[qubes-users] Re: HCL - MSI Bravo 17
On 7/12/21 6:01 PM, ydir...@free.fr wrote: Not sure how this information can fit in the HCL:) Thank you for updating! This thread is linked from your HCL report so others who want to install on the same kind of machine will find your additional information here. /Sven -- public key: https://www.svensemmler.org/2A632C537D744BC7.asc fingerprint: DA59 75C9 ABC4 0C83 3B2F 620B 2A63 2C53 7D74 4BC7 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5d368722-79a8-5868-94eb-1af8069c1943%40SvenSemmler.org. OpenPGP_signature Description: OpenPGP digital signature
[qubes-users] Re: HCL - MSI Bravo 17
> I was finally able to boot kernel-latest (running 5.12 now), by > hiding the dGPU > from the amdgpu module (with "pci-stub.ids=1002:7340"), and > installing the linux-firmware > package from current 4.1 snapshot. Oh and I forgot, resuming after suspend does not work either, with 5.12 or 5.4. I did not investigate this any further yet. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1778855935.945520868.1626131203449.JavaMail.root%40zimbra39-e7.
[qubes-users] Re: HCL - MSI Bravo 17
I was finally able to boot kernel-latest (running 5.12 now), by hiding the dGPU from the amdgpu module (with "pci-stub.ids=1002:7340"), and installing the linux-firmware package from current 4.1 snapshot. We can note that this does not give proper GPU support even for the iGPU, as dom0 Xorg still uses LLVMpipe for rendering, but at least we have a display. Occasionally some screen corruption appears as horizontal lines, which go away by temporarily switching to another desktop; also the miniatures in xfce's alt-tab window list often get garbled in a not-unlike way, eg. when a firefox reopens a many-window session, until the window gets fully drawn by alt-tabbing to it once. Sven wrote: > Is there any kernel with which VFIO is supported, or is it simply "VFIO not > supported"? Even with 5.12-9 the kernel logs show "AMD IOMMUv2 functionality not available on this system", although lspci does show a 1022:1631 device, which recent pci.ids identify as "Renoir IOMMU". I can see the kernel got some cleanup of drivers/iommu/amd since 5.12, but no commit there advertises support for this hardware. But then, history for this part of the kernel does not appear to show much information about newly-supported hardware, and no pci_device_id list appears there either, so who knows without testing :). Not sure how this information can fit in the HCL :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1415829767.945516405.1626130895454.JavaMail.root%40zimbra39-e7.
[qubes-users] Using NextDNS in Qubes OS
Hello, I use NextDNS to encrypt and filter my DNS request on windows / android. I would also like to use it for some of my qubes VMs and tried it out but run into issues. I tried to change the DNS settings in /etc/systemd/resolved.conf but this broke name resolution. My setup: sys-net <- sys-vpn (expressvpn) <- sys-firewall <-- all VMs are configured as disposable VMs, but I know how to edit /rw/config/qubes-bind-dirs.d/ if I need to apply any persistent changes. I also tried to enable the qubes-disable-dns-server option and set my DNS serves manually in sys-vpn, but it didn't work. Question: where do I need to put in my custom DNS servers so that they will be used by my AppVMs. One7two99 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2th81D8T0ibHWD8ZnwhMrggO5mNzfa3bLKzMmsfT8ddig%40mail.gmail.com.
Re: [qubes-users] Disposable sys-net >> wifi login
Hello, I Am 51lieal schrieb am Mo., 12. Juli 2021, 04:35: > It's possible currently i'm using fedora-34 DispVMs on sys-net, what you > have to do : > > ``` > > nmcli device wifi list # scanning wifi > > nmcli device wifi connect password # example nmcli > device wifi connect 51lieal password one7two99 > > ``` > super helpful, exactly what I was looking for. One7two99 > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2sofCj-sb%2BhgRjwh%2B6xbO0AoD2KNWXB2iCxH0N1qUwkyQ%40mail.gmail.com.
[qubes-users] Safely set up a Qube to connect to only one IP address on the Internet
Dear Qubes community, i am interested in your ideas on how you would set up a Qube as secure as possible to connect to a single ordinary internet site (not a VPN network) accessed directly via its IP address. My ideas are: 1) Edit the Qube's firewall via dom0 as follows: $dom0: qvm-firewall NAME-OF-QUBE del --rule-no 0 $dom0: qvm-firewall NAME-OF-QUBE add --before 0 drop $dom0: qvm-firewall NAME-OF-QUBE add --before 0 accept 127.127.127.127/32 proto=tcp 443 2) Go into the dom0-Qube settings and turn on the disable-dns-server service. With these two settings, there should really be no DNS traffic anymore, right? What else would you do? Best wishes Michael Singer -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a836d9db-51c0-8f4b-cfc0-ea7eab3a5d55%40posteo.de.
Re: [qubes-users] The safest way to search in files on an external hard drive
On 7/9/21 12:01 PM, Michael Singer wrote: After decryption, my file system presents itself to me as an ordinary directory that I find somewhere under /media/xy. The encryption program used works in a way that the device in /dev/xvdi is always encrypted. Only what is currently accessed in the /media/xy folder is decrypted. Consequently, it does not work if I use the following command to create a loop that I then mount in another qube, because it will not be decrypted there: $disp1: sudo losetup -r /dev/loop0 /dev/xvdi On 7/9/21 18:04 PM, haaber wrote: Why not sudo losetup -r /dev/loop0 /media/xy ?? That is what I do alwys, at works fine. After that, the widget (for example) allows to attach /dev/loop0 to other qubes. Best Dear Bernhard, this way it works only, if /media/xy would be a device. But it is an ordinary directory and losetup says: invalid argument. Best regards Michael Singer -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6e947474-e3d5-fc13-97c9-c4f31425eeb6%40posteo.de.