[qubes-users] Re: Qubes os resolution issue

2019-06-30 Thread oak2572 
On Friday, March 9, 2018 at 12:56:25 PM UTC-5, randal...@gmail.com wrote:
> Hi there so I was finally able to get qubes installed to test if it actually 
> runs on my laptop (Razer stealth 2017) and there's some issue with the 
> display resolution. My resolution is 3200 x 1800 and that's fine, but when I 
> log into qubes everything looks extremely small and hard to read. I assume 
> it's because of how high the resolution is. how can I get the desktop to 
> display a bigger gui while keeping the resolution the same? I need baby 
> tutorials as I'm new to qubes. Thanks in advance!

I have the problem of screen resolution after finally figuring out how to 
install windows 7 in win7new qube.  Other Qubes have option in upper right 
corner to make fullscreen but the win7new doesn't.  Now I saw instructions 
about it on Qubes site:

If you want to enable full screen mode for select VMs, you can do that by 
creating the following entry in the /etc/qubes/guid.conf file in Dom0:

Can anyone tell me how to do this?  Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d16a55eb-c082-4f34-98e1-7ce5bf0ff947%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Dns-over-TLS in sys-vpn. Is it possible? How?

2019-06-30 Thread 'qubeslover' via qubes-users 


‐‐‐ Original Message ‐‐‐
On Sunday, June 30, 2019 10:36 PM, Chris Laprise  wrote:

> On 6/30/19 4:10 PM, Chris Laprise wrote:
>
> > > > A shortcut you can take to setting up iptables for DNS is to populate
> > > > /etc/resolv.conf and then run '/usr/lib/qubes/qubes-setup-dnat-to-ns'.
> > > > This should configure the nat/PR-QBS chain with the DNS addresses you
> > > > set.
> >
> > So check that your DoT setup is updating /etc/resolv.conf, then run
> > '/usr/lib/qubes/qubes-setup-dnat-to-ns'.


Thanks for you suggestion. Apparently, it does not work in sys-net.

Stubby is up, working and connected to its default DoT providers (as lsof -i 
asserts):


COMMANDPIDUSER   FD   TYPE DEVICE SIZE/OFF NODE NAME
stubby 534  stubby3u  IPv4  17946  0t0  UDP localhost:domain
stubby 534  stubby4u  IPv4  17947  0t0  TCP 
localhost:domain (LISTEN)
stubby 534  stubby5u  IPv6  17948  0t0  UDP localhost:domain
stubby 534  stubby6u  IPv6  17949  0t0  TCP 
localhost:domain (LISTEN)
stubby 534  stubby7u  IPv4  35444  0t0  TCP 
sys-net:46006->145.100.185.16:domain-s (ESTABLISHED)
stubby 534  stubby8u  IPv4  35447  0t0  TCP 
sys-net:45550->getdnsapi.net:domain-s (ESTABLISHED)
NetworkMa  564root   17u  IPv4  31022  0t0  UDP sys-net:bootpc
systemd-r  647 systemd-resolve   11u  IPv4  19350  0t0  UDP *:hostmon
systemd-r  647 systemd-resolve   12u  IPv4  19351  0t0  TCP *:hostmon 
(LISTEN)
systemd-r  647 systemd-resolve   13u  IPv6  19353  0t0  UDP *:hostmon
systemd-r  647 systemd-resolve   14u  IPv6  19354  0t0  TCP *:hostmon 
(LISTEN)
systemd-r  647 systemd-resolve   16u  IPv4  19358  0t0  UDP 
127.0.0.53:domain
systemd-r  647 systemd-resolve   17u  IPv4  19359  0t0  TCP 
127.0.0.53:domain (LISTEN)
tinyproxy 1547   tinyproxy4u  IPv4  32068  0t0  TCP *:us-cli 
(LISTEN)
tinyproxy 1547   tinyproxy5u  IPv6  32069  0t0  TCP *:us-cli 
(LISTEN)
tinyproxy 1548   tinyproxy4u  IPv4  32068  0t0  TCP *:us-cli 
(LISTEN)
tinyproxy 1548   tinyproxy5u  IPv6  32069  0t0  TCP *:us-cli 
(LISTEN)
tinyproxy 1549   tinyproxy4u  IPv4  32068  0t0  TCP *:us-cli 
(LISTEN)


Also, nano claims that everything is right in /etc/resolv.conf

# Generated by NetworkManager
nameserver 127.0.0.1
nameserver ::1


As root, I run /usr/lib/qubes/qubes-setup-dnat-to-ns . Everything looks fine.

I can ping the outside world but sys-net does not receive any request from my 
qubes :-(

> Additional thought: The sys-net VM may not be the best place to secure
> any data, DNS included. Putting DoT in sys-firewall or similar proxyVM
> (and using qubes-setup-dnat-to-ns there) would be a better choice and
> has a fair chance of working.

OK, will try tomorrow with sys-firewall and see what happens.

>
> There is also a chance that configuring DoT to run in your AppVMs,
> instead, could work and without any special Qubes steps.
>


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1Tx8lU2t-zeR8NRc1t3tmQe2GM4aPITcooW2ZdkkeI_Hj2oOTD-3UCGlrtUImviqz8OL0w22jzUbmP2-kbKxNNRcqBqP_nErvMZLnAyZxZg%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Dns-over-TLS in sys-vpn. Is it possible? How?

2019-06-30 Thread Chris Laprise 

On 6/30/19 4:10 PM, Chris Laprise wrote:

A shortcut you can take to setting up iptables for DNS is to populate
/etc/resolv.conf and then run '/usr/lib/qubes/qubes-setup-dnat-to-ns'.
This should configure the nat/PR-QBS chain with the DNS addresses you 
set.


So check that your DoT setup is updating /etc/resolv.conf, then run 
'/usr/lib/qubes/qubes-setup-dnat-to-ns'.


Additional thought: The sys-net VM may not be the best place to secure 
any data, DNS included. Putting DoT in sys-firewall or similar proxyVM 
(and using qubes-setup-dnat-to-ns there) would be a better choice and 
has a fair chance of working.


There is also a chance that configuring DoT to run in your AppVMs, 
instead, could work and without any special Qubes steps.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9625b54f-2711-cddd-3095-4fbdd99e5f65%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Dns-over-TLS in sys-vpn. Is it possible? How?

2019-06-30 Thread Chris Laprise 

On 6/30/19 2:46 PM, 'qubeslover' via qubes-users wrote:


Dear tasket,
today here is so hot that I feel like I am drunk. I typed the wrong title. The 
topic actually was

"Dns-over-TLS in *sys-net*. Is it possible? How?"

Obviously, as you correctly (and politely) pointed out, it doesn't make sense 
at all to run DoT over VPN. Actually, I want to run DoT in sys-net since my 
link is insecure.

Apologies for mistake. Suggestions are still appreciated.

Off Topic P.S: I use and love your scripts and extensions for Qubes. You made 
my life much easier. Look forward to test sparsebak once encryption will be 
deployed into it.


Cool. Then this part still applies in sys-net:


A shortcut you can take to setting up iptables for DNS is to populate
/etc/resolv.conf and then run '/usr/lib/qubes/qubes-setup-dnat-to-ns'.
This should configure the nat/PR-QBS chain with the DNS addresses you set.


So check that your DoT setup is updating /etc/resolv.conf, then run 
'/usr/lib/qubes/qubes-setup-dnat-to-ns'.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5e060b4a-4561-9123-1077-a109971c7a9e%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Dns-over-TLS in sys-vpn. Is it possible? How?

2019-06-30 Thread 'qubeslover' via qubes-users 


Dear tasket,
today here is so hot that I feel like I am drunk. I typed the wrong title. The 
topic actually was

"Dns-over-TLS in *sys-net*. Is it possible? How?"

Obviously, as you correctly (and politely) pointed out, it doesn't make sense 
at all to run DoT over VPN. Actually, I want to run DoT in sys-net since my 
link is insecure.

Apologies for mistake. Suggestions are still appreciated.

Off Topic P.S: I use and love your scripts and extensions for Qubes. You made 
my life much easier. Look forward to test sparsebak once encryption will be 
deployed into it.



Sent with ProtonMail Secure Email.

‐‐‐ Original Message ‐‐‐
On Sunday, June 30, 2019 7:12 PM, Chris Laprise  wrote:

> On 6/30/19 9:17 AM, 'qubeslover' via qubes-users wrote:
>
> > Dear qubes users,
> > I wish you a good Sunday.
> > I'd like to use DoT on my qubes laptop. However, I am not sure how to do. I 
> > have followed a couple of pretty straightforward tutorials 
> > (https://www.techrepublic.com/article/how-to-use-dns-over-tls-on-ubuntu-linux/
> >  and 
> > https://techrevelations.de/2019/01/11/encrypted-dns-and-how-to-use-it-in-linux/),
> >  installed stubby and configured NetworkManager - /etc/resolv.conf properly 
> > in sys-net.
> > Stubby connects to its default DoT servers and I can ping google from 
> > sys-net. However, I can't resolve addresses from other qubes (like 
> > sys-firewall etc). Has somebody managed to use DoT in Qubes? Which 
> > documents should I read in order to understand how networking, routing and 
> > name resolution work in QubesOS so that I can use DoT?
>
> Hi,
>
> The vpn doc (step 3) has a good example of setting up DNS for a VPN
> "proxy VM": The iptables nat/PR-QBS chain must be populated with dnat
> rules for your DNS ips.
>
> (A proxy VM is just like sys-firewall: Its an appVM created with the
> 'provides network' option set and acts like a router.)
>
> https://www.qubes-os.org/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-iptables-and-cli-scripts
>
> A version of this with more automatic setup is here:
>
> https://github.com/tasket/Qubes-vpn-support
>
> A shortcut you can take to setting up iptables for DNS is to populate
> /etc/resolv.conf and then run '/usr/lib/qubes/qubes-setup-dnat-to-ns'.
> This should configure the nat/PR-QBS chain with the DNS addresses you set.
>
> A final note: There doesn't seem to be much demand for DoT over a VPN, I
> think because VPN providers usually have their own DNS servers which are
> protected by the VPN protocol. Something like DoT becomes useful only
> when your link is generally insecure or you need to use a third-party
> DNS for some other reason (i.e. you set up your own VPN server but not a
> DNS server to go with it).
>
> -
>
> Chris Laprise,tas...@posteo.net
> https://github.com/tasket
> https://twitter.com/ttaskett
> PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9WXrT765SQgqQPM0yc8YXEL36bN9ua56wIZZTlRnhhKew8Nl0d6z9GHaoCpnCavs3zHH0AUQe4CxmPOwNFy33LDBXX8kZrkU6prqPEgSQW8%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users]

2019-06-30 Thread qubelists 

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/73bd46c6b2a48fa00f13c639fb57bcfd.startmail%40startmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Dns-over-TLS in sys-vpn. Is it possible? How?

2019-06-30 Thread Chris Laprise 

On 6/30/19 9:17 AM, 'qubeslover' via qubes-users wrote:

Dear qubes users,
I wish you a good Sunday.

I'd like to use DoT on my qubes laptop. However, I am not sure how to do. I 
have followed a couple of pretty straightforward tutorials 
(https://www.techrepublic.com/article/how-to-use-dns-over-tls-on-ubuntu-linux/ 
and 
https://techrevelations.de/2019/01/11/encrypted-dns-and-how-to-use-it-in-linux/),
  installed stubby and configured NetworkManager - /etc/resolv.conf properly in 
sys-net.

Stubby connects to its default DoT servers and I can ping google from sys-net. 
However, I can't resolve addresses from other qubes (like sys-firewall etc). 
Has somebody managed to use DoT in Qubes? Which documents should I read in 
order to understand how networking, routing and name resolution work in QubesOS 
so that I can use DoT?


Hi,

The vpn doc (step 3) has a good example of setting up DNS for a VPN 
"proxy VM": The iptables nat/PR-QBS chain must be populated with dnat 
rules for your DNS ips.


(A proxy VM is just like sys-firewall: Its an appVM created with the 
'provides network' option set and acts like a router.)


https://www.qubes-os.org/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-iptables-and-cli-scripts

A version of this with more automatic setup is here:

https://github.com/tasket/Qubes-vpn-support

A shortcut you can take to setting up iptables for DNS is to populate 
/etc/resolv.conf and then run '/usr/lib/qubes/qubes-setup-dnat-to-ns'. 
This should configure the nat/PR-QBS chain with the DNS addresses you set.


A final note: There doesn't seem to be much demand for DoT over a VPN, I 
think because VPN providers usually have their own DNS servers which are 
protected by the VPN protocol. Something like DoT becomes useful only 
when your link is generally insecure or you need to use a third-party 
DNS for some other reason (i.e. you set up your own VPN server but not a 
DNS server to go with it).


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/075a360f-4778-d951-8702-d4541cee6654%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Dns-over-TLS in sys-vpn. Is it possible? How?

2019-06-30 Thread 'qubeslover' via qubes-users 
Dear qubes users,
I wish you a good Sunday.

I'd like to use DoT on my qubes laptop. However, I am not sure how to do. I 
have followed a couple of pretty straightforward tutorials 
(https://www.techrepublic.com/article/how-to-use-dns-over-tls-on-ubuntu-linux/ 
and 
https://techrevelations.de/2019/01/11/encrypted-dns-and-how-to-use-it-in-linux/),
  installed stubby and configured NetworkManager - /etc/resolv.conf properly in 
sys-net.

Stubby connects to its default DoT servers and I can ping google from sys-net. 
However, I can't resolve addresses from other qubes (like sys-firewall etc). 
Has somebody managed to use DoT in Qubes? Which documents should I read in 
order to understand how networking, routing and name resolution work in QubesOS 
so that I can use DoT?

Sent with ProtonMail Secure Email.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/SBAX64xhQOEhwho-FUjlyW_7X0LuzMc-1yhFpatd1JzZmZP5J852In-9b8SFZk4hpmSQXnFVOxb_cnFQrPowQDQOwbk5mrOkeTnsJcu7yXM%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Sorry, we cannot find your kernels...

2019-06-30 Thread Marek Marczykowski-Górecki 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Sat, Jun 29, 2019 at 04:22:08AM -0700, Chris wrote:
> Yup. Down for me too.
> The update servers were down earlier today. Not sure if related.

Yes, it was related. The late Friday's problems resulted in some mirrors
picking up empty  directory. Should be good now.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAl0Ym/sACgkQ24/THMrX
1yyS9Qf+PGLoeerd0+jcdz9Ivy/ugcvSf2mAgTLgtA0frg+3FuhnEgSgEIfD7S4K
3Hdnudw+jzYVHk00T7iB1e9Y86bA9f1eeo1wWYIY04ymVQZu+BXU4nrFFqYLnvsL
Fo8agfa9kq/GhjGK8YWGGh/2rHnuelriQ/rtN2Pj8I4w0sZ2vVOk3kQ4qrLJlmHf
5ROdN+8Cllgl8sp41aV/ev+UcR3oDfSW0nV9rDIf0Jhb3Xdvoaj+LnJTlTQ+mD7p
3Qya9Ag3o+IKXliNfitcPzhvZT9YogWPfQfAZdLq7XfVXtaD6AytTCWwkffiNPgN
PKznbZ6qpcPKp3Jt1nZUG1dlYUfbNw==
=PMuV
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190630112443.GB16142%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] sys-net does not start applications

2019-06-30 Thread techpuppy 
On startup, sys-net, sys-firewall, sys-usb, and sys-whonix start.

I want to be able to connect to the internet (I haven't been able to yet).  So 
I change the applications to add Settings in sys-net qube preferences.  The 
sys-net preferences are the only thing I can access.

However I cannot start any applications in sys-net.  No terminal.  I tried also 
in dom0 terminal by running this : "qvm-run -v sys-net gnome-terminal".   

I can run applications just fine in other qubes.  I have not found this 
behavior anywhere else during my internet search so I am unsure how to approach 
this problem.  


Another detail is that I have had issues running sys-net to start with.  I had 
to remove a few devices in the sys-net preferences so it would start.

I appreciate any help or suggestions. :)  Thank you - techpuppy

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/Lic1djp--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Fujitsu T937: Fails to boot live USB; Qubes 4.0.1

2019-06-30 Thread 0xor 
This is the post I was referencing: 
https://groups.google.com/d/msg/qubes-users/X2AGqAJZ8Go/k5pruzBjBQAJ 


Thanks!

Jun 30, 2019, 1:28 AM by 0...@tuta.io:

> Hello,
> Having downloaded the 64 bit Qubes 4.0.1 image (.iso) from the Qubes-os 
> website, and thoroughly verifying its authenticity with SHA256sums and PGP 
> keys, I decided to write it from an Arch linux system to a 64GB Samsung flash 
> drive using the following command in an unprivileged terminal:
>
> `sudo dd if=~/Downloads/Qubes-R4.0.1-86_64.iso of=/dev/sdb bs=1048576 
> status=progress && sync`
> I also tried using a block size of 4M, on different occasions (but the same 
> iso).
>
> After writing, I have plugged the written flash drive into each of my two USB 
> type A ports on this same laptop (both confirmed working properly). When 
> attempting to boot the flash drive (in my case, repeatedly pressing f12, then 
> selecting the drive in the boot menu), I get a black (but backlit) screen 
> that does not change. No messages of any kind.
>
> The following BIOS settings are current:
> Secure boot: ENABLED
> TPM(security chip): ENABLED
> USB Ports: ENABLED
> Legacy USB support: ENABLED
> Multi-core: ENABLED
> HT (hyper threading): ENABLED
> Virtualization: ENABLED
> VT-d: ENABLED
> Trusted execution technology (TXT): DISABLED
> Software guard extensions: software controlled
>
> After changing the "Secure boot" setting to DISABLED, the live image appears 
> to attempt startup. I see multiple lines of text scroll down the screen, no 
> errors to be seen. They move quickly, but they appear the same as I've seen 
> on my successful live boots in Virtualbox (on this same machine). After the 
> text completes (in less than two seconds), the screen again changes to a 
> 'bright black,' a step above no signal.
>
> I know this system supports UEFI, as the current OS (Arch linux) is 
> configured to make use of it (but, again, some security features are disabled 
> because this laptop was shipped with Windows 10, which was happily removed in 
> its entirety). What follows is some hardware information that I think is 
> relevant:
>
> Fujitsu Lifebook T937
> BIOS version: 1.15 (02/20/18)
> Intel i5-7360U @ 2.30 GHz [stock]
> 12288MB of DDR4 SDRAM (4GiB onboard) [stock]
>
> This laptop is not fully supported in the HCL, however I have seen at least 
> one post (that didn't solve my problem) by someone who has made this work. I 
> cannot find the post at this time, but as I recall it was to the effect of 
> "move a few files in the live image to unusual places and it worked for me," 
> and I don't believe it was even the same problem as mine is.
>
> I truly appreciate any help you're willing to provide. Thank you.
>
> ~0xor
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LibBzm_--3-1%40tuta.io.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Fujitsu T937: Fails to boot live USB; Qubes 4.0.1

2019-06-30 Thread 0xor 
Hello,
Having downloaded the 64 bit Qubes 4.0.1 image (.iso) from the Qubes-os 
website, and thoroughly verifying its authenticity with SHA256sums and PGP 
keys, I decided to write it from an Arch linux system to a 64GB Samsung flash 
drive using the following command in an unprivileged terminal:

`sudo dd if=~/Downloads/Qubes-R4.0.1-86_64.iso of=/dev/sdb bs=1048576 
status=progress && sync`
I also tried using a block size of 4M, on different occasions (but the same 
iso).

After writing, I have plugged the written flash drive into each of my two USB 
type A ports on this same laptop (both confirmed working properly). When 
attempting to boot the flash drive (in my case, repeatedly pressing f12, then 
selecting the drive in the boot menu), I get a black (but backlit) screen that 
does not change. No messages of any kind.

The following BIOS settings are current:
Secure boot: ENABLED
TPM(security chip): ENABLED
USB Ports: ENABLED
Legacy USB support: ENABLED
Multi-core: ENABLED
HT (hyper threading): ENABLED
Virtualization: ENABLED
VT-d: ENABLED
Trusted execution technology (TXT): DISABLED
Software guard extensions: software controlled

After changing the "Secure boot" setting to DISABLED, the live image appears to 
attempt startup. I see multiple lines of text scroll down the screen, no errors 
to be seen. They move quickly, but they appear the same as I've seen on my 
successful live boots in Virtualbox (on this same machine). After the text 
completes (in less than two seconds), the screen again changes to a 'bright 
black,' a step above no signal.

I know this system supports UEFI, as the current OS (Arch linux) is configured 
to make use of it (but, again, some security features are disabled because this 
laptop was shipped with Windows 10, which was happily removed in its entirety). 
What follows is some hardware information that I think is relevant:

Fujitsu Lifebook T937BIOS version: 1.15 (02/20/18)
Intel i5-7360U @ 2.30 GHz [stock]
12288MB of DDR4 SDRAM (4GiB onboard) [stock]

This laptop is not fully supported in the HCL, however I have seen at least one 
post (that didn't solve my problem) by someone who has made this work. I cannot 
find the post at this time, but as I recall it was to the effect of "move a few 
files in the live image to unusual places and it worked for me," and I don't 
believe it was even the same problem as mine is.

I truly appreciate any help you're willing to provide. Thank you.
~0xor

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/Lib3ZoA--3-1%40tuta.io.
For more options, visit https://groups.google.com/d/optout.