works as expected. Hardware switches work flawlessly with 
Qubes.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dddf086b84f5a6eacbc197b031595c95%40firemail.cc.
For more options, visit https://groups.google.com/d/optout.
---
layout:
  'hcl'
type:
  'laptop'
hvm:
  'yes'
iommu:
  'yes'
slat:
  'yes'
tpm:
  ''
remap:
  'yes'
brand: |
  Purism
model: |
  Librem 13 v3
bios: |
  4.8.1-Purism-2
cpu: |
  Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
cpu-short: |
  FIXME
chipset: |
  Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor Host 
Bridge/DRAM Registers [8086:1904] (rev 08)
chipset-short: |
  FIXME
gpu: |
  Intel Corporation HD Graphics 520 [8086:1916] (rev 07) (prog-if 00 [VGA 
controller])
  Intel Corporation Device [8086:9d24] (rev 21)
gpu-short: |
  FIXME
network: |
  Qualcomm Atheros AR9462 Wireless Network Adapter (rev 01)
memory: |
  8106
scsi: |
  Samsung SSD 860  Rev: 1B6Q
usb: |
  2
versions:

- works:
'FIXME:yes|no|partial'
  qubes: |
R4.0
  xen: |
4.8.4
  kernel: |
4.14.57-1
  remark: |
FIXME
  credit: |
FIXAUTHOR
  link: |
FIXLINK

---

[qubes-users] USB Printer

[Joe]

I cannot seem to get a USB Printer working on any qubes AppVM.

---

Printer does install without any problem, but print jobs immediately STOP.
I am not seeing any CUPS errors other than generic filter failed.

Printer is physically a Dell 1250c (but all Linux distros use a compatible 
Xerox Phaser 6010N driver).

The driver comes as an rpm and a deb package, and includes the PPD files.
I've tried both fedora-26 and debian-9 based VMs.
I've tried attaching the USB device, and assigning the entire PCI USB Host 
Controller to that AppVM.
I've tried reinstalling CUPS.

I have an bare-metal Lubuntu system, that works fine with just the deb install.
So I created an HVM via a Lubuntu 16.04.2 ISO, assigned the PCI USB Host 
Controller, and it works fine there too.



Current Workaround:
Dedicated USB Host Controller for the printer, assigned to a 'printer' HVM, 
running CUPS on Lubuntu, and shared.  sys-firewall iptables rule to ACCEPT port 
631 on the FORWARD chain.  Then install the printer pointing to the 'printer' 
vm.  

I figure this has to be a CUPS filter driver problem that is uniquely Qubes.
If anyone has any suggestions, please let me know.
Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/25908a28-daf2-47e4-adcc-d898e1a85823%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] "Sensors plugin" in dom0 generates 2 "audit:" dmesg messages on every temperature refresh

[Marcus Linsner]

"Sensors plugin" is an xfce4-panel plugin which shows the CPU(and SSD) 
temperatures in the panel. (eg. RMB on panel, Panel->Add New Items...->Search: 
->Sensor plugin)

Its default refresh is 60 seconds. I've set it to 5. But I want it on 1 second, 
however this means it would generate 2 dmesg audit messages every second AND 
they are flushed to the disk(judging by the case HDD led flashing).

[   93.223814] audit: type=1100 audit(1534971421.712:183): pid=3748 uid=1000 
auid=1000 ses=2 msg='op=PAM:authentication grantors=pam_localuser acct="root" 
exe="/usr/sbin/userhelper" hostname=? addr=? terminal=? res=success'
[   93.223828] audit: type=1101 audit(1534971421.712:184): pid=3748 uid=1000 
auid=1000 ses=2 msg='op=PAM:accounting grantors=pam_permit acct="root" 
exe="/usr/sbin/userhelper" hostname=? addr=? terminal=? res=success'


Is there some way to turn these off? if not all the audit messages.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5f35b0e0-5d68-481a-857d-afeb0482e121%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Possible to downgrade to KDE4 in dom0?

['Zeko' via qubes-users]

‐‐‐ Original Message ‐‐‐
On August 22, 2018 12:55 AM, Chris Laprise  wrote:

> On 08/21/2018 04:52 PM, 'Zeko' via qubes-users wrote:
>
> > Hello
> > I've been using Qubes R4.0 for several months now and I'm getting tired
> > of Xfce, but KDE 5 is just unworkable on my nvidia GPU (yeah yeah I know
> > nvidia and Linux...). Is it possible to downgrade or install KDE4 in
> > dom0 somehow?
> > Ty
> > Zeko
>
> You'd be better off switching to integrated graphics; much much simpler.
>
>
> 
>
> Chris Laprise,tas...@posteo.net
> https://github.com/tasket
> https://twitter.com/ttaskett
> PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

How do I do that? I'd've expected that to be harder :) But anyway, is KDE4 
doable at all? 5 is kinda ugly, and I def wouldn't want it at all unless I can 
get Oxygen icons going which so far I couldn't.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/tyL9xOR7YOaGxhDhD8oXEdytJd8JagdOAwtdIxWPnqLpmEqC07EJOb9ZdOgJCvArIFQQHFhT5d3X5MD9Zb1GWAtmRKLDGUbIR0SWy8VS6GQ%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] how do you clear "move/copy to other app vm" context windows

[cubit]

21. Aug 2018 00:09 by un...@thirdeyesecurity.org 
:

> Ah, OK  - on 3.2 the lists were indeed cached on the calling qube.
>
> The rogue entries are stored in ~/.config/qvm-mru-filecopy in the qube
> you are trying to copy from.
> You can just edit that file to remove them from the list.




Thank you! Sanity restored :-)







 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LKXkGIj--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Many [kdmflush] on dom0

[Marcus Linsner]

On Wednesday, August 22, 2018 at 12:13:29 AM UTC+2, donoban wrote:
> # ps aux | grep kdmflush | wc
> # 157
I got 71 and my uptime is 3min. (Qubes OS R4.0)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3d1608f5-14d0-4586-b143-08e19b02b9ff%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - Lenovo ThinkPad P50

[Benjamin Girdner]

Hello,

I didn't see the Lenovo ThinkPad P50 on the HCL yet so thought I'd send
over my yml since Qubes is working so well on mine.

Everything seems to have worked without any special troubleshooting.
Docking station, multiple monitors, wireless network, lan network, etc  My
windows vm is a bit laggy at times when switching windows within the
windows vm itself but I don't think that has anything to do with my
hardware?

Thanks, Ben

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CA%2BSJhQ1udJ0b2zSJUZTu7%3D4i2XmRMqqfXukkXG8%2BD-wNx3t3ZA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-LENOVO-20EN001EUS-20180822-102020.yml
Description: application/yaml

[qubes-users] Re: Unable to start standalone vm based on debian-9

[Fernando]

On Wednesday, August 22, 2018 at 10:39:19 AM UTC-3, Fernando wrote:
> Hi,
> 
> This morning I updated my standalone debian-9. From what I remember, it 
> updated the linux image and a few other packages, and it didn't remove any of 
> qubes dependencies.
> 
> After a system reboot, I'm unable to start the domain. I think I didnt't 
> shutdown the standalone vm manually before the reboot.
> 
> $ qvm-start mind
> Cannot connect to qrexec agent for 60 seconds, see 
> /var/log/xen/console/guest-mind.log for details
> 
> $ tail /var/log/xen/console/guest-mind.log
> [.[0;32m  OK  .[0m] Reached target Network is Online.
> You are in emergency mode. After logging in, type "journalctl -xb" to view 
> system logs, "systemctl reboot" to reboot, "systemctl default" or ^D to try 
> again to boot into default mode.
> Press Enter for maintenance.
> 
> I've read in the forums about using xen console to login and try to fix it, 
> but I cannot access the vm:
> 
> $ sudo xl console mind
> mind is an invalid domain identifier
> 
> The domain is not listed in the output of "sudo xl list".
> 
> Any ideas on how can I fix my standalone vm? Any help is greatly appreciated.
> 
> Thanks,
> 
> Fernando.

I forgot to mention that I'm using Qubes 4.0 and non-standalone VMs are working 
as usual.

I'm trying to resume work using the standalone backup, but unfortunately 
restoring it is also failing :(

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2fdadbe3-56f5-4742-8a9b-80a07ff61a53%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: installing a standalone VM from iso

[litedag]

https://www.qubes-os.org/doc/hvm/
did you follow the guidelines?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e6f64eb8-9d0f-4210-b5ed-34a52deaaebc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] I want to use a HVM as a NetVM, cat assign vif+ interface

[litedag]

Also I thought HVM implies that it is a VM that can be started from an ISO.
https://www.qubes-os.org/doc/hvm/
And the fact that I posted the link to the tutorial should make it easier to 
understand what I want to do here: use Ubuntu as a netVM

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9484966d-4f03-42c7-ae59-e48528063ccd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] I want to use a HVM as a NetVM, cat assign vif+ interface

[litedag]

Thanks for replying akwod.  Standalone HVM - the kind you start from an ISO

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ba84144a-df74-4806-9f71-99ac1ff705c4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Use Internal Mic for Skype in Standalone AppVM

[robertwalz35]

Hello,

does anybody have experience in using the internal mic inside an AppVM for 
skype?

I just created a Standalone AppVM based on fedora-26 template (Qubes R4.0) and 
attached the mic to this VM. In PulseAudio Volume Control I selected "Audio 
Stereo Duplex", my speakers are working on this AppVM. As Input Device I 
selected "Internal Microphone" and in skypeforlinux's audio settings 
"Microphone: Qubes VCHAN source", "Automatically adjust microphone settings: On"

I also tried to record with audacity, but I got an error message, that it is 
unable to capture the stream...

I use a Lenovo X220 and Qubes R4.0 (Fedora-26 template, Standalone AppVM)

Would be thankful for an advice!

Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3ebeccf6-92fe-473c-9386-4efd53cb1c5c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Unable to start standalone vm based on debian-9

[Fernando]

Hi,

This morning I updated my standalone debian-9. From what I remember, it updated 
the linux image and a few other packages, and it didn't remove any of qubes 
dependencies.

After a system reboot, I'm unable to start the domain. I think I didnt't 
shutdown the standalone vm manually before the reboot.

$ qvm-start mind
Cannot connect to qrexec agent for 60 seconds, see 
/var/log/xen/console/guest-mind.log for details

$ tail /var/log/xen/console/guest-mind.log
[.[0;32m  OK  .[0m] Reached target Network is Online.
You are in emergency mode. After logging in, type "journalctl -xb" to view 
system logs, "systemctl reboot" to reboot, "systemctl default" or ^D to try 
again to boot into default mode.
Press Enter for maintenance.

I've read in the forums about using xen console to login and try to fix it, but 
I cannot access the vm:

$ sudo xl console mind
mind is an invalid domain identifier

The domain is not listed in the output of "sudo xl list".

Any ideas on how can I fix my standalone vm? Any help is greatly appreciated.

Thanks,

Fernando.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4e17ea93-6024-4530-8601-fcd8b3198896%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Whonix 14 - upgrade or re-install? Whats more smooth, less troublesome?

[qubes-fan]

Thank you mate :)


Aug 17, 2018, 2:41 PM by qubes-users@googlegroups.com:

> On Thu, August 16, 2018 11:28 am, > qubes-...@tutanota.com 
> >  wrote:
>
>> Hi Patrick, I summed up how I understand it. Correct me if I am wrong:
>>
>>
>> - I back up the whonix(13) VMs of choice
>> - I clone the sys-whonix, anon-whonix, whonix-ws and whonix-gw to -backup
>> (whonix-gw is a base template for the sys whonix, and must be deleted
>> before install procedure too, right?) - I assign sys-whonix-backup to
>> whonix-gw-backup template; anon-whonix-backup to whonix-ws-backup
>> template, so they dont suffer the deletion of the whonix-13 templates -
>> delete the anon-whonix and sys-whonix VMs - detele whonix-ws and whonix-gw
>> templates - [user@dom0 ~]$ sudo qubesctl state.sls qvm.anon-whonix
>> - if error appears: 
>> [user@dom0 ~]$ sudo qubes-dom0-update
>> --enablerepo=qubes-dom0-current-testing
>> qubes-mgmt-salt-dom0-virtual-machines -if needed, edit the
>> /etc/yum.repos.d/qubes-templates.repo as per guide
>> -  clone the -backup VMs to its original names like sys-whonix-backup to
>> sys-whonix, and anon-whonix-backup to anon-whonix
>>
>
> Instead of cloning these back, I would use qvm-copy to copy files you want
> to keep.
>
>> - assign new renamed
>> sys-whonix to whonix-gw(14) and anon-whonix to whonix-ws(14) templates
>>
>
> New ones should already have the 14 templates assigned.
>
>> - delete anon-whonix-backup, sys-whonix-backup, whonix-ws-backup,
>> whonix-gw-backup
>>
>
> Rest looked right to me.
>
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/7950df8d21d75c7bd28d3e60579d83ef.squirrel%40tt3j2x4k5ycaa5zt.onion
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LKWANXN--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Possible to downgrade to KDE4 in dom0?

[schwoereraxel]

Le mardi 21 août 2018 22:52:45 UTC+2, Zeko a écrit :
> Hello
> 
> 
> 
> I've been using Qubes R4.0 for several months now and I'm getting tired of 
> Xfce, but KDE 5 is just unworkable on my nvidia GPU (yeah yeah I know nvidia 
> and Linux...). Is it possible to downgrade or install KDE4 in dom0 somehow?
> 
> 
> 
> Ty
> 
> Zeko
> 
> 
> 
> Sent with ProtonMail Secure Email.

KDE is not optimised and finished on Qubes 4.0.
I hope it will be better soon.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bf064f1e-f869-4229-91eb-e0ea99a474b8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Unable to reset PCI device 0000:00:1f.6 (Qubes-R4.0 / fresh install) : no network

[gdrub51]

Hi,

" [DOM0] Error starting Qube !
ERROR : Start failed : internal error: Unable to reset PCI device :00:1f.6 
no FLR, PM reset or bus reset available, see 
/var/log/libirt/libxl/libxl-driver.log for details"

Device :00:1f.6 is an assigned Ethernet controller : Intel Corporation 
Ethernet Connection (7) I219-V (rev 10). My ethernet cable is attached to the 
Intel GbE LAN port.

The journalctl system log noted :

Libxl: libxl.c:1853:libxl_console_get_tty: unable to read console tty path 
`/local/domain/1/console/tty': Resource temporarily unavailable
Libxl: libxl.c::libxl_console_get_tty: unable to read console tty path 
`/local/domain/2/console/tty': Resource temporarily unavailable
Libxl: libxl.c::libxl_console_get_tty: unable to read console tty path 
`/local/domain/3/console/tty': Resource temporarily unavailable
Libxl: libxl.c::libxl_console_get_tty: unable to read console tty path 
`/local/domain/4/console/tty': Resource temporarily unavailable

I am also concerned about this dmesg output :

ACPI Exception: AE_NOT_FOUND, Evaluating _PRS (20170728/pci_link-176)

Motherboard: GIGABYTE B360M D3H (rev. 1.0)
Qubes OS version: Qubes-R4.0 (28-Mar-2018 15:06)

I tried to remove the device with echo -n "1" > 
/sys/bus/pci/devices/:00:1f.6/remove. sys-net can then be started but I 
don't have any more wired connection (no PCI listed in tab devices). 

How can I fix it ?

Thank you so much for your help.

Best regards.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2a1bc61b-a10e-45cd-bf5b-969408aa5074%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Shredding VM images

[Jean-Philippe Ouellet]

On Mon, Aug 20, 2018 at 6:06 PM, Steve Coleman  wrote:
> On 08/20/18 12:49, Chris Laprise wrote:
>>
>> On 08/20/2018 11:34 AM, tierl...@gmail.com wrote:
>>>
>>> What's the most convenient way to wipe these images? (I'm just talking
>>> about individual VM images)
>>
>>
>> To clarify on your first question: Since encryption is protecting the
>> storage pool that contains the disk images and its on an SSD, the only sure
>> way to 'wipe' them in general (not just in the other-VMs-can't see the data
>> sense) is to throw away the encryption passphrase. This makes the entire
>> pool unusable, but if this seems like a problem you can configure more than
>> one storage pool each with its own encryption key+passphrase and store VMs
>> inside them.
>
>
> With an Opal 2.0 SSD you could create a "locking range" for the volatile
> portion of the VM file system, using sedutil-cli then when destroying the VM
> you simply run it with the '--eraseLockingRange' command which essentially
> flips the key bits associated with that region of the SSD. The logic built
> into the drive will ensure the erase of the physical memory mapped into that
> SSD's defined locking range[n].
>
> sedutil-cli
>
>
> --setupLockingRange <0...n>
> --enableLockingRange <0...n>  
>
>
> --disableLockingRange <0...n>  
> --eraseLockingRange <0...n>  

...as implemented by a black box of untrustworthy firmware.

Don't be surprised when this is found to not work as hoped.

I wouldn't recommend relying on it for anything important.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_BwbkAD__s_-qagjYmJCtVDL6btaJubh0cNQXRNUOtgSA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.