Re: [qubes-users] wipe released diskspace of a disposable VM's
On Monday, December 16, 2019 at 5:33:52 PM UTC-5, Claudia wrote: > > brend...@gmail.com : > > Disposable VMs were not developed with anti-forensics in mind (e.g. no > protection in jurisdictions where you can be forced to hand over your drive > password > Never thought about it, but that makes sense. I can see how it would be > easy to confuse "non-persistence of malware" aspect and the > "non-persistence (non-remenance) of data" aspect, though. > > But then... What does the checkbox mean, "Keep dispVM in memory", under > global settings (R3.2, at least)? Screenshot attached. > See: https://groups.google.com/d/msg/qubes-devel/QwL5PjqPs-4/JwcbdJDbBDwJ It was meant to be a dispVM speed-up option, not an anti-forensics option. > I sort of like the idea mentioned in bug #904, about doing the crypto > inside the dispVM itself, so that 1) the key is scrubbed by Xen when the > dispVM is shut down, and 2) data is non-recoverable instantly so you > don't have to wait until all dispVMs have been shut down for example. > Incidentally this approach actually offers a lot of improvement in > scenarios where the machine is seized while it's on and unlocked, too, > but that's another topic. > That could work, but depends upon threat model, e.g. if the dispVM hosts untrusted content then depending upon the VM to prevent leakage may have issues. > Just bouncing around some ideas. Seems like it might be possible to do > something like that, and perhaps simpler than the ephemeral pool > approach, depending on your situation. Thoughts? > I dunno...the ephemeral approach is simpler to me...in that it's just a bash script in dom0. It's less simple in usuage...in that it takes a while to run to get to a usable state. :) But it did help uncover some inefficiencies in the qvm-clone implementation that has been patched by the devs. In any case: the proof is testing data recovery during/after using the technique. e.g. With R4, I found that even after copying the disposable vm template and the template it is based off of to a new pool, on startup, at least one volatile volume per dispvm is created in the default pool. I'm pretty sure that's a defect and it's definitely a forensics gotcha. Hence the script currently needs to change the default pool before dispVM startup and then, after a time, reverts it back. Brendan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/04f50bfa-c06c-4281-a4f5-f7cdf0702000%40googlegroups.com.
[qubes-users] How to access installer in rescue mode?
I'm trying to install Qubes 4.0 on laptop that has UEFI firmware (without the Legacy option) But I cannot get to the blue boot screen. The official "Troubleshooting UEFI related problems", requires me to switch to tty2 (Ctrl+Alt+F2) . But seems that there is no combination of keys that stops the boot process before it goes to the black screen. Any hint or suggestion on how to get the installation to start would be much appreciated. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/64edbbc3-5f5b-451a-86f8-7b909b83fe31%40googlegroups.com.
Re: [qubes-users] Kernel 4.14.103-1 dmenu is not working
eduzw...@gmail.com: > And dmenu doesn't work. $mod+d does nothing. Typing "i3-dmenu-desktop" gives > an error message "invalid input: "" doesn't match any application. Your > command: exec --no startup-id "" > Error: expected one of these tokens: '--no-startup-id', > > > On xfce everything seems to work fine.. Anyone else experiencing the same > things with i3 I have the same problem. It might be the same as described here: https://github.com/i3/i3/issues/3619 This would mean that the bug can be fixed by using a newer version of dmenu. I havn't tested this myself yet. Kind Regards, denkxor -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f3dff4c7-6509-d1a5-5424-b66dcd9812dc%40koeln.ccc.de. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Soundquality
Hi Claudia, thanks for your response aplay -l responds this: card 0: PCH HDA INTEL PCH device 0 ALC255 analog the other command does work, but i dont know how to export those from dom 0 and its like 2 pages long, i hope it works without these infos. gain was already 0 where do i set these model= ? I will look into kernel upgrades. Greez Myros -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3960544c-d57e-445c-808c-b477252313ef%40googlegroups.com.
[qubes-users] Trezor 1 not working with web wallet
We have this same problem as here: https://github.com/trezor/trezord-go/issues/163#issuecomment-552288220 The trezor devs reopened the issue, but looks like they have more important problems to work. Is anyone using Trezor 1 with Qubes 4 successfully? What's the setup or at least troubleshooting steps please? Crypto Carabao Group --- #Plow_with_Carabao! #Plow_like_Carabao! PGP: `3f7d5efddfe0cfa588c134065d72fe83efbb7649` Sent with ProtonMail Secure Email. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/aRl3ulugyXDxipRu0Z1s1YnCEWd0cUBDSB_n2rZD_SaIr-YAXaEM7WU_lnL-TCYCmsuf6R5nGM870NxiuW958vIUsRF07yZGD4ikZxMnvY8%3D%40protonmail.ch. publickey - cryptocarabao@protonmail.ch - 0x3F7D5EFD.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
[qubes-users] pool "Manual repari required"
Hello All, What is the general procedure in Qubes 4, if we can open the Luks, but then pool00 seems inaccessible with rdsosreport message: Check of pool qubes_dom0/pool00 failed (status:1). Manual repair required! Thank you for your time. Crypto Carabao Group --- #Plow_with_Carabao! #Plow_like_Carabao! PGP: `3f7d5efddfe0cfa588c134065d72fe83efbb7649` Sent with ProtonMail Secure Email. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YL94dzEv24F1_G45avhJNyAszDnofxVjgtp8Z3c6NtWhtX-ZL3frwWRplbYpI_kMdC9NGdBMaCSHYx53k-CbuGoKha0A9PiZphgVOBS-RqA%3D%40protonmail.ch. publickey - cryptocarabao@protonmail.ch - 0x3F7D5EFD.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
[qubes-users] Has anyone a intel Wi-Fi 6 AX200 working in sys-net (fedora/debian)?
> [ 4.776112] iwlwifi :00:06.0: Detected Killer(R) Wi-Fi 6 AX1650x Not a solution but I believe the above line might help. Iwlwifi is picking up the wrong device. I have another machine doing the same but haven't got a solution. All I can say is that it came about with Kernel 5.3.x and isn't specifically a Qubes thing. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/507cca62-3ed5-fac1-820b-691b89bc2812%40TLRcommunications.com.au.