[qubes-users] How to backup/clone AEM USB dongle to USB drive of different size?
Since I don't have two identical drives, I tried to do this: - clone MBR and partition info $ sudo dd if=/dev/sdc of=aem-mbr.img bs=512 count=1 - clone AEM partition $ sudo dd if=/dev/sdc1 of=aem-partition.img bs=128K conv=noerror,sync - copy cloned images to a new USB drive $ sudo dd if=aem-mbr.img of=/dev/sdb bs=512 count=1 $ sudo dd if=aem-partition.img of=/dev/sdb1 bs=128K conv=noerror,sync But, as a result the second AEM drive does not boot past blank screen with blinking cursor :(. Any advise? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/47cee967-5464-421c-bfa4-7d12530c0d39%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How to perform dom0 updates with AEM and USBVM
On Thursday, June 29, 2017 at 9:49:24 PM UTC-4, alexey@gmail.com wrote: > ... bump ... To anybody with AEM & USBVM. $ sudo qubes-dom0-update Works perfectly after you seize USB controller from USBVM (or sys-net in my case) back to dom0, reboot and mount your AEM USB drive to /boot. It even updated the AEM package... First reboot didn't show secret as expected and resealed it after LUKS password was entered. Subsequent reboots show secret after AEM USB is disconnected. I am not sure if it is OK in terms of the threat model though. You move potentially compromised USB controller from untrusted domain to your dom0 and back after an upgrade... At least disconnect all USB devices from it (or, if you are on laptop with one USB controller like me, just stun your paranoia). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5e245069-1d37-4d5b-906c-4c0b7d4588ec%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How to perform dom0 updates with AEM and USBVM
... bump ... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/be98b3f7-e631-49f1-9040-ec5545f3e454%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] AEM boot option causes hard reboot/partial shutdown (Lenovo T450s)
Just want to confirm that the solution suggested in [issue #2155][1] solved my problem with TBOOT. Basically, when you substitute default TBOOT 1.8.2 from QubesOS repo with TBOOT 1.9.4 from [Ubuntu][2] my laptop boots and able to seal/unseal secrets. It would be great if TBOOT 1.9.4 is included in QubesOS repo (testing?) as I was unable to verify .deb sig of ubuntu package (not sure if there is any included in .deb). Also confirming suspend/sleep issues describe by Chris... [1]: https://github.com/QubesOS/qubes-issues/issues/2155 [2]: https://launchpad.net/ubuntu/yakkety/amd64/tboot/1.9.4-0ubuntu1 On Wednesday, June 7, 2017 at 10:48:38 PM UTC-4, Chris Laprise wrote: > On 06/07/2017 08:39 PM, a***o...@gmail.com wrote: > > Hi All, > > > > I am experiencing the same problem with AEM v3.0.4 and TBOOT v1.8.2 on > > Thinkpad X1 Carbon 4th Gen (20FCS5CY00) where it reboots precisely after > > executing GETSEC[SENTER]. "min_ram" option does not help. > > > > My setup: > > * UEFI BIOS in LegacyBoot mode with SecureBoot disabled > > * Discrete TPM 1.2 and Intel TXT enabled with "Physical presence" feature > > disabled > > * Fresh Qubes3.2 installed on 1TB SSD (NVME device) with /boot on MBR > > partition of a 128G USB flash drive. > > * Xen 4.6.1 with kernel 4.4.14 > > * SINIT matches the platform as per the TBOOT log output > > > > Anybody had any success or ideas how to make it work? > > > > -- > > Alex > > > > Going by the comments in issue #2155, at least one person did get it to > boot by upgrading tboot to version 1.9.4. I also upgraded tboot, but had > already got it booting with the min_ram parameter... at this stage I > don't know if the newer tboot is the factor that allows my system to > boot with AEM. > > An additional issue which I'm still experiencing with AEM is sleep/wake > not working. > > My other versions are Xen 4.6.5 and Linux 4.9.28-16 (from qubes*testing). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ae95305f-9618-4309-ba93-f255e57e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.