[qubes-users] Qubes Canary 028

2021-08-31 Thread Andrew David Wong

Dear Qubes community,

We have published Qubes Canary 028. The text of this canary is
reproduced below. Please note that this canary contains an announcement
and is accompanied by two letters, which are also reproduced below.

## General information

This canary and its accompanying signatures will always be available in
the Qubes security pack (qubes-secpack).

View Qubes Canary 028 in the qubes-secpack:


Learn how to obtain and authenticate the qubes-secpack and all the
signatures it contains:


View all past canaries:


## Qubes Canary 028


---===[ Qubes Canary 028 ]===---


The Qubes core developers who have digitally signed this file [1] state
the following:

1. The date of issue of this canary is August 31, 2021.

2. There have been 70 Qubes security bulletins published so far.

3. The Qubes Master Signing Key fingerprint is:

   427F 11FD 0FAA 4B08 0123  F01C DDFA 1A3E 3687 9494

4. No warrants have ever been served to us with regard to the Qubes OS
   Project (e.g. to hand out the private signing keys or to introduce

5. We plan to publish the next of these canary statements in the first
   fourteen days of December 2021. Special note should be taken if no
   new canary is published by that time or if the list of statements
   changes without plausible explanation.

Special announcements

Joanna Rutkowska will soon begin traveling without her Qubes laptop for
extended periods of time, which means she will not be able to sign
future canaries on time. She has asked the members of the Qubes security
team, Marek Marczykowski-Górecki and Simon Gaiser, to be released of her
obligation to sign canaries, and she has reaffirmed that she destroyed
all copies of the Qubes Master Signing Key in her possession when she
transferred the project lead position to Marek. The Qubes security team
has agreed to her request. Therefore, this will be the last Qubes canary
signed by Joanna.

Note that this canary is being published one day ahead of schedule
because this is the last day Joanna is available to sign. In addition to
the usual detached signatures from all three aforementioned individuals,
this canary is also accompanied by letters (with their own detached
signatures), all of which can be found in the canary directory in the
qubes-secpack [3].

Disclaimers and notes

We would like to remind you that Qubes OS has been designed under the
assumption that all relevant infrastructure is permanently compromised.
This means that we assume NO trust in any of the servers or services
which host or provide any Qubes-related data, in particular, software
updates, source code repositories, and Qubes ISO downloads.

This canary scheme is not infallible. Although signing the declaration
makes it very difficult for a third party to produce arbitrary
declarations, it does not prevent them from using force or other means,
like blackmail or compromising the signers' laptops, to coerce us to
produce false declarations.

The proof of freshness provided below serves to demonstrate that this
canary could not have been created prior to the date stated. It shows
that a series of canaries was not created in advance.

This declaration is merely a best effort and is provided without any
guarantee or warranty. It is not legally binding in any way to anybody.
None of the signers should be ever held legally responsible for any of
the statements made here.

Proof of freshness

Tue, 31 Aug 2021 00:03:05 +

Source: DER SPIEGEL - International 
Afghan Vice President in Letter to DER SPIEGEL: "A Deal for Surrender 
Won't Happen"

Afghanistan Disaster: Debacle in Kabul Could Overshadow Biden's Presidency
The End of the German Airlift: What Will Become of the Afghans Left Behind?
Terror Expert on Afghanistan: "The Real Threat Is Islamic State, not 

Redistributing Mafia Assets: The Palaces and Ruins of the Drug Bosses

Source: NYT > World News 
Afghanistan Live Updates: The U.S. Occupation Is Over, Ending America’s 
Longest War

U.S. Conducts Drone Strike in Kabul and Winds Down Airlift as Deadline Nears
Colombia’s Troubles Put a President’s Legacy on the Line
North Korea Restarted Plutonium-Producing Reactor, U.N. Agency Warns
How 2 Afghan Paralympians Defied the Odds to Get From Kabul to Tokyo

Source: BBC News - World (https://feeds.bbci.co.uk/news/world/rss.xml)
Afghanistan: US investigates civilian deaths in Kabul strike
Hurricane Ida: One million people in Louisiana without power
Covid: EU recommends new travel restrictions for US as cases rise
Brazil bank robbers tie hostages to getaway cars in Araçatuba
China cuts children's 

Re: [qubes-users] resume from suspend issue after QSB-070

2021-08-31 Thread haaber

 But shouldn't hyperthreading have already been disabled ever since


>>> I admit that I missed that one as well. Shame on me. Is there some way
>>> to detect active hyperthreading on boot && print out a big red
warning ?
>>> That seems a reasonable measure, especially for new-comers how cannot
>>> reasonably be asked to read all old QSB's first :)

> [ Markek ]
> There are (at least) two ways to disable hyper-threading:
> 1. In system BIOS (if there is such option)
> 2. In software - by disabling every second thread of each core.
> The QSB-043 uses the second method. It has is drawbacks, as the logic to
> bring up and down CPUs is quite complex. And yes, there are known
> issues[1] affecting suspend. Disabling hyper-threading in BIOS, prevents
> Xen from starting those secondary threads at all, and so it doesn't need
> to bring them down.
> [1]

Thank you Marek. I only now disabled it in BIOS (my fault), and my
question was that software could point a warning to the user in case of
software disabling. I would have done it much faster then :-)


You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 

[qubes-users] Trezor error with qubes

2021-08-31 Thread 'taran1s' via qubes-users


In my last message I mentioned my attempts to start using the Trezor 
with qubes.

I try to follow this guide, from the official trezor website: 

I use the sys-usb based on debian-10 and tried the same with sys-usb 
based on debian-10-minimal with similar error. My online AppVM in 

After I finished the procedures described in the guide, I installed the 
trezor Bridge and Udev rules in the sys-usb, and the Trezor Suite in the 
anon-whonix, with sudo dpkg -i required-package.

Once I start both sys-usb and anon-whonix and attach the trezor-T I get 
following error (suite is seen by the sys-usb):

2021-08-31T14:38:06.967Z - ERROR(process-trezord): Status error: request 
to failed, reason: connect ECONNREFUSED

Do you see any workarounds to make it work?

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 

Re: [qubes-users] HCL - Thinkpad T14 Gen1 Intel

2021-08-31 Thread Sven Semmler

Thank you Mustafa for your HCL report, which is now part of this [pull 
request](https://github.com/QubesOS/qubes-hcl/pull/93) and will be visible on 
the website soon!


 public key: https://www.svensemmler.org/2A632C537D744BC7.asc
fingerprint: DA59 75C9 ABC4 0C83 3B2F 620B 2A63 2C53 7D74 4BC7

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 

Description: OpenPGP digital signature