[qubes-users] Re: QSB #43: L1 Terminal Fault speculative side channel (XSA-273)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-09-02 22:22, pixel fairy wrote: > is it still necessary to disable hyper threading after upgrading > in qubes 4? > Hyper-threading should be disabled in Xen after you install the updates. It should not be necessary for you to take any further action to disable it there. If you're asking whether you should also disable it in your BIOS settings, then I'm not sure (CCing Marek). - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAluM2K4ACgkQ203TvDlQ MDDegg//cxd+JmxvrobVWh4yQk6JB1+QiRPjn2Y9C/tW3Tktu1bvjy2jxEDFAeIW /Xqh612uXyqS85J0tDQkMro4hnTklpUko7mqYqC2Z6aQMthet5jZ6TF7IOnT9+ng Ijx0e/I0M5AWOqzgNBE8yA9eHbvxXsCqwwDSkcJfCBKyJa1DVW1uw1vMx65+oHC3 Gt5WuYBEzIqAjd0Z8IU1RB0FUlP6yHFtFcN7lVzOxYZ4VhLQXkySJzCpoDCRtgj5 tpdPZ6xGDXjrm+QBI53MjPmQ6OrtW3sNcKQ7iB1G2zAulx524IA4HIWpJjrH+W3G y2cYWgzJ0O9pbvOHWG/FHiySRdGMrQ0fHwHOrtVmF3bCQD4saHe0OUqZHhgfL2+H 6ltad1spUla5w6H5qlOuEzSPu3Gd0g6HfBYJPMaSEJW6aGpQ0OPOxfRenwYCnaRx ABMRXMaZcNEo7joK1GA+OtQUFQuVL4gaW5CV+kZSQid+Sk0ZdUMbDemBT+R9hxTD CSKyfu7gNTY5U2GhK3T3UhMhodhUBU0DVdKhFH7y+5bK9Kn+wXXkmYFCyKGF1iPm LxKX2zzMSJdHZBOcp/i+0Nwm8H6wxkknUuZqAi9On1i7Qn8Id//dj6bD+G62ecNM +CLaXSESSySaE5DS508b5TNYLzjYITRgHcG0exFDkJxSuD/VXlE= =8bBD -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/03b0892e-6fb3-7ff6-ad60-5e980437f8f4%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] systemd replacement for dom0
Has anyone tried (and succeeded) replacing dom0's systemd with something else that's not systemd ? is it even doable with Qubes? I'm mainly asking because I fail to make certain services stop in a certain order at reboot/shutdown. Hmm, maybe I should focus on starting them in a certain order? then maybe shutdown will do it in reverse order, rather then seemingly all at once. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8a41cb59-2e93-4f9c-a55e-0bd18881d9e4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: QSB #43: L1 Terminal Fault speculative side channel (XSA-273)
is it still necessary to disable hyper threading after upgrading in qubes 4? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ba013801-b748-4cf0-8cd2-de3983fe435d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] QSB #43: L1 Terminal Fault speculative side channel (XSA-273)
Yet another reason to port qubes to POWER - the last owner controlled performance CPU arch. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f7f2072f-2b4e-7fa5-c1f3-9afe29b88088%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Unable to reset PCI device 0000:02.00.0
On Sunday, September 2, 2018 at 3:34:34 PM UTC-4, Jean-Philippe Ouellet wrote: > On Sun, Sep 2, 2018 at 10:12 AM, Patrick Bouldin > wrote: > > On Sunday, September 2, 2018 at 10:10:55 AM UTC-4, Patrick Bouldin wrote: > >> Qubes 4.0 Error - "Start failed: Requested operation is not valid: PCI > >> device :02:00.0 is in use by driver xenlight, domain sys-usb > >> > >> I don't know how to copy the log folder over and qubes doesn't have the > >> wireless network, which I believe is related, but I've attached a picture > >> of the log. > >> > >> This is a new Qubes install on a new Acer laptop Aspire A515-51-86AQ > >> Booting in legacy mode. > >> > >> I can get into the main desktop and get to Dom0 terminal, but can't launch > >> any of the default domains. > >> > >> There is another thread on here with the same error. He ran: > >> $ qvm-pci attach --persistent --option permissive=true --option > >> no-strict-reset=true sys-net dom0:00_XXX > >> > >> And it worked for him, but doesn't work for me, the response I get is > >> "error : backend vm "dom0" doesn't expose device "00.XXX" > > The "XXX" in the PCI device should be filled in with your actual PCI device. > > >> So I wonder what "xenlight" is and it won't release what pci device? > > Just a library for interfacing with Xen. Unlikely to be the actual problem. > > >> Suggestions? > >> > >> Thanks, > >> Patrick > > > > Pics attached here. > > It would be the first time I've seen this, but it might perhaps be > conceivable that changing BIOS settings caused your device to show up > with a different BDF (essentially "PCI address") than when Qubes was > installed? Use `lspci` in dom0 to enumerate them. > > An easier way than doing this via the command line is to use the > Devices tab of the Qubes VM Settings GUI - remove all devices then add > the one which looks like your network device. You can also configure > no-strict-reset via the button at the bottom of the GUI, which is > sometimes necessary. Thanks, I went to the work vm for example, and all of the devices were on the left side, nothing on the right, then I selected the wifi device and the response was "you've enabled dynamic memory balancing, some devices might not work!" and, it won't let me apply that change, saying "Can't attach pci device to a VM in pvh mode" Then I tried to issue your suggestion "$ qvm-pci attach --persistent --option permissive=true --option no-strict-reset=true sys-net dom02:00.0"which is my wireless device and the error response "no backend vm '02'" I'm wondering if this is the right way to go or maybe just try a different installation route? Thanks, Patrick -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f1e058d6-10ea-41cb-b689-24ddadf64fcb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] setting up vpn issue
On 09/02/2018 04:07 PM, Chris Laprise wrote: On 09/02/2018 12:42 PM, Nicola Schwendener wrote: Hi Chris, thank you for your reply: this is what I got: Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Sun Sep 2 18:37:07 2018 SENT CONTROL [Server-2203-1a]: 'PUSH_REQUEST' (status=1) Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Sun Sep 2 18:37:07 2018 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.54.0.1,route 10.54.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.54.0.106 10.54.0.105' Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Sun Sep 2 18:37:07 2018 OPTIONS IMPORT: timers and/or timeouts modified -- Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Sun Sep 2 18:37:07 2018 /usr/lib/qubes/qubes-vpn-ns up tun0 1500 1606 10.54.0.106 10.54.0.105 init Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Using DNS servers 10.54.0.1 Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Chain QBS-FORWARD (1 references) from the Personal VM connected via ProxyVM I cannot resolve anything... but I can ping 8.8.8.8... thank you again Nick If you can ping 8.8.8.8 or other numbers directly then the basic IP connection is working. DNS seems to be the problem. They're assigning '10.54.0.1' as DNS. You could try replacing that with 8.8.8.8 for instance. The way to do this is in the Qubes-vpn-support readme page... basically add a line to your ovpn config file like: setenv vpn_dns '8.8.8.8' Then restart the VM. I should note there are privacy concerns about using a third-party DNS server (8.8.8.8 is operated by Google). But I would still use this for testing purposes and if it works, then contact ExpressVPN support to let them know their own DNS server isn't working. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fe13159a-6e07-c0fc-fccc-ad9ef28e58a8%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] setting up vpn issue
On 09/02/2018 12:42 PM, Nicola Schwendener wrote: Hi Chris, thank you for your reply: this is what I got: Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Sun Sep 2 18:37:07 2018 SENT CONTROL [Server-2203-1a]: 'PUSH_REQUEST' (status=1) Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Sun Sep 2 18:37:07 2018 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.54.0.1,route 10.54.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.54.0.106 10.54.0.105' Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Sun Sep 2 18:37:07 2018 OPTIONS IMPORT: timers and/or timeouts modified -- Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Sun Sep 2 18:37:07 2018 /usr/lib/qubes/qubes-vpn-ns up tun0 1500 1606 10.54.0.106 10.54.0.105 init Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Using DNS servers 10.54.0.1 Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Chain QBS-FORWARD (1 references) from the Personal VM connected via ProxyVM I cannot resolve anything... but I can ping 8.8.8.8... thank you again Nick If you can ping 8.8.8.8 or other numbers directly then the basic IP connection is working. DNS seems to be the problem. They're assigning '10.54.0.1' as DNS. You could try replacing that with 8.8.8.8 for instance. The way to do this is in the Qubes-vpn-support readme page... basically add a line to your ovpn config file like: setenv vpn_dns '8.8.8.8' Then restart the VM. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/58b626df-d92e-bbf2-08e1-1a599f5fd94d%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Unable to reset PCI device 0000:02.00.0
On Sun, Sep 2, 2018 at 10:12 AM, Patrick Bouldin wrote: > On Sunday, September 2, 2018 at 10:10:55 AM UTC-4, Patrick Bouldin wrote: >> Qubes 4.0 Error - "Start failed: Requested operation is not valid: PCI >> device :02:00.0 is in use by driver xenlight, domain sys-usb >> >> I don't know how to copy the log folder over and qubes doesn't have the >> wireless network, which I believe is related, but I've attached a picture of >> the log. >> >> This is a new Qubes install on a new Acer laptop Aspire A515-51-86AQ >> Booting in legacy mode. >> >> I can get into the main desktop and get to Dom0 terminal, but can't launch >> any of the default domains. >> >> There is another thread on here with the same error. He ran: >> $ qvm-pci attach --persistent --option permissive=true --option >> no-strict-reset=true sys-net dom0:00_XXX >> >> And it worked for him, but doesn't work for me, the response I get is "error >> : backend vm "dom0" doesn't expose device "00.XXX" The "XXX" in the PCI device should be filled in with your actual PCI device. >> So I wonder what "xenlight" is and it won't release what pci device? Just a library for interfacing with Xen. Unlikely to be the actual problem. >> Suggestions? >> >> Thanks, >> Patrick > > Pics attached here. It would be the first time I've seen this, but it might perhaps be conceivable that changing BIOS settings caused your device to show up with a different BDF (essentially "PCI address") than when Qubes was installed? Use `lspci` in dom0 to enumerate them. An easier way than doing this via the command line is to use the Devices tab of the Qubes VM Settings GUI - remove all devices then add the one which looks like your network device. You can also configure no-strict-reset via the button at the bottom of the GUI, which is sometimes necessary. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_Ct7943Nr7vQyjfV5j0ZCLKo9Z%3DRdU%2Be2yvW4oCO2ifmw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] setting up vpn issue
Hi Chris, thank you for your reply: this is what I got: Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Sun Sep 2 18:37:07 2018 SENT CONTROL [Server-2203-1a]: 'PUSH_REQUEST' (status=1) Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Sun Sep 2 18:37:07 2018 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.54.0.1,route 10.54.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.54.0.106 10.54.0.105' Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Sun Sep 2 18:37:07 2018 OPTIONS IMPORT: timers and/or timeouts modified -- Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Sun Sep 2 18:37:07 2018 /usr/lib/qubes/qubes-vpn-ns up tun0 1500 1606 10.54.0.106 10.54.0.105 init Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Using DNS servers 10.54.0.1 Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Chain QBS-FORWARD (1 references) from the Personal VM connected via ProxyVM I cannot resolve anything... but I can ping 8.8.8.8... thank you again Nick -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/48391e1a-2c79-4550-8030-a4093a7db1fb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] setting up vpn issue
On 09/02/2018 11:39 AM, Nicola Schwendener wrote: Hello all, I'm an happy user of Qubes OS 3.2 that just installed a new Laptop with Qubes OS. I'm installing right now a new Proxy (or AppVM with network) for my expressVPN connection. I'm right now stuck with the VPN service that seems to start correctly (both following the official Doc: https://www.qubes-os.org/doc/vpn/ and the https://github.com/tasket/Qubes-vpn-support service. both of them ping 8.8.8.8 but once I ping www.google.com I cannot resolve anything. I've just updated the appvm to the fedora-28 but still same problem. The Qubes-vpn-support is the easier one to configure and troubleshoot. Have you looked at the proxyVM log with 'journalctl'? It should have a line saying "Using DNS servers ..." with the addresses. Near the end it should also say "Initialization sequence completed". When you try ping, is it from a downstream appVM (a regular appVM that is connected to the proxyVM)? -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f3890bdf-e201-3b3b-ef88-9673f9cbdbec%40posteo.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] setting up vpn issue
Hello all, I'm an happy user of Qubes OS 3.2 that just installed a new Laptop with Qubes OS. I'm installing right now a new Proxy (or AppVM with network) for my expressVPN connection. I'm right now stuck with the VPN service that seems to start correctly (both following the official Doc: https://www.qubes-os.org/doc/vpn/ and the https://github.com/tasket/Qubes-vpn-support service. both of them ping 8.8.8.8 but once I ping www.google.com I cannot resolve anything. I've just updated the appvm to the fedora-28 but still same problem. is there anyone that can help me or has any configuration working? thank you very much best regards Nick -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f6a55265-ab68-4754-a442-7a1be4c13449%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Unable to reset PCI device 0000:02.00.0
Qubes 4.0 Error - "Start failed: Requested operation is not valid: PCI device :02:00.0 is in use by driver xenlight, domain sys-usb I don't know how to copy the log folder over and qubes doesn't have the wireless network, which I believe is related, but I've attached a picture of the log. This is a new Qubes install on a new Acer laptop Aspire A515-51-86AQ Booting in legacy mode. I can get into the main desktop and get to Dom0 terminal, but can't launch any of the default domains. There is another thread on here with the same error. He ran: $ qvm-pci attach --persistent --option permissive=true --option no-strict-reset=true sys-net dom0:00_XXX And it worked for him, but doesn't work for me, the response I get is "error : backend vm "dom0" doesn't expose device "00.XXX" So I wonder what "xenlight" is and it won't release what pci device? Suggestions? Thanks, Patrick -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0db12c9b-92ec-4283-8b79-57f0bce92ae0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
