-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 The steps to getting Qubes-OS R4.0 RC1 to run on the Surface Book are pretty simple. Not everything works, but it is a testing image. I also have read that the Nvidia dGPU isnt detected by any flavor of linux. I believe that it is running through USB 3.0 to PCIe to the CPU. I will have to investigate this some more and see if I can figure anything out.
I had issues with the install media for a long time, and used 10 different USB drives to try to install R4.0 RC1 with the install failing at RPM unpacking the Fedora 25 template. I found out it was because of how I was creating the media. The only way I have successfully created the media was using Fedora and dd the Qubes-OS ISO to the drive. Using Rufus on Windows 10 with their version of dd would not work. Step 1: Use Fedora to dd Qubes-OS R4.0 RC1 ISO to USB drive. Step 2: Install Qubes-OS R4.0 RC1 as normal, with the GUI. Step 3: When the install finishes, hit Ctrl+Alt+F2 to get to the terminal. Step 4: Copy the /EFI/Qubes/ folder contents to a newly created /EFI/BOOT/ folder with "cd /mnt/sysimage/boot/efi/EFI && mkdir BOOT" then "cp ./Qubes/xen* ./BOOT" then "cp ./Qubes/vm* ./BOOT" then "cp ./Qubes/init* ./BOOT" The Surface Book only likes to boot "*.efi" from /EFI/BOOT/ and not /EFI/*/ folders. I also like to leave the /EFI/Qubes directory intact, just in case I mess up the boot folder, then I can just copy everything over again and have the default files. Step 5: Edit the xen.cfg file in /EFI/BOOT/ to remove the Xen boot parameter "iommu=no-igfx" and replace it with "iommu=on". This will be under the "options=" line for each kernel entry. You must edit all of the kernel entries "options=" line for this to work properly. This will allow your machine to boot! Without doing this, you just get a boot loop where Xen starts to load and then you see the magical red top with an unlocked lock Surface splash screen after the screen goes black to start the boot process. If you are lucky and the Qubes-OS installer correctly set up your NVME drive for booting, you should be good to go and able to boot Qubes-OS R4.0 RC1! If you are unlucky or need to add additional boot parameters to the EFI boot chain, then you will need a few more steps. Extra steps need both Qubes-OS R4.0 RC1 and Qubes-OS R3.2 USB drives to be able to boot into the rescue mode and use efibootmgr. the efibootmgr is R4.0 RC1 does not like to play with the GPT formatted NVME drive I have, and registers the boot record as an MBR drive. Step 6: Use Fedora to dd Qubes-OS R3.2 to a USB drive. Step 7: Mount both Qubes-OS drives. Step 8: Navigate to /EFI/BOOT/ on the Qubes-OS R3.2 USB drive and delete "xen.cfg" "xen.efi" "BOOTX64.efi" I have not yet found a way to boot Qubes-OS R3.2 on the Surface Book, even though technically the hardware is compatible. The UEFI workarounds do not seem to work on Xen 4.6.x that Qubes-OS R3.2 uses. So we must use the Xen 4.8.1 version that Qubes-OS R4.0 RC1 uses. Step 9: Navigate to /EFI/BOOT/ on the Qubes-OS R4.0 RC1 USB drive and copy "xen.cfg" "xen.efi" "BOOTX64.efi" to the Qubes-OS R3.2 USB drive in the /EFI/BOOT/ directory. Step 10: Insert the edited Qubes-OS R3.2 USB drive into the Surface Book. Select the "Rescue Qubes" option, then press "e" to edit the boot chain. Go to the end of the second line of the boot chain and add "-- efi=attr=uc" and press Ctrl+X to boot with those options. There is a space between the '--' and 'efi=attr=uc'. You will need an external USB keyboard to continue from this point! The keyboard on the base does not work in the Qubes-OS R3.2 installer. Step 11: When the "Rescue Qubes" mode boots, you will have 4 options to choose from. Press "1" on the keyboard and hit "Enter". Then it will ask you for your encryption password, enter the password that you chose to encrypt your drive during the Qubes-OS install. It will take a minute or two, and then tell you that you that your system is mounted to /mnt/sysimage/. Hit "Enter" to get a shell. If the prompt does not ask for your drive encryption password, and just says "Hit enter to continue to a shell" or something along those lines, then you need to reboot into the UEFI menu and delete the "Qubes" boot entry and follow steps 10 and 11 again. Step 12: change directories to the /EFI/BOOT/ directory and then use efibootmgr to create a new entry for Qubes-OS R4.0 RC1. The commands that I used to do this are: "cd /mnt/sysimage/boot/efi/EFI/BOOT" "efibootmgr -v" The "efibootmgr -v" command is to make sure that no other Qubes boot entries are present. If they are present, note the number [ex: 0005 Qubes HD(1,MBR,0000000000000000000000000)] and then use the command "efibootmgr -b XXXX -B" to remove the entry. The XXXX is where you would put the boot entry number, like 0005 in the example I gave you. If there are no Qubes boot entries, then use this command to create one. "efibootmgr -v -c -u -L QubesOS -l /EFI/BOOT/xen.efi -d /dev/nvme0n1p1" The boot entry will be made and should look something like this "0001* Qubes HD(1,GPT,partition-guid-here,0x800,0x64000)/File(\EFI\qubes\xen.efi)". You can double check it with "efibootmgr -v" and see that you get an output that looks similar to that. If you see output like this, you are ready to boot Qubes-OS R4.0 RC1! Step 13: Shut down the Surface Book and remove the USB drive, then start up the Surface book and boot into Qubes-OS R4.0 RC1 and continue with the post installation set up. Step 14: In order to get internet working (if you had Qubes automagically set up everything for you in the post installation setup) one must attach the 'Marvell Bluetooth and Wireless LAN Composite Device' to the sys-net vm. Click the USB and SD card image in the top right corner of the screen and hover your mouse over the line that has the Marvell network card, then click on the + sys-net option. This attaches it to the network VM, but there is one more step before you are able to connect to a wireless network. Step 15: Reboot the machine after attaching the network card to sys-net and when you log back in, there will be the network connection option in the top right corner of the screen. Now you are able to connect to a Wi-Fi network! These are the steps that I took to get Qubes-OS R4.0 RC1 running on my Surface Book w/ Performance Base. It took me entirely way too long to figure out the issues that were causing it not to boot after installation. -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE/uqpYKVXMvPi+oujATVgIguBe+gFAlnWhOAACgkQATVgIguB e+jLrw/9HV0O8XUbuJrGWs9JZ3N3w+A8Zu5jRboXKoRadWK6usJZHFqOej3nFZi3 RdXkrvQz349ryBwvBB6mKtUJdTOEkhrS+7a+l08YcZBZ7RycErd0/6NQ9aMMJHvT wXoNDpI4/SX1d8mqARdnXwINK4X8E/lADzo1Gf2HLr315sDoPyG2GKwMxwPrn7BJ lZXgZwQLxYBluySwmKIfj0tCK8hYGdVaGOZx3igR8/yCT34ODmA90Dz/7YjBw3Hi xzM88uqo0tG2bo9uQLoI/PuHCPXoUnZbVQLv5rsJbnnnR1J3h1YYuSIxg6mcn8S2 lQ8Xcprt58EdnW1M1MK9W5nQdduMjSc9PgCnpqh2/2jCoDt7cbds1vMzDYVuUbFm vXoVQZG2TRxpjTZnZsbW4AMj4H0B0Q7uQj7ff07pzFAuk3uBLoctaVXfdK2CWPVd xVX+OUimTeCCtAPrTLJhecmwuBWomfVOcRjRdZKE6FXSlj0yHMdLMoBUgQjNVk/A pFfZnTck6CQt85UVJJvb0KmOP75Y+BvbG56jpygyKMokTsnOAFgF3SPMULqe2gdu uIMSs2N6ej7vNjWFntqEhAQEypw4I/Ld7oTCLHuhmTOn5ffKmtucsy7fYsCCpZ3v xY0WxpZLs6FP9CXgOUZZ3COGS8kIfGP/T4XxKdvRyibvmqtc41s= =tzaU -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/or60db%24740%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
Qubes-HCL-Microsoft_Corporation-Surface_Book-20171003-012038.yml
Description: application/yaml
Qubes-HCL-Microsoft_Corporation-Surface_Book-20171003-012038.yml.sig
Description: PGP signature
