[qubes-users] Qubes OS 4.0.1-rc1 has been released!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, We're pleased to announce the first release candidate for Qubes 4.0.1! This is the first of at least two planned point releases for version 4.0. Features: - All 4.0 dom0 updates to date - Fedora 29 TemplateVM - Debian 9 TemplateVM - Whonix 14 Gateway and Workstation TemplateVMs - Linux kernel 4.14 Qubes 4.0.1-rc1 is available for download here: https://www.qubes-os.org/downloads/#qubes-release-4-0-1-rc1 What is a point release? - A point release does not designate a separate, new version of Qubes OS. Rather, it designates its respective major or minor release (in this case, 4.0) inclusive of all updates up to a certain point. Installing Qubes 4.0 and fully updating it results in the same system as installing Qubes 4.0.1. What should I do? - - If you're currently using an up-to-date Qubes 4.0 installation, then your system is already equivalent to a Qubes 4.0.1 installation. No action is needed. Regardless of your current OS, if you wish to install (or reinstall) Qubes 4.0 for any reason, then the 4.0.1 ISO will make this more convenient and secure, since it bundles all Qubes 4.0 updates to date. It will be especially helpful for users whose hardware is too new to be compatible with the original Qubes 4.0 installer. Release candidate planning - -- We expect that there will be a second release candidate (4.0.1-rc2) following this one (4.0.1-rc1). The second release candidate will include a fix for the Nautilus bug reported in #4460 [1] along with any other available fixes for bugs reported against this release candidate. As usual, you can help by reporting any bugs you encounter. [2] What about Qubes 3.2.1? - --- We announced the release of 3.2.1-rc1 one month ago. [3] Since no serious problems have been discovered in 3.2.1-rc1, we plan to build the final version of Qubes 3.2.1 at the end of this week. [1] https://github.com/QubesOS/qubes-issues/issues/4460 [2] https://www.qubes-os.org/doc/reporting-bugs/ [3] https://www.qubes-os.org/news/2018/10/05/qubes-321-rc1/ This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/11/05/qubes-401-rc1/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlvg/P0ACgkQ203TvDlQ MDCJdxAAjXOIlD+zcOOg1vdyyrr9FHedU9e71t4BlQsLHNKm5i9olX4ws+9u379M u93yx1/O7FhWnxng7FAPcERxOmCeqxgxs60OyRHhgjsQSGYJM0LfsNF2sbT0RB+2 RGhtBV6lR7ygA9Gb73pUv8qAISY5PPq53xbDP3G1RgnNAWE0IMaN8Wg4qb1r9T0j WFn5xC1yW1/SQi/9wokRjyC/kju/NdILxNe4BPgWay52RODUdQqP+aS4paMns4v5 t9id+PNZxIoVokHN0Y+hiCtBN1c77L9MlslSF/KqwqHoth+wwCcp3B6FuHbKLQ4B sl0ALKdL9biW4J53IedYScogHlY5118NgPj1waAYiIzKc5E2Jj4AOZeMVdXFp2fe xrXyuGCunuYI2kY/+K24AYQcegfYIX3YC85WHYiImW1ASMCA1UVLgYGg75ODT8n8 rzlb5VPqdMDWyJO31sn9JObD8klaNtuVpAc/ZcQGfxrIWppqbABxSnp5uXCeJjKj zNuoRlnDichAJW5qIO6S0zeAVJ1pDMtdc30xBq6jpBQscS6eVZyDG96Elo/GGzBZ hQHA77eTw2alUSbERKgd0/xpAngqwS5eOFZdGfn5UB6rUHnDzXrqEnADYNrrzLl1 rl8TYMlMl6jx+6qgiDwvWqXXHW4WisaF/a8FC5KzMF/DRhI4Als= =jLCX -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4d1178e5-4055-5627-6e3c-093517219627%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes Security Team Update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, As we recently announced, Joanna Rutkowska [01] has turned over leadership of the Qubes OS Project to Marek Marczykowski-Górecki [02] (see Joanna's announcement [03] and Marek's announcement [04]). In this post, we'll discuss the implications of these changes for the Qubes Security Team and how we're addressing them. What is the Qubes Security Team? - The Qubes Security Team (QST) [05] is the subset of the Qubes Team [06] that is responsible for ensuring the security of Qubes OS and the Qubes OS Project. In particular, the QST is responsible for: - Responding to reported security issues [07] - Evaluating whether Xen Security Advisories (XSAs) [08] affect the security of Qubes OS - Writing, applying, and/or distributing security patches to fix vulnerabilities in Qubes OS - Writing, signing, and publishing Qubes Security Bulletins (QSBs) [09] - Writing, signing, and publishing Qubes Canaries [10] - Generating, safeguarding, and using the project's PGP keys [11] As a security-oriented operating system, the QST is fundamentally important to Qubes, and every Qubes user implicitly trusts the members of the QST by virtue of the actions listed above. How does the recent change in leadership affect the QST? - Until now, the two members of the QST have been Joanna and Marek. With Joanna's new role at the Golem Project, she will no longer have time to function as a QST member. Therefore, Joanna will officially transfer ownership of the Qubes Master Signing Key (QMSK) [12] to Marek, and she will no longer sign QSBs. However, due to the nature of PGP keys, there is no way to guarantee that Joanna will not retain a copy of the QMSK after transferring ownership to Marek. Since anyone in possession of the QMSK is a potential attack vector against the project, Joanna will continue to sign Qubes Canaries [10] in perpetuity. With Joanna's departure from the QST, Marek would remain as its sole member. Given the critical importance of the QST to the project, however, we believe that a single member would be insufficient. Therefore, after careful consideration, we have selected a new member for the QST from among our experienced Qubes Team members: Simon Gaiser (aka HW42) [13]. About Simon - --- Simon has been a member of the Qubes Team for over two years and has been a contributor to the project since 2014. He has worked on many different parts of the Qubes codebase, including core, Xen, kernel, and GUI components. Earlier this year, he joined Invisible Things Lab (ITL) and has been gaining experience with other security projects. His thorough knowledge of Qubes OS, ability to assess the severity of security vulnerabilities, and experience preparing Xen patches make him very well-suited to the QST. Most importantly, both Joanna and Marek trust him with the responsibilities of this important role. We are pleased to announce Simon's new role as a QST member. Congratulations, Simon, and thank you for working to keep Qubes secure! [01] https://www.qubes-os.org/team/#joanna-rutkowska [02] https://www.qubes-os.org/team/#marek-marczykowski-g%C3%B3recki [03] https://www.qubes-os.org/news/2018/10/25/the-next-chapter/ [04] https://www.qubes-os.org/news/2018/10/25/thank-you-joanna/ [05] https://www.qubes-os.org/security/#the-qubes-security-team [06] https://www.qubes-os.org/team/ [07] https://www.qubes-os.org/security/#reporting-security-issues-in-qubes-os [08] https://www.qubes-os.org/security/xsa/ [09] https://www.qubes-os.org/security/bulletins/ [10] https://www.qubes-os.org/security/canaries/ [11] https://keys.qubes-os.org/keys/ [12] https://www.qubes-os.org/security/verifying-signatures/#1-get-the-qubes-master-signing-key-and-verify-its-authenticity [13] https://www.qubes-os.org/team/#simon-gaiser-aka-hw42 This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/11/05/qubes-security-team-update/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlvg/IsACgkQ203TvDlQ MDB3Cw/+J3lLsNYqvBham/m2TBHoUWXMXa4B1cih9sUXLB1f1mE0Juo+UbdWL5Ux D5Ql4vwdao3Ednhz7ulxV7Ala5cZXqx5WXxblYhLKSo4PJKcEeamIr+o1aJIPn18 Eq8uuAeomFoTd4tWB8cNDxg7e/giqNLl9BTAcl4awcnNl3fameEmZsoBugRhkExq Mn4lK/tn1uJ9jg9bFE9tZGvpkQ4/S//MZRk3HMrQ79YZ73GrgfiNzN9KZWlYKpR0 LUGNZD/IN/QQsTSnYAGytKYBI6hCB3T3jU6J2wIIVWp3ii/w1LvWKnNP5RCGa7oc 5/IlA3Vx5JOdMfslI+1lP+X+hFeZkXT9uZgvXXy0QuyBbUoOTSfue/E6QDW/j4go lAjwoaUNUfhhmMO4S1BAyQobkdl6cvUj5donon4EV8GlBdoc42Evgf6fN6OZwoC5 AYnF136upW+dQG+rj6NPLpYHDNgPmrlGVbQiZG+FSpV9UpGF3h1cFDraS2CwCC6h pOuvjDA1ZzX4bG1hpi7L1m1ytFbQu8/6TnUVrOUb8qh/dyQOLgLaKhjCIj7bR1i5 cuwE6i+7JuKm+g8JdtNenV+U2hS2mZS+DSgXL//sXwvo47O1hjsAzN4rJiM9FXjT iRw2bXhcMhFK3nvt2JcFtyiZP0ZtNFnHBlduV7pdctrwRoH1GVU= =7rtv -END PGP SIGNATURE- --
Re: [qubes-users] Re: Size of HVM VM's
> > I tried it and it worked! Thankyou! How did you change the resolution? I only see 800*600 option in Ubuntu HVM. I tried https://www.qubes-os.org/doc/linux-hvm-tips/, which only enlarge to 1024-768. And when I run "X -configure :1", it shows errors, I have to hard code a xorg.conf file, which is not the right method, I know. How to change it the larger size? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/65b70336-b484-407f-b8a4-583d9154ca15%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Any ideas about blank white video in Simplescreenrecorder and OBS in appvm (including standalone)
I tried a lot to allow SSR and OBS work in appvm, always stuck in blank white video, cursor is the only thing on the video. In hvm of ubuntu, it does avoids blank white video, but the screen size of HVM is so tiny - 800*600. If somebody can give some knowledge, kindly thanks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a9a47ea4-d062-4f32-9d5f-854fa4f716d7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Screen recorder for Qubes..?
Nice work. Can you please give the details about how to install the script? Where to run the script:ffmpeg_record_screen.sh? in dom0 or vm-template? Does it work for Qubes 3.2? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7c09e455-6844-461e-8bd2-5f041e511dad%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes 3.2: No Internet Connection, neither with Wi-Fi, neither with Ethernet. HELP PLEASE!
Ok so one more if I can please, this is on a Asus K56c laptop and it has a kernel failure on boot with Qubes Os 4.0. On the first install it shows the kernel failure and it boots to the OS don0. If I turn off or reboot it shows my kernel failure and won’t load into the os. I seen something saying I should be able to change the kernel (maybe during the install) don’t remember. I found the kernels on the Qubes site that are excepted, I just don’t see how the change it. Maybe I’m overlooking, I’m not a major Linux person. I know a small bit of ubantu In this Asus I have the Acronis Loader, I don’t think that has anything to do with it. Just putting it out there. Qubes OS is the only os install on this laptop drive. All virtual options are enabled. Boots to my login password then stalls. Any ideas? On Mon, Nov 5, 2018 at 7:37 PM LMiller M <56lmil...@gmail.com> wrote: > I want to thank you both. Sorry for the late reply I wasn’t able to make > the necessary adjustments till now. > > I feel like a fool, I didn’t think about treating my desktop as a virtual > box fresh install. Which completely makes sense because of the Qubes basic > idea of the OS! Lol omg... > > Anyway, seeing there is nothing explaining this. This is the fix for the > issue I had with installing 4.0 os and having that main install error. > After setting both virtual options in the PC bios everything loaded as > needed on reboot. Network connection connected on boot-up. Everything works > fine! > > Thank you and I look forward to being apart the Qubes community! Amazing > OS! > On Sat, Nov 3, 2018 at 11:57 AM 'awokd' via qubes-users < > qubes-users@googlegroups.com> wrote: > >> LMiller M: >> > Ok doing some research about this as much as I can learn about. I’m >> redoing >> > the os 4.0 install. I got the warning that my machine doesn’t have >> > HVM/VT-x/amd-v. Link from Qubes site. Basically no vms will work with >> > anything. Can you help explain how I’m supposed virt-type to PV? Or >> should >> > I just install the os 3.2? >> >> Enable the virtualization options in your BIOS setup. >> >> > The main problem I was having was. After running lookup qvm-pci I see my >> > devices fine. The nic card shows up in the listing. In the network >> > connections add connection. Everything is grayed out can’t add anything >> no >> > vms work >> >> 1) Enabling virtualization may fix your sys-net issue. >> 2) You shouldn't have to add connections manually in most cases. What >> does connection info say? >> 3) Like unman said, switch sys-net to use the Debian template (shut >> sys-net down and change in Qube Setting/General tab). >> 4) If that doesn't fix it, see if your NIC needs additional firmware, >> then install that to the template you use for sys-net. >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "qubes-users" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/qubes-users/sEh2LQFiOxI/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> qubes-users+unsubscr...@googlegroups.com. >> To post to this group, send email to qubes-users@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/qubes-users/629219b4-1dd6-f9dc-2bd3-805825a02116%40danwin1210.me >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAOugA3q3rrRrjH9iVjYz1kcRrp%3DS1YPp4AgS2auabcrOu0Rbcg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes 3.2: No Internet Connection, neither with Wi-Fi, neither with Ethernet. HELP PLEASE!
I want to thank you both. Sorry for the late reply I wasn’t able to make the necessary adjustments till now. I feel like a fool, I didn’t think about treating my desktop as a virtual box fresh install. Which completely makes sense because of the Qubes basic idea of the OS! Lol omg... Anyway, seeing there is nothing explaining this. This is the fix for the issue I had with installing 4.0 os and having that main install error. After setting both virtual options in the PC bios everything loaded as needed on reboot. Network connection connected on boot-up. Everything works fine! Thank you and I look forward to being apart the Qubes community! Amazing OS! On Sat, Nov 3, 2018 at 11:57 AM 'awokd' via qubes-users < qubes-users@googlegroups.com> wrote: > LMiller M: > > Ok doing some research about this as much as I can learn about. I’m > redoing > > the os 4.0 install. I got the warning that my machine doesn’t have > > HVM/VT-x/amd-v. Link from Qubes site. Basically no vms will work with > > anything. Can you help explain how I’m supposed virt-type to PV? Or > should > > I just install the os 3.2? > > Enable the virtualization options in your BIOS setup. > > > The main problem I was having was. After running lookup qvm-pci I see my > > devices fine. The nic card shows up in the listing. In the network > > connections add connection. Everything is grayed out can’t add anything > no > > vms work > > 1) Enabling virtualization may fix your sys-net issue. > 2) You shouldn't have to add connections manually in most cases. What > does connection info say? > 3) Like unman said, switch sys-net to use the Debian template (shut > sys-net down and change in Qube Setting/General tab). > 4) If that doesn't fix it, see if your NIC needs additional firmware, > then install that to the template you use for sys-net. > > -- > You received this message because you are subscribed to a topic in the > Google Groups "qubes-users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/qubes-users/sEh2LQFiOxI/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/629219b4-1dd6-f9dc-2bd3-805825a02116%40danwin1210.me > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAOugA3rs-dCfHZwH4rLJWNK8uASiNwdA_jaYciM9ObbedFyHOw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Disk Manager does not start
I have a Widows 7 VM saved on a HDD from my previous Qubes 3.2 and I am trying to install it and various other VMs that were “Backed up” On that HDD to my Qubes 4.0 installation. The HDD is recognizied by Qubes 4.0 but I can’t see it on the Back up/restore list of files and I do not know how to start the Disk File Manager tool to “mount” the HDD to access the stored VMs. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2a145d14-970d-4768-b794-bb999ea1deb3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cannot update whonix-gw-14
Could also be an onion balance issue or a Tor network issue. I had problems until I created a new identity to update my whonix-14 instance. On Mon, Nov 5, 2018 at 9:05 AM 'awokd' via qubes-users < qubes-users@googlegroups.com> wrote: > Beto HydroxyButyrate: > > My whonix-gw-14 template is failing to update. Any suggestions? > > > > > > sudo apt-get update && sudo apt-get update > > ... > > > > Hit:23 http://ftp.us.debian.org/debian stretch/contrib amd64 Contents > > (deb) > > > > Err:16 tor+http://vwakviie2ienjx6t.onion/debian stretch/main amd64 > > Contents > > (deb) > > > >Hash Sum mismatch > >Hashes of expected file: > > - Filesize:458159900 [weak] > > - > SHA256:fa40630d28629019a1851b70a5314f6a94e72fb9c1c6f61f4364fc78b942c87e > > - MD5Sum:b01bc430892695ddaa164310200e0dc8 [weak] > >Hashes of received file: > > - > SHA256:1e63fa3f9ee1381114f549a01bb4b49c07a168e1f1745f40c4f88bc2df6c19d4 > > - MD5Sum:bcc8c1982bf2c3577560cd825696 [weak] > > - Filesize:55131985 [weak] > >Release file created at: Sat, 14 Jul 2018 09:43:35 + > > Err:17 http://ftp.us.debian.org/debian stretch/main amd64 Contents > > (deb) > > Note the filesizes of the received and expected files, and the > repository at the bottom. Since both that repo and the equivalent onion > are failing the same way, it's not a Qubes or Whonix issue. Contact the > maintainer of that Debian repo, or wait until the file gets replaced > with a newer version. > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/e2aaf5f9-27ae-65c5-27b4-ba7ecd4fc19e%40danwin1210.me > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAKSXK8%3DDgYLyXuwQGQeK4sN65N9%2BWskz9rxCA%3D0R6aaawomwUA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cannot boot new HVM from cdrom. What is the new command?
Thanks, Unman and Ivan.. I ended up trying: qvm-start --cdrom=dom0:/dev/sr0 win7 ..and it worked, since that's where my CD drive was mounted as. I'll give the suggested syntax a try as well, and imagine it will succeed also. The transition from Qubes 3.2 to 4.0 has been full of hiccups both large and small due to various scattered system changes like this one, and I appreciate the assistance here. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e1904a55-e27d-4703-b79c-e890a72c59ac%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4: Unable to get any DVM app to ever launch
On Sunday, November 4, 2018 at 8:22:33 AM UTC-5, unman wrote: > On Sat, Nov 03, 2018 at 03:14:00PM -0700, Otto Kratik wrote: > > On Thursday, November 1, 2018 at 10:13:36 AM UTC-4, unman wrote: > > > On Wed, Oct 31, 2018 at 12:27:06PM -0700, Otto Kratik wrote: > > > > On Wednesday, October 31, 2018 at 7:49:43 AM UTC-4, awokd wrote: > > > > > Otto Kratik wrote on 10/31/18 2:28 AM: > > > > > > Qubes 4.0 > > > > > > > > > > > > > > > > > > Whenever attempting to launch an app in a DVM, the result is always > > > > > > the same. The popup message comes up saying "Disp1234 has started", > > > > > > and then nothing happens. Then about two minutes later, another > > > > > > popup says "Disp1234 has halted". No app ever launches. > > > > > > > > > > > > It doesn't matter what app I try.. xterm, konsole, firefox, > > > > > > dolphin, thunar, tor browser, gedit, kwrite etc. Always the same > > > > > > behavior. Also doesn't matter if I try from Q Menu shortcuts, > > > > > > command line in dom0, command line in another AppVM.. no > > > > > > difference. Just the same type of message in the terminal, says > > > > > > it's launching, then shuts down two minutes later with no output. > > > > > > > > > > > > Doesn't make a difference either if I try to open a file in a DVM > > > > > > or just straight launching an app. Nothing ever opens. Launching > > > > > > apps regularly from normal AppVM's works perfectly all the time, > > > > > > just not DVM's. > > > > > > > > > > > > Slight correction: About 1 in 10 times, launching Firefox from a > > > > > > Fedora-template-based DVM succeeds. The other 9 times it fails. All > > > > > > other apps fail 10 out of 10 times. And launching any app > > > > > > (including Firefox) from a Whonix-ws-14-template-based DVM also > > > > > > fails 100% of the time as described above. > > > > > > > > > > > > How is this issue best investigated and resolved? > > > > > > > > > > > > > > > > Have you upgraded to Whonix 14 or customized the DVM? Try removing it > > > > > completely (you might have to temporarily change DVM defaults to a > > > > > different template), then recreating it with `sudo qubesctl state.sls > > > > > qvm.whonix-ws-14-dvm`. If that doesn't work, see > > > > > https://www.whonix.org/wiki/Qubes/Uninstall and > > > > > https://www.whonix.org/wiki/Qubes/Install to completely uninstall and > > > > > reinstall the workstation template and DVM. You can skip the gateway > > > > > steps if you've already upgraded it to 14 since it sounds like that's > > > > > still working. > > > > > > > > It's a fresh install of Qubes 4 with freshly downloaded/installed > > > > Whonix 14/DVM templates using the salt/qubesctl command mentioned above > > > > and in the documentation. No customisations. So I doubt reinstalling > > > > would have any effect. > > > > > > > > Whonix-ws-14 template works perfectly fine for running apps the normal > > > > way, from AppVMs based upon it. No issue whatsoever. Only running them > > > > from whonix-ws-14-dvm causes trouble. > > > > > > > > However as I said, even trying to run apps from Fedora-26-dvm also > > > > fails the majority of the time, so I'm not even convinced it's a whonix > > > > specific issue. Rather a DVM one in general. > > > > > > > > Any other things to try? > > > > > > > > > > I would try this: > > > Install all updates in dom0 and qubes. > > > Create a new Fedora based qube. > > > Confirm you can run programs as expected. > > > Make it a template for dispvms, using qvm-prefs. > > > Close all unnecessary qubes. > > > Then , at command line, start to test running programs in dispvms based > > > on the qube. > > > > > > Generally , the command should be: > > > qvm-run --dispvm > > > > > > That's the most basic form. > > > Anything you can run using qvm-run should work in > > > disposableVM based on qube (except gnome-terminal) > > > > > > That will test the basic infrastructure. > > > > > > If all is good, start testing a more complex form: > > > qvm-run -a --service --dispvm= --qubes.StartApp+ > > > > > > here should have an associated desktop file. > > > Again, anything you can run using qvm-run --service > > > should work in > > > disposableVM based on the qube (except gnome-terminal) > > > > > > That will test the more complex infrastructure. > > > > > > If all's good, you can start testing different template based qubes, > > > including Whonix. If it's not good there's something fundamentally > > > broken. > > > > > > qvm-run *does* have -v option, but it doesn't generate verbose output. > > > > > > Check back when you have some results from testing. > > > > > > unman > > > > > > Hi, thanks for your detailed reply and suggestions. Here is what I have > > found: > > > > I created a new qube/AppVM based on the fedora26 template, and called it > > 'fedoratest'. I also enabled it as a DVM template using qvm=prefs. Running > > all of the following commands from dom0 wor
Re: [qubes-users] Updates to all recommends Vms on Qubes 4.0
Hey, i tried to following the tutorial to upgrade Whonix 13 to 14. https://www.whonix.org/wiki/Qubes/Install I first start to uninstall the old Version of Whonix with Option B. When i tried to install the dummy template with following command "sudo qubes-dom0-update qubes-template-dummy i become some error message "unable to find a match". So i cant start to upgrade. Can anybody says me how to update the Debian 9 Template? Probleme 2 When i upgrade Fedora 26 to 28 my Windows7 HVM dont have some internet connection. I deleted the old Version of Fedora26 and saw, that my Windows7 HVM works with fedora 26-dvm. I think there's the probleme. Can someone tell me, how can i fix the probleme with the internet-connection? I would be happy about your helpful answers. regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/48ee3fc1-99af-4d18-bd67-c4067b1060ee%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: X1 Carbon again; Qubes DSDT override?
Dan, Thank you for the instructions! I would like to confirm the patch still works against 4.14.72.1 The only problem I had with original instruction is that yum didn't want to install another kernel (compiled one) with identical version (one was already installed since I did upgrade first) - I had to increment value in qubes-linux-kernel/rel file and recompile again so my version named as 4.14.72.2. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0ad8a15c-7cf0-4385-9ecd-14fb294ae061%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Using an OnlyKey
On Monday, October 15, 2018 at 9:37:48 AM UTC-4, John Maher wrote: > On Friday, October 12, 2018 at 1:17:37 AM UTC-4, awokd wrote: > > g80vmgm...@riseup.net wrote on 10/12/18 5:07 AM: > > > John Maher: > > >> I have an OnlyKey and have been unable to figure out how to make use of > > >> it in Qubes OS 4.0. > > >> > > >> Relevant info: > > >> > > >> * OnlyKey requires either its app being opened on the computer or one's > > >> ability to go to https://apps.crp.to (simply via a browser) in order to > > >> set its time. > > >> * I used info from this page > > >> https://www.qubes-os.org/doc/usb/#how-to-use-a-usb-keyboard to get the > > >> OnlyKey to operate as a USB keyboard. Doing this resulted in the OnlyKey > > >> being attached to sys-usb and outputting text (password info) in dom0 > > >> and any other qube. > > >> * Although the OnlyKey can output like a USB keyboard in any qube, it > > >> cannot get its time set without being specifically attached to an appVM > > >> that either has the OnlyKey app or can access https://apps.crp.to, so > > >> TOTP will not function. > > >> * Using the yellow drop down icon to attach the OnlyKey to a qube that > > >> has the app results in (1) the time on the OnlyKey being set, and (2) > > >> the OnlyKey no longer working as a USB keyboard anywhere. > > >> * Detaching from the qube does not restore the OnlyKey's ability to > > >> function as a USB keyboard. > > >> > > >> Short of installing the OnlyKey app in sys-usb, is there anything else I > > >> can try? (And I don't even know if that would work.) > > >> > > >> Even if I decided it was ok to install the app in sys-usb, sys-usb is > > >> based on Fedora, and OnlyKey only has a deb package. Installing on > > >> Fedora has proven to be very problematic. > > >> > > >> Thanks for any help you can provide. > > >> > > >> John > > >> > > > > > > Hi John, > > > > > > I don't have an OnlyKey and unfortunately probably can't really help you > > > to debug the issues with it not being able to act again as an HID device > > > after attaching it directly to a VM. > > > > > > However, you can absolutely use a Debian-based VM as your sys-usb qube; > > > just install the Debian 9 template and set your sys-usb qube to use it > > > as its template. Also make sure the qubes-usb-proxy package is installed. > > > > > > As for the HID issues, I do have one suggestion: have you tried not only > > > detaching the device from the AppVM, but also physically removing the > > > USB device and re-inserting it? > > > > No OnlyKey either, but I think it is possible to have two USB > > "keyboards" in Qubes if you edit the file described here: > > https://www.qubes-os.org/doc/usb/#r32-manual. > > Thanks for your responses. I figured out a solution. > > I figured out a way to use OnlyKey with Qubes OS. I suspect I've violated > some basic security principles relative to how Qubes is intended to be used, > but I accept the compromise, which I think (hope) is minimal. > > Because an OnlyKey needs a time source in order for its TOTP feature to > function, either the OnlyKey app (standalone or Chrome extension) or > navigating to https://apps.crp.to, after the OnlyKey is inserted into a USB > port, need to be available. In Qubes, I discovered that inserting the OnlyKey > (and unlocking it with the PIN) and attaching it to the appVM where I want to > use it resulted in the OnlyKey not functioning as a keyboard, which is needed > to do its job. In dom0, adding this line to the top of > /etc/qubes-rpc/policy/qubes.InputKeyboard (see > https://www.qubes-os.org/doc/usb/#how-to-use-a-usb-keyboard) allowed the > OnlyKey to operate as a keyboard in all VMs (without attaching the OnlyKey to > a VM): > > sys-usb dom0 allow,user=root > > However, to use TOTP it still needed access to the app or to > https://apps.crp.to. But, again, when I attached the OnlyKey to an appVM, the > OnlyKey stopped functioning as a keyboard, even when I detached it from the > appVM. > > So, I did the following: > > 1. Temporarily provided Internet access to sys-usb. > 2. Opened Chrome and installed the OnlyKey extension. > 3. Disabled the sys-usb VM's Internet access. > > Now, after inserting the OnlyKey and entering its PIN, I can open the OnlyKey > Chrome app (which does not need Internet access to function), resulting in > the OnlyKey getting its time set. Because of the previous edit of > "qubes.InputKeyboard", the OnlyKey functions as a keyboard and all is well. > > I'm happy to hear comments or cautions regarding this. > > John John, As I understood your setup for OnlyKey consists of two parts: first - make it work as a keyboard, second - make TOTP work. I think I stuck on the first one. I modified the file from Qubes docs and I able to attach a regular USB keyboard - it works in any qubes. But when I insert the OnlyKey stick I see it is discovered as a Teensyduino_Keyboard_RawHID_xxx but the LED indicator on the stick do
Re: [qubes-users] Disk Manager does not start
On Sat, Nov 03, 2018 at 06:57:40PM -0700, William Fisher wrote: > I just installed qubes 4.0 and the disk manager doesn’t start and show any > disk drives. It just shows the settings for the mAnager. I can’t get the > manager to start. I try to install or back-up vms and when I try to select a > destination I get the error: whoops a Critical error has occurred. This is > most likely a bug in Qubes Restore VMs application. Qubes VM Error. Cannot > start Dom0 fake domain at line 102 of file base.py > I've commented in another post on the "disk manager" issue. Can you explain exactly what you mean by "select a destination" when installing a qube? Are you trying to select a backup file from dom0? Or from a disk attached to another qube? On my updated 4.0, if I open the "Restore Qubes" application, I can select a Qube (including dom0), and then click the '...' button, and a file browser opens. Is this what you are trying to do? A better description of the steps you take that lead up to the error would be helpful. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181105160645.nexuqortz267mbvg%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] sudo apt-get install remmina -> Unable to locate package remmina
Den måndag 5 november 2018 kl. 16:49:02 UTC+1 skrev unman: > On Mon, Nov 05, 2018 at 07:43:25AM -0800, alexander.ibrahi...@gmail.com wrote: > > Den måndag 5 november 2018 kl. 15:30:20 UTC+1 skrev unman: > > > On Mon, Nov 05, 2018 at 04:20:14AM -0800, alexander.ibrahi...@gmail.com > > > wrote: > > > > Hi, > > > > > > > > I am trying to install remmina on my AppVM with whonix-ws-14 template > > > > with network through sys-whonix. > > > > > > > > When typing > > > > > > > > > sudo apt-get install remmina > > > > > > > > I get this error: > > > > > > > > > E: Unable to locate the package remmina > > > > > > > > I'm on Qubes 3.2 with whonix 14 > > > > > > > > Thanks in advance!! > > > > > > > > > > remmina isnt available in stretch repositories. > > > To get it you'll need to enable stretch backports. > > > you can do this by adding a line to /etc/apt/sources.list: > > > deb http://ftp.debian.org/debian stretch-backports main > > > > > > Then 'apt update' and 'apt install remmina' should work. > > > > > > NB I assume whonix will be fine with backports, but dont speak for this. > > > > > > unman > > > > Hi Unman, > > > > Thanks for your response; is the command I should be running ''nano > > /etc/apt/sources.list''on debian or whonix konsole? > > > > Any editor will do: if you're comfortable with nano that will be fine. > You'll need root permissions to edit that file though, so su or sudo > nano. > I'm assuming whonix will be fine using backports. > > unman Thanks again for your reply! I'll confirm on the whonix forums before I do any changes! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ad33b192-8285-4344-b8b4-3680da154f50%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cannot boot new HVM from cdrom. What is the new command?
On 11/4/18 9:25 PM, Otto Kratik wrote: Previously when creating a new Windows HVM on Qubes 3.2, to boot from a physical CD in the physical CD drive I would do: qvm-start --cdrom=/dev/cdrom win7 When I try that in Qubes 4.0, I get an error that starts with "Traceback" and ends with "Not enough values to unpack (expected 2, got 1)." What am I doing wrong? What is the new command to make this work in Qubes 4? The following command should work: qvm-start --cdrom=dom0:/dev/cdrom win7 (and yes, the error message is cryptic). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0ba43017-5be6-0695-83f6-4617bc5d29bb%40maa.bz. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] sudo apt-get install remmina -> Unable to locate package remmina
On Mon, Nov 05, 2018 at 07:43:25AM -0800, alexander.ibrahi...@gmail.com wrote: > Den måndag 5 november 2018 kl. 15:30:20 UTC+1 skrev unman: > > On Mon, Nov 05, 2018 at 04:20:14AM -0800, alexander.ibrahi...@gmail.com > > wrote: > > > Hi, > > > > > > I am trying to install remmina on my AppVM with whonix-ws-14 template > > > with network through sys-whonix. > > > > > > When typing > > > > > > > sudo apt-get install remmina > > > > > > I get this error: > > > > > > > E: Unable to locate the package remmina > > > > > > I'm on Qubes 3.2 with whonix 14 > > > > > > Thanks in advance!! > > > > > > > remmina isnt available in stretch repositories. > > To get it you'll need to enable stretch backports. > > you can do this by adding a line to /etc/apt/sources.list: > > deb http://ftp.debian.org/debian stretch-backports main > > > > Then 'apt update' and 'apt install remmina' should work. > > > > NB I assume whonix will be fine with backports, but dont speak for this. > > > > unman > > Hi Unman, > > Thanks for your response; is the command I should be running ''nano > /etc/apt/sources.list''on debian or whonix konsole? > Any editor will do: if you're comfortable with nano that will be fine. You'll need root permissions to edit that file though, so su or sudo nano. I'm assuming whonix will be fine using backports. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181105154901.i7kmp6jjaar4tsxb%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] sudo apt-get install remmina -> Unable to locate package remmina
Den måndag 5 november 2018 kl. 15:30:20 UTC+1 skrev unman: > On Mon, Nov 05, 2018 at 04:20:14AM -0800, alexander.ibrahi...@gmail.com wrote: > > Hi, > > > > I am trying to install remmina on my AppVM with whonix-ws-14 template with > > network through sys-whonix. > > > > When typing > > > > > sudo apt-get install remmina > > > > I get this error: > > > > > E: Unable to locate the package remmina > > > > I'm on Qubes 3.2 with whonix 14 > > > > Thanks in advance!! > > > > remmina isnt available in stretch repositories. > To get it you'll need to enable stretch backports. > you can do this by adding a line to /etc/apt/sources.list: > deb http://ftp.debian.org/debian stretch-backports main > > Then 'apt update' and 'apt install remmina' should work. > > NB I assume whonix will be fine with backports, but dont speak for this. > > unman Hi Unman, Thanks for your response; is the command I should be running ''nano /etc/apt/sources.list''on debian or whonix konsole? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8b72ec2e-6216-426d-b7be-b7a9a94fff1f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Disk Manager does not start
William Fisher: Dom0 does recognize the HDD storage disk but Disk Manager in Qubes does not start to give me access to the files on the HDD or to backup my VMs That's fine, you don't need Disk Manager in dom0. Choose or create a non-network connected AppVM (suggest "Personal" for example.) Then, connect the block device to it with something like "qvm-block attach personal dom0:sdb1". The "sdb1" part will vary depending on what you see in qvm-block's output. You should then be able to mount the drive using the File Manager inside Personal. The Qubes Backup and Restore utilities can also access the drive inside the Personal AppVM, just use the "..." button once it is mounted there. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bc43532b-464d-4fc7-b760-8616ef986701%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cannot update whonix-gw-14
Beto HydroxyButyrate: My whonix-gw-14 template is failing to update. Any suggestions? sudo apt-get update && sudo apt-get update ... Hit:23 http://ftp.us.debian.org/debian stretch/contrib amd64 Contents (deb) Err:16 tor+http://vwakviie2ienjx6t.onion/debian stretch/main amd64 Contents (deb) Hash Sum mismatch Hashes of expected file: - Filesize:458159900 [weak] - SHA256:fa40630d28629019a1851b70a5314f6a94e72fb9c1c6f61f4364fc78b942c87e - MD5Sum:b01bc430892695ddaa164310200e0dc8 [weak] Hashes of received file: - SHA256:1e63fa3f9ee1381114f549a01bb4b49c07a168e1f1745f40c4f88bc2df6c19d4 - MD5Sum:bcc8c1982bf2c3577560cd825696 [weak] - Filesize:55131985 [weak] Release file created at: Sat, 14 Jul 2018 09:43:35 + Err:17 http://ftp.us.debian.org/debian stretch/main amd64 Contents (deb) Note the filesizes of the received and expected files, and the repository at the bottom. Since both that repo and the equivalent onion are failing the same way, it's not a Qubes or Whonix issue. Contact the maintainer of that Debian repo, or wait until the file gets replaced with a newer version. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e2aaf5f9-27ae-65c5-27b4-ba7ecd4fc19e%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Disk Manager does not start
On Sun, Nov 04, 2018 at 06:52:26PM -0800, William Fisher wrote: > Dom0 does recognize the HDD storage disk but Disk Manager in Qubes does not > start to give me access to the files on the HDD or to backup my VMs > I think that you mean "File manager". There isnt one in dom0 by design. You are not intended to use one in dom0. To backup qubes use the menu item under "System Tools". To see what qubes you have, use the Qube Manager - again under "Syetm Tools" in Xfce menu. If you *do* want to work at file level you can do so from a terminal in dom0, but this is generally not recommended. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181105143638.hp3st4uyidymc6kq%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] sudo apt-get install remmina -> Unable to locate package remmina
On Mon, Nov 05, 2018 at 04:20:14AM -0800, alexander.ibrahi...@gmail.com wrote: > Hi, > > I am trying to install remmina on my AppVM with whonix-ws-14 template with > network through sys-whonix. > > When typing > > > sudo apt-get install remmina > > I get this error: > > > E: Unable to locate the package remmina > > I'm on Qubes 3.2 with whonix 14 > > Thanks in advance!! > remmina isnt available in stretch repositories. To get it you'll need to enable stretch backports. you can do this by adding a line to /etc/apt/sources.list: deb http://ftp.debian.org/debian stretch-backports main Then 'apt update' and 'apt install remmina' should work. NB I assume whonix will be fine with backports, but dont speak for this. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181105143018.dm4p4jf2gzqy3f37%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 3.2 full monitor panel close
On Sun, Nov 04, 2018 at 12:38:02PM -0800, Máté Kovács wrote: > Hi > Unfortunately I had setting the panel to full monitor size and I can't remove > it. > Is there any way to close it? > I don't want to reinstall the whole operation system because of this... > I cant see that image, and I'm guessing you use Xfce (though you dont say so.) I hope I understand your problem, though I cant imagine how you got to it. Use Ctrl+ALT+F2 to get to console and log in. You can manipulate Xfce using xfconf-query: Something like this should work: xfconf-query --channel 'xfce4-panel' --property 'panels/panel-1/size' --type int --set 32 Then ALT+F1 to get back (hopefully) to desktop. Apologies if I misunderstand. If so, please give more details (not a screenshot please) unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181105141905.xy53rflmwzttcaqm%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] SSD hardware encryption vulnerabilities (Radbound University)
[Note: my position is that hardware disk encryption is useful for protecting against opportunistic attacks, whereas software disk encryption is best for protecting against targeted attacks. Use both.] 1. PR Notice: https://www.ru.nl/english/news-agenda/news/vm/icis/cyber-security/2018/radboud-university-researchers-discover-security/ 2. Advisory: https://www.ru.nl/publish/pages/909275/advisory.pdf 3. Paper draft, very exciting read!: https://www.ru.nl/publish/pages/909282/draft-paper.pdf There are two CVEs here, which I will attempt to summarize: CVE-2018-12037: user supplied password is not (or not entirely) used to encrypt the disk encryption key stored in the flash. Key can be extracted via various techniques. Examples given: - ATA password (Maximum and High modes) on internal SSDs such as Crucial MX100,MX200,MX300 - ATA password (only in HIGH mode) on internal SSDs such as Samsung 840 EVO and 850 EVO - Proprietary unlock software on portable SSDs such as Samsung T3 and T5 CVE-2018-12038: user supplied password (or bitlocker(!)/OPAL key) *IS* used to encrypt the disk encryption key stored in the flash. However, care was not taken in firmware design to mitigate the logical->physical translation. Therefore the original unencrypted key (before reconfiguration) may still be recoverable somewhere in the flash if the original flash block was not erased fully as part of the wrapping of the key in the user-provided password/key. - Samsung 840 EVO was vulnerable Mitigations: 0. As suggested in the article (and in discussions on this list): always use software-based encryption. Note that Microsoft's Bitlocker utilizes hardware encryption when available by default for performance (using eDrive, a simple variant of OPAL). This can be disabled via group-policy, but it will not change the configuration of an already configured drive. 1. Don't use the Crucial MX100 and MX200. Oh, the horror. MX300 not much better either, so avoid. 2. If using ATA security on the Samsung drives, always set both the User *AND* Master passwords (utilize Maximum security mode). 3. TCG Opal implementation looks pretty solid on the Samsung drives. However 840 has a wear-leveling vulnerability in old key storage, so 850 or higher series is preferred. 4. Samsung claims their portable drive issues are resolved when moving to the v1.6.2 release of the unlocker. I'm doubtful. 5. Did I mention: always use software encryption as well? My opinions: 1. Crucial and Samsung may have some excitement in their FIPS compliance workstreams. 2. I'm fairly certain the TCG Opal standards are written to require manufacturers to address these two issues: a) wrap the damn keys correctly and b) ensure old key material is erased. This is a failure of engineering, testing and compliance. c) I've been peeved that the Samsung T3 and T5 drives, internally, are not TCG Opal, instead using a custom Samsung mechanism to lock/unlock their hardware encryption capabilities. The reason I was peeved: these are the only sources of 2TB mSATA drives which I would have loved to use with sedutil. Now I have a second reason to be peeved, which is that the custom mechanism was as crappy as Y2K-era ATA password protection. Happy Monday, Brendan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bd5caffc-6299-4079-995d-05dcc679b346%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cannot boot new HVM from cdrom. What is the new command?
On Sun, Nov 04, 2018 at 11:25:49AM -0800, Otto Kratik wrote: > Previously when creating a new Windows HVM on Qubes 3.2, to boot from a > physical CD in the physical CD drive I would do: > > qvm-start --cdrom=/dev/cdrom win7 > > When I try that in Qubes 4.0, I get an error that starts with "Traceback" and > ends with "Not enough values to unpack (expected 2, got 1)." > > What am I doing wrong? What is the new command to make this work in Qubes 4? > This works for me, specifying the attached domain: qvm-start win7 --cdrom=dom0:/dev/cdrom unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181105140052.7lso5fbdkqg42ouq%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Donating to qubes
Hope this help: https://www.qubes-os.org/donate/ If not, use the "contact us" link (mail address) on that page. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/155.5be04310%40qubes-os.info. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] UnicodeDecodeError during Qubes 4.0 installation
Since it was a file system error, I formatted the disk prior to starting the Qubes installation. This solved the problem for me. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0607ad74-4201-4cbe-92dc-0923aa885b28%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] sudo apt-get install remmina -> Unable to locate package remmina
Hi, I am trying to install remmina on my AppVM with whonix-ws-14 template with network through sys-whonix. When typing > sudo apt-get install remmina I get this error: > E: Unable to locate the package remmina I'm on Qubes 3.2 with whonix 14 Thanks in advance!! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4e2e4299-be21-4f78-a0cc-c0b5b00f8644%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Cannot update whonix-gw-14
My whonix-gw-14 template is failing to update. Any suggestions? sudo apt-get update && sudo apt-get update ... Hit:23 http://ftp.us.debian.org/debian stretch/contrib amd64 Contents (deb) Err:16 tor+http://vwakviie2ienjx6t.onion/debian stretch/main amd64 Contents (deb) Hash Sum mismatch Hashes of expected file: - Filesize:458159900 [weak] - SHA256:fa40630d28629019a1851b70a5314f6a94e72fb9c1c6f61f4364fc78b942c87e - MD5Sum:b01bc430892695ddaa164310200e0dc8 [weak] Hashes of received file: - SHA256:1e63fa3f9ee1381114f549a01bb4b49c07a168e1f1745f40c4f88bc2df6c19d4 - MD5Sum:bcc8c1982bf2c3577560cd825696 [weak] - Filesize:55131985 [weak] Release file created at: Sat, 14 Jul 2018 09:43:35 + Err:17 http://ftp.us.debian.org/debian stretch/main amd64 Contents (deb) Hash Sum mismatch Hashes of expected file: - Filesize:458159900 [weak] - SHA256:fa40630d28629019a1851b70a5314f6a94e72fb9c1c6f61f4364fc78b942c87e - MD5Sum:b01bc430892695ddaa164310200e0dc8 [weak] Hashes of received file: - SHA256:1e63fa3f9ee1381114f549a01bb4b49c07a168e1f1745f40c4f88bc2df6c19d4 - MD5Sum:bcc8c1982bf2c3577560cd825696 [weak] - Filesize:55131985 [weak] Release file created at: Sat, 14 Jul 2018 09:43:35 + Hit:24 tor+http://vwakviie2ienjx6t.onion/debian stretch/non-free amd64 Packages Get:25 tor+http://vwakviie2ienjx6t.onion/debian stretch/non-free Translation-en [80.6 kB] Hit:26 http://ftp.us.debian.org/debian stretch/non-free amd64 Packages Get:27 http://ftp.us.debian.org/debian stretch/non-free Translation-en [80.6 kB] Hit:28 tor+http://vwakviie2ienjx6t.onion/debian stretch/non-free amd64 Contents (deb) Hit:29 http://ftp.us.debian.org/debian stretch/non-free amd64 Contents (deb) Hit:18 tor+http://vwakviie2ienjx6t.onion/debian stretch/contrib amd64 Packages Hit:20 http://ftp.us.debian.org/debian stretch/contrib amd64 Packages Fetched 241 kB in 18s (12.8 kB/s) Reading package lists... Done E: Failed to fetch store:/var/lib/apt/lists/partial/vwakviie2ienjx6t.onion_debian_dists_stretch_main_Contents-amd64.gz Hash Sum mismatch Hashes of expected file: - Filesize:458159900 [weak] - SHA256:fa40630d28629019a1851b70a5314f6a94e72fb9c1c6f61f4364fc78b942c87e - MD5Sum:b01bc430892695ddaa164310200e0dc8 [weak] Hashes of received file: - SHA256:1e63fa3f9ee1381114f549a01bb4b49c07a168e1f1745f40c4f88bc2df6c19d4 - MD5Sum:bcc8c1982bf2c3577560cd825696 [weak] - Filesize:55131985 [weak] Release file created at: Sat, 14 Jul 2018 09:43:35 + E: Failed to fetch store:/var/lib/apt/lists/partial/ftp.us.debian.org_debian_dists_stretch_main_Contents-amd64.gz Hash Sum mismatch Hashes of expected file: - Filesize:458159900 [weak] - SHA256:fa40630d28629019a1851b70a5314f6a94e72fb9c1c6f61f4364fc78b942c87e - MD5Sum:b01bc430892695ddaa164310200e0dc8 [weak] Hashes of received file: - SHA256:1e63fa3f9ee1381114f549a01bb4b49c07a168e1f1745f40c4f88bc2df6c19d4 - MD5Sum:bcc8c1982bf2c3577560cd825696 [weak] - Filesize:55131985 [weak] Release file created at: Sat, 14 Jul 2018 09:43:35 + E: Some index files failed to download. They have been ignored, or old ones used instead. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ee49eea0-0e2b-3d57-80c2-0e5a790857fa%40damon.com. For more options, visit https://groups.google.com/d/optout.
