Re: [qubes-users] Is it possible to boot qubes dom0 kernel without Xen? [solved]
'awokd' via qubes-users: Claudia: So I was wondering, is it possible to run the Qubes dom0 kernel directly on the hardware instead of under Xen? How might one go about this? And how much work would it involve? I've had similar troubleshooting needs. Closest I found was to download Fedora 25 and test under that. What's missing are any Qubes specific patches to Fedora itself, which makes the testing results a bit iffy. Yeah, I've been using Fedora 25 as a test reference, but like you said there's still a big difference between Fedora and Qubes (Qubes kernel, Qubes packages, Xen, VT-x, to name a few). It's still a needle in a haystack. But anyway... Success! It is in fact quite possible to run Qubes without Xen, and surprisingly not all that difficult. (And on top of that, in my case Qubes without Xen was able to detect the hardware it couldn't detect under Xen!) So, background info, any Xen dom0 kernel can run as a regular kernel too. Basically the only difference is that CONFIG_XEN_DOM0 is turned on in dom0 kernels, but it can still run without Xen. It's just that grub, I assume, checks if it's running under Xen, and if so, doesn't create non-Xen menu options (unless you do what I did below). Here's basically what I had to do: # tar -C / -cvzf ~/boot-backup.tar.gz boot/ # qubes-dom0-update grub2-efi # chmod ugo+x /etc/grub.d/10_linux # echo GRUB_CMDLINE_LINUX=\"$(cat /boot/efi/EFI/qubes/xen.cfg | grep kernel | cut -d ' ' -f 4- | head -n 1)\" >> /etc/default/grub # grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg # efibootmgr -c -d /dev/sda -p 1 -L "Fedora-Grub" -l "\EFI\fedora\grubx64.efi" Note: this will change your default EFI boot entry! You can change it back with `efibootmgr -o`. Here's a nice tutorial if you're not familiar with efibootmgr: https://www.linuxbabe.com/command-line/how-to-use-linux-efibootmgr-examples Reboot, and if necessary press f12 and select "Fedora-Grub" in UEFI boot options. Log in and verify that /proc/xen is not present. Note: Fedora documentation tells you to install the "shim" package as well, and boot into the EFI shim to install a grub menu entry. I used efibootmgr instead as it is much simpler and already installed. In any case, don't try to run grub2-install. https://fedoraproject.org/wiki/GRUB_2 Note: This should work even with secure boot enabled, but I didn't try it. Note: You should be able to do something similar on legacy boot systems. In fact it should be even easier, since you're already using grub. The important part is the chmod /etc/grub/10_linux. Random thought: Maybe one day in the distant future, if/when Qubes supports KVM, maybe we'll be able to switch back and forth between Xen and KVM at boot time? - This free account was provided by VFEmail.net - report spam to ab...@vfemail.net ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1000a856-eab2-cc61-870e-ee371479b907%40vfemail.net.
[qubes-users] Re: 2 new Intel vulnerabilites
On 11/14/19 2:55 AM, Chris Laprise wrote: > On 11/14/19 7:28 AM, Andrew David Wong wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA512 >> >> On 2019-11-13 12:40 PM, Lorenzo Lamas wrote: >>> There are 2 new vulnerabilities in Intel CPU's, also affecting Xen. >>> Xen has issued XSA-304(CVE-2018-12207) and XSA 305(CVE-2019-11135). >>> Is the Qubes team aware yet? I haven't seen a new QSB. >>> >> >> Yes, we're aware. We're currently in the process of preparing >> announcements about these XSAs. >> >> Typically, XSAs have a predisclosure period, during which the XSA is >> embargoed, and the Qubes Security Team has time to analyze it and >> prepare patches and an announcement. However, these XSAs had no >> embargo period, so the Qubes Security Team had no advance notice of >> them before they were publicly announced. > > The researchers behind these MDS vuln disclosures were being strung > along by Intel, who kept changing embargo dates. Eventually they decided > to simply publish because the proposed patches from Intel were not > addressing a large number of possible attacks. > > I have summary, links and some advice here: > https://groups.google.com/d/msgid/qubes-users/85c426f7-7e17-b1ab-87c3-71f92d169955%40posteo.net > > > In short, Intel have played a monopolist's game and delivered products > that match; Its much better (and simpler) for people to move to AMD at > least for the time being. It would help if the Qubes community had some > clear AMD choices. > so, are there people running Q4.x on AMD machines? if so which ones? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e15049ac-149f-a053-9bd5-3dbaa323931c%40riseup.net.
[qubes-users] Re: Fedora-31 template
Hi Dominique, The official docs states: https://www.qubes-os.org/doc/templates/#updating In an earlier version, I updated another fedora, by renaming some stuff in repo's. Guide is here, if you wan't to get inspiration: https://www.militant.dk/2018/04/04/cloning-fedora-26-to-fedora-27-template-qubes-3-2/ Sincerely Max fredag den 15. november 2019 kl. 21.23.54 UTC+1 skrev Dominique St-Pierre Boucher: > > Hello Qubes users, > > Do any of you tried and succeed upgrading a Fedora template to version 31? > > If so, how? > > Thanks > > Dominique > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/385715d5-6f99-41f1-988d-8e1d8ef4b737%40googlegroups.com.
Re: [qubes-users] Resizing partitions in QVMs
On Sat, 16 Nov 2019 02:44:24 - zenandart via qubes-users wrote: > Hi, > > I recently ran out space of xvdb on a QVM (while I still had plenty of > space on xvda), so I gave 10GB or so in Qubes Settings to the VM. But > all the new space went to xvda, and the space of xvdb didn't change. > > I thought I should resize partitions, then. So I installed GParted. > But soon I realized that I couldn't resize system partitions in the > VM, for both of xvda and xvdb are used and therefore cannot be > unmounted. > > I have some experience resizing partitions in systems that don't have > VMs, in which case I'll load a system from USB drives to do so, but > I'm not sure how to do it in Qubes OS. > > I've searched some tutorials about resizing partitions in VirtualBox > VMs, but I don't think it helps much. > > So, the question is, how can I resize partitions in a QVM? > > Best regards, > zenandart > In Qube Manager, use "Qube settings" for the VM that is out of space. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20191116132322.4ba1c72f.mike%40keehan.net.