Re: [qubes-users] High spec laptop for Qubes OS

[taii...@gmx.com]

On 02/24/2018 11:50 PM, Yuraeitha wrote:


Qubes OS on normal hardware (fulfilling current security hardware requirements) 
is still a much more secure alternative than Windows/Mac/Linux OS's, even on 
compromised hardware from i.e. Intel/AMD/etc. I agree there still are very big 
security/privacy problems in hardware, there definitely is. But all things 
considered, if you're not trying to be immune from state-level/advanced hacker 
attacks, then it may be too extreme to go that far just yet.

Why not have max security all the time? It isn't difficult.

Besides if the TALOS 2 isn't successful it will be the end of high 
performance owner controlled hardware, so maxing out today is important 
so you will be able to tomorrow.

  Unless of course, you are a high profile target, or even a medium-level 
target. Don't piss off, or grab unwanted attention of dangerously resourceful 
people.
"Avoid pissing people off" is bad advice and simply no fun - if your 
security plan counts on that then you don't have any security at all.

If you're a normal user, and you don't grab unwanted attention, then you should be okay 
in this time and day, however, that may change down the line as attack vectors improve 
and advance, and increasingly become mainstream for less skilled hackers to use. At which 
point, it's not the few handful really skilled hackers you need to worry about, but 
script kiddie "hackers" around every city-block.

Frankly it's impossible to get the perfect hardware to our desires. Whatever 
your needs may be, you need to take everything into account. The current 
situation however, I'd think if you're low profile (normal person with no 
unwanted attention), then you should be fine from a security perspective, with 
most laptops that meet the current hardware specifications.
I would argue that the TALOS 2 is perfect, it is the only system that 
has freedom, security and performance - you could even play videogames 
on it if they were compiled for POWER.
Its featureset and performance are much better than what intel and AMD 
are selling rather than being simply equivilant - it isn't at all 
"heavily limited".


A wintel skylake system "meets the current specifications" but I could 
cause a commotion and steal your encryption keys while you are 
distracted by plugging in a USB debugger because intel "forgot" to 
disable that feature in shipping chipsets.

It's the same if you climb Mount Everest or venture into a wild jungle, no 
matter how much you prepare, there will always be risk. There are no perfect 
hardware, while we can do better, currently we are heavily limited.


I run open source firmware on all of my computers and I sacrifice 
absolutely nothing - I play new games at max settings in a VM on my 
KGPE-D16 and if I wanted to I could install OpenBMC for remote lights 
out access just like on a mainstream proprietary system - it is feature 
equivilant.


I highly doubt that anyone here would prefer silly apple aesthetics and 
total lack of features/expansion ports over a secure functional computer 
and I for one prefer the industrial designs of the older thinkpads and 
latitudes.


On 02/24/2018 11:49 PM, vel...@tutamail.com wrote:

I think a Lenovo is the way to go...the Qubes developers use them, the X1/Gen5 
was mentioned as being popular with them. I googled and Max Ram is 16, however 
I went from 8-12 and more then satisfied with improvement. I wanted the X1 but 
thought it was out of my budget and thought I would look too cool using it:)

The W520 supports 32GB, the T420 and X230 16GB.

The W520, T420 and X230 (with x220 keyboard) are all decent mobile 
workstation performance choices and they support egpu via expresscard.
The G505S is more free (no ME/PSP) but it doesn't have expresscard and 
the build quality is not as nice.



Notes:
There isn't much point using qubes with hardware that has ME/PSP,

Is the ME/PSP risk more from a Governement/Intel threat or are the 
vulnerabilities with these features available to other threat vectors as well? 
Would appreciate your thoughts...
Rumor has it that signing keys for all ME versions and local HECI 
exploit mechanisms are being traded on obscure internet forums and being 
used to attack the usual targets (fortune 500, journalists, political 
types etc)


I highly doubt you I or anyone posting here is important enough to get a 
specific exploit package targeted to us by a government actor - you 
gotta have something worth stealing such as industrial processes, 
proprietary code to some important program, blueprint etc, for instance 
the chinese government has many hacking teams dedicated to industrial 
espionage but just because you aren't a necessarily a target doesn't 
mean you should support the makers of non-owner controlled hardware.

Thanks again Qubes team...
I am not a qubes team member - they have better things to do than tech 
support but I don't.


--
You received this message because you are subscribed to the Google Groups 

Re: [qubes-users] Install to Dell T3610, no Intel graphics, VNC install, NVS 310

[taii...@gmx.com]

On 02/24/2018 12:55 PM, CMaurice wrote:


Interesting links, thanks. I'm more for blockchain securing that gaming tho.


If you have lots of virtual money on the line I highly recommend a Talos 
2 - you can even buy one in bitcoin - OpenPOWER9 is the most secure high 
performance computing architecture and the T2 is the most secure 
motherboard.


There are a lot of imitators out there (ex: purism) but what Raptor and 
IBM are doing for the hardware freedom movement is legitimate.

On Friday, 23 February 2018 10:50:47 UTC, awokd  wrote:

On Fri, February 23, 2018 10:28 am, CMaurice wrote:

Aye, there's no onboard graphics, there's compatibility with VGA or some
sort of pass through for boot and BIOS, not sure.

But anyway, tried 3.2 and that worked fine! So at least I can learn a bit
about Qubes before having to re-install for 4 final.

Glad you got it running at least. I realized after I sent my last email
your Dell probably isn't a laptop or you wouldn't be asking about video
cards!

If you are going shopping for one, check out the following in case you
ever want to try pass-through some day.

https://en.wikipedia.org/wiki/List_of_IOMMU-supporting_hardware#AMD
http://www.overclock.net/t/1307834/xen-vga-passthrough-compatible-graphics-adapters
https://wiki.xenproject.org/wiki/Xen_VGA_Passthrough_Tested_Adapters#ATI.2FAMD_display_adapters
As always I recommend either a libre hardware/firmware TALOS 2 
(OpenPOWER9, maximum security, features, performance and freedom) or a 
libre firmware KGPE-D16/KCMA-D8 (slow vs the T2 - I use these for x86-64 
VM gaming) for video passthrough.


I have bought a variety of closed source firmware devices before that 
claimed to but didn't actually support IOMMU-GFX, and by getting one of 
these you also get a BMC platform that is actually receiving security 
updates. (the D8/D16 have the facebook OpenBMC, whereas the T2 has the 
IBM OpenBMC which contains more features)


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/86f90b52-d2b7-7c6b-6694-cf1402699d7a%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] High spec laptop for Qubes OS

[velcro]

I know they were volunteered recalled but could be an opportunity for good 
refurb pricing... 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0978efa7-9f08-41a1-b748-b4ada2b3ca28%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: High spec laptop for Qubes OS

[Yuraeitha]

On Sunday, February 25, 2018 at 2:11:21 AM UTC+1, Adam McCarthy wrote:
> Hello,
> 
> I currently run Qubes OS on an XPS 13 from 2015 with an i5-6200U, 8GB 
> RAM, slow NVMe. It can't really handle Qubes OS - it's quite laggy and 
> struggles to play video on the 4K screen. The CPU and RAM are normally 
> maxed with a couple of VMs running, even without video.
> 
> I'm going to buy a new laptop with a higher spec which should hopefully 
> handle things well. The following laptops are my final five contenders. 
> They all have a discrete GPU, which I'm hoping to passthrough to a VM 
> for playing streaming video (h264/h265/vp9 codecs). Do I have this right 
> that it would be most efficient to use the Intel GPU in dom0 and the 
> discrete GPU in the VM? I also do a lot of scientific computing, so it's 
> useful to offload some computation to a GPU via CUDA.
> 
> I get the impression from the HCL that they should all work fine as long 
> as I replace any non-Intel wifi m.2 sticks with an Intel 8265. Do you 
> have any thoughts on whether one would be more appropriate than another?
> 
> Dell XPS 15 9560 (2017)
> Intel i7-7700HQ Quad Core
> 32GB RAM
> 512GB M.2 NVMe
> Intel + NVIDIA GTX 1050
> 
> Dell XPS 15 2018
> Intel i7-8705G Quad Core
> 32GB RAM
> 512GB M.2 NVMe
> Intel + Radeon RX Vega M GL
> 
> Dell Precision 5520
> Intel Xeon E3-1505M v6 Quad Core
> 32GB RAM
> 512GB M.2 NVMe
> Intel + Nvidia Quadro M1200
> 
> Lenovo P51
> Intel Xeon E3-1505M v6 Quad Core
> 32GB RAM
> 512GB M.2 NVMe
> Intel + NVIDIA Quadro M2200
> 
> Razer Blade
> Intel i7-7700HQ Quad Core
> 16GB RAM
> 512GB M.2 NVMe
> Intel + NVIDIA GTX 1060
> 
> Thanks,
> Adam

I'm not too familiar with those particular models.

As for GPU passthrough, I'll second what tai...@gmx.com said, currently it's 
not possible to do what you seek with discrete GPU's in the way you described. 
But keep in mind that Qubes 4.1. is planned to include a new approach to 
graphic pass-through for single AppVM's, without comprosmising security, which 
is exactly what you just described. In other words, Qubes 4.1. may include this 
feature. If you're interested to know more, then check the roadmap/github 
trackers. Also if you instead go down the eGPU road (which may not work in the 
end anyway), then you should probably get a computer with Thunderbolt 
connection, to allow for the large transfer of data which USB 3.1. cannot fully 
handle. From memory, USB 3.0 is around 5 gbit, USB 3.1. is about 10 gbit, and 
Thunderbolt can run up to 40 gbit (check Thunderbolt versions too). Also be 
sure you don't just assume that USB type c ports include Thunderbolt 
comparability, most of the early ones don't. It's only some recent 2018 laptop 
models that started to include USB/Thunderbolt type 3 hybrid ports. Before 
2018, it was mostly only Apple/Mac's. If you want eGPU (untested on Qubes as 
far as I know, but in theory it might work), then you would want high transfer 
speeds. Probably minimum USB 3.1., but preferably 40 gbit Thunderbolt (get 
newest Thunderbolt version and be sure it has enough PCI connections tied to it 
for maximum transfer speeds). Also note that Thunderbolt isn't well supported 
in the kernel yet, I'm not sure which kernel includes it, but make sure you 
research this too if you need Thunderbolt.   

You could consider getting the same laptops most of the core Qubes team uses, 
the Carbon X1 gen5. I believe it has Thunderbolt too? But even the cheapest 
version of this laptop is rather on the expensive side. 

You could also go a bit cheaper down from the Carbon X1 gen5, i.e. get the 
Lenovo 720s instead or something along those lines. (I did not test or see 
reviews on the new Lenovo 720s, please ensure you do further research on it 
first. Be very critical.).

Generally I agree that free open standard hardware is important and something 
we really, really need, but it may just not be feasible for normal users just 
yet. Getting W520/TALOS may work for some, but it won't work for everyone. This 
depends on ones needs, and what sacrifices you are content in making (for 
example can you sacrifice aesthetics, look and feel?).

Qubes OS on normal hardware (fulfilling current security hardware requirements) 
is still a much more secure alternative than Windows/Mac/Linux OS's, even on 
compromised hardware from i.e. Intel/AMD/etc. I agree there still are very big 
security/privacy problems in hardware, there definitely is. But all things 
considered, if you're not trying to be immune from state-level/advanced hacker 
attacks, then it may be too extreme to go that far just yet. Unless of course, 
you are a high profile target, or even a medium-level target. Don't piss off, 
or grab unwanted attention of dangerously resourceful people. If you're a 
normal user, and you don't grab unwanted attention, then you should be okay in 
this time and day, however, that may change down the line as attack vectors 
improve and advance, and increasingly become mainstream for 

Re: [qubes-users] High spec laptop for Qubes OS

[velcro]

I think a Lenovo is the way to go...the Qubes developers use them, the X1/Gen5 
was mentioned as being popular with them. I googled and Max Ram is 16, however 
I went from 8-12 and more then satisfied with improvement. I wanted the X1 but 
thought it was out of my budget and thought I would look too cool using it:)

gmx.com...your comment:

> Notes:
> There isn't much point using qubes with hardware that has ME/PSP, 

Is the ME/PSP risk more from a Governement/Intel threat or are the 
vulnerabilities with these features available to other threat vectors as well? 
Would appreciate your thoughts...

Thanks again Qubes team...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eacb8b5a-1a38-474f-b05a-d431086e9554%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] High spec laptop for Qubes OS

[taii...@gmx.com]

I suggest a lenovo W520, as it supports coreboot with open source hw 
init and me cleaner (which nerfs but does not disable ME - it is 
impossible to disable ME, dell/purism are lying) you can also use an 
egpu for additional graphics power and install an ivy bridge processor 
for better power figures.


I would also look in to the TALOS 2 (OpenPOWER9) which is a very high 
performance owner controlled workstation with libre firmware for both 
the board and BMC (even the microcode is owner controlled and has 
documentation supplied, there is absolutely no hardware code signing 
enforcement).
POWER is now the worlds only owner controlled performance cpu arch due 
to both intel and AMD adopting black box supervisor processors and 
hardware code signing enforcement.

https://raptorcs.com
It also supports CAPI and PCI-e 4.0, which I imagine might interest you.

Notes:
There isn't much point using qubes with hardware that has ME/PSP, 
especially newer hardware that doesn't have open source init (ex: what 
you listed and of course the faux-libre purism laptops)
"Gaming" or "Workstation" laptops end up being a pain in the ass to 
carry around so if you don't really need one I wouldn't get one, or get 
a lower power device that supports an EGPU setup.
You can't pass through a laptop GPU like that as both the iGPU and dGPU 
considered a primary video adapters - you would have to purchase an eGPU 
if you want a GPU in a VM and you also need a secondary usb controller, 
monitor, audio device etc.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aaf373c6-f297-67c2-9c46-bae626785b3b%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] High spec laptop for Qubes OS

[adam]

Hello,

I currently run Qubes OS on an XPS 13 from 2015 with an i5-6200U, 8GB 
RAM, slow NVMe. It can't really handle Qubes OS - it's quite laggy and 
struggles to play video on the 4K screen. The CPU and RAM are normally 
maxed with a couple of VMs running, even without video.


I'm going to buy a new laptop with a higher spec which should hopefully 
handle things well. The following laptops are my final five contenders. 
They all have a discrete GPU, which I'm hoping to passthrough to a VM 
for playing streaming video (h264/h265/vp9 codecs). Do I have this right 
that it would be most efficient to use the Intel GPU in dom0 and the 
discrete GPU in the VM? I also do a lot of scientific computing, so it's 
useful to offload some computation to a GPU via CUDA.


I get the impression from the HCL that they should all work fine as long 
as I replace any non-Intel wifi m.2 sticks with an Intel 8265. Do you 
have any thoughts on whether one would be more appropriate than another?


Dell XPS 15 9560 (2017)
Intel i7-7700HQ Quad Core
32GB RAM
512GB M.2 NVMe
Intel + NVIDIA GTX 1050

Dell XPS 15 2018
Intel i7-8705G Quad Core
32GB RAM
512GB M.2 NVMe
Intel + Radeon RX Vega M GL

Dell Precision 5520
Intel Xeon E3-1505M v6 Quad Core
32GB RAM
512GB M.2 NVMe
Intel + Nvidia Quadro M1200

Lenovo P51
Intel Xeon E3-1505M v6 Quad Core
32GB RAM
512GB M.2 NVMe
Intel + NVIDIA Quadro M2200

Razer Blade
Intel i7-7700HQ Quad Core
16GB RAM
512GB M.2 NVMe
Intel + NVIDIA GTX 1060

Thanks,
Adam

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c5f7945f35c4bfe9cd47bc70ddd794f4%40adammccarthy.co.uk.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] fix resume in Qubes (Was X230 Corebooted -> resume broken

['[799]' via qubes-users]

Hello,

Just for the archive:

Resume was fixed after a clean installation of Qubes 4rc4 - I was running Q4rc3 
on my Lenovo x230 before.

[799]

--
Qubes 4rc4 > Lenovo X230
Qubes 4rc4 > Lenovo W540

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/U9sy0r8aqPaRdTrw3116_0ZQbtAjjb3pTN-Is4f3_gExDfc0_2scjfuvLHreEaXzzK8Pc7Kf2a5l4iovVU1NDogHCNdK7LsXbct8QaiIj8o%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Can't install Qubes, Rebooting after loading initrd.img

['awokd' via qubes-users]

On Sat, February 24, 2018 11:13 pm, Daniil .Travnikov wrote:

> About video card, one person on Github said that he has the same problem:
>  https://github.com/QubesOS/qubes-issues/issues/3625
>
>
>
> For example, if I will put some discrete video card on my motherboard,
> will it helps? Or is there a cheap way to solve this problem?

Possibly; without logs it's hard to say. Try an old AMD video card.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/036982aa7e60665c242a985060dceb6b.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - ASRock-H61M_VS4

[Jack callahan]

I installed qubes os on my external HD (WD Passport 1 tera) on a a
partition i made (40GB)

I'm connected to the internet through my Ethernet cable i hadn't got to
using my wifi yet .

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CALRJVEDEhpWW1CdPrhv_OwqKK92g3E%3DVv4YHUsBYrUbpGpsGbw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-ASRock-H61M_VS4-20180224-175320.yml
Description: application/yaml

Re: [qubes-users] Re: Can't install Qubes, Rebooting after loading initrd.img

[Daniil .Travnikov]

суббота, 24 февраля 2018 г., 15:50:38 UTC+3 пользователь awokd написал:
> On Fri, February 23, 2018 11:12 pm, awokd wrote:
> 
> > The newer R3.2 kernel still didn't work with iommu=no-igfx? That's too
> > bad, thought it might help there.
> 
> Had another thought on this. Whatever is causing your newer R3.2 kernel to
> fail to load might also be causing your R4.0 installer to crash. It might
> be easier for you to try to fix R3.2 first, because the same fix might
> resolve R4.0 as well and the logs are easier to get.
> 
> Does R3.2 crash in the same place when you try to boot the newer kernel?
> If so, you might need to set up something like
> https://wiki.xenproject.org/wiki/Xen_Serial_Console in order to figure out
> what is causing the crash.

Thanks for this direcation, I'll try this option when I buy a DB9 cable.

About video card, one person on Github said that he has the same problem:
https://github.com/QubesOS/qubes-issues/issues/3625


For example, if I will put some discrete video card on my motherboard, will it 
helps? Or is there a cheap way to solve this problem?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/45229158-d869-4a26-a541-13ae059bf60c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Can't install Qubes, Rebooting after loading initrd.img

[Daniil .Travnikov]

суббота, 24 февраля 2018 г., 3:52:11 UTC+3 пользователь Yuraeitha написал:
> On Friday, February 23, 2018 at 8:35:00 PM UTC+1, Daniil .Travnikov wrote:
> > пятница, 23 февраля 2018 г., 14:07:38 UTC+3 пользователь awokd написал:
> > > On Fri, February 23, 2018 10:46 am, Daniil .Travnikov wrote:

Thank you for sharing your experience!

> Since you have trouble getting the installer to work and install Qubes, you 
> may not be able to do this fix on your local hardware. You may have to pull 
> out the drive, put it in another computer and install Qubes there. Update 
> everything, and then make sure you put sys-net and sys-usb in PV mode with 
> the "qvm-prefs virt_mode" command in dom0.
> 
> Now because sys-net and sys-usb are in PV mode, it may be able to bypass the 
> missing I/O MMU issue, which as far as I understand it is related to PCI 
> pass-through. That's why you want sys-net, sys-usb and any other hardware 
> that is pass-through to be using PV mode.
> 
> This isn't a beautiful fix, but it may just work. It's not the first time 
> I've fixed a Qubes 4 install with this approach, however, I have not yet 
> tried it on this server hardware, which like yours is missing I/O MMU. I 
> believe it might work, but it might also not work. While installing on 
> another machine has in the past worked, I never tried to use it to change 
> sys-net and sys-usb to PV mode before putting it back.

I installed one of my drives on a friend's computer today and after 
installation process I got this on his computer:
https://prnt.sc/ijbfjq

You can see, that I have not any NetVM, actually at the and of installation 
process was been some error, I can repeat tomorrow all installation process for 
screenshots if it helps to understand.


When I put "qvm-prefs virt_mode" command in dom0 I got this:
https://prnt.sc/ijbgmd

I think that I am missing something, could you please clarify what I must 
exactly put here?


One more think, even I have not NetVM, I tried to boot this disk on My 
computer, but all what I got was been Grub menu:
http://prntscr.com/ijbhrf

First and third gave reboot, second just show some error about "first boot must 
kernel" (or something like that) without reboot.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a2795ba0-32b6-4d50-9471-35c1a998699d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] What does an AEM alert look like?

[velcro]

Curious as to what to look for with an AEM alert? Is there log? Does it alert 
you when you boot?

Appreciate any thoughts...

Thanks,
V

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ba7f6280-b857-4cd8-914e-d572142a451c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes 4.0 without IOMMU/VT-d/AMD-Vi or Interrupt Remapping

['awokd' via qubes-users]

On Wed, February 7, 2018 12:16 am, taii...@gmx.com wrote:
> Forgot to add:
>
>
> It is a shame that qubes doesn't support POWER.

Meant to reply to this one earlier!

What would need to happen for Qubes to run on POWER? Does Xen support it?


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5e721acafd5dc08f170d405522afb7b5.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: sys-usb / template install yubikey tools ?

[Alex Dubois]

On Wednesday, 21 February 2018 09:01:45 UTC, ThierryIT  wrote:
> Le mercredi 14 février 2018 09:49:37 UTC+2, ThierryIT a écrit :
> > Le dimanche 11 février 2018 10:08:52 UTC+2, ThierryIT a écrit :
> > > Le samedi 10 février 2018 22:58:15 UTC+2, Alex Dubois a écrit :
> > > > > On 10 Feb 2018, at 17:46, ThierryIT  wrote:
> > > > > 
> > > > > Le samedi 10 février 2018 01:44:36 UTC+2, Alex Dubois a écrit :
> > > > >> On Saturday, 3 February 2018 22:42:46 UTC, Alex Dubois  wrote:
> > > > >>> On Saturday, 3 February 2018 10:12:25 UTC, ThierryIT  wrote:
> > > >  Le vendredi 19 janvier 2018 13:19:29 UTC+2, Alex Dubois a écrit :
> > > > >> On Friday, 19 January 2018 05:57:16 UTC, ThierryIT  wrote:
> > > > >> Not familiar with this ... Will need procediure to follow.
> > > > >> 
> > > > >> 
> > > > >> Le mercredi 17 janvier 2018 23:03:31 UTC+2, Alex Dubois a écrit :
> > > > >>> On Wednesday, 17 January 2018 15:15:45 UTC, ThierryIT  wrote:
> > > >  No, I am still under R3.2
> > > >  
> > > >  Le mercredi 17 janvier 2018 16:54:58 UTC+2, awokd a écrit :
> > > > > On Wed, January 17, 2018 2:09 pm, ThierryIT wrote:
> > > > >> "https://github.com/adubois/qubes-app-linux-yubikey;
> > > > >> 
> > > > >> 
> > > > >> Le mercredi 17 janvier 2018 16:05:52 UTC+2, awokd a écrit :
> > > > >> 
> > > > >>> On Wed, January 17, 2018 1:09 pm, ThierryIT wrote:
> > > > >>> 
> > > >  Nobody ?
> > > >  
> > > >  
> > > >  
> > > >  Le mercredi 17 janvier 2018 09:23:34 UTC+2, ThierryIT a 
> > > >  écrit :
> > > >  
> > > >  
> > > > > Hi,
> > > > > 
> > > > > 
> > > > > 
> > > > > I am going to install a new sys-usb.
> > > > > I have before to install all what I need to the template 
> > > > > (fedora-26)
> > > > > first. When following your procedure:
> > > > > 
> > > > > 
> > > > > ykpers has been installed but: I cannot do the same for
> > > > > qubes-yubikey-vm and qubes-yubikey-dom0 :
> > > > > 
> > > > > no match for argument
> > > > > 
> > > > > ideas ?
> > > > >>> 
> > > > >>> Not quite sure what you are trying to do here. What 
> > > > >>> procedure? What
> > > > >>> command are you entering?
> > > > > 
> > > > > Are you trying this on Qubes 4.0? Those Yubikey packages 
> > > > > might not be in
> > > > > the Qubes repo yet.
> > > > >>> 
> > > > >>> Hi,
> > > > >>> 
> > > > >>> I have not maintained this for some time. So long that I can't 
> > > > >>> remember if the packages had been created/tested, I don't think 
> > > > >>> they have.
> > > > >>> 
> > > > >>> Best is you follow the steps to build it on a new temporary VM, 
> > > > >>> don't be afraid it should not be too hard:
> > > > >>> - Execute the yum command in "Build dependancies"
> > > > >>> - Also install pam-devel
> > > > >>> - Follow the steps in preparing the build and build
> > > > >>> - Deploy the code in Dom0 and the USB VM.
> > > > >>> 
> > > > >>> I am about to upgrade to Qubes 4.0 rc4 (when released) so won't 
> > > > >>> probably be able to help until this is done.
> > > > >>> 
> > > > >>> Any help from someone who is used to packaging under Fedora 
> > > > >>> would be nice.
> > > > >>> 
> > > > >>> Alex
> > > > > 
> > > > > Sure, I'll update the doc and post here. However as I said don't 
> > > > > want to touch my Qubes set-up before my upgrade to 4.0 rc4. So 
> > > > > might be in 2-3weeks
> > > >  
> > > >  Did you upgrade to Q4R4 ?
> > > > >>> 
> > > > >>> I'm in the process. Having issues with PCI path-through of my 
> > > > >>> second NIC that I need to solve. I have to use PV mode for now and 
> > > > >>> not too happy to have too. I'll open another thread if I can't find 
> > > > >>> a way...
> > > > >> 
> > > > >> Hi Thierry,
> > > > >> 
> > > > >> I have recompiled it OK. This was working on R3.2. You can test it 
> > > > >> on R4 but no idea if it will work. I hope to have a bit of time to 
> > > > >> look at it this week.
> > > > >> 
> > > > >> To compile it if you want to test / debugInR4
> > > > >> create new VM with network (to get the github) or without network 
> > > > >> but you'll have to copy the download to the VM by another mean. Then:
> > > > >> yum install pam-devel gettext-devel git libtool libyubikey 
> > > > >> libyubikey-devel -y
> > > > >> yum group install "Development Tools"
> > > > >> git clone https://github.com/adubois/qubes-app-linux-yubikey.git
> > > > >> cd qubes-app-linux-yubikey/
> > > > >> libtoolize --install
> > > > >> autoreconf 

Re: [qubes-users] Install to Dell T3610, no Intel graphics, VNC install, NVS 310

[CMaurice]

Interesting links, thanks. I'm more for blockchain securing that gaming tho.

C.


On Friday, 23 February 2018 10:50:47 UTC, awokd  wrote:
> On Fri, February 23, 2018 10:28 am, CMaurice wrote:
> > Aye, there's no onboard graphics, there's compatibility with VGA or some
> > sort of pass through for boot and BIOS, not sure.
> >
> > But anyway, tried 3.2 and that worked fine! So at least I can learn a bit
> > about Qubes before having to re-install for 4 final.
> 
> Glad you got it running at least. I realized after I sent my last email
> your Dell probably isn't a laptop or you wouldn't be asking about video
> cards!
> 
> If you are going shopping for one, check out the following in case you
> ever want to try pass-through some day.
> 
> https://en.wikipedia.org/wiki/List_of_IOMMU-supporting_hardware#AMD
> http://www.overclock.net/t/1307834/xen-vga-passthrough-compatible-graphics-adapters
> https://wiki.xenproject.org/wiki/Xen_VGA_Passthrough_Tested_Adapters#ATI.2FAMD_display_adapters

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a3111cf5-91ca-4f08-998d-f4aadf7003cb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Windows on R4 (rc4) - Install crash on splash screen: Starting Windows

[Alex Dubois]

On Saturday, 10 February 2018 04:39:14 UTC, Yuraeitha  wrote:
> On Friday, February 9, 2018 at 8:02:13 PM UTC+1, Ivan Mitev wrote:
> > On 02/09/18 20:56, Alex Dubois wrote:
> > > On Friday, 9 February 2018 18:43:06 UTC, Ivan Mitev  wrote:
> > >> On 02/09/18 20:23, Alex Dubois wrote:
> > >>> On Friday, 9 February 2018 18:01:08 UTC, Ivan Mitev  wrote:
> >  On 02/09/18 19:37, Alex Dubois wrote:
> > > On Friday, 9 February 2018 13:17:19 UTC, Alex Dubois  wrote:
> > >> On Friday, 9 February 2018 13:07:27 UTC, Alex Dubois  wrote:
> > >>> On Friday, 9 February 2018 12:31:10 UTC, Alex Dubois  wrote:
> >  Hi,
> > 
> >  After booting the win7 VM, the DVD get recognized.
> >  Windows is loading file progress bar is going smoothly
> >  But the win7 VM goes into halted or transient state just after 
> >  displaying the graphical splash screen Starting Windows
> > 
> >  At the moment I am exploring how to resolve this issue in R4 
> >  https://github.com/QubesOS/qubes-issues/issues/2488
> > 
> >  I've tried
> >  qvm-features win7 video-model cirrus
> >  but same problem
> > >>>
> > >>> Fixed.
> > >>> The minimum specs from Microsoft for Windows 7 64bits is 2GB of RAM.
> > >>> qvm-prefs win7 memory 2048
> > >>>
> > >>> I'll update the doc.
> > >>
> > >> I have also tested that
> > >> qvm-features win7 video-model cirrus
> > >> is NOT required (in my case).
> > >
> > > I should test fully before saying things. It was required after the 
> > > first reboot.
> > >
> > > This thread provide a comprehensive view 
> > > https://groups.google.com/forum/#!topic/qubes-devel/tBqwJmOAJ94
> > >
> > 
> >  FYI once the second part of the installation is complete and you have a
> >  working windows VM, you can revert the display adapter to standard vga
> >  (qvm-features --unset win7 video-model).
> > 
> >  Happy that the qubes-devel thread was useful :)
> > >>>
> > >>> Yes thanks a lot. I have now a working win7. Starting Windows-Tools 
> > >>> install.
> > >>
> > >> I just did that :) - it works well... (but don't try to install the pv
> > >> storage driver otherwise you'll get a BSOD).
> > > 
> > > Thanks for the warning ;-)
> > > 
> > > I can't find qubes-windows-tools
> > > is it in testing branch?
> > 
> > Yes (in R3.2):
> > 
> > https://yum.qubes-os.org/r3.2/current-testing/dom0/fc23/rpm/qubes-windows-tools-3.2.2-3.x86_64.rpm
> > 
> > Extract with:
> > 
> > rpm2cpio qubes-windows-tools-3.2.2-3.x86_64.rpm | cpio -idmv
> > 
> > And start the VM (assuming the iso is in the 'untrusted' VM):
> > 
> > qvm-start --cdrom=untrusted:/home/user/qubes-windows-tools.iso win7
> 
> Nice one Ivan, this really pushes forward the ability to re-install Win7 
> without having to use Qubes 3.2. for it.
> 
> @Alex 
> Do you feel the system is as stable as it was on Qubes 3.2. with this fresh 
> re-install on Qubes 4? Of course with the included Qubes 4 required 
> adjustments like network, page-file, and so on.

I am not using Windows day to day. It is more to help the project that I spend 
time on it. I had tried a number of things with previous version of Qubes. 
Trying to get all things to work on R4.
I Have not yet done the QWT.

I think there is still some wokr for non tech users to feel as comfortable. It 
is stable but there are a number of small usability bugs. nothing you can't 
solve if you are happy to close qubes-manager and re-open or launch a dom0 
command or two.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/656e7fe2-a77d-41fb-8819-1489a7256f89%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Can't install Qubes, Rebooting after loading initrd.img

['awokd' via qubes-users]

On Fri, February 23, 2018 11:12 pm, awokd wrote:

> The newer R3.2 kernel still didn't work with iommu=no-igfx? That's too
> bad, thought it might help there.

Had another thought on this. Whatever is causing your newer R3.2 kernel to
fail to load might also be causing your R4.0 installer to crash. It might
be easier for you to try to fix R3.2 first, because the same fix might
resolve R4.0 as well and the logs are easier to get.

Does R3.2 crash in the same place when you try to boot the newer kernel?
If so, you might need to set up something like
https://wiki.xenproject.org/wiki/Xen_Serial_Console in order to figure out
what is causing the crash.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/841e3de34204f1ab7e90b5d0ee20c107.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Intel Core i7-920 - Qubes 4.0-rc4 problem ('no IOMMU?' in libxl-driver.log)

['awokd' via qubes-users]

On Fri, February 23, 2018 7:18 pm, Thorsten Schierer wrote:

> So now I'm stuck with the "no IOMMU?" error in
> libxl-driver.log.
>
> Any idea what the problem is and how it can be solved?

When you run qubes-hcl-report in R3.2 dom0, what does it tell you? Look
for the five entries at the end, like I/O MMU Yes/No.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/16e2e631221e9bee1aeb42ef799f.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes in a corporate network behind HTTP proxy

['awokd' via qubes-users]

On Mon, January 15, 2018 2:15 am, pr0xy wrote:

> The company is using a Squid transparent proxy for HTTP/HTTPS and
> another proxy for FTP (which I haven't completely figured out yet). The
> proxies are:
>
> HTTP PROXY http://proxy.example.com:8080
> HTTPS PROXY http://proxy.example.com:8080
> FTP PROXY http://proxy.example.com:10021
>
>
> Step 1: Whonix
>
>
> Set the torrc so that Whonix can connect thru the proxy. Go to
> sys-whonix | Tor User Config and edit the torrc file to add these lines:
>
> DisableNetwork 0
> HTTPproxy 10.0.0.1:8080
> HTTPSproxy 10.0.0.1:8080
> FascistFirewall 1
>
>
> It's important here to use the IP address instead of the proxy name.
> I've confirmed this on the Whonix forums.
>
>
> Step 2: Set TemplateVM apps to use proxy
>
>
> As Marek stated above, you can set http_proxy and https_proxy variables
> in your template(s) and all app VMs based on them automatically will pick
> it up. Just create /etc/profile.d/proxy.sh and export appropriate
> variables from there.
>
> I added the following to
> /etc/profile.d/proxy.sh
> in Fedora and /etc/environment
> in Debian templates:
>
> export http_proxy=http://proxy.example.com:8080 export
> https_proxy=http://proxy.example.com:8080
> export ftp_proxy=http://proxy.example.com:10021 export
> HTTP_PROXY=http://proxy.example.com:8080
> export HTTPS_PROXY=http://proxy.example.com:8080 export
> FTP_PROXY=http://proxy.example.com:10021
>
>
> Here I used the fully qualified domain names instead of the proxy IP.
>
>
> Step 3: Allow Qubes TemplateVMs to update via sys-firewall
>
>
> Don't do this on the Whonix templates. They update thru sys-whonix.
>
>
> Add the following to the bottom of
> /etc/apt/apt.conf.d
> in Debian, and /etc/dnf/dnf.conf
> in Fedora after ### QUBES END ###:
>
>
> (ex.)
> [user@fedora-26 ~]$ sudo gedit /etc/dnf/dnf.conf
> .
> .
> ### QUBES END ###
> proxy=http://10.0.0.1:8080
>
>
> Again, here I had to use the IP of the proxy. I tested with the fully
> qualified name, and it didn't work.
>
> Finally, allow the proxy IP on the firewall of EACH TemplateVM
> From the Qubes Manager (R3.2) | Firewall rules
> Address 10.0.0.1
> Protocol "Any"
>
>
> That's working for me. I will try further experimentation with IPtables
> and a ProxyVM, as those seem like better solutions. However, in the
> meantime I have a working Qubes system and can actually do some work with
> it instead of messing around with settings...for now.

I'm attempting to convert the above into a Qubes doc
(https://github.com/awokd/qubes-doc/blob/transproxy/configuration/transparent-proxy.md)
but don't have a Squid proxy to test against.

For anyone who does (or is familiar with how they work):
A) Does it look right?
B) In step 3, adding apt/dnf proxy settings to all AppVMs based on the
same template as the UpdateVM's seems a bit broad. Is there a way to
fine-tune it?
C) Any special R4.0 considerations?



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/db47e5a873760b3dc32a3c5e2e901ee4.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] New laptop install R4rc5 fresh install, X startup failed.

[Mike Keehan]

On Fri, 23 Feb 2018 05:50:40 -0800 (PST)
Michael MENG  wrote:

> I bought new Dell i5577 with GTX1050 for R4, however, it shown X
> startup failed when install, I got the same screen below. how can I
> install R4?
> 
> https://13366229192823780453.googlegroups.com/attach/3b6e252a5cb32/q1.jpg?part=0.1=1=ANaJVrH2rTi3F5s4yeRUs1mcblkJI2qGPjCrM_W2U4MWFWPP9pIA0wu4kT_vrTwSpskN2u7UGY-V0XheioXXWTGHhL5nsgmVzPD4ms2CTbWWHL_4m1A22us
>  
> 

You could try adding "modprobe.blacklist=nouveau" to the boot command
line.

Search the mailing list for similar reports in the past.

Mike.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180224122458.635dc632.mike%40keehan.net.
For more options, visit https://groups.google.com/d/optout.