[qubes-users] Resizing partitions in QVMs

2019-11-15 Thread zenandart via qubes-users 
Hi,

I recently ran out space of xvdb on a QVM (while I still had plenty of
space on xvda), so I gave 10GB or so in Qubes Settings to the VM. But all
the new space went to xvda, and the space of xvdb didn't change.

I thought I should resize partitions, then. So I installed GParted. But
soon I realized that I couldn't resize system partitions in the VM, for
both of xvda and xvdb are used and therefore cannot be unmounted.

I have some experience resizing partitions in systems that don't have VMs,
in which case I'll load a system from USB drives to do so, but I'm not
sure how to do it in Qubes OS.

I've searched some tutorials about resizing partitions in VirtualBox VMs,
but I don't think it helps much.

So, the question is, how can I resize partitions in a QVM?

Best regards,
zenandart

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/81b7af18cba9024d983bb104247b4343.squirrel%40danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion.

Re: [qubes-users] 2 new Intel vulnerabilites

2019-11-15 Thread Marek Marczykowski-Górecki 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Nov 14, 2019 at 10:37:33AM -0800, Lorenzo Lamas wrote:
> Btw, do you think it is possible for Qubes to distribute the Intel 
> fTPM(http://tpm.fail/) update somehow like Qubes does with microcodes?

I don't think it's directly possible, this part of the system firmware
is specific to particular device configuration (bundled together with
the rest of BIOS/UEFI), not only CPU.

A quote from Intel advisory:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html
| Intel recommends that users of Intel® CSME, Intel® SPS, Intel® TXE,
| Intel® AMT and Intel® DAL update to the latest version provided by the
| system manufacturer that addresses these issues.

There could be a way to ease updating system firmware by integrating
fwupd, but it isn't done yet:
https://github.com/QubesOS/qubes-issues/issues/4855

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAl3PEHUACgkQ24/THMrX
1yy5rAf+OUCwS/oIGN04ps6Skv19pwCL8gkKizEoncXduI5nXUI1hBcqtmfBPbUj
orJqWt65YKQPeCnWubbJHHA5cIe0KtG/yPTtMcG98caU8Qi1y/vi2Nv7lt6+y1GL
BbGe/O2ZHYuZAMGLg9bbk3ZXmQ8hrAyHCB+3vvVxIlrPHkOShjpHztsgguug00MI
sPNdg9IHurPNwbwbMgwHGIUDOgFr7MilGT1y3afzBEIrHZCT5SaPHernUYGd7oD9
PmhGsb5grJo5eYDO+wiizrW/by2BUXH+4Qeimtxk+N7xqqk7/btQXl77dOGQ5k/t
1uNcXNluSAXVspKvKJTIXhGlpJmAMQ==
=cXye
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20191115205412.GB4164%40mail-itl.

[qubes-users] Fedora-31 template

2019-11-15 Thread Dominique St-Pierre Boucher 
Hello Qubes users,

Do any of you tried and succeed upgrading a Fedora template to version 31?

If so, how?

Thanks

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dfe9bc75-c6ec-4680-bd80-0b2a75182509%40googlegroups.com.

Re: [qubes-users] Qubes 4.0.2-rc2 Updating tor-browser Whonix-ws-15-dvm

2019-11-15 Thread 'awokd' via qubes-users 
Dave:
> Hi,
> 
> I am trying to update the torbrowser in the Whonix-ws-15-dvm, but cant seem 
> to get it updated.
> Thought the torbrowser in the disposablevm could be updated by running the 
> "Tor browser Downloader" in the "Template : Whonix-ws-15" ..
> The torbrowser in the template is updated correctly, only its not passed to 
> the DVM..
> What am i doing wrong ..?
> 
> Thanks in advance ..
> 
You should be running "sudo update-torbrowser" in a terminal on your
whonix-ws-15 template. If it's still not showing up in your DVM, I
wonder if it is pointing at an older version of your whonix template.
Make sure you've removed whonix 14 templates completely, then recreate
the DVM template.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e4ca07c8-f287-3cb4-a3d6-1cdc8896b632%40danwin1210.me.

Re: [qubes-users] Is it possible to boot qubes dom0 kernel without Xen?

2019-11-15 Thread 'awokd' via qubes-users 
Claudia:

> So I was wondering, is it possible to run the Qubes dom0 kernel directly
> on the hardware instead of under Xen? How might one go about this? And
> how much work would it involve?

I've had similar troubleshooting needs. Closest I found was to download
Fedora 25 and test under that. What's missing are any Qubes specific
patches to Fedora itself, which makes the testing results a bit iffy.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/77a53052-5305-406c-c4b4-b70c149e5999%40danwin1210.me.

Re: [qubes-users] USB Attachment "Backend Side" Logs?

2019-11-15 Thread 'awokd' via qubes-users 
Matthew Roy:
> When attaching a USB device from a new, disposable &
> minimal-template-based, sys-usb, I get the following error:
> 
> user@dom0 ~]$ qvm-usb attach disp6xx5 sys-usb-dvm:2-2
>> Device attach failed: No device info received, connection failed, check
>> backend side for details

Try making a regular AppVM sys-usb from that same template and see if
you have the same issue. You might not have the required usb proxy
packages installed in the template.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/07c04284-2aac-c96e-7d2a-1dd64aa791eb%40danwin1210.me.

Re: [qubes-users] 2 new Intel vulnerabilites

2019-11-15 Thread 'awokd' via qubes-users 
haaber:
> Just a small comprehension question to the microkerel update shipped in
> the last xen update: are these microkernels "flashed" into some cpu
> memory, or are they re-run / setup at each boot again? Cheers, Bernhard
> 
I think you mean microcode. From what I know, the CPU starts with burned
in microcode. Firmware/BIOS will then patch it if it has a more current
version. The OS will then patch it again if a more current version.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b8823271-c8ad-6aa8-3d73-040a0e9d5b37%40danwin1210.me.

[qubes-users] How to Unsubscribe?

2019-11-15 Thread Ray Woodcock 
Sorry to burden the list with this. But I have sent repeated unsubscribe 
messages as advised at the bottom of the many email messages I am receiving 
from this group, and for some reason they continue to flow into the inboxes 
on both of my email accounts. Nothing against the group -- I just had to give 
up on Qubes 
 for the 
time being.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a478ed88-d3b7-4de9-8e7d-cc2ff8e78000%40googlegroups.com.

[qubes-users] Re: Rename Default User in Qubes Virtual Machine

2019-11-15 Thread Ray Woodcock 
For posterity: I have figured out how to rename an osboxes account as well 
as why that is not advisable. See 
https://raywoodcockslatest.wordpress.com/2019/11/12/renaming-the-osboxes-user-creating-a-user-in-an-osboxes-linux-vm/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f31316ed-532b-4e77-8bdc-147489605411%40googlegroups.com.

Re: [qubes-users] QSB #053: TSX Asynchronous Abort speculative side channel (XSA-305)

2019-11-15 Thread Steve Coleman 

On 2019-11-15 05:28, Chris Laprise wrote:

On 11/15/19 3:01 AM, Andrew David Wong wrote:



On 2019-11-14 8:50 AM, Chris Laprise wrote:

One of the packages came down with an incorrect signature:

*** ERROR while receiving updates: Error while verifing
kernel-4.19.82-1.pvops.qubes.x86_64.rpm signature:
/var/lib/qubes/updates/rpm/kernel-4.19.82-1.pvops.qubes.x86_64.rpm:
rsa sha1 (MD5) PGP MD5 NOT OK



I was not able to reproduce this when updating over clearnet. Have you
tried restarting your UpdateVM and trying again?


Thanks. It worked after I did an 'action=clear all'.


Not sure if it is the exact same issue as here, but I had a similar 
problem on my home Qubes4 system just last night.


My GPG issue has to do with the sys-firewall / system disk volume 
filling up during the download phase, thus the GPG check on the kernel 
package was failing. This is likely just a coincidence only because the 
kernel package is a fairly large one, and more likely to run out of 
space when downloading it.


I have since bumped up both the sys-firewall private and system storage 
size,cleared the cached packages using the dom0 --action="clear all", 
used sys-firewall local dnf "clear all",  restarted networking vm's, 
even restarted the physical machine,  and yet all that still did not 
resolve my update issues. My sys-firewall VM / is still around 98% full, 
with not enough room for completing any of my required updates.


I'll be looking into this later tonight to see if I can't figure out 
what is filling that volume and why that / volume does not seem to be 
expanding properly. I have not added anything to that sys-firewall 
volume myself so I have no clue why it suddenly filled up to that point 
and thus broke _all_ my updates.






--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6a2d714f-9733-71f2-b8ec-13c430005989%40jhuapl.edu.

[qubes-users] Is it possible to boot qubes dom0 kernel without Xen?

2019-11-15 Thread Claudia 
I've recently run into some hardware problems in Qubes which are not 
present in the equivalent Fedora version (F25). I have a feeling Xen may 
be a likely culprit, just simply because of how Xen controls the use of 
certain hardware for security reasons (VT-d, and such).


If it were possible to boot Qubes without Xen, it would be a step 
towards narrowing down the source of the problem. (The inverse -- 
installing Fedora *with* Xen -- is another option too, I suppose.)


Disabling VT-x and VT-d in BIOS is easy enough to do, and can probably 
identify firmware bugs caused by virtualization, for example. However 
even with VT-x/VT-d disabled, Qubes still boots under Xen.


So I was wondering, is it possible to run the Qubes dom0 kernel directly 
on the hardware instead of under Xen? How might one go about this? And 
how much work would it involve?


-
This free account was provided by VFEmail.net - report spam to ab...@vfemail.net

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the 
NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a29494de-be71-b34f-2c9f-02bb43c2b0ed%40vfemail.net.

Re: [qubes-users] QSB #053: TSX Asynchronous Abort speculative side channel (XSA-305)

2019-11-15 Thread Chris Laprise 

On 11/15/19 3:01 AM, Andrew David Wong wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2019-11-14 8:50 AM, Chris Laprise wrote:

One of the packages came down with an incorrect signature:

*** ERROR while receiving updates: Error while verifing
kernel-4.19.82-1.pvops.qubes.x86_64.rpm signature:
/var/lib/qubes/updates/rpm/kernel-4.19.82-1.pvops.qubes.x86_64.rpm:
rsa sha1 (MD5) PGP MD5 NOT OK


I'm not sure if that kernel is necessary for the patch, but that is
what downloaded when I specified qubes-dom0-security-testing.



I was not able to reproduce this when updating over clearnet. Have you
tried restarting your UpdateVM and trying again?


Thanks. It worked after I did an 'action=clear all'.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9ebfee7b-56d4-b870-3d5d-5524baca28a6%40posteo.net.

Re: [qubes-users] QSB #053: TSX Asynchronous Abort speculative side channel (XSA-305)

2019-11-15 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2019-11-14 8:50 AM, Chris Laprise wrote:
> One of the packages came down with an incorrect signature:
>
> *** ERROR while receiving updates: Error while verifing
> kernel-4.19.82-1.pvops.qubes.x86_64.rpm signature:
> /var/lib/qubes/updates/rpm/kernel-4.19.82-1.pvops.qubes.x86_64.rpm:
> rsa sha1 (MD5) PGP MD5 NOT OK
>
>
> I'm not sure if that kernel is necessary for the patch, but that is
> what downloaded when I specified qubes-dom0-security-testing.
>

I was not able to reproduce this when updating over clearnet. Have you
tried restarting your UpdateVM and trying again?

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl3OW0EACgkQ203TvDlQ
MDAq5Q//QGHZX8G82QdM8+7pdR2itVb16vZkufiIfEApRUSR8Gp3BJvBb2tqv08/
mizpzL0nDAJ/WaZtb0wZSr2qXzMcZq88n3cLBIOxdWbTbjG9sIePAPOqg8jZT8p2
k6y+lG/YpdiRqtzEFyap/7afh+y0jBW9/vsG5f0RQ38ytxa6+/WW9Pm+v0Y+oy7n
+8E0NoBU9I9nu3Ek/jrX9p23Fynv25ekT2lgeIVwsuYT0fCGEeqZ2PJY51TJxlHd
jPxbmUXFUjFH5pmxJR9VD1D+pTko1T+bYFo5KCN7qZrSzUGShx5OrYEb7J41K3gV
4x1NnCe3NrdRl06IU9RIZ3KvlBzE5zCzEUt9czHT/GXhuSiUd1Qub+F+j95WpPOE
zlipgLWcplqgz8rHA9AAeF2sSBMsJCqtND3m3Bh9xQFeMtURblmHQpo2yyYWERA1
vIkF21ofufyLA3T2CcTrt6B0dcPxmjKlTxQPx/kdi6/D5dTrAuNuGxBu9h9ZcQSv
nizBPtreLqxGwYWcHPAjKRKYN9oAjcXu/AcpB9Go9jjTIGlDAkaZL0aB3fitloTo
di2S2IrgOc8cmuYYB2Ix4qnADlkSTCByjI/hLlPPni/3Zb8g/GyTypC5pjOhoKYM
lX5q+vDDjkIviVSu/dqIL6k2QIee6HEY6KPG3f1anCLSs+4T5dM=
=wsoP
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/08c60e9b-47ee-0b7d-3dee-5cc0a215adcb%40qubes-os.org.