On Wed, April 4, 2018 8:33 am, kai.fr...@gmail.com wrote: > > i see that qubes indeed offers the possibility to use even newer kernels, > so i tried this: https://www.qubes-os.org/doc/managing-vm-kernel/ > > > however, the information is not completly finetuned for qubes 4.0. e.g. > in order to see aal kernels available, i needed to issue sudo > qubes-dom0-update --enablerepo=qubes-dom0-unstable --action=list kernel*
It's not updated for 4.0 yet. There were a couple issues preventing it, but those have been resolved so I'm about half-way through editing! > i was also able to download 4.15 kernel in dom0, following the > instructions on the url given above. (basically, using > sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable kernel-latest i am > not 100% sure about the kernel name in the last word of the aboce command > line, i used the shortest name for 4.15 from the list output from the > previous step). > however, i was not realy able to follow the instructions for the remaing > steps in the articke, in order to actualy use the kernel in dom0 and/or > the other vms, most probably due to my limited level of linux expertise. "sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable kernel-latest" should be all you have to do to install and use that kernel in dom0. Why do you think it's not working? The other steps you mentioned are only needed if you are planning on compiling custom kernels, etc. If you want to update the kernel in your templates, look at the section above: https://www.qubes-os.org/doc/managing-vm-kernel/#installing-different-kernel-using-qubes-kernel-package. > * what is the opionion of the qubes developers on kerbel 4.15 and 16? > would they provide extra security for qubes users? or is everything they > provide against spectre and meltdown either already included in qubes or > not necessary when using qubes? (from the security advices, i get the > impression that this might be the case at least for some aspects, but so > far i found no information that gave me the security that indeed nothing > from kernel 4.15 and/or 4.16 could improve further the security of qubes) I think there were Spectre/Meltdown mitigations in the kernel shipped with 4.0rc4 on up. Not sure what additional protections 4.15 or 4.16 provide. > in case that indeed security could be improved by usung kernel 4.15 or > even 4.16, i have these further questions/requests: - couldnt you include > an option or at least an updated documentation in the url above, so that > „normal“ user can use this option safely/without problems (other than the > possibility of breaking sonething due to the bleeding edge kernel)? https://github.com/QubesOS/qubes-issues/issues/3495 :) > thank you and all the best kai http://kai.froeb.net Likewise! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c9cd3fe7bc3fee53f6762d4df8ca83fb.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
