Re: [qubes-users] How would you remotely infiltrate a default Qubes OS?

On Thursday, 13 August 2020 23:09:04 UTC+8, disrupt_the_flow wrote: > > On August 13, 2020 2:59:37 PM UTC, "fiftyfour...@gmail.com " > > wrote: >> >> If you were tasked with remotely hacking into a default but updated Qubes >> OS system (installation configuration of 4.0.3, but with updated

[qubes-users] How would you remotely infiltrate a default Qubes OS?

If you were tasked with remotely hacking into a default but updated Qubes OS system (installation configuration of 4.0.3, but with updated templates and dom0), how would you do it? What would you attack? The precise objective (e.g. retrieve a PGP key from a vault, read a text document,

Re: [qubes-users] Qubes dom0-update-guard script

On Monday, 10 August 2020 18:39:53 UTC+8, Andrew David Wong wrote: > > The QSB formats are actually pretty standardized already, though our > expectation has been that they'd be read by humans rather than > programmatically. We use a template [1] for the overall structure, and > in particular,

Re: [qubes-users] Qubes dom0-update-guard script

On Sunday, 9 August 2020 04:22:02 UTC+8, awokd wrote: > > To stay in keeping with Qubes philosophy, at most dom0 should only run > jobs inside VMs and copy files between VMs. You don't want it to parse > results, but you could let dom0 copy/move output files to a separate VM, > then kick off a

Re: [qubes-users] Qubes dom0-update-guard script

On Saturday, 8 August 2020 20:51:25 UTC+8, unman wrote: > > Onion? Of course. > Check /etc/yum.repos.d/qubes-dom0.repo > Also, it's on mirror list at https://www.qubes-os.org/downloads, and has > been referenced on this list. > The repo is: >

Re: [qubes-users] Qubes dom0-update-guard script

On Saturday, 8 August 2020 06:38:38 UTC+8, Chris Laprise wrote: > > I think this is only properly done via a trusted .onion address, i2p > address, etc... Unless Tor's DNS lookups have been improved since the > last time I checked. > > Just for reference here, threat model I'm thinking of here

Re: [qubes-users] Re: Whonix-gw: trouble after disabling passwordless root access

On Thursday, 6 August 2020 22:24:38 UTC+8, 54th Parallel wrote: > > > There might be potential attacks against the hypervisor or > daemons/backends in dom0 that require root access. Qubes founder Joanna > Rutkowska initially assessed there was limited benefit from isolating the > root account

[qubes-users] Qubes dom0-update-guard script

Informed by a recent post , I've decided to start writing a script that takes a Qubes installation's list of packages installed in dom0 and compare them to the list of available packages in the chosen repo (e.g. 'current')

Re: [EXT] Re: [qubes-users] Update templates in parallel

On Friday, 7 August 2020 02:40:58 UTC+8, Chris Laprise wrote: > > Yes. Note that Qubes Security Bulletins are issued for vulns that affect > dom0 and they reference the package versions that contain the patches. > For example: > > >

Re: [EXT] Re: [qubes-users] Update templates in parallel

On Friday, 7 August 2020 00:13:52 UTC+8, Chris Laprise wrote: > > IIRC that setting refers to checking packages, not the repomd.xml files. > That's why an attacker can't replace packages with their own versions; > they have to manipulate the metadata to hold back packages from > receiving

Re: [EXT] Re: [qubes-users] Update templates in parallel

> > I hate to break that feeling, but Fedora is unique in that it doesn't > sign its repo metadata, and sadly that is what matters. They put a > bandaid on it by fetching more hashes via https... so the update > security in Fedora is based on the strength of https. That is bad, as > https can be

Re: [EXT] Re: [qubes-users] Update templates in parallel

On Thursday, 6 August 2020 18:05:25 UTC+8, Chris Laprise wrote: > > I hate to break that feeling, but Fedora is unique in that it doesn't > sign its repo metadata, and sadly that is what matters. They put a > bandaid on it by fetching more hashes via https... so the update > security in Fedora

Re: [qubes-users] Re: Whonix-gw: trouble after disabling passwordless root access

On Thursday, 6 August 2020 17:36:05 UTC+8, Chris Laprise wrote: > > IIRC she gave some indication that guest VMs shouldn't be defenseless > internally. > > -- > Chris Laprise, tas...@posteo.net > https://github.com/tasket > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB

Re: [EXT] Re: [qubes-users] Update templates in parallel

On Thursday, 6 August 2020 12:31:44 UTC+8, Emily wrote: > > > -- I'm not unman, but I just checked the repo data and it appears they > use sha256 > This is reassuring. Thanks, Emily -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To

Re: [qubes-users] Re: Whonix-gw: trouble after disabling passwordless root access

On Thursday, 6 August 2020 00:37:08 UTC+8, Qubes wrote: > > What risk(s) are you mitigating by disabling passwordless root? > You should look at this the other way around--what do I stand to lose by keeping passwordless root? If I can take a low-cost step that would dramatically raise the

Re: [EXT] Re: [qubes-users] Update templates in parallel

On Thursday, 6 August 2020 09:03:31 UTC+8, unman wrote: > > The security isnt to be found at the proxy level, but at the package > management level. It's there that verification is (and should be) done. > Unman, speaking of verification at the package management level, would you happen to know

[qubes-users] Re: Whonix-gw: trouble after disabling passwordless root access

On Wednesday, 5 August 2020 02:29:46 UTC+8, 54th Parallel wrote: > > Hi all, > > Sorry for the recent spam--I've been spending a lot more time with Qubes > and coming across issues that I haven't seen mentioned here yet. > > Here's another one: > > If you disable passwordless root access in

Re: [EXT] Re: [qubes-users] Update templates in parallel

On Wednesday, 5 August 2020 07:08:04 UTC+8, Ulrich Windl wrote: > > Actually instead of parallel updates (assuming limited bandwidth) I'd > vote for a more verbose progress indicator (in the graphical update app): > Currently the VMs start, update starts, and then ...long time > nothing...,

Re: [qubes-users] Barebones templates (stripping down minimal templates)

On Wednesday, 5 August 2020 06:15:12 UTC+8, awokd wrote: > > > Tried it a number of years ago. Building a Debian template with > -no-install-recommends (something like that) initially resulted in fewer > packages, but installing required qubes packages pulled many of them > back in. That way

Re: [qubes-users] Whonix-gw: trouble after disabling passwordless root access

On Wednesday, 5 August 2020 05:29:49 UTC+8, Qubes wrote: > > On 8/4/20 8:29 PM, fiftyfour...@gmail.com wrote: > > Hi all, > > > > Sorry for the recent spam--I've been spending a lot more time with Qubes > > and coming across issues that I haven't seen mentioned here yet. > > > > Here's

[qubes-users] Whonix-gw: trouble after disabling passwordless root access

Hi all, Sorry for the recent spam--I've been spending a lot more time with Qubes and coming across issues that I haven't seen mentioned here yet. Here's another one: If you disable passwordless root access in whonix-gw, tor control panel (accessed by right clicking the sw-date tray icon)

[qubes-users] Re: fedora 32 pdf converter

I have the same problem and this is on Debian 10. I tried looking up the error code for ImageMagick (which the converter is based on) and fixing it using their solution (which involves editing policies) but it still doesn't work, so I've temporarily given up on it altogether. -- You received

[qubes-users] Re: qubes-dom0-update "No Match for argument"

Oh, and while I'm at it, the "Is this ok [y/N]" prompt often appears twice, requiring two 'y's. This isn't consistent, but it's raising red flags when combined with the above. Anyone else have this issue? -- You received this message because you are subscribed to the Google Groups

[qubes-users] qubes-dom0-update "No Match for argument"

Hi all, Every time I use qubes-dom0-update in a fresh installation (which I've done around ten times now), I get strange outputs where the repositories aren't shown being queried but the update proceeds. It looks something like this: error:could not delete old database at

Re: [qubes-users] Update templates in parallel

On Tuesday, 4 August 2020 00:03:08 UTC+8, Chris Laprise wrote: > > Yes, the requirements to get it running keep changing. Right now the > easiest way is to install 'kernel-latest-qubes-vm' from dom0 to get a > 5.x kernel for VMs (the 5.x kernels have wg module included), then > install the

Re: [qubes-users] Update templates in parallel

Oh, and while I have you here, Chris, I thought I'd let you know that your Wireguard guide in Qubes-VPN-Support doesn't work--I followed it step-by-step but was left frustrated, so I took another route. I just came across this Reddit post where the poster seems to have gone through the same

Re: [qubes-users] Update templates in parallel

On Monday, 3 August 2020 18:36:28 UTC+8, Chris Laprise wrote: > > 'curl' would only be used in a Whonix template. This is to signal Qubes' > proxy to start the Tor-based updateVM as soon as possible. It should not > try to run curl in a Fedora or regular Debian template. > > To suppress

Re: [qubes-users] Update templates in parallel

On Monday, 3 August 2020 16:11:40 UTC+8, 54th Parallel wrote: > > > I tested your halt-vm-by-window and system-stats-xen and found them very > useful. I also tried your qubes4-multi-update but ran into three issues: > one is that it relies on curl, which my Fedora minimal wasn't happy about;

Re: [qubes-users] Update templates in parallel

On Sunday, 2 August 2020 22:42:31 UTC+8, Chris Laprise wrote: > > You can check out my github for some interesting stuff. The > 'Qubes-scripts' project has a (serial) template updater that lets you > select by certain criteria. It could be parallelized pretty easily. > > [...] > > Finally,

Re: [qubes-users] Update templates in parallel

On Sunday, 2 August 2020 22:42:31 UTC+8, Chris Laprise wrote: > > IIRC there is an option somewhere in 'qubesctl' for parallel template > updates. > > You can check out my github for some interesting stuff. The > 'Qubes-scripts' project has a (serial) template updater that lets you > select

[qubes-users] Re: Available Templates

On Friday, 31 July 2020 07:36:22 UTC+8, 54th Parallel wrote: > > In dom0: > > sudo qubes-dom0-updates --enablerepo=qubes-templates-community --action=list > qubes-template-* > > or > > sudo qubes-dom0-updates --enablerepo=qubes-templates-community-testing -- > action=list qubes-template-* > >

[qubes-users] Re: add-ons in torbrowser

On Friday, 31 July 2020 04:58:48 UTC+8, haaber wrote: > > Hi this may be a double-post, but I could not find an appropiate help > page. I like to add an adblocker (u-block) to my TBB, since I consider > any browser without adblocking useless, meaning that I will not use it > anyways. So here is

[qubes-users] Re: Available Templates

On Friday, 31 July 2020 03:37:00 UTC+8, Qubes wrote: > > Where would one look to see what templates are all currently available > for installation. > > Whether that would be in Current, Testing, Development. > > Is there a list maintained somewhere? In dom0: sudo qubes-dom0-updates

[qubes-users] Barebones templates (stripping down minimal templates)

Hi all, I was fiddling with minimal templates and found them much less complicated than I feared. For example, converting a debian-10-minimal to a sys-net-minimal only involved installing two packages, attaching the pci, and fiddling with some preferences and services. Because of this, I'm

[qubes-users] Re: XScreensaver randomly popping up

On Tuesday, 28 July 2020 00:13:16 UTC+8, ludwig...@gmail.com wrote: > > Hi I had/had the problem with qubes 3.2, which is very annoying. > Funny thing: you can trick xscreensaver by switching the desktop > if you have multiple desktops, which leads to odd/funny user > experience of locked screen,

[qubes-users] Re: Fwd: Audio not working: "snd_hda_intel: No response from codec, resetting bus"

On Monday, 16 December 2019 01:11:25 UTC+8, Claudia wrote: > > Claudia: > > [...] > > So, to recap what I've found so far: > > Fedora 25 live cd: works > > Qubes without Xen: works > > Qubes with Xen: codec probe error > > Qubes with Xen, VT-x & VT-d disabled: codec probe error > > Qubes

[qubes-users] Re: XScreensaver randomly popping up

Also, since I started a thread, I also want to ask whether SHA1 or other deprecated algorithms are used in the PGP verification of dom0 and domu updates. This is somewhat related to my original question.

[qubes-users] XScreensaver randomly popping up

Has anyone else experienced the screensaver/lock-screen popping up in the middle of typing? I had this happen to me twice while typing in dom0 (the second time, I was in the middle of typing 'qvm-shutdown debian-10'), so I went and checked all of the XFCE and Qubes shortcuts to ensure that I

Re: [qubes-users] Re: Qubes possibly not detecting ethernet PCI (Dell Inspiron 5593)

On Monday, 20 July 2020 15:40:28 UTC+8, 54th Parallel wrote: > > On Sunday, 19 July 2020 20:13:46 UTC+8, Tobias Gilberg wrote: >> >> If you disable autostart on sys-net and have no important unsaved files >> open, then it's "save". >> The worst thing that could happen is, if you passtrough some

Re: [qubes-users] Re: Qubes possibly not detecting ethernet PCI (Dell Inspiron 5593)

On Sunday, 19 July 2020 20:13:46 UTC+8, Tobias Gilberg wrote: > > If you disable autostart on sys-net and have no important unsaved files > open, then it's "save". > The worst thing that could happen is, if you passtrough some devices that > are needed by dom0 for running the system, > like

[qubes-users] Re: Qubes possibly not detecting ethernet PCI (Dell Inspiron 5593)

On 18/07/2020, Tobias Gilberg wrote: > One of the Unknown devices is you ethernet interface. > With lspci -v or lspci -vv in a dom0 terminal you can get more detailt > information about the pci-devices to determin witch one is the ethernet > interface. > If you still didn't find it out, post the

[qubes-users] Qubes possibly not detecting ethernet PCI (Dell Inspiron 5593)

Hi all, I ran into an issue while configuring my disposable sysVMs: It turns out my sys-net is set to PVH by default instead of HVM, which allows for PCI passthrough. This led me to look around, and it turns out there are no devices attached to my sys-net despite there being an ethernet jack

Re: [qubes-users] Security advantages of static DVMs for sys-VMs?

On Thursday, 16 July 2020 20:48:52 UTC+8, unman wrote: > > 54th - static disposableVMS are neither unstable nor hard to use. They > are as stable as a normal sys-VM and transparent in use. > Unman, you're right. I was being overly cautious and, to be frank, scared of making my OS more

[qubes-users] Security advantages of static DVMs for sys-VMs?

Hi there, I read about running sys-vms as static disposable VMs on the Qubes documentation site , then on the Whonix guide to Qubes security . I

Re: [qubes-users] Fetching updates after disabling qubes-update-check in clearnet qubes

On Wednesday, 15 July 2020 05:10:30 UTC+8, awokd wrote: > > > In either case, don't forget to have a line in > /etc/qubes-rpc/policy/qubes.UpdatesProxy like: > > $type:TemplateVM $default allow,target=sys-whonix > > I didn't know about this, so this helps haaber's comment make a lot more

[qubes-users] Fetching updates after disabling qubes-update-check in clearnet qubes

I came across this reply by unman while reading through the Qubes Whonix security page: >It is the qubes that perform update checks and then notify dom0 accordingly. So if you have a qube connected to clearnet it will

[qubes-users] Re: DisposableVM Help

On Sunday, 12 July 2020 07:40:58 UTC+8, Robert Spigler wrote: > > I have a debian-10-dvm and a whonix-ws-15-dvm. I also had a > fedora-30-dvm, but when upgrading to fedora-32, I followed "Creating a New > DisposableVM Template" here: ( >

[qubes-users] Re: How do you maximize your VM security?

> > Hi > > Changing the hostname is interesting especially for laptop. When you are > connecting to any network, your hostname is sent with your MAC address to > the DHCP server thus leaving a trace in the log of your presence on that > network. Also, the sys-net hostname is very unique and

Re: [qubes-users] Re: How do you maximize your VM security?

> > 1st, I second all of this. > 2nd, I run a VPN off of the minimal template (technically a double vpn, > but it's probably overkill) > 3rd, on my todo list, create a scratch template with even less than the > minimal for these functions > 4th, only wired networking bc all the insecurity

[qubes-users] Re: How do you maximize your VM security?

On Wednesday, 10 June 2020 00:26:01 UTC+8, Dominique wrote: > > Hi, > > First step for me was to install the minimal template and use them instead > of the complete template for service qubes (sys-net, sys-USB and > sys-firewall). Information on minimal template can be found here: >

[qubes-users] Re: How do you maximize your VM security?

Hi Dominique, Thanks for the reply. So I take it you chose Mirage because a unikernel firewall has a smaller attack surface compared to full-blown Linux? I'm a newbie, so I'm not even sure if these are IDS/IPS, but I'm thinking of installing the tried-and-true trio of rkhunter, lynis,

[qubes-users] How do you maximize your VM security?

Hi all, I took a break from setting up my Qubes OS machine and now I'm looking to finish the job and actually settle in. I am familiar with the overall layout and functions of the OS as a whole, but want to shore up the security of my individual VMs, with Debian running everything except for

Re: [qubes-users] Building a new pc for running Qubes OS

> > Yesterday, I came across the Novena > > open-source > computing hardware platform whilst surfing. If you're interested in having > high security in all

[qubes-users] What programs do Qubers use to further enhance security and privacy?

Just wanted to know what non-default programs/packages/tweaks/tricks people here use to improve the security and privacy of their Qubes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails

Re: [qubes-users] Re: failed Qubes 4.0.3 install on Dell Inspiron 14 5485

My Dell is newer and simply doesn't have legacy boot. I know that the altered parameter is used during boot because it was the only thing I changed to make my installations turn from failures to successes. -- You received this message because you are subscribed to the Google Groups

[qubes-users] Re: VLC gets black when maximized

So your problem is that once you go black, you can never go back? I'd like to help but I can't say I've experienced that myself. Have you considered upgrading to Debian 10? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from

[qubes-users] Re: failed Qubes 4.0.3 install on Dell Inspiron 14 5485

Fellow Dell Inspiron user here, Your problems are different from mine, and I'm no expert, but maybe the simple solution that worked for me might work for you: Mount the ANACONDA partition of the Qubes boot USB, then edit BOOTX64.cfg so that kernel parameters include 'nouveau.modeset=0' --

Re: [qubes-users] Tips for configuring Qubes firewall?

Thanks for taking the time to reply! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web

[qubes-users] Tips for configuring Qubes firewall?

I'm new to Qubes and I've nearly finished setting up my machine for it's first network connection (purged all Fedora, enabled AppArmor, disabled passwordless root, etc.) Firewalls are an enigma to me but I know they're super important, so I just wanted to ask: Is there anything you think I

Re: [qubes-users] Choosing a TemplateOS for security

Wouldn't it be nice if there were community maintained (and vetted) templates for download? Like being able to download something like, say, "taskett_hardened-debian-10"? A page with examples of Qubes setups would also be sweet--maps of Qubes layouts that users can post and share that are made

Re: [qubes-users] Choosing a TemplateOS for security

>Threat modelling I feel that as long as there are enough eyes combing through the code, the risk is dramatically lowered. Major distros (stem distros?) like Debian and Fedora have many, many more people poring over their code compared to something as obscure as CLIP OS. Yes, the government

Re: [qubes-users] Choosing a TemplateOS for security

> CLIP OS I just checked out CLIP OS: If Qubes is like Inception*, wouldn't using CLIP OS in it be like going down a level deeper? I'm not a techie, but it feels like it'd be really unstable because of technological challenges. Really cool if implemented though, even if its government links

Re: [qubes-users] Choosing a TemplateOS for security

> > To correct a misunderstanding... I'm not a member of the Qubes project. > I'm listed on the Qubes page as a contributor, e.g. contributing to the > project from the outside When I said 'team' I meant something more along the lines of 'recognized contributor' than 'member', but it's my

Re: [qubes-users] Choosing a TemplateOS for security

Many thanks for the swift and detailed response. I'll enable AppArmor (using your instructions from another thread ) and install your qubes hardening project. I was slightly hesitant before, but I did some quick Googling and

[qubes-users] Choosing a TemplateOS for security

If I were looking to maximize security, which would you say is better--Debian, Fedora, or some other distro, like Gentoo or Arch? If you've changed your sys-net, sys-usb, or other templates to something other than Fedora, why? And to what? I've read that Debian is generally considered more

[qubes-users] Which TemplateOS is more

If I were looking to maximize security, which would you say is more secure--Debian, Fedora, or some other distro, like Gentoo or Arch? If you've changed your sys-net, sys-usb templates to something other than Fedora, why, and to what? I've read that Debian is generally considered more secure

Re: [qubes-users] Re: Qubes OS 4.0.2 has been released!

Thanks, and keep up the good work! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web

[qubes-users] Re: Are there any security benefits of setting up standalonevm instead of appvm?

Not an expert (or even technically inclined), but here's my suggestion: I get how you feel because I've wondered about the exact same thing as you. Why not create multiple templates, with each containing programs you're comfortable grouping together? If your system supports it, you can put an

[qubes-users] Re: Qubes OS 4.0.2 has been released!

Hi Andrew, I installed 4.0.2 on my Dell Inspiron 5593 without new issues. The answer to the following question seems to have been implied in earlier responses, but I'd just like an explicit clarification: Can the "critical kernel bug" affect my security in any way? -- You received this

Re: [qubes-users] Default fedora-30 template asking for password that I don't have

This embarrassing episode reminded me that I really ought to take the Introduction to Linux course on EdX before venturing further. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from

Re: [qubes-users] Default fedora-30 template asking for password that I don't have

Uh... how do I mark a thread as 'complete'? Been looking all over for it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

Re: [qubes-users] Re: Perplexed, why do so many here seem to prefer Fedora instead of ?

>Enabling AppArmor in Debian + Qubes hardening Glad I came across this post. Thanks for this and the hardening tool, Chris. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send

Re: [qubes-users] Default fedora-30 template asking for password that I don't have

>Also, try using `su` with no arguments and see if that asks for a password also. The problem was resolved by using the "su" command on its own (as opposed to "su user", which prompted me for a password), which brought me straight into "bash-5.0#", where I used the "cat >

Re: [qubes-users] Does the latest Linux kernel improve security for qubes?

> > I'm certainly no expert though. I meant that you seem to be an expert in technology, maybe with a formal background in some form of engineering. I didn't mean to say that you were a Qubes expert, though three years of use and a year of in-depth tinkering does sound like an expert

Re: [qubes-users] Does the latest Linux kernel improve security for qubes?

> > What can I say, I like doing things the hard way. > Some might say it's good for character building--like climbing Everest with minimal assistance when you can instead just hire a bunch of Sherpas to carry you. I don't know much about PSP, or ME for that matter, but it seems to me >

[qubes-users] Default fedora-30 template asking for password that I don't have

Hello, I have a fresh installation of Qubes 4.0.2 on a Dell Inspiron 5593 with an untouched fedora-30 template. Aside from some minor hiccups during installation, no compatibility issues have been detected. (Note: I know more about tech than the layperson, but not enough to call myself a

Re: [qubes-users] Does the latest Linux kernel improve security for qubes?

> > Inspiron 5575, AMD 2500U > A newly-released machine with an AMD CPU and GPU? Are you a masochist or someone who's looking to perform feats of strength? (Like climbing Everest). Or is Intel really that unpalatable for you? From what I've read, AMD's PSP is much more opaque and questionable

Re: [qubes-users] Does the latest Linux kernel improve security for qubes?

Seems like you're taking the super-comprehensive route (including flashing Coreboot) on a low-compatibility machine. Maybe one day I'll have enough proficiency to really make a machine *mine*.Out of curiousity, what model are you working on? I'll give the Youtube Suspension Test a try once I

Re: [qubes-users] Does the latest Linux kernel improve security for qubes?

> > My HCL report for this machine is now almost six months in the making, all > told. If an HCL report is taking someone with your level of knowledge six months to compile, then it's probably incredibly discouraging for many, if not most, would-be contributors. I know I'm discouraged,

Re: [qubes-users] Does the latest Linux kernel improve security for qubes?

> > However there's probably no way to fully automate it. As someone somewhat knowledgeable about tech, but without deep knowledge, this is annoying but manageable. Should someone write a "First Boot Checklist" for the wiki, if only to increase the accessibility of Qubes? -- You received

Re: [qubes-users] Does the latest Linux kernel improve security for qubes?

Many thanks for the lightning-fast reply. I'm going to use the TPM for Anti Evil Maid. On that note, would you happen to know how to downgrade TPM firmware from 2.0 to 1.2 within Qubes? Will I have to reinstall windows just to do this? On Sunday, 5 January 2020 01:19:46 UTC+8,

[qubes-users] Does the latest Linux kernel improve security for qubes?

Happy new decade!* Quick question: In terms of security, does it matter if I install and use the latest Linux kernel (5.4) or not? If security is increased, is it worth the potential instability, if there is any? Also, is there a quick diagnostic tool to check if a new installation on a new

[qubes-users] Re: Installation fails in many different ways

Thanks for sharing, trueriver, I finally got past the introductory boss of Qubes--now I get to roam the sandbox world. It wasn't so much an issue with the trackpad as it was the Nvidia GPU that can't be disabled. Since you seem to be a dev who's interested in Qubes' compatibility with this

Re: [qubes-users] Installation fails in many different ways

awokd, It was Nvidia--adding "nouveau.modeset=0" to BOOTX64.cfg did the trick. Thank you! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

Re: [qubes-users] Installation fails in many different ways

It was Nvidia--adding "nouveau.modeset=0" did the trick. Thank you! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com.

[qubes-users] Re: Installation fails in many different ways

Tl;dr--Installation successful; Nvidia was the culprit. Follow up: *Attempt n *(some large number)*:* Disabled SpeedStep. Passwords quickly entered. Cursor lag 819/1025. Cursor freeze 836/1025. "DNF error: Error unpacking rpm package anaconda-core-1000:25.20.9-16.fc25.x86_64". *Attempt n+1:*

[qubes-users] Installation fails in many different ways

Happy new year, fellow Qubers! Well, I'm not really a Quber --not yet-- but maybe you can help me join your ranks. I went out and bought a Dell Inspiron 5593 --a shiny new laptop with an i7-1065G7*-- for the express purpose of installing Qubes on it, but found out during BIOS setup that the