Re: [qubes-users] Boot log
For some reason it's not subscribing me to issues I start lol, didn't get
an email with your reply, sorry for the late reply.
So I checked the bios and VT-D is enabled, virtualization is enabled,
everything is pretty much enabled.
I have two systems, one before the update(my main system) and a usb I
update first.
Both of their logs had the following:
Unknown cachability for MFNs 0x7bc00-0x7fdff
[VT-d]Passed iommu=no-igfx option. Disabling IGD VT-D engine
Intel VT-d snoop control not enabled
Intel VT-d Dom0 DMA Passthrough not enabled
Intel VT-d Posted Interrupt not enabled
Intel VT-d Shared Ept Tables not enabled
My main computer had exclusively:
It's risky to assign :00:14.0+1d.0+1a.0 with shared rmrr at x for domX
[VT-d]Passed iommu=no-igfx option. Disabling IGD VT-D engine # a second
time close to the first occurence
My boot usb had:
[VT-D]INTR-REMAP: Request device [:f0:1f.0] fault index 7986, iommu reg
= 82c0009f4000
Not sure how to upload the entire logs on google groups browser version?
On Friday, July 19, 2019 at 8:48:09 PM UTC, awokd wrote:
>
> Frozentime345:
> > After the latest update during boot it is showing messages like VT-D and
> > others are not enabled. I tried to access this information using "sudo
> > journalctl -b" but found nothing.
> >
> > Is there are any boot log that I can access to read and diagnose these
> > issues?
> >
> > Also, does anyone know why these messages are appearing now?
> >
> > Thanks for your help in advance.
> >
> Also look in /var/log/xen/console/hypervisor.log. Not sure why they
> would be appearing now; if they weren't working before you would have
> had trouble installing Qubes in the first place. Double check your
> UEFI("BIOS") config to make sure they're still enabled.
>
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/8f83d5cd-d2f0-4906-9e5b-5877da4a3045%40googlegroups.com.
[qubes-users] Boot log
After the latest update during boot it is showing messages like VT-D and others are not enabled. I tried to access this information using "sudo journalctl -b" but found nothing. Is there are any boot log that I can access to read and diagnose these issues? Also, does anyone know why these messages are appearing now? Thanks for your help in advance. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fcba0667-d11a-bb59-9ddc-a80a1d1bb898%40gmail.com.
[qubes-users] Sometimes randomly shuts off at encryption screen
Sometimes when I boot up the system freezes in the middle of typing my encryption password and shuts down. Happens rarely. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c29d7841-44b4-e519-41dc-e1170fcdaa6d%40gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Does restoring automatically verify integrity?
On Wednesday, June 19, 2019 at 10:55:13 PM UTC, awokd wrote: > Frozentime345: > > Does restoring automatically verify integrity? Or are we suppose to run > > an integrity check before restoring? > > > Yes, restore uses the password you enter as both an encryption and > integrity check. Okay, thanks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a1b2f52a-af6c-4518-bb48-131b29ff6ebe%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Does restoring automatically verify integrity?
Does restoring automatically verify integrity? Or are we suppose to run an integrity check before restoring? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cf4062bb-aa00-966d-b1bb-22e5ed91c046%40gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Log qubes firewall packets
Okay thanks, should I post this in issues as a feature request? On 4/21/19 4:06 PM, Zrubi wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 4/21/19 9:13 PM, Frozentime345 wrote: Wondering how to log packets blocked and accepted by qubes firewall for specific vm or all vms if thats the only option? Couldn't find anything in website or google or qvm-firewall Unfortunately, Qubes firewall was not designed for such use case. If you are familiar with the iptables (and nftables too), you may be able to workraound this limitation. But it really not trivial to achieve . - -- Zrubi -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEmAe1Y2qfQjTIsHwdVjGlenYHFQ0FAly8zUUACgkQVjGlenYH FQ3asQ//eFsUE/kigN5pFpkEYiQKxh5XGMtAaAtcdA4IhaPLqlnG+VkFZz0fTB3n Jv1sO6LYunL2DPSfOInUELHOu8ZiCMEIB4+SFqJszjCJADGDSBX7iEd5TyNDNU23 bV3hKU/6LI+bsDqbuwzteg/CgR8WxAtGhle/G/OOoQ3H2ViYxLOPudRLe0Pda12e zx1Ra7u0QMYXTO+vQWbvKcnlxkL41ataK+n1KkKYi+ToGfrmV5Kho0yg83H2ETXO +4xTcb5ZUtlmjgb0kP7Q14n5Qv5nLokzOCvAajGNDq6/IQQND0prD5GjIOztiCaB ugOWqGdWCVxJKyjoxF0YpzOrXZHzz1FsAH4/6zEhN8e8VvTf1moWCaAf2yOg4Qca wUKD78gBYtbO92eB5OEYkaKBE7GXOPOjKjHZQUBFFe8Z+BuOK55ZcEEwID8S+w3K QEaud/l5LetMK9GXrhZ4ti6vWEKLLPa9tDDOzUW7Qe+5+Epk96uj0NH/oM14Afmn TBGsw0YMCRuugfDrfpZOu+MMKxEt9zS3bLy6FBBIe7h84YV09Zl6mBzf3gWPqOSj cZpBlJVQaqY3P1A3yYhWyJ7eOdN+e36uV5a+PmBVm3mjMZcKkK4niLwDALGam/Zc U4g7XPVLJyssKFMd2FIL1d7QomC1gtI2w8jBbRzLQ4Xj7fsVyt0= =4NxJ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/578b2297-0d79-1678-0710-7369124b9069%40gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Log qubes firewall packets
Wondering how to log packets blocked and accepted by qubes firewall for specific vm or all vms if thats the only option? Couldn't find anything in website or google or qvm-firewall -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/049dca62-08a1-6f03-9fb7-73f99f5866b2%40gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Don't give focus to new windows in certain work-spaces
I like when it automatically gives focus to new windows most of the time, but when Im entering passwords it's sometimes a pain. Any way to off the feature for just one workspace? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4d15cb1b-3e1f-560f-f601-5bf636080e4d%40gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Decrypt from shell or modify boot
Is there any way to decrypt the hard drive using a shell and then boot like that? Or otherwise modify the boot to accept a key-file(on a flash drive) instead of a pass-phrase? Ctrl+alt+f2 or any other combo doesn't seem to open a shell, is there any way? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c0079f3c-ab95-b996-1476-b0fcdd755a40%40gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to use encryption key(on flash drive) instead of pass phrase
I was trying to follow the custom install guide to do this but keep failing at "setting up installation environment". Preferably I would want to use just the key and not have any pass phrase. I learned that you can change the encryption key in dm-crypt so maybe the easier method is to install and then add the encryption key? I can try experimenting myself with some clues if this method makes sense. Also once I get all this working, how does one start up the system using this method? Is there a way to escape to shell and use cryptsetup? Finally, I'm using this command to generate the key : sudo dd if=/dev/random of=filename bs=1 count=4096 Is this okay? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a3c9d2b6-13fb-3740-3ce2-9b026ccedf98%40gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Weakly verifying device through an image hidden by pin
Along the lines of what I read in the anti-evil maid blog it would be nice if you could have an image with the google 3M privacy filter behind a pin available on the lock screen to verify this is your device. I understand the anti evil maid test checks for all sorts of hardware manipulation and so it's the superior check but a)not every device supports intel txt so a weaker universal check would be nice and b) I don't want to restart my device every-time there's a chance my device was switched out or something, weak somewhat passive protection would be nice. Maybe add that pin as another password requirement just for a random security boost. Ideally the image could be stored in an appvm ofc so as not to have to bring anything into dom0, and you could have multiple images for different situations. Also, wondering if its possible to have a lock-screen background stored in an appvm? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/50dcc9fc-e72f-35df-6349-63eac66c43ef%40gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Blacklist Dom0 Upgrades
Just a minor convenient feature would be to blacklist certain dom0 rpm upgrades, the kernel updates keep breaking my Ethernet so I'm avoiding them. I'm manually applying the other updates but dom0 is still saying "has updates" so I also have to manually check whether new updates are available. Not really a big deal but it would also prevent me from making the mistake of installing a kernel update(ideally it would blacklist by pattern as well so I could decide whether or not to try a new kernel). Even more ideally we could roll back dom0 like templates =p, but I realize that's probably difficult or something lol. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8cdf595d-41ff-10f7-af91-c7a671aa396d%40gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: White-list for block devices, networks, etc
On Tuesday, October 16, 2018 at 5:46:13 PM UTC, Frozentime345 wrote: > System: Fedora 27/Debian 9 Templates, R3.2->upgrading to 4.0 soon > > I looked through rpc policy but I couldn't find anything like this, is there > a way to only allow certain block devices for certain appvms? Doesn't > even have to be a secure feature just something to prevent user error, > but it has to work at the qubes level so a > "bad" block device doesn't compromise the appvm. > > Similarly, is there something in sys-net I can use to white-list? I > tried the network connections manager but I cant seem to stop it from > connecting to unknown ethernets, after its known I can set “don't > automatically connect” though. For some reason Im not receiving emails from my own thread lol? Luckily I googled the group to see if the post made it. Cool on qubes 4.1 sounds good. Thanks, I'll look into udev config. Will this no auto default setting for network manager stop new connections or just stop network manager? Ideally I want it to allow me to config new networks before connecting or ask me confirmation before connecting, basically to prevent user error. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/47dbbe1b-de38-42e3-9a9b-faa0334cbc19%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] White-list for block devices, networks, etc
System: Fedora 27/Debian 9 Templates, R3.2->upgrading to 4.0 soon I looked through rpc policy but I couldn't find anything like this, is there a way to only allow certain block devices for certain appvms? Doesn't even have to be a secure feature just something to prevent user error, but it has to work at the qubes level so a "bad" block device doesn't compromise the appvm. Similarly, is there something in sys-net I can use to white-list? I tried the network connections manager but I cant seem to stop it from connecting to unknown ethernets, after its known I can set “don't automatically connect” though. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/22c97b8d-d5ac-f51a-1af5-3f39c621fabb%40gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Any way to draw characters on lockscreen/encryption screen?
I'm interested in drawing out characters as a method of invisibleish input on either a touchpad or touchscreen since I want to bring my qubes device anywhere. I couldn't find any mention of this in a fedora google search or a qubes search nor in qubes settings. I doubt it exists but I just thought I'd ask lol. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cea329b3-1932-dd4a-10bd-4ec1708f0e35%40gmail.com. For more options, visit https://groups.google.com/d/optout.
