Re: [qubes-users] Qubes HCL Diagnostic

2018-02-27 Thread Unman 
On Tue, Feb 27, 2018 at 06:59:18PM -0500, Steve Coleman wrote:
> On 02/27/18 10:24, Unman wrote:
> 
> > 
> > For 3.2 I have a Qubes Live that can be run from DVD/USB and generate HCL 
> > from
> > that.
> > http://www.qubes-3isec.org
> 
> Is that perhaps:
> 
>  http://qubes.3isec.org/Live/
>  http://qubes.3isec.org/Live/Qubes.iso
>  http://qubes.3isec.org/Live/QubesTor.iso
> 
> With a '.' rather than a '-' in the name? I'm just mentioning the correction
> in case others may try to find it. I know it took a lot of work to make that
> ISO so its a good resource.
> 
> Its a shame the 4.x was not cooperating. Was it a matter of time or a
> specific technical issue? In any case thanks for working on it as long as
> you did. One day I hope to figure out how to make one, with specific options
> compiled in.
> 
> > A major issue is that programs like HCL will report on the current 
> > capabilities,
> > not necessarily what the machine is capable of. For that you really need
> > to look in BIOS (to see what can be enabled) and check the documentation
> > for your mb/processor combo.
> > To work efficiently,a program as you envisage it would need to hold a
> > database of board/processors to provide accurate report, I think.
> > 
> > unman
> > 

Yes, it is Steve.
Thanks.

I actually do have a bare rc4 iso, which needs some more testing before I
post it. But it isn't a priority for me right now.

cheers

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180228005401.wqzseuuux34ag5ts%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes HCL Diagnostic

2018-02-27 Thread Steve Coleman 

On 02/27/18 10:24, Unman wrote:



For 3.2 I have a Qubes Live that can be run from DVD/USB and generate HCL from
that.
http://www.qubes-3isec.org


Is that perhaps:

 http://qubes.3isec.org/Live/
 http://qubes.3isec.org/Live/Qubes.iso
 http://qubes.3isec.org/Live/QubesTor.iso

With a '.' rather than a '-' in the name? I'm just mentioning the 
correction in case others may try to find it. I know it took a lot of 
work to make that ISO so its a good resource.


Its a shame the 4.x was not cooperating. Was it a matter of time or a 
specific technical issue? In any case thanks for working on it as long 
as you did. One day I hope to figure out how to make one, with specific 
options compiled in.



A major issue is that programs like HCL will report on the current capabilities,
not necessarily what the machine is capable of. For that you really need
to look in BIOS (to see what can be enabled) and check the documentation
for your mb/processor combo.
To work efficiently,a program as you envisage it would need to hold a
database of board/processors to provide accurate report, I think.

unman



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6efc0c21-b48d-9fa4-7500-b79a05f7b2ec%40jhuapl.edu.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes HCL Diagnostic

2018-02-27 Thread Don Hemminger 
Thanks for all the comments and suggestions.  I just thought it might be 
something to consider if someone could re-purpose some of the code from Qubes 
for a diagnostic that could help individuals (like myself) to quickly determine 
and document (in the HCL) systems that are or are not compatible.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/058215c1-7cb6-4f8f-a470-d67f9b998f77%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes HCL Diagnostic

2018-02-27 Thread Yuraeitha 
On Tuesday, February 27, 2018 at 4:45:26 PM UTC+1, awokd wrote:
> On Tue, February 27, 2018 3:24 pm, Unman wrote:
> 
> > To work efficiently,a program as
> > you envisage it would need to hold a database of board/processors to
> > provide accurate report, I think.
> 
> That's true but it would be next to impossible to keep that database up to
> date with errata about broken chipsets/processor opcodes, various EFI
> firmware revisions (some functional, some not) etc. etc. etc.
> 
> Seems best to report on currently enabled processor & IOMMU capabilities-
> which your live image approach allows!

It could be interesting if a small simple A.I. was made to look into the HCL 
thread though, maybe it won't need to be so sophisticated to pull of a feat 
like that. I.e. run down the list online when HCL report is being processed. 
Maybe this won't even need to be an A.I. but an automated search engine that 
quotes from the HCL report list if one is available? It won't be perfect, but 
it'd be an improvement for people that don't check the HCL list themselves. But 
it's kind of a luxury problem right now though.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f7649836-134e-4f92-b2a6-f6367efe4f66%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes HCL Diagnostic

2018-02-27 Thread 'awokd' via qubes-users 
On Tue, February 27, 2018 3:24 pm, Unman wrote:

> To work efficiently,a program as
> you envisage it would need to hold a database of board/processors to
> provide accurate report, I think.

That's true but it would be next to impossible to keep that database up to
date with errata about broken chipsets/processor opcodes, various EFI
firmware revisions (some functional, some not) etc. etc. etc.

Seems best to report on currently enabled processor & IOMMU capabilities-
which your live image approach allows!


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f38dff92ec74fb6f4653bbe405d1b205.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes HCL Diagnostic

2018-02-27 Thread Unman 
On Tue, Feb 27, 2018 at 09:40:49AM -0500, Don Hemminger wrote:
> The boot up report is very helpful, but if it could be run outside of
> Qubes, it would be quicker, and could provide comprehensive specific
> details (e.g. TPM 1.2 or 2.0) on specific platforms.  I'm not sure how
> feasible that would be.  It's just a suggestion.
> 
> On Tue, Feb 27, 2018 at 9:19 AM, awokd  wrote:
> 
> > On Tue, February 27, 2018 2:08 pm, Don Hemminger wrote:
> > > Would it be possible to create a simple diagnostic that could be run on a
> > >  PC to summarize the Qubes Hardware Compatibility of that machine. It
> > > could quickly diagnose and report on the compatibility level of each
> > major
> > >  requirement (e.g HVM, IOMMU, TPM 1.2 or 2.0), and indicate possible
> > > issues or conflicts. It would take a lot of the guesswork out of the HCL
> > > process. I'd love to run it on my new Dell Optiplex 3050.
> >
> > qubes-hcl-report. Or are you suggesting something that could be run
> > outside of Qubes?
> >
> >
> >
> 

For 3.2 I have a Qubes Live that can be run from DVD/USB and generate HCL from
that.
http://www.qubes-3isec.org

A major issue is that programs like HCL will report on the current capabilities,
not necessarily what the machine is capable of. For that you really need
to look in BIOS (to see what can be enabled) and check the documentation
for your mb/processor combo.
To work efficiently,a program as you envisage it would need to hold a
database of board/processors to provide accurate report, I think.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180227152454.ndo4uzeujttbib5r%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes HCL Diagnostic

2018-02-27 Thread Yuraeitha 
On Tuesday, February 27, 2018 at 3:40:53 PM UTC+1, Don Hemminger wrote:
> The boot up report is very helpful, but if it could be run outside of Qubes, 
> it would be quicker, and could provide comprehensive specific details (e.g. 
> TPM 1.2 or 2.0) on specific platforms.  I'm not sure how feasible that would 
> be.  It's just a suggestion.
> 
> 
> On Tue, Feb 27, 2018 at 9:19 AM, awokd  wrote:
> On Tue, February 27, 2018 2:08 pm, Don Hemminger wrote:
> 
> > Would it be possible to create a simple diagnostic that could be run on a
> 
> >  PC to summarize the Qubes Hardware Compatibility of that machine. It
> 
> > could quickly diagnose and report on the compatibility level of each major
> 
> >  requirement (e.g HVM, IOMMU, TPM 1.2 or 2.0), and indicate possible
> 
> > issues or conflicts. It would take a lot of the guesswork out of the HCL
> 
> > process. I'd love to run it on my new Dell Optiplex 3050.
> 
> 
> 
> qubes-hcl-report. Or are you suggesting something that could be run
> 
> outside of Qubes?

So for exampæe if you look up the laptops compatibility with other Linux 
systems, or you know from experience that it runs other Linux distributions 
well, then you know the kernel will likely run somewhat fine on Qubes. 

If you use other diagnostic tools or look up the hardware specs, then you can 
narrow down which features your system support. Though if using diagnostic 
tools, it must first be enabled in UEFI/BIOS too, even the HCL report requires 
this though, so it's all the same there anyway.

Poor UEFI/BIOS you can do research on too, for example does other people have 
issues with that particular motherboard? Especially with these virtualisation 
features and/or Linux in general?

It isn't all easy to do, but you can get a lot more information this way. The 
HCL report is actually quite limited in contrast to what you can quickly gather 
with research on a search engine. You would need something akin to an A.I. if 
you want it to be able to outsmart a person researching, the modern programs 
can't do it that well.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cd68b8c4-06da-4a49-abc7-21829fac4b8c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes HCL Diagnostic

2018-02-27 Thread Yuraeitha 
On Tuesday, February 27, 2018 at 3:40:53 PM UTC+1, Don Hemminger wrote:
> The boot up report is very helpful, but if it could be run outside of Qubes, 
> it would be quicker, and could provide comprehensive specific details (e.g. 
> TPM 1.2 or 2.0) on specific platforms.  I'm not sure how feasible that would 
> be.  It's just a suggestion.
> 
> 
> On Tue, Feb 27, 2018 at 9:19 AM, awokd  wrote:
> On Tue, February 27, 2018 2:08 pm, Don Hemminger wrote:
> 
> > Would it be possible to create a simple diagnostic that could be run on a
> 
> >  PC to summarize the Qubes Hardware Compatibility of that machine. It
> 
> > could quickly diagnose and report on the compatibility level of each major
> 
> >  requirement (e.g HVM, IOMMU, TPM 1.2 or 2.0), and indicate possible
> 
> > issues or conflicts. It would take a lot of the guesswork out of the HCL
> 
> > process. I'd love to run it on my new Dell Optiplex 3050.
> 
> 
> 
> qubes-hcl-report. Or are you suggesting something that could be run
> 
> outside of Qubes?

Definitely, but I don't think it's something they'd work on right now. They 
have limited resources and a lot planned to do atm. It could be something for 
the future perhaps? If it's not on the issue tracker on Github already, then 
you could add it there so that it maybe one day gets picked up and solved.

But I don't think the HCL report is much different from other tools, this 
report won't tell you if you will run into UEFI issues and bugs, poor kernel 
drivers for your hardware, or other hickups that can happen. Even the Qubes HCL 
report can't tell you so much about that.

So if your goal is just to verify the different features, you can get far on 
Windows/Mac/Linux by running other diagnostic tools to tell what kind of 
virtulisation your hardware supports. This can also be foind in the specs, 
though, if people are unsure, having a program that can run in 
Windows/Mac/linux is definitely a good idea, I agree. Even more so if drivers 
can be tested, but that'd require much more work I imagine.

UEFI/BIOS issues is more of a poor motherboard lottry risk, I'm not sure if 
this can be tested from another system.

But if you have the essential featues, which is easy to find with other tools 
and hardware specs, then at least you got one major hurdle out of the way, with 
remamining potential issues in bad drivers and firmware support.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c9d6ea39-63e7-4be6-bfe8-840ea3fdbbc7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes HCL Diagnostic

2018-02-27 Thread Don Hemminger 
The boot up report is very helpful, but if it could be run outside of
Qubes, it would be quicker, and could provide comprehensive specific
details (e.g. TPM 1.2 or 2.0) on specific platforms.  I'm not sure how
feasible that would be.  It's just a suggestion.

On Tue, Feb 27, 2018 at 9:19 AM, awokd  wrote:

> On Tue, February 27, 2018 2:08 pm, Don Hemminger wrote:
> > Would it be possible to create a simple diagnostic that could be run on a
> >  PC to summarize the Qubes Hardware Compatibility of that machine. It
> > could quickly diagnose and report on the compatibility level of each
> major
> >  requirement (e.g HVM, IOMMU, TPM 1.2 or 2.0), and indicate possible
> > issues or conflicts. It would take a lot of the guesswork out of the HCL
> > process. I'd love to run it on my new Dell Optiplex 3050.
>
> qubes-hcl-report. Or are you suggesting something that could be run
> outside of Qubes?
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAHpGpy0n2O4g3VvCt_NBHqBiBi1bQyvtyVK8A4uv-yJBGT7aLA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes HCL Diagnostic

2018-02-27 Thread Yuraeitha 
On Tuesday, February 27, 2018 at 3:19:11 PM UTC+1, awokd wrote:
> On Tue, February 27, 2018 2:08 pm, Don Hemminger wrote:
> > Would it be possible to create a simple diagnostic that could be run on a
> >  PC to summarize the Qubes Hardware Compatibility of that machine. It
> > could quickly diagnose and report on the compatibility level of each major
> >  requirement (e.g HVM, IOMMU, TPM 1.2 or 2.0), and indicate possible
> > issues or conflicts. It would take a lot of the guesswork out of the HCL
> > process. I'd love to run it on my new Dell Optiplex 3050.
> 
> qubes-hcl-report. Or are you suggesting something that could be run
> outside of Qubes?

hmm, maybe something that could be run in Windows or other Linux OS's that most 
people have running before going Qubes? I wonder, it might not have to be Qubes 
specific right? As long as it looks for those VM related hardware support 
features. 

The question then would be, what programs are available that can do this? I 
can't think of any at the top of my head atm at least.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e8f22712-ced4-4c71-9460-572f3b1fa06d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes HCL Diagnostic

2018-02-27 Thread 'awokd' via qubes-users 
On Tue, February 27, 2018 2:08 pm, Don Hemminger wrote:
> Would it be possible to create a simple diagnostic that could be run on a
>  PC to summarize the Qubes Hardware Compatibility of that machine. It
> could quickly diagnose and report on the compatibility level of each major
>  requirement (e.g HVM, IOMMU, TPM 1.2 or 2.0), and indicate possible
> issues or conflicts. It would take a lot of the guesswork out of the HCL
> process. I'd love to run it on my new Dell Optiplex 3050.

qubes-hcl-report. Or are you suggesting something that could be run
outside of Qubes?


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9edf04fdafaf0b1f59d4ed9f86dad1b9.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes HCL Diagnostic

2018-02-27 Thread Don Hemminger 
 Would it be possible to create a simple diagnostic that could be run on a
PC to summarize the Qubes Hardware Compatibility of that machine. It could
quickly diagnose and report on the compatibility level of each major
requirement (e.g HVM, IOMMU, TPM 1.2 or 2.0), and indicate possible issues
or conflicts. It would take a lot of the guesswork out of the HCL process.
I'd love to run it on my new Dell Optiplex 3050.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAHpGpy3kj0uzt80oYpUBZXP01GAViGCY5Ae5n5vL-miMYGMbZw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.