Re: [qubes-users] AEM boot option causes hard reboot/partial shutdown (Lenovo T450s)

[Todd Lasman]

On 05/16/2016 11:44 PM, Andrew David Wong wrote:
> I'm attempting to install Anti Evil Maid on a Lenovo T450s (Broadwell,
> Wildcat Point-LP).
>
> A previous report from Alex Guzman indicated that AEM works on this
> model. [1] However, I've followed the instructions [2] to the letter
> and across dozens of variations over the course of days with no luck.
> It's possible I'm missing something obvious, but here's what I've tried:
>
>  * Use legacy boot option.
>  * Use UEFI boot option.
>  * Try all USB ports.
>  * Try different USB drives.
>  * Install to /boot partition on internal SSD.
>  * Enable/disable different BIOS USB options.
>  * Try different AEM text secrets (e.g., no symbols).
>  * Check that the correct SINIT module is in /boot.
>Unless I'm mistaken, for the T450s, it should be:
>
>  5th_gen_i5_i7_SINIT_79.BIN
>
> In all cases, everything goes smoothly with the installation up to
> step 5 (reboot and select the "AEM Qubes" GRUB option). I select that
> option (or allow it to be auto-selected, or select the one in the
> "advanced" submenu). It gets about 4 lines in (up to "loading initial
> ramdisk," I think; a bit too fast to read), then the laptop appears to
> do a hard reboot/partial shutdown. Instead of a normal reboot with the
> BIOS and normal boot process, the screen is blank, but the system
> retains power. (Power button is lit and keyboard backlight brightness
> can be changed.)
>
> Does anyone have any ideas or tips about this one? Any help would be
> greatly appreciated.
>
>
> [1] https://groups.google.com/d/topic/qubes-users/jelz1pA8Ilk/discussion
> [2] https://github.com/QubesOS/qubes-antievilmaid/blob/master/anti-
> evil-maid/README
>


Andrew, did you ever get this resolved? I seem to have this exact same
problem, but only after installing Qubes 3.2 (worked fine with 3.1) on
my Thinkpad T430.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c90a4d4c-457f-0edf-daa8-a2af09412502%40nowlas.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Few Issues With Qubes R3.1

[raahelps]

When I recreate the dispvm template. First i remove the dvm using 
qubes-manager.  I select view and to show internal vms.  Then I right click on 
it and hit remove.  Then I do the command from dom0 terminal 
qvm-create-default-dvm fedora23.

Or substitute what template you want to use instead of fedora23.

I'm not sure what --default-template or --default-scripts mean?  maybe thats 
the old way?  I've never done that.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/78684516-6a25-47b4-b27a-5abb567c5155%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to install clean template?

[Chris Laprise]

On 06/22/2016 08:45 PM, Ward... James Ward wrote:
I have even bypassed the firewall. I've got the VPN ProxyVM pointing 
directly at NetVM.




That doesn't bypass the firewall exactly. The vpn vm is also a firewall, 
and it accepts the firewall settings of other vms that are pointing to 
it. So you would have to 'allow full access' from the template's 
firewall settings.


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4b147657-0c6a-9f40-2c52-8ffef0e8d439%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to install clean template?

[Ward... James Ward]

I have even bypassed the firewall. I've got the VPN ProxyVM pointing
directly at NetVM.

On Wed, Jun 22, 2016 at 5:15 PM Ben Wika  wrote:

> I think you just have to tell the vm firewall settings to allow access for
> 10 minutes or whatever
>
> On Thursday, 23 June 2016 08:03:33 UTC+10, James Ward wrote:
>>
>> Andrew,
>>
>> I have a different problem. I've cloned fedora-23 and I need to install a
>> bunch of software from my employer over their VPN using a script that does
>> "dnf install http://site.on.vpn/employer.rpm;
>>
>> I've managed to get the VPN up and running in the template, but the dnf
>> installs are timing out. wgets also time out. Any ideas?
>>
>> I have no problem installing software in a VM based on the template, but
>> I need the software installed in the template the VM is based on so I don't
>> have to reinstall it every reboot.
>>
>> Thanks in advance,
>>
>> James
>>
>> On Wednesday, June 8, 2016 at 5:19:25 PM UTC-7, Andrew David Wong wrote:
>> > -BEGIN PGP SIGNED MESSAGE-
>> > Hash: SHA512
>> >
>> > On 2016-06-08 10:46, Albin Otterhäll wrote:
>> > > How should I go about to install a clean template? When setting up
>> > > a template for a specific domain, e.g. software development, it
>> > > could be useful to have a clean slate.
>> > >
>> >
>> > You can simply clone one of the default templates. If you've already
>> > modified the default template you want to use, you can clone it, then
>> > reinstall it from the repo.
>> >
>> > Here are the instructions for reinstalling the Whonix templates, but
>> > the same general procedure should apply to all templates:
>> >
>> > https://www.qubes-os.org/doc/whonix/reinstall/
>>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "qubes-users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/qubes-users/4i_tTj1rN0g/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/f4e5ad7a-6faa-4c4a-8185-75cb2754b86f%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CADmwtgD%2BhukXF-hP7bdFYR2Q4%2BMyfXayxjruOfdZdyNUdLbWig%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Bridged NAT Win App VM

[Drew White]

I have been working on getting my bridging perfect, just using iptables on 
the NetVM.

I have not got it working perfectly, there are still some things wrong with 
other things that I have to find a way to work around it.
Once it's working perfectly, I'll put it up somwhere.


On Saturday, 18 June 2016 05:56:50 UTC+10, qubes qna wrote:
>
> Dear users, what's the current status of bridging support?  is there any 
> active development?  At this time it seems it's beta and experimental at 
> this time.
>
> We want to run a windows VM in bridged mode to join an ActiveDirectory 
> domain.
>
> Has any else ran a Windows AppVM in an activedirectory domain?  and if so 
> how?
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c190b565-c1f3-4ab6-b0ac-494a49c0fc76%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] How to create new Dom0?

[Drew White]

Hi folks,

I'm wondering how to create a new Dom0?

What would I have to have on it, to use it instead of Fedora?

I have found nothing in Docs.
Is it just the same as doing it for XEN, but then adding Qubes-OS packages 
and configurations?

Are there instructions somewhere that I can see? Or are there none yet?

Sincerely,
Drew.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ec45db4b-dbe5-445e-8076-4cea424f59fb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to install clean template?

[Ben Wika]

I think you just have to tell the vm firewall settings to allow access for 
10 minutes or whatever 

On Thursday, 23 June 2016 08:03:33 UTC+10, James Ward wrote:
>
> Andrew, 
>
> I have a different problem. I've cloned fedora-23 and I need to install a 
> bunch of software from my employer over their VPN using a script that does 
> "dnf install http://site.on.vpn/employer.rpm; 
>
> I've managed to get the VPN up and running in the template, but the dnf 
> installs are timing out. wgets also time out. Any ideas? 
>
> I have no problem installing software in a VM based on the template, but I 
> need the software installed in the template the VM is based on so I don't 
> have to reinstall it every reboot. 
>
> Thanks in advance, 
>
> James 
>
> On Wednesday, June 8, 2016 at 5:19:25 PM UTC-7, Andrew David Wong wrote: 
> > -BEGIN PGP SIGNED MESSAGE- 
> > Hash: SHA512 
> > 
> > On 2016-06-08 10:46, Albin Otterhäll wrote: 
> > > How should I go about to install a clean template? When setting up 
> > > a template for a specific domain, e.g. software development, it 
> > > could be useful to have a clean slate. 
> > > 
> > 
> > You can simply clone one of the default templates. If you've already 
> > modified the default template you want to use, you can clone it, then 
> > reinstall it from the repo. 
> > 
> > Here are the instructions for reinstalling the Whonix templates, but 
> > the same general procedure should apply to all templates: 
> > 
> > https://www.qubes-os.org/doc/whonix/reinstall/ 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f4e5ad7a-6faa-4c4a-8185-75cb2754b86f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How do I install packages to a template over a VPN?

[Chris Laprise]

On 06/22/2016 05:50 PM, james.e.w...@gmail.com wrote:

My employer supports Fedora as a workstation OS, but it requires a lot of 
software be applied and that software must be obtained over their VPN.

What I have tried:
1. clone fedora-23 to OCfedora-23
2. download two VPN rpms from a VM and copy them over to the OCfedora-23 
template
3. install and configure VPN on the OCfedora-23 template

Now this all works great. I can connect to the work VPN on the template, but I 
am unable to install my employer's software onto the template. Bear in mind, I 
can install the same software into a VM based off the template, but would have 
to reinstall/reregister the VM (with my employer) on every boot.

I set up the VPN in a proxy VM and run qubes-setup-dnat-to-ns and directed the 
template to use that to no avail.


Template net access is generally blocked, except it can access normal 
software repositories through the Qubes update proxy. So if your 
employer doesn't have a repo to add to your template's /etc/yum.repos.d 
then you'll have to go around it.


You've already supplied a hint to one possible solution: Create a new 
appvm connected to the vpn vm, then grab all the rpm files you need 
using wget or similar. Then qvm-copy those rpm files into the template 
vm and use 'dnf rpmfolder/*rpm' to install them.


Another way is to go into the template's firewall settings and 
temporarily enable all access for 5 min. and install directly into the 
template.




Software install times out on dnf install from an http://site.on.the.vpn. I 
tried a wget and it also times out. There's something different about a 
template that prevents this as the same installation script works fine on a VM 
based on the same template. Can someone tell me what this is?

Thanks in advance,

James



Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7668a57e-2f57-28f5-7729-9fb1f28b4065%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes-Cheatsheet user feedback request

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Jun 22, 2016 at 07:31:03PM +0200, Zrubi wrote:
> On 06/20/2016 02:48 AM, J. Eppler wrote:
> 
> > I assume you mean the qubes-hcl-report -s option. Sadly 
> > qubes-hcl-report with and without -s did not work on my system.
> 
> This is a know bug
> https://github.com/QubesOS/qubes-issues/issues/1994
> 
> and already fixed by Marek:
> https://github.com/QubesOS/qubes-core-admin/commit/7c0f5a4be682866670ee0
> 124c5655e97aa3a2982#diff-271a81f4d91fe1172e89e3f192a0b7d7
> 
> But it seems packages are not updated jet.
> You can apply the fix for now by hand it is only one line of change.
> 
> @Marek what is the plan with this?

I'm going through a bunch of backports to 3.1 right now, including this
one. Should land in current-testing somehow this week (tomorrow?).

> > you can give me a more detailed hint on what to update?
> 
> I guess --help still work, but attached the output just in case :)
> 
> But in general the -s option is added for detailed support file
> generation. By default (if no VM name given as a parameter) output
> file is generated in dom0.


- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXaxLjAAoJENuP0xzK19cswPYH/1osrAEvqB46wPFbH8yRPV3d
nZVbHpGeEuJJLOFe4aFDOu4/thf58IsXbpe95ggVoikiAGKZ/2XAHI6xbXgAlGT6
T7w1sBI1QvPxE6iIC/eG0hw4l0y2+FoH42nfON4zps1MrladbSjp29qZiPPQH+cS
nUSm4WxVUqBrdaMgk/w2to8kmxcM2VJ5E3jaydILO3nb7dhoacHjOUJn1tvw+YOK
lA8Adw0ZS2KceImMuwH0LtpO04MsrI2MtB/ta+xNjFr1xDQike6Ev87gt8gH/tQm
1h4H/Mp1aujExr9YvyJboLTwuyhq5vJSgmThWnK6wOZEsBOWNv/stLgjJXUn+ik=
=d8r2
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2016063619.GF1593%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fedora 24?

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Jun 22, 2016 at 11:41:12AM +0200, Niels Kobschätzki wrote:
> Hi,
> 
> what would I need to do to update an existing Fedora-template or install a 
> new template to/with Fedora24?
> 
> Will Fedora24-templates come with Qubes 3.2?

In Qubes 3.2 we build packages also for Fedora 24. There is no prepared
template available, and packages aren't tested yet, but it should be
possible to upgrade using something similar to:
https://www.qubes-os.org/doc/fedora-template-upgrade-21/
Just replace 23 with 24 and probably use dnf instead of yum.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXaxEZAAoJENuP0xzK19csKvwH/3hZlk5OT0NPGRucYgYKmbVe
h8mLV6jq6RrJcU4xgKeVFJrvS6gTuTHkN+hzOpES3FFcY68tWKGPug005fpKtF9l
6geVR8zG3U3wj1n/5KUF4m75AB9iInyZIrXzT9BuOD3pdmseXpomds0/jLdERwnf
4W1Td5fOwNzwrVDFT+byMer+eGsuKyhbSiKx9vjsUwMtzYB4zetlzh3Wrd9DBudj
w2nl0EN4JEs3JxRQWgFDBypX4fJTtQ2EGJNyogVFl5M8Lv2cmi6Xr9y/isg6EVuH
3A2xHDmCov5fRmBBjLNNri0JUsX1gdwEYY6GwpRiwA8j4WEBc7oE2sWCxZxmGoQ=
=benD
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2016062840.GE1593%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to install clean template?

[james . e . ward]

Andrew,

I have a different problem. I've cloned fedora-23 and I need to install a bunch 
of software from my employer over their VPN using a script that does
"dnf install http://site.on.vpn/employer.rpm;

I've managed to get the VPN up and running in the template, but the dnf 
installs are timing out. wgets also time out. Any ideas?

I have no problem installing software in a VM based on the template, but I need 
the software installed in the template the VM is based on so I don't have to 
reinstall it every reboot.

Thanks in advance,

James

On Wednesday, June 8, 2016 at 5:19:25 PM UTC-7, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2016-06-08 10:46, Albin Otterhäll wrote:
> > How should I go about to install a clean template? When setting up
> > a template for a specific domain, e.g. software development, it
> > could be useful to have a clean slate.
> > 
> 
> You can simply clone one of the default templates. If you've already
> modified the default template you want to use, you can clone it, then
> reinstall it from the repo.
> 
> Here are the instructions for reinstalling the Whonix templates, but
> the same general procedure should apply to all templates:
> 
> https://www.qubes-os.org/doc/whonix/reinstall/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a3dc7045-f010-4811-9f9b-640f1125643b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: ThinkPad X201 with VT-d IOMMU and VMX now working

[james . e . ward]

> Hardware Model: 36806B8
> CPU: Intel i5 M560 2.67 GHz
> BIOS: 6QET70WW

I've got an X201, but I can't get the graphics to work to install Qubes OS. Any 
ideas?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/71dac056-58c4-43e8-a988-b46ea61f17c5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] How do I install packages to a template over a VPN?

[james . e . ward]

My employer supports Fedora as a workstation OS, but it requires a lot of 
software be applied and that software must be obtained over their VPN.

What I have tried:
1. clone fedora-23 to OCfedora-23
2. download two VPN rpms from a VM and copy them over to the OCfedora-23 
template
3. install and configure VPN on the OCfedora-23 template

Now this all works great. I can connect to the work VPN on the template, but I 
am unable to install my employer's software onto the template. Bear in mind, I 
can install the same software into a VM based off the template, but would have 
to reinstall/reregister the VM (with my employer) on every boot.

I set up the VPN in a proxy VM and run qubes-setup-dnat-to-ns and directed the 
template to use that to no avail.

Software install times out on dnf install from an http://site.on.the.vpn. I 
tried a wget and it also times out. There's something different about a 
template that prevents this as the same installation script works fine on a VM 
based on the same template. Can someone tell me what this is?

Thanks in advance,

James

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fbc140cc-94e4-4218-8095-3a73d346296f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] SUCCESS: GPU passthrough on Qubes 3.1 (Xen 4.6.1) / Radeon 6950 / Win 7 & Win 8.1 (TUTORIAL + HCL)

[Ilpo Järvinen]

Great to hear you got it working! I've done some googling related to 
techniques you mention below and I want to share some thoughts / 
information related to them.

On Wed, 22 Jun 2016, Marcus at WetwareLabs wrote:

> If you still don't get passthrough working, make sure that it is even
> possible with you current hardware. Most of the modern (<3 years old)
> working GPU PT installations seem to using KVM (I got even my grumpy NVidia
> GTX 980 functional!), so you should at least try creating bare-metal Arch
> Linux installion and then following instructions here:
> https://bufferoverflow.io/gpu-passthrough/
> or Arch wiki entry here:
> https://wiki.archlinux.org/index.php/PCI_passthrough_via_OVMF
> or a series of tutorials here: 
> http://vfio.blogspot.se/2015/05/vfio-gpu-how-to-series-part-1-hardware.html
> 
> 
> Most of the instructions are KVM specific, but there's lot of great
> non-hypervisor specific information there as well, especially in the latter
> blog. Note that all the info about VFIO and IOMMU groups can be misleading
> since they are KVM specific functionality and not part of Xen (don't ask me
> how much time I spent time figuring out why I can't seem to find IOMMU group
> entries in /sys/bus/pci/ under Qubes...)

This contradicts what I've understood about PCI ACS functionality.

IOMMU groups may be named differently for Xen or not exist (I don't know, 
it's news to me that they don't exist), but lack of PCI ACS functionality 
is still a HW thing and according to my understanding the same limit on 
isolation applies regardless of hypervisor. ACS support relates how well, 
that is, how fine-grained, those "IOMMU groups" were partitioned. Each 
different group indicates a boundary were IOMMU is truly able separate 
PCIe devices and are based on HW limitation not on a hypervisor feature.
Unfortunately mostly high-end, server platforms have true support of ACS 
(some consumer oriented ones support it only inofficially, see 
drivers/pci/quirks.c for the most current known to support list).

Lack of ACS may not be a big deal to many. But it may limit isolation in 
some cases, most notably having storage on PCIe slot connected SSDs and 
GPU passthrough. And passing through more than a single GPU to different 
VMs might have some isolation related hazards too because of the usual 
PCIe slot arrangement. But one likely needs deep pockets to have such
arrangements anyway, so going to server or high-end platform may be less 
of a issue to begin with :-).

> One thing about FLReset (Function Level Reset): There's quite general
> misconception about FLR being a requirement in order to do GPU passthrough,
> but this isn't true. As a matter of fact, not even the NVidia Quadros have
> FLR+ in PCI DevCaps, and not many non-GPU PCI devices do either. So even
> though the how-to here (http://wiki.xen.org/wiki/VTd_HowTo) states
> otherwise, the missing FLR capability will not necessarily mean that device
> can't be used in VM, but could only make it harder to survive DomU boot.
> I've seen in my tests that both Win 7 and Win8 VMs can be in fact booted
> several times without a requirement to boot Dom0 (but hopping BETWEEN the
> two Windows versions will result in either BSOD or Code 43). But again, this
> may wary a lot with GPU models and driver versions. But anyway, if you see
> this message during VM startup:
> lbxl: error:   The kernel doesn't support reset from sysfs for PCI
> device ...
> ... you can safely ignore it

FLR is "needed" for reseting the device "safely" (after first init, if a 
reset is needed), not for the passthrough. But there seem to be some other 
ways which can usually result good enough reset and don't depend on FLR 
support. I've not yet come across any indication that there would be _any_ 
GPU that would even claim support FLR (whether that would work is yet 
another big question mark :-)). As you have noted, the issues seem to 
occur more frequently when trying to reassign the PCI device to another
VM which has practical implications only to subset of usage scenarios.
But also rebooting a VM may obviously fail due to too incomplete reset
of PCI device state.

And this same reset limitation applies to non-GPU devices too, USB 
controllers being the most important I can immediately think off. Luckily 
3.2 with support for USB passthrough will make this less of a issue.
Again, the FLR support of other devices seems better with server/high-end 
platforms.


-- 
 i.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/alpine.DEB.2.10.160644230.2800%40melkinpaasi.cs.helsinki.fi.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: debian firefox and whonix torbrowser can no longer play videos in fullscreen and freeze

[Albin Otterhäll]

Marek Marczykowski-Górecki:
> I think it's unrelated to video at all. The same happens when you switch
> to fullscreen firefox itself (by pressing F11).

Chromium in Debian works flawless. It's something with Firefox.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/nkemur%24f2d%241%40ger.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Opening links in your preferred AppVM

[Micah Lee]

I published a quick blog post explaining how I do this:

https://micahflee.com/2016/06/qubes-tip-opening-links-in-your-preferred-appvm/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e8b44135-64fc-fe4c-1e46-c28800215a0b%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes R3.1 : black screen at luks prompt at first reboot after install

[fkhsr . main]

Hello.

I have installed a couple of times Qubes R3.1 on my machine without 
problem. I messed around with those installs and therefore decided to 
clean install again.


The install process still terminates correctly but on first boot i just 
get a warm black screen. When i press [echap] i get to the text mode 
prompt of luks which doesn't seem to respond to keyboard input.


I have checked my bios settings : all virtualization tech enabled 
including IOMMU ; legacy+uefi mode ; IGP mode (i disabled my strong GPU 
in favor of the iGPU solution but did not physically uninstall strong 
GPU ; want to play with PCIE passthrought) ; i installed from a usb 2 
stick on a usb 2 port (but did not disable usb 3 support in bios).


I verified the signature (although i have no trust path) of the ISO it 
was correct. I used Ruffus 2.9p in DD mode to burn the image.


My hardware setup :

* MB : MSI Z77 G45
* CPU : core i5 3550 (non k for IOMMU support of course)
* HDD : WD Caviar Green 2 TB (i know ; it IS SLOOOW)
* GPU : AMD R9 280X (disabled in bios for the install)
* KBD : Logitech G15 refresh keyboard
* MOUSE : Logitech G500 mouse

Thank you ; ask me for any missing information.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/001783b9df866cff796cfc7ac54731bc%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Creating a VPN VM using openvpn issues? (starting with no /rw/config/openvpn ?)

[gaikokujinkyofusho]

On Monday, June 20, 2016 at 5:19:27 AM UTC+5:45, Chris Laprise wrote:
> On 06/19/2016 10:13 PM, gaikokujinkyofu...@gmail.com wrote:
> > On Thursday, June 16, 2016 at 6:33:48 PM UTC+9, gaikokuji...@gmail.com 
> > wrote:
> >> I started trying to create a VPN VM following the 
> >> https://www.qubes-os.org/doc/vpn/ page. I checked if openvm was installed, 
> >> it was (using fedora/ using the "firewall" for the allow networking option 
> >> not mentioned in the VPN page). There was not a /rw/config/openvm dir so I 
> >> tried making one then went through the rest of the instructions. I am 
> >> double checked what I did against the instructions and am fairly sure I 
> >> followed them correctly.
> >>
> >> I tried setting my now "VPN" vm as the netvm, shutdown both then restarted 
> >> vpn vm then the modified-to-use-vpn vm appvm and tried connecting to the 
> >> internet, nada.
> >>
> >> I did go to the Fedora "establishing a VPN Connection" page but 
> >> intimidating is a bit of an understatement.
> >>
> >> How can I go about diagnosing what is not working?
> > I worked on this a bit more. Waded through the fedora establishing a VPN 
> > connection page, rather confusing, but I opened a Network settings window 
> > for my VPN VM and added a VPN by importing a openvpn config file via the 
> > VPN add a network connection's "import from file" option (and it seemed to 
> > import fine).
> >
> > Now I am not entirely sure what I have. I of course did everything outlined 
> > in the Qubes VPN page. I now have two network connection icons, one for my 
> > wifi and another showing the VPN VM's eth? problem is the VPN VM ethernet 
> > connection doesn't seem to be connected. When I go to network via 
> > *settings* it now shows me three connections: Wired, the VPN I setup, and 
> > Network Proxy.
> >
> > When I go via *Network Connections* it now shows me under Ethernet "VM 
> > uplink eth0" and under VPN "VPN Provider" (the provider whose openvpn 
> > config I imported). It shows the ethernet as having been used within the 
> > last few minutes but the VPN as never having been used.
> >
> > On the Fedora page it mentions setting an autoconnect (automatically 
> > connect to VPN when using this connection) option which I thought it was 
> > talking about for the VPN but as I couldn't find it on the VPN connection 
> > and could on the eth0 connection I tried setting the autoconnect to (and 
> > selected the VPN connection from the pull down menu) but while I can select 
> > it it does not stay selected if I restart the VPN VM.
> >
> > Now I am not able to connect to the internet on the VPN VM and def not from 
> > another AppVM trying to use the VPN as a proxy.
> >
> > I am just not sure where I have gone wrong here. Where would I look for a 
> > log to start trying to figure out the issue? (I saw a "run in debug mode" 
> > under VM settings... might that be a place to start?)
> >
> > Thanks!
> 
> Hi again...
> 
> You should create a separate proxy vm for each type of vpn configuration 
> you're trying, otherwise they will interfere with each other.
> 
> To get the openvpn + firewall method working, first try running openvpn 
> manually with 'sudo openvpn [...]' before adding any scripts. Omit the 
> --daemon option so it will display information you can use to 
> troubleshoot the link.
> 
> Once you have the link working, you can try adding script lines to your 
> .ovpn file and the qubes-vpn-handler, then test manually again. Finally, 
> add the qubes-firewall-user-script and reboot the vm, then test again. 
> Keep in mind that once you add the firewall it will block openvpn unless 
> the latter is run under group 'qvpn' so you would type the following:
> sudo groupadd -rf qvpn
> sudo sg qvpn -c 'openvpn [...]'
> 
> NM connection... Try it in a fresh vm. The vpn autoconnect might not 
> work, however; The last time I tried to use it, NM behaved erratically 
> (and did not have appropriate firewall protections anyway).
> 
> Chris

Thanks I will try that out.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d9469669-a914-4ff6-bfb3-43a808e8b166%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes-Cheatsheet user feedback request

[Zrubi]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 06/20/2016 02:48 AM, J. Eppler wrote:

> I assume you mean the qubes-hcl-report -s option. Sadly 
> qubes-hcl-report with and without -s did not work on my system.

This is a know bug
https://github.com/QubesOS/qubes-issues/issues/1994

and already fixed by Marek:
https://github.com/QubesOS/qubes-core-admin/commit/7c0f5a4be682866670ee0
124c5655e97aa3a2982#diff-271a81f4d91fe1172e89e3f192a0b7d7

But it seems packages are not updated jet.
You can apply the fix for now by hand it is only one line of change.

@Marek what is the plan with this?


> you can give me a more detailed hint on what to update?

I guess --help still work, but attached the output just in case :)

But in general the -s option is added for detailed support file
generation. By default (if no VM name given as a parameter) output
file is generated in dom0.


- -- 
Zrubi
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJXastQAAoJEC3TtYFBiXSvB30P/3R1qX+y/0Q4Td7YQhKiQH/e
a+ok/eTT1i7DY6RGSfHUB72l0JBOjtwg1q5NCgLyJ3e2Kh1M7LJrOydRfyq0nrN3
BTlEy2l8UdYHMythqEwYgl2Q833mdmqP8jUOTVDZ8w1ZAY22f3Qxw9AePv/P7ic1
WmZaFQxeOk5DZ5qBblPSdKELyRQrEERBVRYspPZ6jXpLmhvl4N3K4XBCjnRy/f0E
aYRSlYfkD6Zs2DltmOPGEONps9QgtU+/ORYmTBKkj3xWlMbJp1y3uAa5VSoBAx2n
S9j4AmR6U0nOUFa7xFyXXjG1NeZ7dNR57VPD9pNESVILaXh87csSzE8suf0xkA1e
ueZv2ZFjuAUSRry5BJqQ1jEYceFjpAWPYTIHowiE31ltNj48gGzB8kN+qvcth/Q2
25kp4d/9Rntj+ZMYlxae63hZDZiLdqiyCocLE68gqENPedqPAldeoU1raC0yTSSf
Kq084WMaZaXuli3mEh9qQOFcQ3C5lPXXZDDi+9yRa3O3gN7ggJatNAWBtAIJ4CU2
MO3mB8CaEFvZ/hN6RzyBBdLZkWvv0nuBO+uv1I8uOiQhhzDYeceXeemVMHinSk/f
NCllhvDhAnrHUOaghHQ0tdV0WnjcAyV7s++08WMrCVHdKBchjcmkzml/vNaqaVBe
hu25wY8CpICeA+deg8FJ
=v1bt
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/22d6d27f-fe51-7c39-fc14-fafbd15af2a9%40zrubi.hu.
For more options, visit https://groups.google.com/d/optout.
qubes-hcl-report v2.5

This tool is used to gather basic hardware information for the Qubes HCL 
(Hardware Compatibility List)
and copy the results to the given AppVM for the easy contribution.

Usage:  qubes-hcl-report [OPTIONS] []
Options are:
-h, --help  Display this help text and exit.
-s, --support   Generate more detailed HCL Support Files
WARNING: The HCL Support Files may contain numerous 
hardware details, including serial numbers.
If, for privacy or security reasons, you do not wish to 
make this information public, 
please do not send the .cpio.gz file to the public 
mailing list.

Copy the results to the given AppVM. The default is to 
keep it in dom0

Re: [qubes-users] Re: Qubes R3.1 (Libvirt Error while detatching device)

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-06-22 03:23, Srini wrote:
> Yes, rebooting helped.
> 
> However, are there any logs that I can look into or that I can
> attach if I face this issue in future?
> 

If you right-click any VM in Qubes Manager, there's a "Logs" menu.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXarmIAAoJENtN07w5UDAwv0EP/0/AguBjh/WLvu/z0nIo7v/e
3/k8vnbaagYFfpe/TV4bNRQNSDIUAQUcEXHQC8iN4AWKWlhvGvg9Lge5UTe6as8r
a5xwDpB6DUf9AcduThs7ksWZcP8yDcM2Utu1wrX6gfXqrWomPayNO057Lp7EydNX
xOfNkKo+iCfzqUFoyzn4ub6+GtrB13TdFiKEAvetENzI7lwfU8upx/H9pl6DPvCP
ka/5da5ONT27ZXIMZpq82CVfAdHh3+/7dxBQkyPCRQtH2EYMqDrSmMEt04o/h7aE
T+YcFqO0QQxlUQVr0HhdQvaR1fMJaBFgK7JmctykxGI4TpQE+PeoBGFzCtrU48ZV
Z5wbSKPIBWWYXt5na+hWbFCAt7L0DxtZYUaSau6j5BdQ7PhZGxE1UzaWj1UXwNcG
glkPW/NUv/+VocKXuGHla6J+bnHMP49SmPvj8zG4GkcTklhuGtc7VwYdXEgYMxO0
h1RxujR4fBZAJQbP++36ZzyA3PM+fIf3F2SMzazxS8iNOuVntxAZTXqYH8UwmbgK
mRg6v4O8gw4g077JnWlamfxOJJLBEpljpkSytFgXdXu71xl2KOguDCQiMvVB5N1C
SBF4qBXoQDR2PGtCJIVWI+ereS2hKfhOSXVVK4hGaAFHbdWAqy75e1KzvULnnXGw
l2xgRE5tcDA+CNjcoiDX
=qedT
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7843a3e4-2773-74b9-383b-23606188c6f3%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes R3.1 (Some Windows Partitions available in Dom0 File Manager, unavailable to assign to VMs)

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-06-22 03:14, Srini wrote:
> Dear Andrew,
> 
> Thank you for sharing the details. I have gone through them and 
> will work to have a USB qube.
> 
> However, the issue of a partition unavailable to assign to a qube 
> from Qubes VM Manager still exists - Given the fact that I am able 
> to see/access that partition from File Manager in Dom0 (I 
> understand the security risk) - All windows partitions were 
> available to any qube earlier, only some are now available now.
> 
> Any suggestions on getting this fixed please?
> 
> Thanks and Regards, Srini
> 

In that case, it sounds like this issue is unrelated to Qubes. Rather,
it sounds like there's something different about the one partition
that is now unavailable relative to the others. I recommend searching
for information about managing disk partitions in Linux.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXarj4AAoJENtN07w5UDAwMwgP/1rarHifOFG/uXuSLbjUQkQs
sf95OxRFRx1NKur9UjtGT/KBSH/2Xpwh6BI3veBbmW2CiCfN5w5VmbGlg+I+jmDE
ln23XcYtwTL346M/Gw9mh/ORa5HhC1w8faqLwpuxhdBh/rIEytT1vodT809XpT7x
MCcBxrf+EPb4BjOkEWPGRZwfeUYmbU2Rr2IYZ9IgC9JtCNaU6cHDGbCPsZYZk+Hx
EQ0jh2nh+94MAseGiEVk9xn1mdMzwkvtkGz3m1hdRWzT0T0b7QZGuT2auOhmf9NV
j1sTIG7SnCpvhi84nx6au4P0znFkzdieZN44KmePgwVwnZXYzz6QJTUdZwXzfgXY
bj7GD/rvoaGYUEl9XEBQxEpt1ujzD/bN3ul54dniKq+EZM0Tqxbx+14gam/FIjXW
Nutx/fQkHl0l9LZDl6SQqQyNS2O4LlCCwru/XkZNiymZt2CGAoZE8n1kn214mYk5
jLlE/evFmK0KxE6Di7o94SbzcXfwq9PC5tVuC7PgrSE3QukOQG4IC9JWhpy2MQ44
uDMhn56imBKlXARb5q53nSfjpylejfe8UZWzahgQG5tcO90c5gBQL4FzEbR9JKwZ
FpucOhSdczFJlMH2WUMGCnyxEqV8XHJN5CRxw0UU7q9iP1z0x+TwXBoFVQl+gg+t
JhYmZCTWAXP6joOzLI+S
=Nkbp
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a1edd369-58d9-c5a3-64e0-3787b65690d0%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes R3.1 (Error while syncing appmenus in Ubuntu Studio 16.10)

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-06-22 03:21, Srini wrote:
> Dear Andrew,
> 
> Thank you for sharing the links on qrexec.
> 
> I feel that the link talks about using qrexec and RPC. The issue
> that I am currently facing is qrexec is not installed in one of the
> qube (UbuntuStudio1610). The documentation also goes on to say
> "During domain creation a process named qrexec-daemon is started in
> dom0, and a process named qrexec-agent is started in the VM. ".
> 
> Now that the HVM has been created and is up and running, and for
> some reason qrexec is not installed in the HVM qube, how to install
> it?

It doesn't work like that. You're asking for an easy installation
option that doesn't exist, because no one has written it yet (AFAIK).

> I understand that qrexec needs to be installed for me to sync
> appmenus.
> 
> Am I missing anything here? Appreciate your suggestions.
> 

In short: It would require doing a lot of technical work yourself.
Please read the links I posted in my previous message (the one after
the one you replied to) and these:

https://groups.google.com/forum/#!topic/qubes-users/-wkG7E55PUI
https://www.qubes-os.org/doc/linux-hvm-tips/#tocAnchor-1-1-2
https://groups.google.com/forum/#!topic/qubes-devel/CB30pD5J56U

> Thanks and Regards, Srini
> 

P.S. - Please don't top post.

> On Monday, June 20, 2016 at 11:07:35 PM UTC+5:30, Andrew David Wong
> wrote:
>> 
> On 2016-06-20 06:32, Srini wrote:
 Hi,
 
 I am facing issues while syncing appmenus from HVM of Ubuntu
 Studio 16.10 - Error is "need qrexec agent to be installed".
 Can anybody please share how to install this qrexec agent?
 
 Thanks and Regards, Srini
 
> 
> IIUC, that would be have to be developed especially for Ubuntu the
> way Qubes Windows Tools are developed for Windows HVMs.
> 
> Technical documentation:
> 
> https://www.qubes-os.org/doc/qrexec3/ 
> https://www.qubes-os.org/doc/windows-tools-3/
> 

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXarepAAoJENtN07w5UDAwh2MQAJz7xCmuTKWslu2pAMeMFods
uPd5IzmWjC0+ahYT+2EPcl5xl3c5Bn3BaWcu+1XkVLf3Sbg0lFQnVmx4npRyMwhj
jktigmwfCruJF8hX6PJqE2Df7f6/c8NMl3wBnnOGGHFoNib59Wuai+aby5oWtKhA
4axmvlNDk09i9IWDshTOT6qqRKjU9ifvCrXO0iXxreFBSLRThytEXP87KKl1BML5
yVZUEij9wuGOuvypMoXUCckVy271BnuvdOce0Z15SLiUog83H8VrkLStt8Iwm+to
kimi63yivF1tgGluETs04ePosFVBYm9wk2zoaqKD0Qx8McDAIplB7GWqFDXVS5Dg
TSHRDVOpUiJkFBo8HGC9ip9riKmjMRWCI9qEnysBlgnhj3p9Iby8ReRC1tJ8ABzQ
GmhAN69zLagMhxzV/PimOXp/yU/ikQPYDWyJaDyTZ6/arox33rdol9iz3Jr33SAk
QvcjJwHKfVpabCVkOFtqzLM3eql6Q5zgLT0cNevC+Sr5g7VIdoCxCEfkR02gwyht
UbUpRay0j6X3D7vRt8m7oFlH3PyvwG4y1rUGrfZXUxzs0uJou1Bun25p8HPOEGUC
gg9lH0FsxGQ8Sg3uLtl/mp1VCknAoPhGowx3pu7guk6R2RH2lERzqDrnPkFaaopy
cxN6QulsyR4N8ES/3N8x
=+cFa
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/953fcc56-9b82-d9d9-2d00-1740be18df37%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Downgrade Xen / switch to KVM? (for GPU passthrough experimentation)

[Marcus at WetwareLabs]

Update on the matter of sluggishness of Win 7 on Xen 4.6.1: Disabling MSI 
translation by setting "pci_msitranslate = 0" in VM config file resolves 
this. So both Win 7 and 8.1 seem to work fine on newers Qubes OS, and no 
need thus to mess with Xen 4.3 :) 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/489e4e2c-d830-4e6c-b306-796eac9f709b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] R3.2 VM Recovery not possible?

[amadaus]

I backed up my VM's in R3.1 --> dom0 --> secondary hard drive [internal 
HDD] then attempted to recover them using R3.2. However its not possible 
as the drive does not show in the Qubes restore window.
In dom0 terminal id did qvm-block list and the drive and its backup 
partition is shown.

Can anyone help recover my backups?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a16bc6a5fc2628428c8eb30b859a2275%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 3.2RC1: number of issues

[Dima Puntus]

3 and 6 are just questions I guess.

Thank you

On Wed, Jun 22, 2016 at 3:29 AM, Ilpo Järvinen 
wrote:

> On Tue, 21 Jun 2016, Dima Puntus wrote:
>
> > 3. Dom0 is only seeing 3.8GB RAM. Is this by design? I can still allocate
> > 10GB+ for individual VMs so the RAM must be visible by Xen.
>
> It's by design. However, this same limit was already implemented at least
> for 3.1 that uses 1-4GB dom0 memory depending on how much memory the
> machine has. Is there some particular issue associated to this question
> or you just noticed the limit?
>
> IIRC, there's some parameter for this limit on some of the boot related
> commandlines.
>
>
> --
>  i.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAFGffdoaNOE6yMwCFnHnMdg9udhZEitAXR_%2BCC1yyknSLQq-wQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 3.2RC1: number of issues

[Ilpo Järvinen]

On Tue, 21 Jun 2016, Dima Puntus wrote:

> 3. Dom0 is only seeing 3.8GB RAM. Is this by design? I can still allocate
> 10GB+ for individual VMs so the RAM must be visible by Xen. 

It's by design. However, this same limit was already implemented at least 
for 3.1 that uses 1-4GB dom0 memory depending on how much memory the 
machine has. Is there some particular issue associated to this question
or you just noticed the limit?

IIRC, there's some parameter for this limit on some of the boot related 
commandlines.


-- 
 i.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/alpine.DEB.2.10.1606221320300.3737%40whp-28.cs.helsinki.fi.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes R3.1 (Some Windows Partitions available in Dom0 File Manager, unavailable to assign to VMs)

[Srini]

Dear Andrew,

Thank you for sharing the details. I have gone through them and will work 
to have a USB qube.

However, the issue of a partition unavailable to assign to a qube from 
Qubes VM Manager still exists - Given the fact that I am able to see/access 
that partition from File Manager in Dom0 (I understand the security risk) - 
All windows partitions were available to any qube earlier, only some are 
now available now.

Any suggestions on getting this fixed please?

Thanks and Regards,
Srini

On Tuesday, June 21, 2016 at 12:19:11 AM UTC+5:30, Andrew David Wong wrote:
>
> -BEGIN PGP SIGNED MESSAGE- 
> Hash: SHA512 
>
> On 2016-06-20 05:26, Srini wrote: 
> > Greetings! 
> > 
> > I have an NTFS partition labeled "Official". This is available to 
> > mount in Dom0 (via Thunar File Manager) and is unavailable while 
> > trying to assign to any of the qube (VMs) . 
> > 
> > However, I have another NTFS partition "Windows" and "RECOVERY" 
> > which is available both in Dom0 (via Thunar File Manager) and also 
> > available to assign to any of the qube (VMs). 
> > 
> > Also, tried refreshing using udevadm, but it did not help. 
> > 
> > Appreciate any help in fixing this. 
> > 
> > Thanks & Regards, Srini 
> > 
>
> It is strongly recommended that you do not run the file manager in 
> dom0. See point 3 of this section: 
>
> https://www.qubes-os.org/doc/security-guidelines/#tocAnchor-1-1-10 
> 
>  
>
> Also, I don't know how much or little you trust these disks, but in 
> general, it is strongly recommended that you do not attach any 
> untrusted disks in dom0. The safest thing to do is to use a USB qube, 
> assign any untrusted disks there, then attach them to other VMs using 
> qvm-block (which is what Qubes Manager does when it "attaches/detaches 
> block devices"). 
>
> You can read more about creating and using a USB qube here: 
>
> https://www.qubes-os.org/doc/usb/#tocAnchor-1-1-2 
> 
>  
>
> - -- 
> Andrew David Wong (Axon) 
> Community Manager, Qubes OS 
> https://www.qubes-os.org 
> -BEGIN PGP SIGNATURE- 
>
> iQIcBAEBCgAGBQJXaDqaAAoJENtN07w5UDAwhWwP/j4uIOOEC5FHigdMgmWPP6A4 
> aulUhdoRk8l2dWp8Y1Zp++xwVJm0H9M2BZefwao7UeLuSDm4LPiXkUoXCXc2esaC 
> uVP62l0yd+7ZTs9o3zSTgurlr5DlCGmafo4QDOoPRkQl8m/bwQW7FNbjAK1mvivf 
> TG8BZ7f8a5Ma8Phsjbj0XIDn69FKGt8Cn1YBR5D0cpmaimpVjVFgCRbU79g/f2eu 
> CcAFw6Q5F1pult++ZZmqoPcVEarm6EQO2H8CqdsIXJhEzcxz2h9aKL9y03fgKKGs 
> DvSjYa2O/NtUcOkSuE7qJKVucii/s0fUKgVbwUSyOXG1IDh1CI9U+5i0U8159FNW 
> SkeYuq/0z7x4M9/aAQudtTQuMu9q5UnfABOG15Lv5UuMSI4qVOwe0+SbyqNoW0yZ 
> DSbBpEIUzHOCtA672tyKGdif1RuXCc5ymolXV5kDxViC+/HhfkiD3ofkT0pDB6ax 
> rL+pX1OBOZKoHLeyP532xT8XfGoQgrunYWBP1BXfmXRx5XFba5Uhuif2GI5BRaBg 
> FLXR2Nvum2n01cbi1Lp/NP+2yBrz6q82II4cU+AkHRjhS4D0pSLsgXDGfz7nh+8Z 
> 5vdk2wCVIjl1AVcCUc3QxxXIlhI45Ae77+XEkBB+Dg5m6DCwmNfbiyURE+FjTF1C 
> y2QnFPhfP0HfQmpucWBl 
> =Vq9e 
> -END PGP SIGNATURE- 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d8eb9397-3fae-48ee-8cc1-69e049084065%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Fedora 24?

[Niels Kobschätzki]

Hi,

what would I need to do to update an existing Fedora-template or install a new 
template to/with Fedora24?

Will Fedora24-templates come with Qubes 3.2?

Niels

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/368419828.43736.1466588472249%40office.mailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Few Issues With Qubes R3.1

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-06-21 23:49, CANNON NATHANIEL CIOTA wrote:
> 
>> Ok, that looks normal. When you say DispVMs "do not launch,"
>> does that just mean that nothing happens when you click the
>> DispVM shortcuts in the KDE launcher?
>> 
>> Is your default template fedora-23? Have you made any 
>> modifications to it?
>> 
>> What happens if you execute this command in dom0?
>> 
>> $ sh -c 'echo xterm | /usr/lib/qubes/qfile-daemon-dvm \ 
>> qubes.VMShell dom0 DEFAULT red'
>> 
> 
> Hello yes nothing happens when I click the launcher. When I click 
> the launcher it looks like DispVM is starting up, but never comes 
> up.
> 
> As follows is the output after running the command sh -c 'echo 
> xterm | /usr/lib/qubes/qfile-daemon-dvm \qubes.VMShell dom0
> DEFAULT red' as you asked.
> 
> To answer your question on if I have customized my disposable vm or
> anything. Only thing I did really, was three things when trying to
> get it to work. First thing I did was qvm-prefs -s fedora-23-dvm 
> maxmem 2048 (since I have read that in past disposable VM cannot 
> handle more than 4GB RAM. I have 16 GB of ram) Second thing I did 
> was remove it using command: qvm-remove fedora-23-dvm Then third 
> thing I did was re-generate it using command: 
> qvm-create-default-dvm --default-template --default-script
> 
> Also, can you please inform me exactly was this command you had me 
> type is doing? Thank you
> 

That command just attempts to start a new DispVM and launch xterm (a
terminal emulator) in the new DispVM. If you take a look at the
preexisting shortcut to start, e.g., Firefox in a DispVM, you can see
that it's the same command (but with "xterm" substituted for "firefox").

> 
> [user@dom0 Documents]$ sh -c 'echo xterm | 
> /usr/lib/qubes/qfile-daemon-dvm \qubes.VMShell dom0 DEFAULT red' 
> time=1466576745.19, qfile-daemon-dvm init time=1466576745.2, 
> creating DispVM time=1466576745.25, collection loaded 
> time=1466576745.26, VM created time=1466576745.36, VM starting 
> time=1466576745.36, creating config file time=1466576745.57, 
> calling restore Traceback (most recent call last): File 
> "/usr/lib/qubes/qfile-daemon-dvm", line 191, in  main() 
> File "/usr/lib/qubes/qfile-daemon-dvm", line 178, in main dispvm = 
> qfile.get_dvm() File "/usr/lib/qubes/qfile-daemon-dvm", line 150, 
> in get_dvm return self.do_get_dvm() File 
> "/usr/lib/qubes/qfile-daemon-dvm", line 103, in do_get_dvm 
> dispvm.start() File 
> "/usr/lib64/python2.7/site-packages/qubes/modules/ 
> 01QubesDisposableVm.py", line 193, in start domain_config,
> libvirt.VIR_DOMAIN_SAVE_PAUSED) File 
> "/usr/lib64/python2.7/site-packages/libvirt.py", line 4405, in 
> restoreFlags if ret == -1: raise libvirtError 
> ('virDomainRestoreFlags() failed', conn=self)
> libvirt.libvirtError: internal error: libxenlight failed to restore
> domain 'disp1'
> 

Marek, any idea what's going on here? (Sorry about the bad rewrapping.
Thunderbird/Enigmail plain text inline PGP limitation.)

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXakL4AAoJENtN07w5UDAw98kP/2CUdFmywkQcNAGNL1Yyqzzb
wQgWhMwdGgHwYlVwdbv32DqyPB3ToQwIU3iaxHd8b0oYl0gmd6+Mp1BrRm2593E+
8OCCaKz5q+Ww51bd9S46Id5UEfvWdB2bEKC/8Z9QyAgbS3yqifcHUS+RNDUCj1ls
epCvCtKY7E11q6i4q4Ea3isvSDEbBSLfNsFMFXB9hp2x/fLSuj3HJr4IeaG3E48O
OLdmAfbMtGmC0G0o0pOb1+qTZMVqFQCNdNED8z59Y0iQyhsS+a1qG7uH2Tuh2szt
RE8JwS8DPqoEYI4ugGawbIiD4fHeBDfaZi7J9SD1xBpYimvGBUa1Sr+mTWqP8JZu
qAgfUcwSeFw/QFqO/K4JxaGk7FYHEuQcTpcObyNdKdJUd9aOiljN2UAE/YXFStAP
7jfq+I5TUDla5iTBBfFRde7E8etB9XvlQhHMyjlj7qjvTox7Nv0oC/F9EfOCF03k
x6t0o4pPrGLROmYeAJiVDe2KcIgdFFyFC2Caiq4VVtb4MkNtZfoO0EsLyX9OrVxU
nAa7DAtR5lhbSKWNAbvYxKH8d7TOByVW96w5Lf4R9seKg+MflR4fjkfHaJi6i5zo
tKk2o+HWgDX910wuw/xbyL6Hq+/hoiJQnsr2tUHLZaOrH90k5RzSke85Jex7/sqg
kySZoy/XexyvhZqSi1ki
=V818
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b80a92c9-143c-6eea-9d84-0702e7fc6fdb%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Few Issues With Qubes R3.1

[CANNON NATHANIEL CIOTA]

Ok, that looks normal. When you say DispVMs "do not launch," does that
just mean that nothing happens when you click the DispVM shortcuts in
the KDE launcher?

Is your default template fedora-23? Have you made any modifications to
it?

What happens if you execute this command in dom0?

$ sh -c 'echo xterm | /usr/lib/qubes/qfile-daemon-dvm \
  qubes.VMShell dom0 DEFAULT red'

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org



Hello yes nothing happens when I click the launcher. When I click the 
launcher it looks like DispVM is starting up, but never comes up.


As follows is the output after running the command
sh -c 'echo xterm | /usr/lib/qubes/qfile-daemon-dvm \qubes.VMShell dom0 
DEFAULT red'

as you asked.

To answer your question on if I have customized my disposable vm or 
anything.

Only thing I did really, was three things when trying to get it to work.
First thing I did was qvm-prefs -s fedora-23-dvm maxmem 2048 (since I 
have read that in past disposable VM cannot handle more than 4GB RAM. I 
have 16 GB of ram)

Second thing I did was remove it using command: qvm-remove fedora-23-dvm
Then third thing I did was re-generate it using command:  
qvm-create-default-dvm --default-template --default-script


Also, can you please inform me exactly was this command you had me type 
is doing?

Thank you



[user@dom0 Documents]$ sh -c 'echo xterm | 
/usr/lib/qubes/qfile-daemon-dvm \qubes.VMShell dom0 DEFAULT red'

time=1466576745.19, qfile-daemon-dvm init
time=1466576745.2, creating DispVM
time=1466576745.25, collection loaded
time=1466576745.26, VM created
time=1466576745.36, VM starting
time=1466576745.36, creating config file
time=1466576745.57, calling restore
Traceback (most recent call last):
  File "/usr/lib/qubes/qfile-daemon-dvm", line 191, in 
main()
  File "/usr/lib/qubes/qfile-daemon-dvm", line 178, in main
dispvm = qfile.get_dvm()
  File "/usr/lib/qubes/qfile-daemon-dvm", line 150, in get_dvm
return self.do_get_dvm()
  File "/usr/lib/qubes/qfile-daemon-dvm", line 103, in do_get_dvm
dispvm.start()
  File 
"/usr/lib64/python2.7/site-packages/qubes/modules/01QubesDisposableVm.py", 
line 193, in start

domain_config, libvirt.VIR_DOMAIN_SAVE_PAUSED)
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 4405, in 
restoreFlags
if ret == -1: raise libvirtError ('virDomainRestoreFlags() failed', 
conn=self)
libvirt.libvirtError: internal error: libxenlight failed to restore 
domain 'disp1'


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d912f89d85fe0d000a8dd1e174083b9f%40cannon-ciota.info.
For more options, visit https://groups.google.com/d/optout.