[qubes-users] Xen cannot find Dom0 kernel
On my system, Xen cannot find the dom0 kernel. The happened after a kernel-latest upgrade, possibly due to a missing initramfs. Is there a way to recover without live media? Ideally, Xen would prompt the user for a dom0 kernel entry, but it doesn’t. Also, once I have recovered, how can I keep such problems from happening again? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJEMUN-KGsJR4c3VpgkYr3_P8BV2wurOGuYQXCg48WNUtcbWkw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] vchan doesn’t work on recent mainline kernels
I built a Linux kernel from Linus’s git master, with a slight modification (u2mfn module moved in-tree). The resulting kernel does not work with Qubes: libvchan gets -EINVAL from mmap(). Any suggestions? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJEMUN8E%3DC%3Dm2F5YeU9mqmtyQPdsDTGGfS59%3DX%2ByH3EcOrmazw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Smart cards, split GPG, and timing attacks
Looking through the GPG CVE list, it appears that GPG has a fantastic security record. This seems to jus Most of the recent vulnerabilities have been side-channel attacks. Is it useful to use split-GPG with a hardware token to prevent side-channel attacks? Also, is it best to use one signing key per project one is working on? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJEMUN9e6RC%3Dgfsf5%2Bk3Y0RWMa9Cu%2BOuHhFyFN8-1pYpuV0a9w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Identifying Thunderbolt devices
How do I identify Thunderbolt devices in lspci? I would like to pass my Thunderbolt adapter through to another device. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJEMUN_an%3Dg6Ve1n94LsWSuFM3X10JrNjj0vDSJ2QCf%3Dx5OL5w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Discord voice doesn't work
In an AppVM, Discord voice chat doesn't work. The firewall settings should allow all outbound connections. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJEMUN-dmVxBShVyYYEfJKRubbn-EMN_MGSpz31A6-8d6EdK0A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Undoing an errant qubes-dom0-upgate
I ran qubes-dom0-upgate with the testing repo enabled, which broke my system. How do I recover? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJEMUN_cVZXCkW4DoNA_dot0qXbNg_Njfeo7frmNmg0C%3DTVLBw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Firewall rules for Thunderbird and Gmail
What websites and ports do I need to whitelist if I want to enable use Thunderbird with GMail and Google Calendar? I am using the Google Calendar add-on. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJEMUN9tqubpDK%3DxxzB8wT0Pck54eCNvpU-0AFgFOxMZbOHq9g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Clobbered FirewallVM — how can I get the firewall running again?
On 02/04/18 14:15, donoban wrote: On 02/04/2018 08:05 PM, demioben...@gmail.com wrote: My FirewallVM doesn’t seem to be running the Firewall service. How can I set that up? Could you paste "systemctl status qubes-firewall" on it? If it's unload or dead try start/restart it. It is running normally: [user@sys-firewall ~]$ systemctl status qubes-firewall ● qubes-firewall.service - Qubes firewall updater Loaded: loaded (/usr/lib/systemd/system/qubes-firewall.service; enabled; vend Active: active (running) since Sun 2018-02-04 10:08:16 EST; 1h 45min ago Main PID: 508 (qubes-firewall) Tasks: 1 (limit: 4915) CGroup: /system.slice/qubes-firewall.service └─508 /usr/bin/python2 /usr/sbin/qubes-firewall -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4e2be10d-137c-c698-bc9c-b7cd79b1f5a8%40gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] GPU?
Another thought I had was to do binary translation of GPU instructions and/or Software Fault Isolation a la NaCl. On Jan 20, 2018 10:29 AM, "Vít Šesták" < groups-no-private-mail--contact-me-at--contact.v6ak@v6ak.com> wrote: > When Qubes gets a separate GUIVM, the risks of GUI virtualization could > become lower, because the GUIVM is expected to be more up-to-date (and thus > have recent security updates for the drivers) than the current dom0. > > The GUI virtualization should be optional (so user can choose the > reasonable tradeoff). This can be actually good for security provided that > the choice is informed. User that wants some GPU-insentive tasks will now > probably choose Ubuntu (or dualboot) over Qubes. None of them are better > choices than allowing to take some risks for some VMs. > > Before GUIVM is implemented, it probably does not make much sense to > implement GPU virtualization, because it would make additional maintenance > effort for ITL. > > GPU passthrough (that can be also used with some less secure approach of > GPU virtualization) might be a reasonable addition for some people, but not > as a general solution for all Qubes users, because external monitors often > connected to the dedicated GPU*. Not mentioning laptops with just one GPU. > (Those can be more common for Linux and Qubes users.) > > I foresee a GPUVM in VM settings (like today's NetVM in VM settings). > > Regards, > Vít Šesták 'v6ak' > > > *) I honestly don't know the reason for that. In the past, I had laptop > with three graphical outputs (screen, VGA and HDMI). Since the old > integrated GPU was able only two of them, it makes sense that one of the > outputs goes through the dedicated cards. The last time I checked, it > however looks like this should be no longer a problem. Today's Intel CPUs > seem to often support three displays (quickly verified on Intel ARK on few > random CPUs), while today's laptops tend to have just two outputs (internal > and HDMI). > > -- > You received this message because you are subscribed to a topic in the > Google Groups "qubes-users" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/qubes-users/l2oqYEWpY-A/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/qubes-users/3a20b39b-7ee8-43ca-9cfc-1d5e2ed26f18%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJEMUN9qXq71yxmUjSbTNutjWQV7ywDzYMjZcO6OqUrtc12qiA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] GPU?
I think that Qubes needs 3 things to really take off: 1. It Just Works. Even on new systems with new hardware. That means an up-to-date kernel and drivers. Probably not an LTS. It also means getting UEFI to work out of the box — it doesn't for me. That also means recent installers that are aware of the quirks of different kinds of firmware. 2. GPU acceleration. A big use for Qubes IMO is running games in a sandboxed environment. But games need hardware-accelerated graphics. In fact, recent games often require dedicated graphics cards to get acceptable performance. That means GPU virtualization for ALL GPUs. Not just Intel integrated graphics. And it's not just games. Firefox’s WebRender makes heavy use of the GPU. So does QT5. And I suspect Chromium will follow suit. GPUs are quickly becoming a requirement, not an option. I think that the solution is to implement OpenGL on WebGL inside the VMs, and expose WebGL from GUIVM. That's what browsers do. 3. Windows support that Just Works. One should not need to know anything about Linux or Xen to use Qubes. Even though they are what Qubes is built on, they should be implementation details that one need not be familiar with. On Jan 18, 2018 5:56 PM, "'Tom Zander' via qubes-users" < qubes-users@googlegroups.com> wrote: On Sunday, 14 January 2018 08:12:24 CET r...@tuta.io wrote: > Is qubes able to use the computing power of the gpu or is the type of gpu > installed a waste in this issue? Relevant here is an email I wrote recently; https://groups.google.com/forum/#!msg/qubes-devel/40ImS390sAw/Z7M0E8RiAQAJ The context is a GSoC proposal proposal to modernize the painting pipeline of Qubes. Today GL using software uses [llvmpipe] to compile and render GL inside of a Qube, completely in software and then push the 2d image to dom0. This indeed wastes the GPU. [llvmpipe]: https://groups.google.com/forum/#!msg/qubes-devel/ 40ImS390sAw/Z7M0E8RiAQAJ -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to a topic in the Google Groups "qubes-users" group. To unsubscribe from this topic, visit https://groups.google.com/d/ topic/qubes-users/l2oqYEWpY-A/unsubscribe. To unsubscribe from this group and all its topics, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/ msgid/qubes-users/1970768.QL1Wn2a4Hl%40mail. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJEMUN_e%3D6cU-wAczH-ZoRHBtzASzwyrkhfOWfWQv7cDfCDN%2BA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
