Re: [qubes-users] Lenovo X230 - List of USB-Ports and USB-Controllers (Layout)

[taii...@gmx.com]

On 09/14/2017 01:21 AM, 'P R' via qubes-users wrote:


Hello Taiidan,

Am 08.09.2017 4:53 vorm. schrieb "taii...@gmx.com" 

Excellent - an x230!


Yes, I like the X230 a lot and prefer it over my Company Laptop a W540 as
it has perfect size and weight and performance is fine for Qubes after
adding RAM and a SSD.
The only poor thing - as with any Linux OS is battery life compared to
windows.
I bought a new battery (Lenovo 44++ with 94Wh) for 60eur which gives me
~8-10h of battery runtime on windows - under Qubes battery runtime is much
shorter.
But I think this is because power management is much better in a, which is
using proprietary drivers.
It is because of the VM overhead (close ones you don't need), you should 
also set cpu powersave to "on demand" and force pci-e aspm.


In comparison I get around 5 hours of battery life with a 65Wh battery.

Have you installed coreboot on it? Those sandy/ivybridge thinkpads have
open source init and support all of me_cleaner's features

Almost replied to myself here hehe.

Actually I am currently thinking about doing so. I'm reading the Coreboot
Wiki pages and it seems that it is not necessary to get the bios chip out
of the Mainboard, but you can use a special Tool/clip and a raspberry Pi to
flash the bios. Total costs including cables would be ~70eur for the
hardware.
Get a USB CH341A for $10, don't waste your money on a closed source 
non-free raspberry pi.
It is very easy to flash as with any SOIC-8 board, one simply clips on 
and away you go (please note the proper orientation for the chip/clip so 
you don't short anything out)

I would prefer coreboot'ing my X230 with someone who has did this before,
so if someone reading this and is located near Berlin/Germany and happy to
help ... do not hesitate to contact me.
Time to time there are conventions in berlin for coreboot, take a look 
on the coreboot mailinglist.

The information I am missing is, if I can use Coreboot and beeing able to
boot Qubes OS 3.2 (and later 4.x) AND (!) also Windows 10 Enterprise, which
I need, as this is the "corporate OS".
One could install windows in a VM and if you need graphics you can use 
an ExpressCard EGPU setup and attach that EGPU to the HVM and a monitor 
to the EGPU (also one of the usb controllers to the HVM)


If you have a lot of money to burn they even make ExpressCard PCI-e 
expansion systems that turn your single expresscard in to 5 PCI-e ports 
(you would have 500MB/s of bandwidth to work with with Expresscard2)


Yeah the sandy/ivy laptops support 4.0, and coreboot can boot windows as 
well with certain payloads (such as SeaBIOS)

As far as I have understand this involves to use something like seabios (?)
and additional Blobs, it seems that Coreboot has lots of different pieces
like a puzzle and I haven't figured out how everything fits together.
There is a guide on the coreboot wiki, SeaBIOS is the coreboot payload 
and it compiles for you automatically.
Reading back the ME/GBE blobs is done via the chip reader and is quite 
easy, then you simply include the location for me_cleaner in the "make 
menuconfig" options.

A newbie introduction for Qubes users would be great.

* Qubes recommended hardware / beginners Guide *
I think "we" should also have beginner howto's which are based on a few
common hardware Modells to attract more users to Qubes, the Lenovo X230
seems like a perfect machine to do so, as it has a good built quality and
spare parts can be bought for low money including docking stations,
charger, batteries etc.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a1f77502-e167-f7ff-cd6f-c4ae0dcf0d8a%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] KCMA-D8 Libre motherboards are going for around $260 on newegg

[taii...@gmx.com]

On 09/14/2017 01:10 AM, Gaijin wrote:


On 2017-08-24 22:40, taii...@gmx.com wrote:

This is a great chance to pick up one of the last and best owner
controlled x86 boards for much less than the usual price ($350) and
MSRP ($315).

Compatible with Qubes 4.0!

Supports IOMMU for graphics! (so you can play video games in a VM)


CPU's cost around $10-50 and 16GB DDR3 ECC RAM is $30
Noctua makes a great C32 cooler for around $40 or you can get a not as
great one and have hotter temps for $20 on fleabay.


Recommended Accessories:

ASMB4-iKVM (BMC Module, required for the upcoming libre OpenBMC port
for KGPE-D16/KCMA-D8 the asus boards)

TPM (Coreboot supports an owner controlled core root of trust which is
more secure than otherwise)


Notes:

128GB RAM Max

You will have to get a graphics card if you want decent video, the
onboard chip only supports 1280x768 and is quite slow - AMD is
reccomended for better virtualization (see nvidia code 43 "bug" when
you try to attach their cards to a VM) and linux drivers that are
almost open source and don't suck unlike nvidia

43xx CPU's require microcode updates for secure operation

The init code including graphics init is entirely open source and
there is no ME/PSP, this board can be flashed with a libre version of
coreboot (unlike purism's laptops)



Reccomended CPU's:

4284 (Works securely without microcode updates)

4365EE (40W, for a low power build)

4386 (equivalent to AMD FX 8310)

How's your experience with the KGPE-D16/KCMA-D8 boards? Looking at the
NewEgg comments there are a lot of people complaining about seemingly
defective boards. A lot of RMA requests.
Mine work fine, and I haven't heard of any issues on the coreboot 
mailinglist.
What I learned about online reviews is that the satisfied customers 
don't make one, so the failure rate is always vastly overstated.


$250 for the last best libre owner controlled x86 motherboard is a great 
deal, and it supports playing games in a VM via a graphics card and 
IOMMU-GFX
I would get a 4386 if you buy a D8, while it needs microcode updates it 
is much faster than a 4284.


Here are some other buying options that are slightly cheaper (and not 
owned by the chinese like newegg)


NOTE: I have no idea as to how trustworthy these companies are.

http://www.officespecialties.com/asus_computer_international_kcma_d8_server_motherboard_217195_prd1.htm?pSearchQueryId=420212

http://www.unitedoffice.com/pn/KCMAD8/Asus_46/
$270 another option

http://www.compsource.com/pn/KCMAD8/Asus-46/KcmaD8-Server-Motherboard-KCMAD8/
$260

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d3779259-aad8-5795-9460-f850a7499189%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Lenovo X230 - List of USB-Ports and USB-Controllers (Layout)

['P R' via qubes-users]

Hello Taiidan,

Am 08.09.2017 4:53 vorm. schrieb "taii...@gmx.com" 

Excellent - an x230!


Yes, I like the X230 a lot and prefer it over my Company Laptop a W540 as
it has perfect size and weight and performance is fine for Qubes after
adding RAM and a SSD.
The only poor thing - as with any Linux OS is battery life compared to
windows.
I bought a new battery (Lenovo 44++ with 94Wh) for 60eur which gives me
~8-10h of battery runtime on windows - under Qubes battery runtime is much
shorter.
But I think this is because power management is much better in a, which is
using proprietary drivers.

Have you installed coreboot on it? Those sandy/ivybridge thinkpads have
open source init and support all of me_cleaner's features


Actually I am currently thinking about doing so. I'm reading the Coreboot
Wiki pages and it seems that it is not necessary to get the bios chip out
of the Mainboard, but you can use a special Tool/clip and a raspberry Pi to
flash the bios. Total costs including cables would be ~70eur for the
hardware.

I would prefer coreboot'ing my X230 with someone who has did this before,
so if someone reading this and is located near Berlin/Germany and happy to
help ... do not hesitate to contact me.

The information I am missing is, if I can use Coreboot and beeing able to
boot Qubes OS 3.2 (and later 4.x) AND (!) also Windows 10 Enterprise, which
I need, as this is the "corporate OS".
As far as I have understand this involves to use something like seabios (?)
and additional Blobs, it seems that Coreboot has lots of different pieces
like a puzzle and I haven't figured out how everything fits together.

A newbie introduction for Qubes users would be great.

* Qubes recommended hardware / beginners Guide *
I think "we" should also have beginner howto's which are based on a few
common hardware Modells to attract more users to Qubes, the Lenovo X230
seems like a perfect machine to do so, as it has a good built quality and
spare parts can be bought for low money including docking stations,
charger, batteries etc.

- PhR

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAM8xnvKV09tKRsAXL4RO26x70p2jnJALstq6BXHOToHWN98QOg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] KCMA-D8 Libre motherboards are going for around $260 on newegg

[Gaijin]

On 2017-08-24 22:40, taii...@gmx.com wrote:
> This is a great chance to pick up one of the last and best owner
> controlled x86 boards for much less than the usual price ($350) and
> MSRP ($315).
> 
> Compatible with Qubes 4.0!
> 
> Supports IOMMU for graphics! (so you can play video games in a VM)
> 
> 
> CPU's cost around $10-50 and 16GB DDR3 ECC RAM is $30
> Noctua makes a great C32 cooler for around $40 or you can get a not as
> great one and have hotter temps for $20 on fleabay.
> 
> 
> Recommended Accessories:
> 
> ASMB4-iKVM (BMC Module, required for the upcoming libre OpenBMC port
> for KGPE-D16/KCMA-D8 the asus boards)
> 
> TPM (Coreboot supports an owner controlled core root of trust which is
> more secure than otherwise)
> 
> 
> Notes:
> 
> 128GB RAM Max
> 
> You will have to get a graphics card if you want decent video, the
> onboard chip only supports 1280x768 and is quite slow - AMD is
> reccomended for better virtualization (see nvidia code 43 "bug" when
> you try to attach their cards to a VM) and linux drivers that are
> almost open source and don't suck unlike nvidia
> 
> 43xx CPU's require microcode updates for secure operation
> 
> The init code including graphics init is entirely open source and
> there is no ME/PSP, this board can be flashed with a libre version of
> coreboot (unlike purism's laptops)
> 
> 
> 
> Reccomended CPU's:
> 
> 4284 (Works securely without microcode updates)
> 
> 4365EE (40W, for a low power build)
> 
> 4386 (equivalent to AMD FX 8310)

How's your experience with the KGPE-D16/KCMA-D8 boards? Looking at the
NewEgg comments there are a lot of people complaining about seemingly
defective boards. A lot of RMA requests. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/95ea60b4f2916f69328801cf702d6c88%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Additional VPN destinations via CLI config?

[Kushal Das]

On Mon, Sep 11, 2017 at 11:07 PM,   wrote:
> I followed the tutorial here, specifically "Set up a ProxyVM as a VPN gateway 
> using iptables and CLI scripts"
>
> https://www.qubes-os.org/doc/vpn/
>
> I like having the iptables anti-leak rules. However, it's connecting 
> automatically to my VPN providers destination that I downloaded their .ovpn 
> for.
>
> Is it possible to compile multiple locations and be able to select which one?
>
> OR perhaps I'm going about this the wrong way? Should I instead use the GUI 
> way via NetworkManager? Can I configure that for multiple destination choices 
> then perhaps still add the iptables anti-leak rules?
>
> What's the best way?

I wrote a blog post [1] about how I am trying to do the similar thing.

[1] 
https://kushaldas.in/posts/network-isolation-using-netvms-and-vpn-in-qubes.html

Kushal
-- 
Fedora Cloud Engineer
CPython Core Developer
http://kushaldas.in

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAzeMbwCSH38kV-kgsKkBKKJCsMOPPfuWqBDR99LyqqxC2xx-g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: efi_memmap problem powering off.. coldhak paxtest fail

[sh di]

On Saturday, February 18, 2017 at 9:56:45 PM UTC-5, cesec...@gmail.com wrote:
> On Friday, February 10, 2017 at 8:25:49 PM UTC-5, cesec...@gmail.com wrote:
> > Hello, i have qubes 3.2 installed with 4.4.38-11 kernel. Install went fine. 
> > In the beginning powering off went good but now i get stuck at a screen 
> > that says
> > 
> > efi: EFI_MEMMAP is not enabled
> > 
> > esrt: ESRT header is not in the memory map
> > 
> > .. i also installed coldhaks grsec script for debian template. after a 
> > paxtest blackhat i get vulerabilities in memory , mprotect ect..  i thought 
> > this might be related to efi.
> > 
> > I have a lenovo x260 i7 processor. Some help will be much appreciated i 
> > dont want to keep powering off the wrong way. Thank you.
> 
> Still have problem. I cant seem to figure it out...:(

you're better off running freebsd or subgraph. its too much work to get a 
stable qubes or any help for that matter..!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8391516b-b1a3-4a28-967e-eadf21705333%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] qvm-usb not functioning

[Drew White]

hi folks,

I try to do a qvm-usb attachment to pass a usb device through, but it doesn't 
let me, it tells me it fails but provides no description of error.

Is there a way to find out the errors and have them display when there is an 
error please?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0017939f-43de-4434-b387-40f4b8892d8c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Error Creating Ubuntu VM in Qubes 3.2

[Person]

I tried again. The website qubes-os.org had instructions to enter this code: 
--cdrom=[appvm]:[/path/to/iso/within/appvm] in dom0. How exactly do I find the 
path to the ISO? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/92c3dec5-dcaf-4c1c-9de1-f5f9addfcd79%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Additional VPN destinations via CLI config?

[filtration]

qubester:
> btw, how or why does one "check their MTU settings?"
>
Why? Incorrect MTU settings caused me to have disconnects from my VPN
connections. After I measured and compensated for poor MTU, my
connections have become much more stable and disconnects come back
online shortly.

How? MTU is essentially packet size. You can measure in CLI by pinging a
server. There are a few tutorials to correct MTU in OpenVPN. Go to one
of them to check it out.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3b7d163d-4d9b-c72a-e97b-cdfb9841b1a7%40posteo.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Fedora25 fails updates unless I reboot the machine 9.13.17

[qubester]

Fedora25 fails updates unless I reboot the machine 9.13.17

2 or 3 times now, are others having this problem?  is there some 
particular remedy or  just  let it go?


"failed to syncronize cache"

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/62435d6e-ef0b-c562-330c-c1c5d14d8f15%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 4.0 on Tuxedo BU1406

[Yethal]

W dniu środa, 13 września 2017 12:39:13 UTC+2 użytkownik Aaron Dough napisał:
> These are my experiences with Qubes 4.0rc1 on a Tuxedo BU1406-notebook with 
> an i5-7200U-CPU and a NVMe-SSD. Some issues could be resolved (mostly using 
> this mailing list, thanks to anyone contributing!), others remain:
> 
> 
> 
> Resolved issues:
> 
> Unable to install Qubes in UEFI-Mode. Selecting "Install Qubes R4.0-rc1" just 
> loops back to the same menu.
> 
> Solution: creating an MBR and installing in Bios-Mode worked fine
> 
> After the installation, the notebook kept rebooting. I got into the GRUB Boot 
> Menu, but after selecting Qubes, it briefly showed the "Loading Xen..., 
> Loading Linux... Loading ramdisk..."-message, and then rebootet the PC. (Much 
> like this guy describes. Maybe someone link him here? I can't respond to him, 
> since I just subscribed...)
> 
> Solution: editing the menu-item and removing "iommu=no-igfx" in the 
> multiboot-line allowed my to start the system and update dom0. This update 
> then generated a new grub configuration file, which resolved the issue for 
> good. I did this three times now, the first two times it worked at once, the 
> last time I had to restart the update until I saw the "Generating grub 
> configuration file ..."-message (maybe the dom0-update-server could not be 
> reached at first?)
> 
> Sys-net could not be started. At first boot it showed me the error-message 
> "['/usr/bin/qvm-start', 'sys-firewall'] failed: Start failed: internal error: 
> Unable to reset PCI device :03:00.1: internal error: Active 000:03:00.0 
> devices on bus with 000:03:00.1, not doing bus reset". This was really about 
> Sys-net, to which 03:00.1 was attached.
> 
> Workaround: Removing the 03:00.1 ethernet controller in the sys-net vm 
> settings worked, which means however that I don't have Ethernet. I can live 
> with that for now. Blocklisting the card-reader as suggested here was not 
> tried yet.
> 
> Unresolved issues:
> Touch-pad does not register taps as clicks. The physical buttons work 
> however, as does multitouch scrolling, so this is not critical. It is strange 
> though, as Fedora 25 is the base of dom0, and Fedora 25 itself has no 
> problems with the touchpad.
> Standby is not working properly. This is the last dealbreaking issue 
> remaining.
> 
> With Sys-usb enabled, can't unlock after Standby. I can go into standby, but 
> waking the notebook results in a blank screen. The led-backlight comes up 
> though.
> 
> Dirty Workaround: It looked like the keyboard and touch-pad did not 
> reconnect. I reinstalled with sys-usb disabled, which allowed me to unlock, 
> but lead to 2.2:
> 
> With Sys-usb disabled, Standby results in strange behavior when sys-net is 
> running. The first "Suspend to RAM" after starting sys-net (or booting the 
> machine) works perfectly fine, but kills my networking-capabilities 
> ("NetworkManager is not running" when I click the red networking-icon). After 
> that, Standby will lock the screen and nothing else happens at first. I can 
> unlock the screen and go back to the Desktop. Then, after a minute or so the 
> computer will go into standby. Waking will go directly to the Desktop, 
> without the lock-screen. Restarting sys-net and sys-firewall will also reset 
> this issue. Some rare times, the first standby will not result in the 
> described problem, so this is only 90-95% reproducible. It maybe unrelated, 
> but it seems sys-net is always at the minimum of 400MB, and sys-firewall at 
> the maximum of 4000MB of used memory.
> What did not work: Removing the WiFi-controller. However, without any 
> attached networking-devices the NetworkManager keeps running after the first 
> Standby.
> 
> If you have any idea about one of the remaining issues, please let me know. 
> Since the HCL-tool is missing in rc1, I will provide the report (and an 
> update) once rc2 comes out.
> 
> 
> 
> --Aaron

3. Try running sys-usb with pci_strictreset set to false. If that doesn't help 
attach both 03:00.0 and 03:00.1 devices to sys-usb and try again.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e65269a7-ea95-4834-a6cb-9315b7fff0be%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [qubes-announce] QSB #33: Xen hypervisor (XSA-231 through XSA-234)

[michael-q]

On 09/12/2017 10:31 AM, qubester wrote:


1)

So, for discussion do most folks "patch immediately"   or  "wait for 
stable" ??


2)
Guess, I need to start  studying  the  PBRM(above)   as I imagine I'll 
be on 3.2  for some time, maybe  till  it's no longer updated  if there 
is going to be NO GUI VM Manager  ever ??


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/938deccb-6c11-9a47-f8d4-0ff6f06955dd%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Linux HVM Hangs On Boot On Qubes 3.2

[WillyPillow]

>  Original Message 
> Subject: [qubes-users] Linux HVM Hangs On Boot On Qubes 3.2
> Local Time: September 13, 2017 1:15 PM
> UTC Time: September 13, 2017 1:15 PM
> From: w...@nerde.pw
> To: qubes-users 
>
> I've been trying to install a Linux HVM on a Qubes 3.2 system. However, all 
> the ISOs I tried (Debian, Debian netinst, and Arch) seemed to get stuck at 
> boot with blank console.
>
> In addition, if I pass `debug ignore_loglevel` as boot arguments to the Arch 
> ISO, it shows something like `probing EDD ...ok` and then hangs.
>
> Does anyone know what is going on? Thanks.

UPDATE: For some reason, after I switched the netVm from a Mirage firewallVm to 
a regular Linux one, it started to work fine.

> --WillyPillow
> --
> https://blog.nerde.pw/
> PGP fingerprint = B57E 7237 B211 419C 35C4  AF5B EB4D 3264 A318 73CB
> --

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5bBzGRCM9GcS_xDbeUkrEEJU1l5E7GPFQ2NQqkZb1eusDAbsTuccKe0K-sdzpyHGkalf_N25nXEJqP7VwdSDWosox2n2lTWLpnWo38knvxI%3D%40nerde.pw.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Linux HVM Hangs On Boot On Qubes 3.2

[WillyPillow]

I've been trying to install a Linux HVM on a Qubes 3.2 system. However, all the 
ISOs I tried (Debian, Debian netinst, and Arch) seemed to get stuck at boot 
with blank console.

In addition, if I pass `debug ignore_loglevel` as boot arguments to the Arch 
ISO, it shows something like `probing EDD ...ok` and then hangs.

Does anyone know what is going on? Thanks.

--WillyPillow
--
https://blog.nerde.pw/
PGP fingerprint = B57E 7237 B211 419C 35C4  AF5B EB4D 3264 A318 73CB
--

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/gvU-RG5YDugUL5VT9csY6Mk9iZCxuug84b_fyq4QMCfD8Aki_yxc32fRLgoY-v6gqWX-fy_7Jv89Mmk3S7imr9E_8Im6d2f9OZPE1qqe-Pc%3D%40nerde.pw.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [SOLVED] Qubes 3.2 on Lenovo Thinkpad P51

[Swâmi Petaramesh]

Hi list :

Update : I could finally boot my Qubes 3.2 on Lenovo Thinkpad P51, after
installation, by using the rEFInd live USB :

http://www.rodsbooks.com/refind/

Looks like the way Qubes registered itself into UEFI was b0rked, and
this machine lacks any FWsetup-borne UEFI boot entries editing tool...

But rEFInd brings a graceful solution. I think I will have to install it
permanently in the EFI system partition (which leaves way too many boot
possibilities for my taste, but the Qubes SSD being encrypted anyway...)


Le 10/09/2017 à 12:35, Swâmi Petaramesh a écrit :
> Hi,
> 
> I could get Qubes 3.2 to boot and install on a Lenovo Thinkpad P51, by
> creating the USB install key according to Dave's advice at :
> 
> https://groups.google.com/forum/#!topic/qubes-users/4VsKdxnKHBk
> 
> However, once installed, Qubes will not boot. The "Qubes" UEFI entry is
> created, but the system doesn't seem to believe there's anything
> bootable in there.
> 
> Using the same method, Qubes 4.0 RC1 will install, AND boot. (but it's
> incomplete and Alpha IMHO)
> 
> I wonder is the fact that Qubes 3.2 will not boot after installation on
> this machine could be related to Xen or kernel version, and I wonder If
> I could try to upgrade them to the latest availables during install or
> immediately after it, before attempting to reboot.
> 
> But I have no clue about whether this can be done with respect to Qubes
> very specific architecture, and how I could possibly do it.
> 
> Any help would be much appreciated.
> 
> TIA.
> 

-- 
ॐ

Swâmi Petaramesh  PGP 9076E32E

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3173944c-f25f-29fa-a19e-b5478b64979f%40petaramesh.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes 4.0 on Tuxedo BU1406

['Aaron Dough' via qubes-users]

These are my experiences with Qubes 4.0rc1 on a Tuxedo BU1406-notebook with an 
i5-7200U-CPU and a NVMe-SSD. Some issues could be resolved (mostly using this 
mailing list, thanks to anyone contributing!), others remain:

Resolved issues:

- Unable to install Qubes in UEFI-Mode. Selecting "Install Qubes R4.0-rc1" just 
loops back to the same menu.
Solution: creating an MBR and installing in Bios-Mode worked fine
- After the installation, the notebook kept rebooting. I got into the GRUB Boot 
Menu, but after selecting Qubes, it briefly showed the "Loading Xen..., Loading 
Linux... Loading ramdisk..."-message, and then rebootet the PC. (Much like 
[this guy](https://groups.google.com/forum/#!topic/qubes-users/Pf1Cd87KSsk) 
describes. Maybe someone link him here? I can't respond to him, since I just 
subscribed...)
Solution: editing the menu-item and removing "iommu=no-igfx" in the 
multiboot-line allowed my to start the system and update dom0. This update then 
generated a new grub configuration file, which resolved the issue for good. I 
did this three times now, the first two times it worked at once, the last time 
I had to restart the update until I saw the "Generating grub configuration file 
..."-message (maybe the dom0-update-server could not be reached at first?)
- Sys-net could not be started. At first boot it showed me the error-message 
"['/usr/bin/qvm-start', 'sys-firewall'] failed: Start failed: internal error: 
Unable to reset PCI device :03:00.1: internal error: Active 000:03:00.0 
devices on bus with 000:03:00.1, not doing bus reset". This was really about 
Sys-net, to which 03:00.1 was attached.
Workaround: Removing the 03:00.1 ethernet controller in the sys-net vm settings 
worked, which means however that I don't have Ethernet. I can live with that 
for now. Blocklisting the card-reader as [suggested 
here](https://groups.google.com/forum/#!msg/qubes-users/rBRTvXryQ6k/ybFZHDxUFgAJ)
 was not tried yet.

Unresolved issues:

- Touch-pad does not register taps as clicks. The physical buttons work 
however, as does multitouch scrolling, so this is not critical. It is strange 
though, as Fedora 25 is the base of dom0, and Fedora 25 itself has no problems 
with the touchpad.
- Standby is not working properly. This is the last dealbreaking issue 
remaining.

- With Sys-usb enabled, can't unlock after Standby. I can go into standby, but 
waking the notebook results in a blank screen. The led-backlight comes up 
though.
Dirty Workaround: It looked like the keyboard and touch-pad did not reconnect. 
I reinstalled with sys-usb disabled, which allowed me to unlock, but lead to 
2.2:
- With Sys-usb disabled, Standby results in strange behavior when sys-net is 
running. The first "Suspend to RAM" after starting sys-net (or booting the 
machine) works perfectly fine, but kills my networking-capabilities 
("NetworkManager is not running" when I click the red networking-icon). After 
that, Standby will lock the screen and nothing else happens at first. I can 
unlock the screen and go back to the Desktop. Then, after a minute or so the 
computer will go into standby. Waking will go directly to the Desktop, without 
the lock-screen. Restarting sys-net and sys-firewall will also reset this 
issue. Some rare times, the first standby will not result in the described 
problem, so this is only 90-95% reproducible. It maybe unrelated, but it seems 
sys-net is always at the minimum of 400MB, and sys-firewall at the maximum of 
4000MB of used memory.
What did not work: Removing the WiFi-controller. However, without any attached 
networking-devices the NetworkManager keeps running after the first Standby.

If you have any idea about one of the remaining issues, please let me know. 
Since the HCL-tool is missing in rc1, I will provide the report (and an update) 
once rc2 comes out.

--Aaron

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/lJqQSOe8gZac1CkxzG6cGxVsYB4FTcjXEh-ERrLvUVryBA1e7V61mjdU5o5fws05lDNhuC187LqHk73e4oB5_g32FSEGpqLwezGKV6-SdVM%3D%40protonmail.ch.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Reboot a VM that is connected as net/proxy VM

[mittendorf]

The problem is getting more and more nasty. Since a few weeks ago, the
wlan-NetVMs fails to boot very often. I always have to disconnect the
ProxyVM, restart and reconnect. as I cannot believe that nobody else has
this kind of problem?!

Thank you

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fea97b9c-da45-43d4-b067-43dfc4c543f4%40digitrace.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: After installing, the system always rebooting in the GRUB menu

[antoni . halpert]

Le samedi 9 septembre 2017 19:43:25 UTC+2, antoni@gmail.com a écrit :
> Hello,
> 
> I installed QUBES R4.0.
> Now when GRUB menu is displayed, I have two options:
> 
> - Qubes, with Xen hypervisor
> - Advanced options for Qubes (with Xen hypervisor)
> 
> I select "Qubes, with Xen hypervisor" and then I boot again on this menu with 
> these 2 options promtped.
> 
> I am not supposed to land on the QUBES GUI ?
> 
> tks

I download the 3.2 verson and no problem encountered duringthe boot of the 
system, I am on the Qubes desktop.

After consideration, I think that it was the partitioning that was badly 
configured and GRUB don't know where to boot the first time.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a593985e-334c-4abf-b60f-afb271b750bf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Using UNISON between VMs... Is that possible?

[segu . santi]

El martes, 12 de septiembre de 2017, 18:43:12 (UTC+2), Sven Semmler  escribió:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On 09/12/2017 02:15 AM, segu.sa...@gmail.com wrote:
> > I have a script that uses UNISON [...] The idea is to sync files 
> > between two virtual machines that have no visibility between them.
> 
> Can you be more specific? Will those two VMs have network connections?
> Are you planning to continue using UNISON? Must the script run fully
> automatically or is some limited user interaction ok? (scheduled or
> manual run)
> 
> > Has anyone faced this problem or imagined a solution for this?
> 
> * you can use qvm-copy-to-vm to copy file(s) from one VM to another,
> whoever it won't give you synchronization ... if the sender had
> visibility of the file system of the receiver, it would defeat the
> entire purpose of Qubes OS (compartmentalization).
> 
> * you can mount a USB block device to VM 1 and run your script to sync
> between VM 1 and a folder structure on the USB block device, then you
> could unmount and mount the same to VM 2 and now run your script again
> to sync with VM 2
> 
> * you could allow network for both VMs via sys-firewall and setup
> firewall rules that would ensure that the only connection between the to
> VMs is the one for UNISON (e.g. unison -socket 1234). You can lookup the
> internal IP addresses of the VMs in the Qubes Manager.
> 
> Finally, I would recommend to take a step back and question your setup.
> How much thought have you put into your domain compartmentalization? Is
> it really necessary to sync between the two VMs? What is the purpose of
> having the same files in two VMs that are isolated from each other?
> 
> /Sven
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
> 
> iQIcBAEBCAAGBQJZuA6YAAoJENpuFnuPVB+2VkwP/0mWxWFlBKQtsfUp25rw7a9y
> eiNsgIzzmWUgMAkFY6yFryVFUtmwCMOW48w9unx9FIUpOpboHSDrGW84N2yaqjyV
> KzwFPhhaJbV/i7/1CyHzHzkhctgpipHfz5c0G4PFdpchSbgepaOfEjTQv5sv0p5X
> swFxx3f7OA162rZRZqjSJ3KKvrkHzVLJuU2moRJvwg/+LMAtjtlsRGmG1wBsyBDy
> LF94GMlKD+mMbGB5TQmAU2Svxq3ym0yKzjvwzzFbNc3RSASJROlFOvEtqSVwWioH
> t6RicdD2DW0WnohVrbYLrj55oIhwDvRFfvBVqYr+Bbw9uD+lh16GHX6eALEm0yww
> wZP4Xtk2id+giDkj9agSv+aLCoAQpxp0lg2Vrtj9LT/3rJWMRP2GPIirqVFLXONX
> HmEC0iozlvG/OltQnuD+VQvX2yYdT84FgxKqGEtNhnRNs45RwDhkVqIXwifzSbIu
> KRYRap6W9FNbpcEBoq4jBmotnOkECOdqi7qSCvzjlrBQNAHrSXZyY2SZaD731hir
> UApJnm4Bo8yJE7O12P6IvA0335ins0eNk6IuWVTlYuN+ymIqwfitYqOd7HWE/Zzu
> WXBwT3QzI9Br2R3D0dJR6+LoEQLmt/OXAhqG5wsFhKF6kd/SGTFpWseCoypjsZKB
> bk3DM/YPjTAvWOLtkfOp
> =L7c+
> -END PGP SIGNATURE-

I have, finally, managed to run the scripts by using SSH and the firewalls of 
the machines. Thank you so much. SSH is what I needed.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c5ef7b3c-9a64-42f4-a19f-a7bd0d4abfa7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Additional VPN destinations via CLI config?

[pixel fairy]

On Wednesday, September 13, 2017 at 12:21:03 AM UTC-7, qubester wrote:
> proxyVM rather fwiw
> 
> btw, how or why does one "check their MTU settings?"

ip a

look for a line like this,

2: eth0:  mtu 1500 qdisc mq state UP group 
default qlen 1000






-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ccd0664b-9248-43a2-ad56-0bc74963d72d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Additional VPN destinations via CLI config?

[qubester]

proxyVM rather fwiw

btw, how or why does one "check their MTU settings?"

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bfb711e2-856c-05a0-89bd-979d6df567c3%40riseup.net.
For more options, visit https://groups.google.com/d/optout.