Re: [qubes-users] Re: Error: VM Kernel does not exist:
On 04/19/2017 01:11 AM, Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2017-04-18 16:08, cooloutac wrote: >> On Tuesday, April 18, 2017 at 6:55:31 PM UTC-4, cooloutac wrote: >>> On Tuesday, April 18, 2017 at 6:54:58 PM UTC-4, cooloutac wrote: I can't update one of the templates or start half the vms. After I did a dom0 update. What happened? >>> >>> Error: VM Kernel does not exist: /var/lib/qubes/vm-kernels/4.4.14-11/vmlinuz >> >> the default sys vms work fine. all the templates including a debian clone >> work fine. All the untrusted red templates work mysteriously. >> >> But all my other appvms, and a fedora-24 cloned template have the error. >> Anyone know how to fix this. This is pretty devastating and catastrophic >> imo. I don't have any repos enabled except current. >> >> I rebooted twice, no help. >> > > Known bug: https://github.com/QubesOS/qubes-issues/issues/2757 > > Workaround (in dom0): > > $ for VM in `qvm-ls --raw-list`; do qvm-prefs -s $VM kernel default; done > I used the following workaround/fix before I saw the above: 1. For each affected VM, go into VM Settings -> Advanced and switch Kernel from "default (4.4.55-11)" to "4.4.55-11" and click OK. 2. Then go back in again and switch back to "default (4.4.55-1) and click OK. Now it works again. Cheers, Markus -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/90059f3d-6b4d-eaaf-6bf2-2d219cfeb3e3%40xn--kils-soa.se. For more options, visit https://groups.google.com/d/optout.
[qubes-users] IP List Import into FW?
Hello, How can I upload a white list of IP-Adresses for the firewall policy inbound and outbound traffic in a simple and easy way? Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/192ec305-e597-4560-8070-67f97924018b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Post Quantum Crypto in the wilde - success
Hello, Chrome / Google run successfully the Post Quantum Crypto in the wilde. https://www.thesslstore.com/blog/googles-post-quantum-cryptography-experiment-successful/ I would appreciate, if QubesOS is up to date with the various PQCKE. Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7976617f-e1b6-4a5b-b1ab-934e8a0fd1e6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Hardware Security - Intel up?
Hello, there exists FPGA USB sticks: http://fpgablog.com/posts/avnet-microboard/ Which might be interessting for some shielded functions, like private key operations and can improve the Qubes OS security layers. But why you turn it not upside down and run an harded FPGA with very limited features for the dom0 and all security relevant code, which is quite limited. And than you connect the Intel-Board and run it inside a QVM? What will be the Pro and Cons? Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5009bd17-a3fa-4c10-a17f-04dbfe18e6a6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Backdoor Distros?
Hello, but let's assume you would run a perfect hardware and a nice engineered QOS, but the Distro Red Had / Fedora will probably delivers certain kind of Kernel-Moduls to deliver Backdoors, so I would assume the trust / security-chain is gone? Or let's assume the download of QOS will be forbidden inside Europe (because it is not on the Distro-shortlist), than QOS will disapear more and more, only criminals don't care and there will be no reason, why they will follow this new kind of Short-List-Distro-Law. I would appreciate the a clean trust and security chain E2E for QubesOS. And this would imply Hardware Security, as well an etical clean supply chain. Or why should deliver the organization X in one channel some backdoors and for the other channel everything is trusted. IT is famous for it's very weak ethical thinking, sorry. The modern tool to adress the E2E ethical supply chain, is the ISO 26 000. The idea behind is to find a global ethical (minimal) standard, after Kant's categorical imperative (or simpified as the Golden Rule): Do not impose on others what you do not wish for yourself. So ISO 26 000 is just common sense and is also adaptable to the sustainable goal of a secure Linux, I think. http://www.ecologia.org/isosr/ISO26000Handbook.pdf Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b857cb3d-9dd1-437f-92c1-640cacff474d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: say it out (loud) - Qubes OS Stickers
I'd definitely buy a couple if money goes to devs -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/730e3b96-27d1-457f-90a5-4527db131c19%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Focus Stealing, how to stop it?
On Thu, Apr 20, 2017 at 10:17 PM, taii...@gmx.com wrote: > How do I stop focus stealing? I have accidentally entered ssh passwords in > to other windows as they keep stealing focus for irrelevant things. AFAIK there is no consensus on how to best solve this problem. It has come up before in various forms: https://github.com/pulls?utf8=%E2%9C%93&q=org%3AQubesOS+focus+stealing Suggestions & proof-of-concept implementations would be most appreciated! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_CWRi7BoVhY6xJg1Vb2u9Y35HgviVTLgM3pk2kkWugXKw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Focus Stealing, how to stop it?
How do I stop focus stealing? I have accidentally entered ssh passwords in to other windows as they keep stealing focus for irrelevant things. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/effa32c5-573e-347e-2183-f7185fb690e9%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] say it out (loud) - Qubes OS Stickers
On Thursday, April 20, 2017 at 6:07:45 PM UTC-4, Francesco wrote: > On Thu, Apr 20, 2017 at 4:16 PM, J. Eppler wrote: > Hello, > > > > I really like the simple design from Brennan Novak. > > > > > > Writing on a sticker "a reasonable secure operating system" is very rational > and balanced, but is too long to find its place close to the keyboard. > Perhaps just a single word coupled with the logo, like "secure" or "secured" > or "security" or something similar. > > Best > > Fran > > -- > > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users...@googlegroups.com. > > To post to this group, send email to qubes...@googlegroups.com. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/a6998e1b-e220-40a4-a3e4-e80cae5a21ad%40googlegroups.com. > > > > For more options, visit https://groups.google.com/d/optout. "somewhat secure" -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9730969c-46a6-44fc-ab81-e02c4bf608bc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] say it out (loud) - Qubes OS Stickers
On Thu, Apr 20, 2017 at 4:16 PM, J. Eppler wrote: > Hello, > > I really like the simple design from Brennan Novak. > > Writing on a sticker "a reasonable secure operating system" is very rational and balanced, but is too long to find its place close to the keyboard. Perhaps just a single word coupled with the logo, like "secure" or "secured" or "security" or something similar. Best Fran > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/qubes-users/a6998e1b-e220-40a4-a3e4-e80cae5a21ad%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qCW-Om5GQX6N4A_%3DPWtwBa1ZJH8%2BYK7SONgc1FQhEp95Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] say it out (loud) - Qubes OS Stickers
Hello, I really like the simple design from Brennan Novak. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a6998e1b-e220-40a4-a3e4-e80cae5a21ad%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Automation of USB passthrough
On 04/20/2017 10:54 AM, Johannes Graumann wrote: Hi, Has anyone figured out a setup for qubes-usb-proxy-based USB- passthrough that will allow for automatic (and active) monitoring of sys-usb connections and VMs? I'm envisioning a situation where I tell the proxy setup that 1) if device X shows up and VM Y is running, the device should be connected to the VM. 2) If VM Y comes up and device X is present, the device should be connected to the VM 3) the connection should be removed automatically if either member disappears ... Is this possible? Where would one start? Should be possible I guess; maybe not yet implemented (I didn't test that new USB proxy feature so far). Should be implemented in dom0 for obvious security reasons. In a side note: is it possible to pass a single device (e.g. smart card reader) through to multiple VMs simultaneously? I guess not (I/O racing conditions and so on), but then again you can try. As the wiki states though [1]: "Stating with Qubes 3.2, it is possible to attach a single USB device to any Qube. While this is useful feature, it should be used with care, because there are many security implications from using USB devices and USB passthrough will expose your target qube for most of them. If possible, use method specific for particular device type (for example block devices described above), instead of this generic one." --> So you should use qvm-block or qvm-copy-to-vm for the files on your SD cards, if you like the security Qubes provides. That can also be done automatically, if needed. [1] https://www.qubes-os.org/doc/usb/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6a041e30-921f-2c50-6551-5d09245e6859%40hackingthe.net. For more options, visit https://groups.google.com/d/optout. smime.p7s Description: S/MIME Cryptographic Signature
[qubes-users] Re: off topic - invite codes to 'riseup'
Sorry for also misusing this group ;) I would also appreciate to get invite codes from someone as there is no other possibility. I'd like to join TAILS chat room but need a riseup account to do so. Thanks for helping out and sorry one more for "spamming". -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f879e73e-f7c6-487c-ae1b-c143559d4f71%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: gparted suggestions?
On Thursday, April 20, 2017 at 10:59:35 AM UTC-4, Patrick Bouldin wrote: > Hi, I am re-partitioning a corrupted drive on a Lenovo laptop with an i5. Do > not need to save data, I'm starting over. > > So, I have booted to a USB with gparted tool. I would like to have two > partitions, one for qubes and one for windows 10. I would also like to have > it boot to something that asks me where to boot, either qubes or windows 10, > so maybe that's another partition. > > Being brand new to gparted I don't know how best to set it up. > > If you have experience with this I'd appreciate any suggestions before I dive > in. > > Thank you, > Patrick I would just use the installer to partition and wouldn't bother using gparted first. You can use a linux installer and then just leave unallocated space for windows installer. Actually windows 10 ruined my baremetal debian partition when installing it, so you might want to install windows 10 first. You can also just shrink the partition from within windows 10 after you install it. then use linux installer on the unallocated space. You gonna have to modify grub to be able to dual boot windows and qubes either way. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/de31a08b-4659-4375-940b-27a1d43cae54%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] gparted suggestions?
Hi, I am re-partitioning a corrupted drive on a Lenovo laptop with an i5. Do not need to save data, I'm starting over. So, I have booted to a USB with gparted tool. I would like to have two partitions, one for qubes and one for windows 10. I would also like to have it boot to something that asks me where to boot, either qubes or windows 10, so maybe that's another partition. Being brand new to gparted I don't know how best to set it up. If you have experience with this I'd appreciate any suggestions before I dive in. Thank you, Patrick -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0553ac28-688b-4767-b6c7-691f6a33eb9d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Unofficial qubes os telegram channel
Language: Russian and English. Channel: unofficial-qubes-os-telegram Welcome. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABunX6OxXhP4CYdEp%3DWhK0HXe4DpHWeJA1O-A_0k4ANwhcZNtQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HCL - HP Probook 450 G3
Running template: Debian 8 Debian 8 minimal Debian 9 Debian 9 minimal Fedora 24 Fedora 24 minimal Xenial Running HVM Windows 10 Windows 7 No problem to report Dominique -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAHRxXHsagRZnEup%2BLbaDp-1c0%3DFOECV%2BcomLzXojSRfXQEPbMQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-HP-HP_ProBook_450_G3-20170420-101832.yml Description: application/yaml
Re: [qubes-users] say it out (loud) - Qubes OS Stickers
On Wed, Apr 19, 2017 at 08:49:12AM -0700, sackerbo...@gmail.com wrote: > I would love to have a few of these!! printing them is easy, even if getting them printed for free. what's harder is getting a design. does someone have one? -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170420141530.GA16120%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
RE: [qubes-users] UEFI installation issue
Hello Marek, One other item came to mind thinking about this. When I install Qubes and indicate I want the default partitions to be created it does create the three partitions mentioned on the website but it doesn't create the UEFI ESP partition which of course is also required on a UEFI system. Is this expected behavior or is this a sign that the installer doesn't completely recognize this system as being a UEFI system? Perhaps the installer doesn't complete properly because of this? Best Regards, Wim Vervoorn Eltan B.V. Ambachtstraat 23 5481 SM Schijndel The Netherlands T : +31-(0)73-594 46 64 E : wvervo...@eltan.com W : http://www.eltan.com "THIS MESSAGE CONTAINS CONFIDENTIAL INFORMATION. UNLESS YOU ARE THE INTENDED RECIPIENT OF THIS MESSAGE, ANY USE OF THIS MESSAGE IS STRICTLY PROHIBITED. IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER BY TELEPHONE +31-(0)73-5944664 OR REPLY EMAIL, AND IMMEDIATELY DELETE THIS MESSAGE AND ALL COPIES." -Original Message- From: qubes-users@googlegroups.com [mailto:qubes-users@googlegroups.com] On Behalf Of Wim Vervoorn Sent: Thursday, April 20, 2017 11:57 AM To: Marek Marczykowski-Górecki Cc: qubes-users Subject: RE: [qubes-users] UEFI installation issue Hello Marek, The previous logging was with a debug version of the UEFI code. I now tried a release version as well. The good thing is that the EFI_UNSUPPORTED response from efivars: get_next_variable doesn't show up any longer. The bad news is that I still see the "INFO anaconda: skipping boot loader install per user request" message so somehow anaconda is concluding the bootloader install should be skipped. This is the final part of the anaconda log: 22:39:12,715 INFO anaconda: Installing boot loader 22:39:14,663 DEBUG anaconda: new default image: 22:39:14,737 INFO anaconda: skipping boot loader install per user request 22:39:14,738 INFO anaconda: Installing boot loader 22:39:14,739 INFO anaconda: Performing post-installation setup tasks 22:39:14,760 INFO anaconda: Performing post-installation setup tasks 22:39:14,763 INFO anaconda: Thread Done: AnaInstallThread (140483890104064) 22:39:46,558 DEBUG anaconda: Entered spoke: UserSpoke 22:40:08,695 DEBUG anaconda: Left spoke: UserSpoke 22:40:20,756 INFO anaconda: Running Thread: AnaConfigurationThread (140483890104064) 22:40:20,759 INFO anaconda: Configuring installed system 22:40:22,320 INFO anaconda: Configuring installed system 22:40:22,321 INFO anaconda: Writing network configuration 22:40:22,330 INFO anaconda: setting installation environment host name to dom0 22:40:22,661 INFO anaconda: Writing network configuration 22:40:22,662 INFO anaconda: Creating users 22:40:22,664 INFO anaconda: user account root setup with no password 22:40:22,664 INFO anaconda: user account root locked 22:40:23,215 ERR anaconda: User eltan already exists, not creating. 22:40:23,217 INFO anaconda: Creating users 22:40:23,218 INFO anaconda: Configuring addons 22:40:23,219 INFO anaconda: Configuring addons 22:40:23,220 INFO anaconda: Generating initramfs 22:50:35,588 INFO anaconda: Generating initramfs 22:50:35,607 INFO anaconda: Running post-installation scripts 22:50:35,609 INFO anaconda: Running kickstart %%post script(s) The OS is booting fine after creating the boot option manually (and performing the other steps like copying a correct xen.cfg file) So at this point the main item to tackle is the reason why anaconda skips the bootloader install. Best Regards, Wim Vervoorn Eltan B.V. Ambachtstraat 23 5481 SM Schijndel The Netherlands T : +31-(0)73-594 46 64 E : wvervo...@eltan.com W : http://www.eltan.com "THIS MESSAGE CONTAINS CONFIDENTIAL INFORMATION. UNLESS YOU ARE THE INTENDED RECIPIENT OF THIS MESSAGE, ANY USE OF THIS MESSAGE IS STRICTLY PROHIBITED. IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER BY TELEPHONE +31-(0)73-5944664 OR REPLY EMAIL, AND IMMEDIATELY DELETE THIS MESSAGE AND ALL COPIES." -Original Message- From: qubes-users@googlegroups.com [mailto:qubes-users@googlegroups.com] On Behalf Of Marek Marczykowski-Górecki Sent: Wednesday, April 19, 2017 9:39 PM To: Wim Vervoorn Cc: qubes-users Subject: Re: [qubes-users] UEFI installation issue -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Apr 19, 2017 at 09:06:48AM +, Wim Vervoorn wrote: > Hello Marek, > > Thanks for getting back to me. > > I obtained the logs and had a look at them. > > I couldn't find anything obvious. Can you have a look at them. Hmm, I found this in anaconda.log: 23:19:35,474 INFO anaconda: skipping boot loader install per user request Do you remember some question about it, or changing such option? > > Please be aware this isn't a standard UEFI BIOS but coreboot with a TianoCore > payload on top of it. This implementation is UEFI only and doesn't support a > CSM in any way. This may be important details. We have some code targeting specifically c
Re: [qubes-users] Re: How to handle untrusted applications?
Issue related to Flatpak and Snapd: https://github.com/QubesOS/qubes-issues/issues/2766 It seems that Flatpak is better for this purpose, as it allows per-user installation. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a27c8e77-26f1-4975-8930-815ffaa01cc9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Automation of USB passthrough
Hi, Has anyone figured out a setup for qubes-usb-proxy-based USB- passthrough that will allow for automatic (and active) monitoring of sys-usb connections and VMs? I'm envisioning a situation where I tell the proxy setup that 1) if device X shows up and VM Y is running, the device should be connected to the VM. 2) If VM Y comes up and device X is present, the device should be connected to the VM 3) the connection should be removed automatically if either member disappears ... Is this possible? Where would one start? In a side note: is it possible to pass a single device (e.g. smart card reader) through to multiple VMs simultaneously? Thanks for any hints. Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1492678478.1597.15.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HCL - Lenovo ThinkPad T460s (20F9CTO1WW)
Jake, Sounds like you were having the same sleep/resume issues I'm having now. Are/were you using kernel version 4.5.3 with Qubes 3.1 or some early version of 3.2? I'm on 3.2 and hoping that building a new kernel will fix my sleep issue. Thanks. --Steve On Friday, May 6, 2016 at 9:31:20 PM UTC-7, Jacob Richard wrote: > I can confirm that building kernel 4.5.3 fixed the sleep issues on my skylake > x260. Sleep and wake work as they should, and battery life seems to be up > (although still too low, at around 11 hours, i think). > > > -Jake -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3032a8d6-8487-401d-bdea-d55c2f1d66c4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: HCL - Lenovo ThinkPad T460s (20F9CTO1WW)
Hi Gabriel, After running https://github.com/QubesOS/qubes-issues/issues/2381#issuecomment-294405605 , everything on my T460s works great except it doesn't wake up from sleep when I press the power button. Resume works for you, you said? Did you have to do anything special to make it work? Thanks. --Steve On Saturday, June 18, 2016 at 8:47:21 AM UTC-7, gabi...@gmail.com wrote: > On Friday, 17 June 2016 18:59:14 UTC+1, gabi...@gmail.com wrote: > > On Wednesday, 15 June 2016 14:42:39 UTC+1, li...@mullvad.net wrote: > > > On Saturday, June 11, 2016 at 5:13:41 PM UTC+2, gabi...@gmail.com > > > wrote:On Tuesday, 31 May 2016 20:47:37 UTC+1, > > > patie...@terminalmoronicy.com wrote: > > > > > > > On Sunday, May 29, 2016 at 7:34:46 PM UTC-4, Marek Marczykowski-Górecki > > > > wrote:-BEGIN PGP SIGNED MESSAGE- > > > > > > > > > > > > > > Hash: SHA256 > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Thu, May 26, 2016 at 08:25:48PM -0700, patie...@terminalmoronicy.com > > > > wrote: > > > > > > > > > > > > > > > I also have a t460s and encountered many of the problems above. I > > > > > updated the qubes patches (excluding pvusb) to apply against kernel > > > > > v4.5.2 and tossed in an out-of-tree patch for Skylake. Bumping to > > > > > 4.5.5 didn't require any further patch-wrangling (except that the > > > > > Skylake patch had been merged in the meantime). > > > > > > > > > > > > > > > > > > > > > > > > > > > > Was that patch backported also to 4.4.11? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Yes - I checked and the particular patch that fixed suspend for me is > > > > also in 4.4.11. I am now curious how many of the p-states improvements > > > > have been backported as well... > > > > > > > > I've been running the result for a few days and everything seems to > > > > be working well. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://github.com/patientnil/qubes-linux-kernel/tree/devel-4.5 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Notes: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > - The pvusb patch looks the trickiest to port, and the associated > > > > > tools show that scary experimental warning. I didn't pursue it, it's > > > > > sitting there commented out. > > > > > > > > > > > > > > > > > > > > > > > > > > > > Yes, ignore it. In fact it is already commented out in series.conf file > > > > > > > > > > > > > > for some time. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > - Sound, trackpoint buttons, wifi, suspend all work (though I haven't > > > > > tried reenabling TPM yet). > > > > > > > > > > > > > > > > > > > > > > > > > > > > Camera also works, and enabling the TPM in TPM 1.2 mode does not > > > > interfere with suspend. The system will not suspend/resume properly if > > > > the TPM is set to PTT mode (using my patched 4.5.5 kernel in Qubes 3.1 > > > > - I have not tried a 4.4.11 kernel). > > > > > > > > > > > > > > I have not yet played with AEM. > > > > > > > > > > > > > > > - I get occasional screen artifacting (horizontal lines) but I am > > > > > using the qubes-R3.1 display packages - before a reinstall I had > > > > > better luck with updates in the unstable repo. > > > > > > > > > > > > > > > > > > > > > > > > > > > > Are those artifacts across the whole screen, or only particular windows? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > The artifacts go all the way across the screen, without stopping at > > > > window boundaries. They are rare, and seem to be "fixed" when moving > > > > windows around. > > > > > > > > - While updating the kernel config, I had some sort of snafu, and I > > > > later had to go reenable a bunch of fundamental things like IP_MASQ. > > > > The config should be reexamined (I'm planning to pare it down to just > > > > the things I need). If this was to be merged to the main tree it > > > > should be redone. Presumably there are rules of some sort as to what > > > > to include? > > > > > > > > > > > > > > > > > > > > > > > > > > > > Generally the rule is "enable all drivers are modules". > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Good to know - if I update my repo for later 4.5 kernels I will update > > > > the config to respect this policy. > > > > > > > > [snip] > > > > > > > > > > > > > > > > > > > > > -tom > > > > > > > > > > > > > > > > > > Hi Tom, > > > > > > I'm kind of stuck here: > > > > > > I ran the commands that installed the kernel-4.4.10-9 > > > > > > sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable kernel > > > > > > sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable kernel-qubes-vm > > > > > > > > > > > > And in the Global Settings kernel-4.4.10-9 is selected. > > > > > > > > > > > > B
RE: [qubes-users] Re: UEFI installation issue
Thanks, The failure of the verification is not a real issue. It's basically an error in the verification mechanism triggered by the fact that Windows creates an additional folder with some volume information on the fat partition of the disk. Wim -Original Message- From: qubes-users@googlegroups.com [mailto:qubes-users@googlegroups.com] On Behalf Of hft.huu...@gmail.com Sent: Wednesday, April 19, 2017 11:11 PM To: qubes-users Subject: [qubes-users] Re: UEFI installation issue Op dinsdag 18 april 2017 14:45:09 UTC+2 schreef wver...@eltan.com: > Hello, > > I am trying to install Qubes on a UEFI only system (no CSM). > > Everything seems to work fine but after the install I have 2 problems: > > 1) The boot option isn't added > 2) The efi\qubes directory doesn't contain xen.efi (just the one with the > version in it) and the xen.cfg file is created but is 0 bytes in length so > not very usefull. > > Do you have any suggestion of what could be the problem? Or how this can be > located? > > If I run qubes repair I can use efibootmgr and I can also use the efivars > file system so it doesn't look related to that. > > When I tried to verify my boot media this failed but from the other posts it > looks to me as this is standard for boot media created from Windows > > Best regards, > > Wim Vervoorn "When I tried to verify my boot media this failed" Yup, my bootable usb couldn't verify itself. But then within the installer, I chose different install medium and selected the same downloaded iso file from my Windows data partition. Verification of this file was success. No problems installing this way. :) Have you tried this? This is more like a workaround, not a solution to the failed verification. Otherwise I'm not of any help to you hehe sorry. -- You received this message because you are subscribed to a topic in the Google Groups "qubes-users" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/qubes-users/WLAf7nOh9Qg/unsubscribe. To unsubscribe from this group and all its topics, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5727811d-4a35-45fd-ba1a-5e7a366f5127%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/64d2806e84dd42668510f90f09d8df8a%40Eltsrv03.Eltan.local. For more options, visit https://groups.google.com/d/optout.
RE: [qubes-users] UEFI installation issue
Hello Marek, I reformatted the disk and now the system is working after copying the correct xen.cfg file. The issue that is left is now the correct setting of the boot option by the install process. Best Regards, Wim Vervoorn Eltan B.V. Ambachtstraat 23 5481 SM Schijndel The Netherlands T : +31-(0)73-594 46 64 E : wvervo...@eltan.com W : http://www.eltan.com "THIS MESSAGE CONTAINS CONFIDENTIAL INFORMATION. UNLESS YOU ARE THE INTENDED RECIPIENT OF THIS MESSAGE, ANY USE OF THIS MESSAGE IS STRICTLY PROHIBITED. IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER BY TELEPHONE +31-(0)73-5944664 OR REPLY EMAIL, AND IMMEDIATELY DELETE THIS MESSAGE AND ALL COPIES." -Original Message- From: Marek Marczykowski-Górecki [mailto:marma...@invisiblethingslab.com] Sent: Wednesday, April 19, 2017 9:26 PM To: Wim Vervoorn Cc: qubes-users Subject: Re: [qubes-users] UEFI installation issue -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Apr 19, 2017 at 09:21:10PM +0200, Marek Marczykowski-Górecki wrote: > On Wed, Apr 19, 2017 at 02:07:37PM +, Wim Vervoorn wrote: > > Hello Marek, > > > > I also tried booting using the xen.cfg file. > > > > As far as I can see the cfg file is OK but the qubes os still fails. > > > > The there is no request for the password and so the volumes are not > > unlocked. > > > > I added both the xen.cfg I am using and the log file. > > > > FYI /dev/sda1 is the ESP, /dev/sda2 is /boot and /dev/sda3 is the > > LVM partition > > > > When I am using the rescue mode the password is asked and all seems to be > > fine. > > Looks like your system use different LV names and also have LUKS > applied to individual LVM volumes, not the whole LVM volume group. > > [2.548486] dom0 dracut-initqueue[362]: inactive '/dev/qubes_dom0/00' > [20.00 GiB] inherit > [2.548886] dom0 dracut-initqueue[362]: inactive '/dev/qubes_dom0/01' > [10.00 GiB] inherit > [2.556716] dom0 dracut-initqueue[362]: File descriptor 98 > (socket:[9738]) leaked on lvm > invocation. Parent PID 489: /bin/sh > [2.557017] dom0 dracut-initqueue[362]: File descriptor 99 > (socket:[9739]) leaked on lvm > invocation. Parent PID 489: /bin/sh > [2.564504] dom0 dracut-initqueue[362]: Failed to find logical volume > "qubes_dom0/root" > [2.572468] dom0 dracut-initqueue[362]: File descriptor 98 > (socket:[9738]) leaked on lvm > invocation. Parent PID 489: /bin/sh > [2.572874] dom0 dracut-initqueue[362]: File descriptor 99 > (socket:[9739]) leaked on lvm > invocation. Parent PID 489: /bin/sh > [2.580150] dom0 dracut-initqueue[362]: Failed to find logical volume > "qubes_dom0/swap" > > Try using qubes_dom0/00 instead of qubes_dom0/root and qubes_dom0/01 > instead of qubes_dom0/swap. Or the other way around. And also adjust > root= accordingly (may require using UUID=... notation, but I cannot > tell based on the above info, before decrypting it). Based on installation log (the other email), I actually can tell you what to put in root= option: /dev/mapper/luks-298b7206-1b82-46c0-8c1a-2b27a02f2384 Anyway, this layout (LUKS over LVM, instead of LVM over LUKS) isn't the best idea. I suggest you reinstall and make sure to have the other one (which should be the default...). - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEbBAEBCAAGBQJY97neAAoJENuP0xzK19cssfAH+NQmb0JoDPL0qR/Y6J4is0aT 0lR04AynMNz+41pX0KilORAd02lob9my/rTrriiL2k6pgMC5rnpgMTFBG9Y/J0NF rDuyvyhPIw6A524dhG2nRZbqRb91oyS8z/TNgHeDdviWzT7Wt+FX+qXbvDlcJkdE 7JIEfzoAgWEeOtu0NUowQ3D1gX0AWVdCxykh/fYw4sUZuV1DXhdXLSYbGSrJrevn KODd5au6oe0EWw+MzOzMqVSXKTxDVS2CHs71HN4YEvygXjCiqk9IOrqN702tUwmV 4MkS/QDV/EOscUVFMKttSLXM6hz8bOT44vjiFCiqknLZ90qDpE90duzkNflsgg== =+OLV -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5e14db6ef4b4445d8de03a3e393de4de%40Eltsrv03.Eltan.local. For more options, visit https://groups.google.com/d/optout.
RE: [qubes-users] UEFI installation issue
Hello Marek, Please look at my comments below: Wim -Original Message- From: qubes-users@googlegroups.com [mailto:qubes-users@googlegroups.com] On Behalf Of Marek Marczykowski-Górecki Sent: Wednesday, April 19, 2017 9:39 PM To: Wim Vervoorn Cc: qubes-users Subject: Re: [qubes-users] UEFI installation issue -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Apr 19, 2017 at 09:06:48AM +, Wim Vervoorn wrote: > Hello Marek, > > Thanks for getting back to me. > > I obtained the logs and had a look at them. > > I couldn't find anything obvious. Can you have a look at them. Hmm, I found this in anaconda.log: 23:19:35,474 INFO anaconda: skipping boot loader install per user request Do you remember some question about it, or changing such option? * WIM: No I have not seen anything like this > > Please be aware this isn't a standard UEFI BIOS but coreboot with a TianoCore > payload on top of it. This implementation is UEFI only and doesn't support a > CSM in any way. This may be important details. We have some code targeting specifically coreboot, but then assuming grub payload there... But it shouldn't disable installing UEFI entries, only allow to have encrypted /boot (since grub in coreboot can handle it). Some relevant log entries: anaconda.log: 01:50:16,997 INFO anaconda: bootloader XenEFI on EFI platform 01:50:17,067 INFO anaconda: dmidecode -s bios-vendor returns coreboot syslog: 01:49:52,515 WARNING kernel:[ 223.240750] efivars: get_next_variable: status=8003 Hmm, this actually may be a problem. I'm not sure what status=8003 is, but if accessing efivars does not work, efibootmgr would not work, so can't add Qubes entry. Does `efibootmgr - -v` show anything? Other than that, I also can't see anything interesting. ** WIM : the efivars filesystem is populated and the efibootmgr -v is reporting the options I am expecting so that seems to be fine. The 0x8003 is EFI_UNSUPPORTED This could be because the request has been made with attributes that aren't supported by the system, without know the call parameters I can't tell if this is the case. if ((Attributes & EFI_VARIABLE_ATTRIBUTES_MASK) == 0) { // // Make sure the Attributes combination is supported by the platform. // return EFI_UNSUPPORTED; #define EFI_VARIABLE_ATTRIBUTES_MASK (EFI_VARIABLE_NON_VOLATILE | \ EFI_VARIABLE_BOOTSERVICE_ACCESS | \ EFI_VARIABLE_RUNTIME_ACCESS | \ EFI_VARIABLE_HARDWARE_ERROR_RECORD | \ EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | \ EFI_VARIABLE_APPEND_WRITE) - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJY97zYAAoJENuP0xzK19cszh4H/2uGpcbGXvUsflXZvyo5A08Y /kXqiO8mHfcCTWsu1knqVT2WJ8KmjJm8ERNDg3pVxor1paZBZ+BKkCzrp20zBJ/d prhv9j3M9wHNJF+4BSJKUse7gy1RBJrKFnz85gvLBT55PH/k9BGGVk/+eXylmTuM 0yJXkYBqAik84XFRGXWrdm/Rn40h4Gjj1MlXicewKctu8oymqdzOxsIlTxeNYXZa ZiVen8cFlc4Nsh1LvDfKi61JHrhj/0I623Pacyf/xvsSgynBK5ymRHUY3NlAGHSs otU9IzsfCUTE6SSaQwKibWRt7P2+MSR4gW6OOgviHr5Ei0bXSQRCf0uCvVyXyQw= =tbyJ -END PGP SIGNATURE- -- You received this message because you are subscribed to a topic in the Google Groups "qubes-users" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/qubes-users/WLAf7nOh9Qg/unsubscribe. To unsubscribe from this group and all its topics, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170419193904.GE1486%40mail-itl. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2e6b8dd062294a3fadfaf69a3e7c68a7%40Eltsrv03.Eltan.local. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How to handle untrusted applications?
On space usage: That's true, but that's also exactly what minimal templates are good for. I have cloned Debian minimal template in order to install Spotify. Some time, I had just 1GiB root filesystem, now it is slightly larger. On installing every boot: That's also some option, but it has some drawbacks: * You miss updates. Well, theoretically, one could solve it by some bash script and incron, so once you update the package, you remember to install a newer version. * If you add another repo (important for getting updates) and install its software, you will AFAIU get false update notifications for the base template. * It will cause some IO load when the template is booting. (Flatpak/snapd can probably avoid it.) * Boot can complete before /rw/config/rc.local finishes. This is good for fast start, but the software installation might be finished after the boot completes, so the software would be missing for some time. It also would mean that qvm-run -a vm the-additional-software would be a kind of race condition. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b37e60b0-b803-4970-b8ce-703959e12468%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: (Slightly) Off topic: Getting packages >= version in fedora-24 into a tmplate VM?
On Wed, 2017-04-19 at 16:07 -0600, Reg Tiangha wrote: > On 04/19/2017 04:01 PM, Johannes Graumann wrote: > > As a majorly debian & arch oriented person, I am faced with the > > situation that the fedora-24 contained version of evolution which I > > require for its EWS (Exchange) support, is broken with respect to > > another functionality that I need to work (CardDAV). In debian I > > would > > now go looking whether I could pull a successor version from > > testing or > > stable ... what can one do in a fedora universe? > > > > Sincerely, Joh > > > > You could try upgrading to Fedora 25 if that has the version you're > looking for. Clone your Template (so you can go back to the old one > if > there are any issues) and follow the instructions here: > > https://www.qubes-os.org/doc/template/fedora/upgrade-23-to-24/ > > and just replace all instances of 23 and 24 with 24 and 25 > respectively > and it should work. Qubes does have a repository for Fedora 25 > packages > for VMs already, although there may be some issues with some packages > due to Fedora's shift from X to Wayland which is why I think there > isn't > an official Fedora 25 template yet. Thank you for sharing this strategy. I went through with this using a minimal template to reduce the impact with respect to disk acreage and now have evolution running properly in an appvm based on that template - just the gnome-keyring needs to be added on ... Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1492671763.1597.1.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.