[qubes-users] Suggestions for video card

2017-07-20 Thread Fun Zork 
I installed Qubes on my laptop and I love it, but now I want to install it on 
my desktop, but my desktop has a GTX 1080 video card and a CPU without Intel 
graphics.  Apparently nobody has actually gotten Qubes to work on recent nVidia 
cards (but let me know if you have the secret!).  So, I am trying to figure out 
if there is any video card out there that works with Qubes that supports 4k 
resolutions.  The official documentation appears to only suggest Intel 
integrated graphics and some ancient Radeon cards.  Does anybody have a 
suggestion for a standalone card that supports 4k that works with Qubes?  
Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e91acead-67c0-490d-96f6-3c0d36404674%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: off topic - invite codes to 'riseup'

2017-07-20 Thread romcha 
One invite will be nice. Surf Net in China now is more than complicated task. 
Anyone with big heart?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eabe7c81-b4c8-4b5b-ba3d-bd07125b53a6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: how to run vagrant on qubes (very slowly)

2017-07-20 Thread pixel fairy 
you'll also want this in your ~/.bashrc

export VAGRANT_DEFAULT_PROVIDER=libvirt

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c0478336-cd9e-46d0-bd3a-c083e60a3193%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] how to run vagrant on qubes (very slowly)

2017-07-20 Thread pixel fairy 
libvirt plugin, qemu driver. this, of course, means emulation, not 
virtualization. thus its slow. if you can, your better off making a vagrant 
server and sshing to it. you can run virt-manager on a debian-9 template for 
any remote, or local desktop vagrant boxes.

TODO: try lxc, and virtualbox 32bit, which should also work in emulation. any 
interest in a qrexec provider? make an easy script for this. do a real write up 
somewhere on the interwebs thats easier to find.

the test vagrant run is a single instance of fedora-26 cloud with no 
customization, extra networking, or provisioning. also, no other plugins 
installed. my lapotp is a kaby lake i7. vagrant up took 2 minutes and 41 
seconds. on a real linux box, fedora 25 with a skylake i7, the same run took 37 
seconds.

start with a debian-9 template, and either customize that, or clone it for a 
vagrant running template, which may not be a bad idea while messing with this. 
fedora 24 might also work, but its out of support. debian-8 cant install some 
of the dependencies. fedora-25 cant either, because of a conflict with qubes 
version of xen.

first, get libvirt and qemu working

apt install qemu-kvm libvirt-clients libvirt-daemon-system
adduser user libvirt
adduser user libvirt-qemu

you'll also need this your ~/.bashrc
export LIBVIRT_DEFAULT_URI="qemu:///system"

as mentioned above, virt-manager is also useful. libvirt should work now, at 
least for qemu. 

installing the dependencies for vagrant-libvirt took a little more work, 
because the src packages for the debian-9 template were broken, at least for 
me. so, instead of apt installing build-dep the first line installs the 
packages build-dep would install. ill bug the debian people later if this issue 
is still there in a couple days.

apt-get install bash-completion debhelper gem2deb libvirt-dev pkg-config rake 
libvirt-daemon
apt-get install qemu libvirt-bin ebtables dnsmasq
apt-get install libxslt-dev libxml2-dev libvirt-dev zlib1g-dev ruby-dev

then 

vagrant plugin install vagrant-libvirt

which is also make a ~/.vagrant.d

to override kvm acceleration make a ~/.vagrant.d/Vagrantfile like this,

Vagrant.configure("2") do |config|
  config.vm.provider "libvirt" do |libvirt|
libvirt.driver = "qemu"
libvirt.cpu_mode = "custom"
libvirt.cpu_model = "qemu64"
  end
end

and heres the example Vagrantfile i tried

Vagrant.configure("2") do |config|
  config.vm.define :test_vm do |test_vm|
test_vm.vm.box = "fedora/26-cloud-base"
  end
end




-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3fe92a9d-06ca-487a-959b-5d8f658bf39e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How can I test that my AEM configuration is correct?

2017-07-20 Thread lokedhs 
On Thursday, 20 July 2017 20:29:11 UTC+8, Patrik Hagara  wrote:

> On 07/20/2017 02:08 PM, Patrik Hagara wrote:
> > As for the Linux kernel, you want to use the earlyprintk param,
> > either "earlyprintk=vga,keep" or "earlyprintk=xen,keep" should
> > work. Again, the full (and fairly long) list of supported
> > parameters is available at this link [2].
> > 
> > The Linux early printk logging should yield some useful info, I 
> > hope.
> 
> Also, removing the "quiet" option might be necessary. Try adding
> "nowatchdog panic=0" if the system reboots too quickly after logging
> the errors.

Unfortunately, after doing all of this (and trying a few different variations), 
I still have the behaviour that the machine reboots immediately after SENTER.

>From this I draw the conclusion that the kernel isn't even started.

What happens (or is supposed to happen) between SENTER and the kernel being 
loaded?

Regards,
Elias

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4f3cf7d8-1115-497d-9741-05449a0e421d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Seeking moderators for unofficial Qubes IRC channels on Freenode and OFTC

2017-07-20 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear Qubes Community,

We're looking for well-known, trustworthy volunteers from the
community who would like to be moderators in the unofficial Qubes IRC
channels on Freenode and OFTC (#qubes on both). We'd like to have at
least two unrelated moderators who can oversee both channels. If
you're interested, please let us know.

Best,
Andrew

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJZcUp0AAoJENtN07w5UDAw5XUP/jVeN7dxhqy8HRl4ciM45as4
RuSQfVGF98p0L3VURaxZ9UOOKLzecZs4WOSRrfwjnPeL6HuzlB/XEQPMYGNytSCX
3QJMhmyuAqePLUv3wHTLKpE2urrLWRpqtbKxY91AeDU4FiSQBlToxw5kzpfsKZ2B
iphdfuIklB2xxC+E6U27uB6eLm5Z2DMro9O6Pgt08EPrR+MckeU932XAZgjJQzaP
CCRzBtrewtfpgw8MFGLtd4Nv/mFEsYcL9XEiRHdYwJ1XIkL3uC0Mox+7qkDSOhW4
AITF5NUFGjZYcmNIpuo6sWan3w4X+Y53KFmCR7xUi1iZbi0vhsBnzq2dB85lR4SY
7a972fvGusl4ZAdv1LpW70s2ZQzFRQqGdGdud1psSrB62IEQox1QRrJT50prqHAN
xXvakzBffx/5kKjU4YG4ngZCk+Y3bt3wNvrsJIdQfz1R0qzBblNzC8ebG/MXp+Yx
V3v2oex1KprR8IPqAx3BpTd204oTdhOvGhlczNfGj1M4Eh7wcDWlQM+0CT4wfAt8
3v8sD5Iwgp5cAii62q1HHjomT7NxUUZf/xmox+NOMOLxfZKl/mYpciFR/K9nzFVw
aO7G2fkjMSBmgVaH7Kmo+hmNA8N/vbyXt9/lOw9FSkcAtHmtgaIK6pDcjTZVxcz/
KqB25JSGN4vNlHfjYgUx
=nokq
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8ca4d6e6-dcc5-5080-651c-e5f78a489dd4%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: TemplateVMs have issues connecting to DNF

2017-07-20 Thread milotg 
On Saturday, March 25, 2017 at 11:00:56 PM UTC-4, Nemo wrote:
> On Saturday, March 25, 2017 at 9:25:46 PM UTC-4, Nemo wrote:
> > On Friday, March 24, 2017 at 3:48:22 PM UTC-4, Nemo wrote:
> > > My TemplateVMs have a recurring and unpredictable problem starting dnf.
> > > 
> > > dnf will display no output for a number of minutes and then exit with an 
> > > error like (not always this)
> > > 
> > > Error: Failed to synchronize cache for repo 'qubes-vm-r3.2-current'
> > > 
> > > or
> > > 
> > > Error: Failed to synchronize cache for repo 'fedora'
> > > 
> > > I have the issue about 50% of the time I try to use dnf on a TemplateVM. 
> > > If the error appears, I usually attempt to troubleshoot for 20 mins 
> > > before it randomly works, or I give up and decide to try later.
> > > 
> > > Some symptoms/findings:
> > > 
> > > - An AppVM based on the TemplateVM may be able to use dnf at the same 
> > > time the TemplateVM cannot
> > > - Internet access (ie web browsing) is never affected
> > > - Allowing all internet access to the TemplateVM usually does not fix the 
> > > problem
> > > - Allowing all internet access and turning off proxy updates usually does 
> > > not fix the problem
> > > - Resetting the TemplateVM usually does not fix the problem
> > > - Resetting sys-firewall usually does not fix the problem
> > > - Changing the TemplateVM behind sys-firewall usually does not fix the 
> > > problem
> > > - Adding fastestmirror=true to dnf.conf does not fix the problem
> > > - Restarting Qubes sometimes fixes the problem
> > > 
> > > I'm using fedora-25 and fedora-25-minimal as my core distributions.
> > > 
> > > Has anyone else come across this problem?
> > 
> > I've been able to isolate one issue:
> > 
> > A NetVM running a Fedora minimal distribution (including the NetVM 
> > packages) will not allow for updates by via qubes-update-proxy from 
> > TemplateVMs.
> 
> This problem was caused by tinyproxy not installing as I set up 
> fedora-24-minimal for NetVM usage.
> 
> From https://groups.google.com/forum/#!topic/qubes-users/sR7Z5KkL5NQ :
> 
> > The package qubes-template-minimal-stub prevent the install of tinyproxy.
> >
> > In order to do that, you have to install with the full package name:
> >
> > sudo dnf install tinyproxy.x86_64
> 
> I've submitted an update request for the Fedora Minimal documentation to 
> include this.
> 
> https://www.qubes-os.org/doc/templates/fedora-minimal/

###33
MAY YOUR GOD RAIN BLESSINGS UPON YOUR SOUL

I had this same maddening issue.  I was also able to figure out that it just 
stopped working when I switched sys-net from fedora-23 to fedora-25-net (my 
minimal version).

If you don't mind my asking, how were you able to figure out that tinyproxy was 
not installed correctly?

I'd gone through the services tabs but idk what I would have done next... I 
found your solution on here and it worked!

Also, this is not in the documentation yet!  How do we put it there?  Doesn't 
need to be in the minimal-template one but it should be in the Fedora-24 to 25 
one I think.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f82e1411-61b6-43ba-9424-315228972e7b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Standalone Windows VM

2017-07-20 Thread Unman 
On Thu, Jul 20, 2017 at 05:05:24AM -0700, jakis2...@gmail.com wrote:
> On Thursday, July 20, 2017 at 7:55:41 AM UTC-4, Noor Christensen wrote:
> > On Thu, Jul 20, 2017 at 03:09:07AM -0700, jakis2...@gmail.com wrote:
> > > Is there a way to increase the size when you clone a VM? I changed the
> > > storage settings but it doesnt show storage over 20gb inside of
> > > windows. 
> > 
> > You might have to resize the partition from inside the HVM as well,
> > after resizing the outer volume. I don't know how to do this in Windows,
> > but I think there's a Disk Manager or similar...
> > 
> > -- noor
> > 
> > |_|O|_|
> > |_|_|O|  Noor Christensen  
> > |O|O|O|  n...@fripost.org ~ 0x401DA1E0
> 
> 
> Ok thanks
> 

You could read the excellent documentation:
www.qubes-os.org/doc/resize-disk-image/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170720230947.ps43ma6sphjvjgna%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Why doesn't the TemplateVM make the newly installed software present the option to add the shortcut?

2017-07-20 Thread Unman 
On Thu, Jul 20, 2017 at 10:38:00AM +0200, Noor Christensen wrote:
> On Tue, Jul 18, 2017 at 11:53:46AM -0700, Patrick Bouldin wrote:
> > On Tuesday, July 18, 2017 at 2:40:06 PM UTC-4, Noor Christensen wrote:
> > > On Tue, Jul 18, 2017 at 11:22:29AM -0700, Patrick Bouldin wrote:
> > > > On Tuesday, July 18, 2017 at 2:12:39 PM UTC-4, Patrick Bouldin wrote:
> > > > > Hi, I added routine software like libre office draw or writer in the
> > > > > TemplateVM. I am then able to run it in the corresponding appVM -
> > > > > however, I attempt to "add shortcuts" either on the template or the
> > > > > appVM they don't show as available. I think I can do it manually but
> > > > > would like to fix this bug, it wasn't a problem before. I have done
> > > > > a dom0 update by the way.
> > > > > 
> > > > > Thanks,
> > > > > Patrick
> > > > 
> > > > update: I tried to mannually add with the command qvm-sync-appmenus ,
> > > > and that command is not valid. Is this the problem? How to recover?
> > > 
> > > What do you mean with "not valid"? It needs a VM name as its only
> > > argument, which should be clear from the help output. 
> > > 
> > > Try the following in dom0:
> > > 
> > > $ qvm-sync-appmenus 
> > > 
> > > Replace  with the name of your TemplateVM.
> > > 
> > > It will show any errors encountered during the process, which might give
> > > you a clue of what's wrong.
> > > 
> > > -- noor
> > > 
> > > |_|O|_|
> > > |_|_|O|  Noor Christensen  
> > > |O|O|O|  n...@fripost.org ~ 0x401DA1E0
> > 
> > Thanks noor. I tried that but it said I had to do that in the template
> > VM, weird. Tried it there and command wasn't available.
> > 
> > Anyway I decided to update the overall template VM and all of a sudden
> > the shortcuts showed up as available - weird again!
> 
> Glad you got it to work!
> 
> However, I'm just curious... What did qvm-sync-appmenus say about having
> to run in the TemplateVM? Can you please copy/paste the command you
> entered and its output?
> 
> Maybe it's a bug :-)
> 
> -- noor

I would think the error message has been misinterpreted.
If you run qvm-sync-appmenus against a TemplateBasedVM, the error says:
"ERROR: To sync for Template based VM, do it on template instead"

I suppose this COULD be interpreted  as "Run the command IN a template"
as opposed to "Run the command AGAINST a template"
That would be why Patrick found the command not available.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170720225304.npej64hd3v7hxphi%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Printing and scanning with Qubes - a love story

2017-07-20 Thread Jean-Philippe Ouellet 
On Thu, Jul 20, 2017 at 12:32 PM, js...@riseup.net  wrote:
> Jean-Philippe Ouellet:
>> On Qubes, it's a completely different story. First, I pass my USB
>> printer or scanner through to a DispVM. To print, I just copy the file
>> to the DispVM, open it with anything, and print it, and the printer is
>> automatically found and "just works" (thanks Fedora). To scan: I pass
>> the printer to a DispVM, open simple-scan, click the scan button, and
>> it just works! When I'm happy with my scan, I copy it out of the
>> DispVM and then convert to trusted PDF! So far every printer or
>> scanner just works the first time, I haven't needed to look under the
>> hood for anything.
>>
>> With sys-usb, DispVMs, and convert-to-trusted-pdf I feel reasonably
>> confident that if the printers or scanners were malicious, the worst
>> they could do is mutate my documents or store them for later retrieval
>> by an adversary (which is an inherent problem with any commodity
>> printer and totally unrelated to the OS used to interface with). This
>> would be even more true with a stateless laptop without any persistent
>> mutable firmware for the USB controllers, and when sys-usb can act
>> like a DispVM itself without hacks (R4?).
>
> Hi,
>
> I've been having some problems with this myself. Specifically, I'm not
> sure how to pass my USB printer to an appVM. The only thing I can see to
> do is to attach my whole USB controller to a VM, but I'm pretty sure if
> I do that I'll lose my input devices (USB keyboard and mouse) and not be
> able to control the system.

See 
https://www.qubes-os.org/doc/usb/#attaching-a-single-usb-device-to-a-qube-usb-passthrough

> Do you have to have a usbvm (sys-usb) in order to get this to work?

Yes.

> My appVMs are based on a debian-8 template, if that matters.

I'm not aware of any debian-specific issues with USB passthrough,
although I have not tried it myself either.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_AC90_-e89R-RC-i7ZV4LGJkaR3Q6_4-A545mU0XghK2A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Printing and scanning with Qubes - a love story

2017-07-20 Thread js...@riseup.net 
Jean-Philippe Ouellet:
> On Qubes, it's a completely different story. First, I pass my USB
> printer or scanner through to a DispVM. To print, I just copy the file
> to the DispVM, open it with anything, and print it, and the printer is
> automatically found and "just works" (thanks Fedora). To scan: I pass
> the printer to a DispVM, open simple-scan, click the scan button, and
> it just works! When I'm happy with my scan, I copy it out of the
> DispVM and then convert to trusted PDF! So far every printer or
> scanner just works the first time, I haven't needed to look under the
> hood for anything.
> 
> With sys-usb, DispVMs, and convert-to-trusted-pdf I feel reasonably
> confident that if the printers or scanners were malicious, the worst
> they could do is mutate my documents or store them for later retrieval
> by an adversary (which is an inherent problem with any commodity
> printer and totally unrelated to the OS used to interface with). This
> would be even more true with a stateless laptop without any persistent
> mutable firmware for the USB controllers, and when sys-usb can act
> like a DispVM itself without hacks (R4?).

Hi,

I've been having some problems with this myself. Specifically, I'm not
sure how to pass my USB printer to an appVM. The only thing I can see to
do is to attach my whole USB controller to a VM, but I'm pretty sure if
I do that I'll lose my input devices (USB keyboard and mouse) and not be
able to control the system.

Do you have to have a usbvm (sys-usb) in order to get this to work?

My appVMs are based on a debian-8 template, if that matters.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ff5f414e-f3ef-4483-cefb-08d289ce6f0c%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] 2 vm screens on windows? This normal?

2017-07-20 Thread jakis250g 
ok. Now it wont run. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bf9092fd-b58f-420b-a323-5f39733d8dce%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] 2 vm screens on windows? This normal?

2017-07-20 Thread Patrik Hagara 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/20/2017 03:21 PM, jakis2...@gmail.com wrote:
> I had a few issues installing windows tools. Now when I open I get
> two windows. One regular that says desktop. The other smaller that
> is just stuck on starting windows.
> 
> Image here. http://imgur.com/a/6tBP2
> 

Disable the "Run in debug mode" option in qubes-manager VM's settings.


Cheers,
Patrik
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZcK8RAAoJEFwecd8DH5rlZqoQAIXNiYGjGbWfTX/bSSi+J4OG
/G6UgIAhJ8xq2YLRt3qwNHhw2HSOHOVkhP/OsKhWu2FtEFwgs6mC3oHTSadOsXbc
mHoI/MTyhmYnnxFqkIXmuTXfTV8WWJXSUSeBlYZX7SAtgaYEabP2W/5wx/cAR491
WbOYLlmaiQiV6tkz/niBdol66blReUIU5BhUHZtu2K0q8eYEoEvHFww5cfoKGzo/
TcaDAHIrsFXTFsvtQC5ZzDFwFi6QbrxSlMRhLwjF9V5kL/gp6XJaZT1Kce76/S/I
oPvLRUnpo/Lj7dlaieOW/v00xJyzK3Mkpo0xGnkNV3q3FifPTXQjYdD0qKV2JkS7
JOWMxBxDNEPw857AFtIvBTMjjkFh3BnOlHFZfgZsp6h1ERg9ClhgvV+du/tn6qiV
KyYUwJyWT0qFMl5lXanP8scnoMINOX9Bqtn8WWCcNjjDQbwGgSjm0K/CTfwD1iJs
FROVlbunWxBUcPF5J/MyxT/XpS2BYEEkVhg0qqZanrJxqyvxm2mC50AyB+xtYm6q
tli+FsInVRE978zGMwptW8jGC2o8MpB0SN2TTIi92JW8QcmX+DQoJVwVfUI/6We8
Y7HqiCQFmDmeAE5U2XpF4Nau657LZoLsyFeHIZZF1dUTWEW64aSFmc/c+4w7/jTL
DQ3twzGZHfG/PRtK5XIE
=q3yp
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fe084104-3bbd-1380-08e7-9d166c1af455%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


0x031F9AE5.asc
Description: application/pgp-keys


0x031F9AE5.asc.sig
Description: PGP signature

[qubes-users] 2 vm screens on windows? This normal?

2017-07-20 Thread jakis250g 
I had a few issues installing windows tools. Now when I open I get two windows. 
One regular that says desktop. The other smaller that is just stuck on starting 
windows.

Image here. http://imgur.com/a/6tBP2

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2d6ab354-32d4-42cf-bdb0-97c9eb3e76f6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Cannot install Windows AppVms

2017-07-20 Thread jakis250g 
Edit: installed after changing the global nvm to sys-firewall instead of 
sys-whonix

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/73457a62-049d-4d24-bc02-57b496498c34%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How can I test that my AEM configuration is correct?

2017-07-20 Thread Patrik Hagara 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/20/2017 02:08 PM, Patrik Hagara wrote:
> As for the Linux kernel, you want to use the earlyprintk param,
> either "earlyprintk=vga,keep" or "earlyprintk=xen,keep" should
> work. Again, the full (and fairly long) list of supported
> parameters is available at this link [2].
> 
> The Linux early printk logging should yield some useful info, I 
> hope.

Also, removing the "quiet" option might be necessary. Try adding
"nowatchdog panic=0" if the system reboots too quickly after logging
the errors.


Cheers,
Patrik
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZcKIGAAoJEFwecd8DH5rlcLsP/jLQ9qSXxKnOI1ve6WBUcYKY
OspRC9eDuqAOkO0R7nqK33yd1RJpnJevTwtBrL8hnKO2JcC925NVjYdD/zhtavPo
rydDvgXjVVE4nWeWH6aJaiJVOnNOicUiVnfIbQE0jeUCN6HCyb0RPUPVQZ4CrHf4
KfsyWcNFQ0r4RA2M27U7ACwzYInzZVBIuLgO+OG2OltjCHCc+ljjptDiZ1aNE3RX
JWF21H0k/GwjsHYmLJo7/Ee3kiMdyok4fy7gzzXljpCrjHG6NUBWgZC8VgfosSk+
3wTdxq/TdfGIk9X2Ulo192Cszd1JMIbkloUXIqyJaISH4zh/ot1Nasqnf+eLMc6Z
EuSnKCOV2raGR9UMziK1dL8kc7zfl+fMXTLgwkaZAcKtAu3ME0QDvo2dqswGlhn+
hlZCYfKztABhFM8gDtd1cTf3XD1eg8lJKmeFdGZ0odCfnw+V3cQzJFGAzkcY/Ey6
ialJnQvOrQiKCdqZv1reNRgytvqqJ4RUfQRveMCu25glJw9IJybmtXqoI/gaUE29
Bq3la4/TUVqtyS8bU5CgDMpfyQ7q54MuiT+sUtA9RtoX2VF7c1JKWh0JshRIJQyS
Vx99f2RVGmA8rqQ50wUP4r2niB2EPZx/sf3ck76v2+pdUdPeW/vTOxrEkPJhCELL
8nVnOPGA35SncpjEMdVg
=crRr
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/76cce55d-0c01-7b01-8039-3de0ec5643cd%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


0x031F9AE5.asc
Description: application/pgp-keys


0x031F9AE5.asc.sig
Description: PGP signature

[qubes-users] Cannot install Windows AppVms

2017-07-20 Thread jakis250g 
When Im running dom0 updates Im getting errors.

[Errno 14] PYCURL ERROR 22 - "the requested URL returned error:416 Requested 
Range Not Satisfiable"

When I run this: sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing 
qubes-windows-tools

I get running transaction check 
---> Package qubes-windows-tools.x86_64 0:3.2.2-3 will be installed
-->Finished Dependency Resolution
find: `/var/lib/qubes/dom0-updates/var/cache/yum': No such file or directory
'/usr/lib/qubes/qrexec-client-vm dom0 qubes.RecieveUpdates 
/usr/lib/qubes/qfile-agent /var/lib/qubes/dom0-updates/packages/*.rpm' failed 
with exit code 1!


My dom0 is not showing any updates but was when I installed 3.2 earlier. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3add0629-926b-40c3-a33f-085f6d467557%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How can I test that my AEM configuration is correct?

2017-07-20 Thread Patrik Hagara 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/20/2017 01:13 PM, Elias Mårtenson wrote:
> On 20 July 2017 at 17:49, Patrik Hagara  > wrote:
> 
> 
> Oh yes, now I remember! This was definitely a Linux kernel issue
> for me, it just didn't setup VGA console logging yet so it seems
> like a tboot hang. See the mail I just sent about updating dom0
> kernel.
> 
> 
> I now have Kernel 4.9.35, which is a great thing (I can now disable
> tap to click, finally) .
> 
> However, I still get stuck in a bootloop when I try to start AEM.
> Is there a way I can tell if it even starts running the kernel or
> if it crashes before it's loaded?

Yes, for Xen you can replace the "console=none" parameter in grub.cfg
with "console=vga" (and perhaps also add "sync_console=true"). Another
parameter worth mentioning is "tboot=" -- this should be
automatically added by tboot though. For a complete list of supported
parameters, take a look here [1].

As for the Linux kernel, you want to use the earlyprintk param, either
"earlyprintk=vga,keep" or "earlyprintk=xen,keep" should work. Again,
the full (and fairly long) list of supported parameters is available
at this link [2].

The Linux early printk logging should yield some useful info, I hope.


Cheers,
Patrik


[1] https://xenbits.xen.org/docs/unstable/misc/xen-command-line.html
[2]
https://www.kernel.org/doc/html/v4.10/admin-guide/kernel-parameters.html
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZcJ05AAoJEFwecd8DH5rl8IYQAJ6xojzkXON9FUtEwVSTZbDB
lVKsUeYHulCGVDmKaKdcdv8FPsJuUTb4pK00yNfrgR+siDg1ViPnw20v8bRVBoC2
7zWlt6molSH5tV9DoEW9kFBdy//Ow+8N3izVnnxkjVu7oS7ISWBZayZ5q72SffL1
Mxvwh1aNOz5Samy3ERvtlH60QCGy6fIynKRDRx5n6MoskpISKQ0jQBDF8U2TLMk4
9VpmW+gSkgvkKuWtHMJuz7jjOoWfV2K5I66z/OmPP1QYueOkM1fH21cRF0zuxFRV
DBr0fMMG/2pWeZEZAWhc/gZTq4x/Pclzs3F1L+iFhAId1ywJG4O4NLa4E056VtvU
tw9B/lTRjEH8o6I4QH23VaDXxLlDoenuhSAY6NWGoZawLetj+RDweE6VbxkpYKUj
rrqAgkae9w5K6XmJgAvpsH6HFrCLUkQ0uDOd1eBWl4I9yG0m5ROpMDxXiSzzS8+u
l/vLXesXY3i2ckvsro+gvG1tr2cOzFObYMKe9HK96apgGvUKlMB2QITbP3X3Kn7X
TLObGjkUUbSHA6qJE/Z/3sQcMp8+mKtkzg0IzRGM/4IP3EOt4MjkTFKSqM4E1+29
BXa1dS+eF+lNksOII7MtO0bnM0kfaza/TWhv00KNKaKrQrawaqsBlqbnrglakrcI
abiXdQkB08ZezKUwXbHn
=vkq8
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/17afe848-036a-bfed-73e9-cdacfbb3208d%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


0x031F9AE5.asc
Description: application/pgp-keys


0x031F9AE5.asc.sig
Description: PGP signature

Re: [qubes-users] Standalone Windows VM

2017-07-20 Thread jakis250g 
On Thursday, July 20, 2017 at 7:55:41 AM UTC-4, Noor Christensen wrote:
> On Thu, Jul 20, 2017 at 03:09:07AM -0700, jakis2...@gmail.com wrote:
> > Is there a way to increase the size when you clone a VM? I changed the
> > storage settings but it doesnt show storage over 20gb inside of
> > windows. 
> 
> You might have to resize the partition from inside the HVM as well,
> after resizing the outer volume. I don't know how to do this in Windows,
> but I think there's a Disk Manager or similar...
> 
> -- noor
> 
> |_|O|_|
> |_|_|O|  Noor Christensen  
> |O|O|O|  n...@fripost.org ~ 0x401DA1E0


Ok thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0ab6c506-4687-4695-bdb2-f071d9b11894%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Standalone Windows VM

2017-07-20 Thread Noor Christensen 
On Thu, Jul 20, 2017 at 03:09:07AM -0700, jakis2...@gmail.com wrote:
> Is there a way to increase the size when you clone a VM? I changed the
> storage settings but it doesnt show storage over 20gb inside of
> windows. 

You might have to resize the partition from inside the HVM as well,
after resizing the outer volume. I don't know how to do this in Windows,
but I think there's a Disk Manager or similar...

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170720115536.yhqw6njamlhcvx45%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature

Re: [qubes-users] How can I test that my AEM configuration is correct?

2017-07-20 Thread Elias Mårtenson 
On 20 July 2017 at 17:49, Patrik Hagara  wrote:


> Oh yes, now I remember! This was definitely a Linux kernel issue for
> me, it just didn't setup VGA console logging yet so it seems like a
> tboot hang. See the mail I just sent about updating dom0 kernel.


I now have Kernel 4.9.35, which is a great thing (I can now disable tap to
click, finally) .

However, I still get stuck in a bootloop when I try to start AEM. Is there
a way I can tell if it even starts running the kernel or if it crashes
before it's loaded?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CADtN0WKQp%3DJnYj2XssFvK%2BvhG-_4x1xFjkSMyaGzcWynhbHOPA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Standalone Windows VM

2017-07-20 Thread jakis250g 
Is there a way to increase the size when you clone a VM? I changed the storage 
settings but it doesnt show storage over 20gb inside of windows. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5bc453ae-a964-4b89-b249-291429aee32d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How can I test that my AEM configuration is correct?

2017-07-20 Thread Patrik Hagara 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/20/2017 11:44 AM, Elias Mårtenson wrote:
> On 20 July 2017 at 17:31, Patrik Hagara  > wrote:
> 
> Now that I tried removing min_ram from my setup it still works, so 
> perhaps the fix for this was something different... Can't recall
> what though. :-\
> 
> Ah well, guess we'll have to go back to taking pictures of the
> screen.
> 
> 
> Thank you so much for spending time on this.
> 
> I took another set of pictures:
> https://photos.app.goo.gl/IZFNokdsfClsWwNz2
> 
> Regards, Elias

Oh yes, now I remember! This was definitely a Linux kernel issue for
me, it just didn't setup VGA console logging yet so it seems like a
tboot hang. See the mail I just sent about updating dom0 kernel.

Cheers,
Patrik
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZcHygAAoJEFwecd8DH5rlirUP/2+eFuyiht/4fET2fnR1ejbt
t6UJaGtk5emy2YwD9J3MklOfyGv1lKVWwfjzslaYir3KgHuCzDWo4Pu9b0bwlo2u
6nVzE1Q2LbdhOcVeD5zFWvpcLyWCE23ttVYkCgGIEXnYgDMzCJ+8q9eKTLmyzg6k
KvYGIRRm/OTG1T+Z8plRx5ikL4Jk4XPwv9b2SUapIamu7Ng9JgAQ95o07BOOMhp0
TIegp4zgf0Y01wDeIRUPmXOnKcQzVM2eCI07IZVhrRyfFNNl26SqyD4hXVzb7eCD
5oJs9H65B6mg4GxcKnDDNFFxkLNbFmreQrYdrL8YQS7wyvOmtQAX6Ofx4w7HX47j
B2PMGx9Jp7Ue1mQ3hGexUduN6Iv9+vLqgOkejMb7p3HE7b/nb3Sr3SPyhUtY2V7q
/tuebVFsmQlQmnXBQG5SIs8iR/RDFaxhwyIasUUimS6ZyQ8RidefctAl7FMTHfED
+eTzKyrRvqzC7sZRAUdQC6nl3mOoktLwIs7AGactN09ilLfNxp5b6rmJjoZR2eso
AvmSl8p4t2cZ9dYVeLPlQT35jkcHJvM3dxER6kKcScNyOWxAUMCYC5+eEg/bngeC
mDpMl79JLZdmWQ6PZAtUsZK87VeNZszvfbXVif0EaVuPz2diJOH4KzY008yY0bnH
P7/q6BLR9vtdSl5oWdfa
=PzaP
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9c4689c3-834f-412b-cb0d-3cfa535d3944%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


0x031F9AE5.asc
Description: application/pgp-keys


0x031F9AE5.asc.sig
Description: PGP signature

Re: [qubes-users] How can I test that my AEM configuration is correct?

2017-07-20 Thread Patrik Hagara 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/20/2017 11:31 AM, Patrik Hagara wrote:
> On 07/20/2017 11:21 AM, Elias Mårtenson wrote:
>> On 20 July 2017 at 16:51, Patrik Hagara > > wrote:
> 
> 
>>> Thank you! You were right of course. There was a disabled
>>> option referring to "trusted execution" that was turned off.
>>> Enabling that gave me much more than 3 pages of debug output.
>>> 
>>> Unfortunately, the machine reboots shortly after the "SENTER",
>>>  causing the machine go into an infinite bootloop.
>>> 
>>> Note that it never even gets to the point where it asks for
>>> the TPM password.
>>> 
>>> Would screenshots of all the pages of debug be useful?
>>> 
>>> Thanks and regards, Elias
>>> 
>> This sounds like the exact same issue I've encountered -- and 
>> managed to fix by adding "min_ram=0x200" to the tboot
>> cmdline arguments (see tboot readme [1] for details).
> 
> 
>> Thank you for your suggestion. I tried this (and also read the 
>> README file you helpfully linked to).
> 
>> Unfortunately it did not change the behaviour, and the machine 
>> still reboots at some point after SENTER.
> 
>> Regards, Elias
> 
> Now that I tried removing min_ram from my setup it still works, so 
> perhaps the fix for this was something different... Can't recall
> what though. :-\
> 
> Ah well, guess we'll have to go back to taking pictures of the
> screen.

Also, do you have testing repositories enabled in dom0? According to
this [1] Qubes issue, a newer Linux kernel version might work (and it
might be the reason why me removing mem_min didn't bring back the
SENTER boot loop).

  sudo qubes-dom0-update --enablerepo=qubes-dom0-testing

If that doesn't work, you can try manually upgrading tboot itself
(since Fedora has an ancient version packaged; instructions in the
issue comments). I'm still using the Fedora-packaged version though.


Cheers,
Patrik


[1] https://github.com/QubesOS/qubes-issues/issues/2155
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZcHvKAAoJEFwecd8DH5rl9pYQAJT+xLXnNQDFS/Cnp8ddHxXp
yLUCAj9+zzIOb5Mc/v5lIoZckFQ+3gZR6ousR9BqsxauRmo3hVuJ8cOFBCGJSQ48
IECBJgTAnaqfl0oR7yTcKkGXRUAtecP3O4ETEhCNvQdEc6LM3Y6KaSh2XnHm3TiC
hGaQJuveAKvKxT+N8xbhqJm9rciEq3sx7ZRLKzKt7ohBUEO8owDE+Xd84NbnGTxf
ZoWg1MpiAa/NzlUMB9KlkMQMEfJ4gDS3k8GT5A0YgtZFjlYs5zf9i/pUsSVzTEVk
GOexrx8JFEbI1fgZ6JjdXkDwWXoyuvEYC718ztZrC4goZH2GD7TnF92s0chmLCip
/MSRi/8n4gmx9hSM6FelcVEHorGC3A3DU+4RCfqbIsrdtGQ+JRUcyB961urzR75m
Oerip/SLYU5rgOmUJg8SKvDlPHKTaDhC3JlXPohE+ijjYuTD5W12jUHvsY5w5CpR
OGQ4zBLMpGH3ZJlqZYmfxGvkWTWjZ2PDhQRmLyaSy6WWzW/0luRr7hPkjQJVb1k4
+2D5uWrCmhwZb2ykIgxymqycCSI7p/YB4PUojhYuD7dvCAMaOwglKYLio/lGcHBf
nsMaRejHPkVy/cDF8UWbVEayM5EjdWc3b2dqmlqJShQM9qTakU76++UChFJUYVmI
57YuL8TBjwF9kRvvACS+
=gp2+
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c2d8b70f-c09d-ff83-ff12-70c86e3a317f%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


0x031F9AE5.asc
Description: application/pgp-keys


0x031F9AE5.asc.sig
Description: PGP signature

Re: [qubes-users] How can I test that my AEM configuration is correct?

2017-07-20 Thread Elias Mårtenson 
On 20 July 2017 at 17:31, Patrik Hagara  wrote:

Now that I tried removing min_ram from my setup it still works, so
> perhaps the fix for this was something different... Can't recall what
> though. :-\
>
> Ah well, guess we'll have to go back to taking pictures of the screen.
>

Thank you so much for spending time on this.

I took another set of pictures: https://photos.app.goo.gl/IZFNokdsfClsWwNz2

Regards,
Elias

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CADtN0WK0s7PmebFvj%2B%2BBdPtK9w%2BzFPp-pLzOR2nX0yTLxSa-TA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How can I test that my AEM configuration is correct?

2017-07-20 Thread Patrik Hagara 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/20/2017 11:21 AM, Elias Mårtenson wrote:
> On 20 July 2017 at 16:51, Patrik Hagara  > wrote:
> 
> 
>> Thank you! You were right of course. There was a disabled option 
>> referring to "trusted execution" that was turned off. Enabling
>> that gave me much more than 3 pages of debug output.
>> 
>> Unfortunately, the machine reboots shortly after the "SENTER", 
>> causing the machine go into an infinite bootloop.
>> 
>> Note that it never even gets to the point where it asks for the
>> TPM password.
>> 
>> Would screenshots of all the pages of debug be useful?
>> 
>> Thanks and regards, Elias
>> 
> This sounds like the exact same issue I've encountered -- and
> managed to fix by adding "min_ram=0x200" to the tboot cmdline
> arguments (see tboot readme [1] for details).
> 
> 
> Thank you for your suggestion. I tried this (and also read the
> README file you helpfully linked to).
> 
> Unfortunately it did not change the behaviour, and the machine
> still reboots at some point after SENTER.
> 
> Regards, Elias

Now that I tried removing min_ram from my setup it still works, so
perhaps the fix for this was something different... Can't recall what
though. :-\

Ah well, guess we'll have to go back to taking pictures of the screen.


Cheers,
Patrik
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZcHhcAAoJEFwecd8DH5rls4IQAJ5+6NVAGHShUWGT6w0AtIuW
RhGbvbU0E3rYpTP6XjIlKLVCT7/Kwl5T7tLx4xbzvU5h667oGuDncFpHiXmXioSp
WqycV7pBcuZPszOOUYKtcnlI8DO9KctelzdnIXarkFs03aAkA7cpuK8/awHziz+Y
yZLBxRhYnC7dCUrcy0JOCCOQO+vLmFWUXVHSbHR71OYHSruapfi9VXoua/j7mtJd
QOd9+30ilPqV5JoNswGtdIfbRIN0CTXFynQ4hGHTOJ0IDRYWI8dKBePhTRZ1v9VK
JnbEdULCNHPAt/kWaShs2UOFGhrR6MAe5W4NNzFMuJGfoDsMIbw7INQw3FkH3q+S
k7tZS9keiTA4jFctT7kJFfoZ0vdYYpvjUJ2P7V8QI8bjm1Q10RH5ZMkTFAffaIvA
pH3coVwk6qcJ1GO5MabZKrOmOJfdxgU4bm803zk3OSkIgJJmf1aUoVeAyXtaclzb
J/UIlOQRaJ1S3JVzOTdSFr0J0RPzW7MZolIthqDGYRfmjlKX65TBCm7VrrH/P9tU
nNENBs68rgCqz19Gd4lxXC9zDp0dlrh46b+VOEZH692uwwJG0Lq3sGwX+C7odx/7
sZBx6BAoMi0xwQVc54WSvTiu5+9PxBjykeIcwUSC3RTQDTpF0p6S8ptIqEv0uIhB
fC1/Z5V/StonWAcfBHDn
=6Vps
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/68d55577-1301-fa04-86b2-b58ad50c9d62%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


0x031F9AE5.asc
Description: application/pgp-keys


0x031F9AE5.asc.sig
Description: PGP signature

Re: [qubes-users] How can I test that my AEM configuration is correct?

2017-07-20 Thread Elias Mårtenson 
On 20 July 2017 at 16:51, Patrik Hagara  wrote:


> > Thank you! You were right of course. There was a disabled option
> > referring to "trusted execution" that was turned off. Enabling that
> > gave me much more than 3 pages of debug output.
> >
> > Unfortunately, the machine reboots shortly after the "SENTER",
> > causing the machine go into an infinite bootloop.
> >
> > Note that it never even gets to the point where it asks for the TPM
> > password.
> >
> > Would screenshots of all the pages of debug be useful?
> >
> > Thanks and regards, Elias
> >
> This sounds like the exact same issue I've encountered -- and managed
> to fix by adding "min_ram=0x200" to the tboot cmdline arguments
> (see tboot readme [1] for details).


Thank you for your suggestion. I tried this (and also read the README file
you helpfully linked to).

Unfortunately it did not change the behaviour, and the machine still
reboots at some point after SENTER.

Regards,
Elias

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CADtN0WKARFb%3DrriRokydSMMesVqCbGOuMXK%3Di3GJDxH%3D59ue8g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Problems with connection and updates.

2017-07-20 Thread jakis250g 
I was running qubes on my 250gb ssd. I decided to back up my VMs and install 
qubes on my 500gb ssd. I went thru the install and then deleted all the vms but 
the system Vms and dom. 

I went thru restore and template vms as I've already made installs on those 
previously to what I needed.

When I first tried to connect it was giving me mac errors. I changed the 
sys-net mac and worked fine.

However my sys-whonix doesn't connect properly. I tried updates but still 
issues. I did a dom0 update and shortly after 2 boxes popped up. One with a 
lock and one with a clock. Sys-whonix qubes dom0 u - downloading updates for 
dom0 please wait and just stays there. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fa3cce4c-8b41-4d88-b9e6-9b7d92abd9fa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How can I test that my AEM configuration is correct?

2017-07-20 Thread Patrik Hagara 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/20/2017 10:46 AM, loke...@gmail.com wrote:
> On Thursday, 20 July 2017 16:22:22 UTC+8, Patrik Hagara  wrote:
> 
>> That's a non-fatal error, I have that in my log too.
>> 
>> What's more interesting is the last photo, in particular the
>> line:
>> 
>> ERR: SENTER disabled by feature control MSR (5)
>> 
>> I _think_ this means that your motherboard/BIOS does not support
>> Intel TXT as it seems to be deliberately disabled in the CPU's 
>> Model-Specific Register (MSR).
>> 
>> Maybe try searching for the TXT-enabling option in BIOS again (it
>> may be hidden until you turn on something else, eg. Intel
>> VT-d/IOMMU like on my Lenovo laptop). Check whether there's a
>> BIOS update available, too
> 
> Thank you! You were right of course. There was a disabled option
> referring to "trusted execution" that was turned off. Enabling that
> gave me much more than 3 pages of debug output.
> 
> Unfortunately, the machine reboots shortly after the "SENTER",
> causing the machine go into an infinite bootloop.
> 
> Note that it never even gets to the point where it asks for the TPM
> password.
> 
> Would screenshots of all the pages of debug be useful?
> 
> Thanks and regards, Elias
> 
This sounds like the exact same issue I've encountered -- and managed
to fix by adding "min_ram=0x200" to the tboot cmdline arguments
(see tboot readme [1] for details).


Cheers,
Patrik


[1] https://sourceforge.net/p/tboot/code/ci/default/tree/README
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZcG8CAAoJEFwecd8DH5rlHKoP/3sSvU39IJCrCzCj0H4KBaXW
tFsAzDvjsMD537AtVXUUVrEKoWiIHpBc4fU050Liwjb+ryRX52kS9x+lV8HrpBZ4
/y4eU/Yyc8D3rO4OSw1hPx/8tO7VlnP+kG/Vz//4lC1ZTYy0wokV0eZPjakQ3USk
u4RM1rkTnhwjKyzr95BbAIyOrFkMhLI6eftR4NYmx7c7sexEhOTFYXb4CKw9xNYZ
FfGKG46BUjPEThnijAPg4CEf8OpGXeL2kOq2k7GWsyB4e2Si9uBE8mzt6FT8VLJe
I5RRkVLpRt00/QM6zupfmxjowjW2zEWyWgh19QrHvbLrB/hh9UdJOogvYIiBU3Aa
Q41t4BWA6xDrgi4FYqs+fnG7Yn4N1ovBQikZbo2LWrhkPIlWp4JB3jn4h6rqe8Lr
3ZZ8W61eRkgzPd3hFblECBqe8V6M08HoIBpyDXasMWpglQXjAPrfrzzC4uuyUPzT
7ARTGqkfArSL0zHpQZzTXrTOamHL1RQ0nV7j53ki06RAepuVEsI/G4Z0y9XPTE7e
JwNU3FzGZ+iPpF/qQlOBurFiDn5yGsO5QI4GM7pcOqHBpJBCcpghlF4/1H7RiNde
/JbacGckdV6bQ9Z9f6tUDH+7hBghj94hgv3nxJrzyIE5NV4JLlk/mfEzKgZwHjSt
Y/Q06Ky+WqfAvwQC5THY
=RvYs
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/152ade58-08ab-7977-aea1-33e5da305233%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


0x031F9AE5.asc
Description: application/pgp-keys


0x031F9AE5.asc.sig
Description: PGP signature

Re: [qubes-users] How can I test that my AEM configuration is correct?

2017-07-20 Thread lokedhs 
On Thursday, 20 July 2017 16:22:22 UTC+8, Patrik Hagara  wrote:

> That's a non-fatal error, I have that in my log too.
> 
> What's more interesting is the last photo, in particular the line:
> 
>   ERR: SENTER disabled by feature control MSR (5)
> 
> I _think_ this means that your motherboard/BIOS does not support Intel
> TXT as it seems to be deliberately disabled in the CPU's
> Model-Specific Register (MSR).
> 
> Maybe try searching for the TXT-enabling option in BIOS again (it may
> be hidden until you turn on something else, eg. Intel VT-d/IOMMU like
> on my Lenovo laptop). Check whether there's a BIOS update available, too

Thank you! You were right of course. There was a disabled option referring to 
"trusted execution" that was turned off. Enabling that gave me much more than 3 
pages of debug output.

Unfortunately, the machine reboots shortly after the "SENTER", causing the 
machine go into an infinite bootloop.

Note that it never even gets to the point where it asks for the TPM password.

Would screenshots of all the pages of debug be useful?

Thanks and regards,
Elias

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2c3ad010-b75a-41e0-8fe1-950d7fd1b540%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Why doesn't the TemplateVM make the newly installed software present the option to add the shortcut?

2017-07-20 Thread Noor Christensen 
On Tue, Jul 18, 2017 at 11:53:46AM -0700, Patrick Bouldin wrote:
> On Tuesday, July 18, 2017 at 2:40:06 PM UTC-4, Noor Christensen wrote:
> > On Tue, Jul 18, 2017 at 11:22:29AM -0700, Patrick Bouldin wrote:
> > > On Tuesday, July 18, 2017 at 2:12:39 PM UTC-4, Patrick Bouldin wrote:
> > > > Hi, I added routine software like libre office draw or writer in the
> > > > TemplateVM. I am then able to run it in the corresponding appVM -
> > > > however, I attempt to "add shortcuts" either on the template or the
> > > > appVM they don't show as available. I think I can do it manually but
> > > > would like to fix this bug, it wasn't a problem before. I have done
> > > > a dom0 update by the way.
> > > > 
> > > > Thanks,
> > > > Patrick
> > > 
> > > update: I tried to mannually add with the command qvm-sync-appmenus ,
> > > and that command is not valid. Is this the problem? How to recover?
> > 
> > What do you mean with "not valid"? It needs a VM name as its only
> > argument, which should be clear from the help output. 
> > 
> > Try the following in dom0:
> > 
> > $ qvm-sync-appmenus 
> > 
> > Replace  with the name of your TemplateVM.
> > 
> > It will show any errors encountered during the process, which might give
> > you a clue of what's wrong.
> > 
> > -- noor
> > 
> > |_|O|_|
> > |_|_|O|  Noor Christensen  
> > |O|O|O|  n...@fripost.org ~ 0x401DA1E0
> 
> Thanks noor. I tried that but it said I had to do that in the template
> VM, weird. Tried it there and command wasn't available.
> 
> Anyway I decided to update the overall template VM and all of a sudden
> the shortcuts showed up as available - weird again!

Glad you got it to work!

However, I'm just curious... What did qvm-sync-appmenus say about having
to run in the TemplateVM? Can you please copy/paste the command you
entered and its output?

Maybe it's a bug :-)

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170720083800.hcbemt2m3xcw5cns%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature

Re: [qubes-users] How can I test that my AEM configuration is correct?

2017-07-20 Thread Patrik Hagara 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/20/2017 10:09 AM, Elias Mårtenson wrote:
> On 20 July 2017 at 15:58, Patrik Hagara  > wrote:
> 
> 
> This looks to me like tboot either wasn't loaded at all or memory 
> logging is disabled.
> 
> Check the tboot cmdline used -- search for the following in 
> /boot/grub2/grub.cfg:
> 
> multiboot /tboot.gz placeholder logging=memory,serial
> 
> If memory logging is enabled, try adding vga there too (plus a
> delay to be able to read the output):
> 
> multiboot /tboot.gz placeholder logging=memory,serial,vga
> vga_delay=10
> 
> You'll have 10 seconds per screenfull of tboot log messages, may
> as well take photos. :)
> 
> 
> Thanks. I got three screenfuls of information. I've shared the
> pictures here: https://photos.app.goo.gl/xNaxca5fxviwmfw12
> 
> The error "failed to get public data of 0x4001 in TPM NV"
> seems interesting, but I have no idea how to deal with it.
> 
> Regards, Elias

That's a non-fatal error, I have that in my log too.

What's more interesting is the last photo, in particular the line:

  ERR: SENTER disabled by feature control MSR (5)

I _think_ this means that your motherboard/BIOS does not support Intel
TXT as it seems to be deliberately disabled in the CPU's
Model-Specific Register (MSR).

Maybe try searching for the TXT-enabling option in BIOS again (it may
be hidden until you turn on something else, eg. Intel VT-d/IOMMU like
on my Lenovo laptop). Check whether there's a BIOS update available, too
.


Cheers,
Patrik
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZcGgzAAoJEFwecd8DH5rldX4P/3oMCuGLbS2tgSqu5VGerZ9w
o4G8vBqKqANF9jusTEFdT/8dOLrrwOwsJDpFUWyBQS92PYgCl5nQzCcyi5X6u+Ek
bJsoGDRk574/B3j0yeuJVzAzCqD96Tse/3/XUGu6Jz996lSW+++77sTGLPZGR9yC
q3xmRtWy+DSV+3HbK75aVe+vzpNmmH4kMDtOJGcAm8LBEMmjNF/LNVVfs/VnS16q
wW2GN51EANmtbStpGzZ9wklfkWDUTF3Nzrk2h37n12MiD0esVtuIjIUEOc04eFLL
UoSGygv5hYWzLIretjmBXMZINic4od/+xiHxNku01CbPVkvr4nRl/xwH4UnAQncn
HqQtiXRkKhCXxYJnyinDJV7Lqaiskppg4W0YdPUrRgjO5vlBL1wGET7DOytJYsmc
YxNvAz4Yz3Cbp2atnFI4LkoGNnGUwymWNSBPNh4izSckO3jRw0ebfoObRXfC+p1g
1FiZtCQgsftV3oKz7FVReAUbOkqDqFtbGUNh/Uqo3kQZhq/VSkYbVOglz72h7NWq
mSkNSY4VXAPJEPj0+cI4K6mTtHiWPEQYFq6BOLU6znX/W4X9qruUemRD7UYx9DPY
HYP4O4rd9A/dHj4m+p048WjrH6e1yg6OoLPh7oduUlXb0CU9yE/KYPvoOVj6lJp6
1xuEE7bRyPdUEZ70dZXB
=Nyes
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a0e746ce-ee44-cd14-8154-24fb62cf248e%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


0x031F9AE5.asc
Description: application/pgp-keys


0x031F9AE5.asc.sig
Description: PGP signature

Re: [qubes-users] How can I test that my AEM configuration is correct?

2017-07-20 Thread Elias Mårtenson 
On 20 July 2017 at 15:58, Patrik Hagara  wrote:


> This looks to me like tboot either wasn't loaded at all or memory
> logging is disabled.
>
> Check the tboot cmdline used -- search for the following in
> /boot/grub2/grub.cfg:
>
>   multiboot /tboot.gz placeholder logging=memory,serial
>
> If memory logging is enabled, try adding vga there too (plus a delay
> to be able to read the output):
>
>   multiboot /tboot.gz placeholder logging=memory,serial,vga vga_delay=10
>
> You'll have 10 seconds per screenfull of tboot log messages, may as
> well take photos. :)


Thanks. I got three screenfuls of information. I've shared the pictures
here: https://photos.app.goo.gl/xNaxca5fxviwmfw12

The error "failed to get public data of 0x4001 in TPM NV" seems
interesting, but I have no idea how to deal with it.

Regards,
Elias

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CADtN0WL2kFy3CvTBBt8i-%3DEOAhjRmx0JCZj8X3DqGYSbEHTNWw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How can I test that my AEM configuration is correct?

2017-07-20 Thread Patrik Hagara 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/20/2017 09:42 AM, loke...@gmail.com wrote:
> On Thursday, 20 July 2017 15:18:26 UTC+8, Patrik Hagara  wrote:
> 
>> Try checking the tboot log (from dom0) for any obvious error
>> messages: sudo txt-stat
> 
> Thanks. I did this, but I'm not sure how to interpret the
> information. It does say "TXT measures launch: FALSE". Does that
> mean that TXT is not available?
> 
> Here's the output of the command:
> 
> Intel(r) TXT Configuration Registers: STS: 0x0082 senter_done:
> FALSE sexit_done: TRUE mem_config_lock: FALSE private_open: TRUE 
> locality_1_open: FALSE locality_2_open: FALSE ESTS: 0x00 txt_reset:
> FALSE E2STS: 0x0004 secrets: FALSE ERRORCODE:
> 0x DIDVID: 0x0001b0068086 vendor_id: 0x8086 device_id:
> 0xb006 revision_id: 0x1 FSBIF: 0x QPIIF:
> 0x9d003000 SINIT.BASE: 0x SINIT.SIZE: 0B (0x0) 
> HEAP.BASE: 0x HEAP.SIZE: 0B (0x0) DPR: 0x 
> lock: FALSE top: 0x size: 0MB (0B) PUBLIC.KEY: 2d 67 dd d7
> 5e f9 33 92 66 a5 6f 27 18 95 55 ae 77 a2 b0 de 77 42 22 e5 de 24
> 8d be b8 e3 3d d7
> 
> *** TXT
> measured launch: FALSE secrets flag set: FALSE 
> *** unable
> to find TBOOT log
> 

This looks to me like tboot either wasn't loaded at all or memory
logging is disabled.

Check the tboot cmdline used -- search for the following in
/boot/grub2/grub.cfg:

  multiboot /tboot.gz placeholder logging=memory,serial

If memory logging is enabled, try adding vga there too (plus a delay
to be able to read the output):

  multiboot /tboot.gz placeholder logging=memory,serial,vga vga_delay=10

You'll have 10 seconds per screenfull of tboot log messages, may as
well take photos. :)


Cheers,
Patrik
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZcGKQAAoJEFwecd8DH5rlzoIQAKVWGdgh0jy+eR6Lx292zmlb
ZDFtbeQaothuOLw4O0ZhJojGObmQLBaXjH7L8tveTiBaa1P5GH49W9Vll4eVyeyo
fQ9RicCUexvMBTxvZ/bpdGG+SJYirK6Ky2qVv4m/7aipMAf9aCbg4wZ25PBlMePn
Brjg8vzFXoW+0n00EpDQ1EHdq8sUe2bfVNGQallnbgPwVm6SPQ2BWY3+LdXeMjKT
Ra6cyt/iQHne0Iy6y0BCWhjSfk74KJ4Uy8Gs8CTvSUC3rIHAdBFoL30kZ5VMcRBe
4r7dFs1+a1DuzjMXySBxsbR1G6VgjVqikxYTvM+M6MuBWrr97wFHTOLEf0xQIcuV
T0wSHoMjpqnd0OJUBWVe2bAFpvBRRRTeetc1P+J40QKQ73COBqpUF+Pohamw8ox8
bxzb68FdcfengVuskft843MCHgNMe4LCUCRK+yv0X586sSXSs+69yCe/JSWbtCmJ
aU87+qvNeV4jZugWrZQ2THX+QOIyRJu0acUzJY2hGFMRBmAgY2NqD6x3MNq/Tpgx
jk3+K8LoA/KGm2aBAnP5rqjLDsYHeVlTlX7fcWry9s1rfv+5jI6J2+yG0YxWNWPo
m3BlOhK3rnoEqUf6/ERedtwkc3UxPtOszlvwhjxiUSTc0jo6ZU2EP9+phoTRpNcb
/+cqdp81EapfFWbp9qnb
=c6f7
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/25b46087-ec45-d77a-9d16-bcd1220c79fa%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


0x031F9AE5.asc
Description: application/pgp-keys


0x031F9AE5.asc.sig
Description: PGP signature

Re: [qubes-users] How can I test that my AEM configuration is correct?

2017-07-20 Thread lokedhs 
On Thursday, 20 July 2017 15:18:26 UTC+8, Patrik Hagara  wrote:

> Try checking the tboot log (from dom0) for any obvious error messages:
>   sudo txt-stat

Thanks. I did this, but I'm not sure how to interpret the information. It does 
say "TXT measures launch: FALSE". Does that mean that TXT is not available?

Here's the output of the command:

Intel(r) TXT Configuration Registers:
STS: 0x0082
senter_done: FALSE
sexit_done: TRUE
mem_config_lock: FALSE
private_open: TRUE
locality_1_open: FALSE
locality_2_open: FALSE
ESTS: 0x00
txt_reset: FALSE
E2STS: 0x0004
secrets: FALSE
ERRORCODE: 0x
DIDVID: 0x0001b0068086
vendor_id: 0x8086
device_id: 0xb006
revision_id: 0x1
FSBIF: 0x
QPIIF: 0x9d003000
SINIT.BASE: 0x
SINIT.SIZE: 0B (0x0)
HEAP.BASE: 0x
HEAP.SIZE: 0B (0x0)
DPR: 0x
lock: FALSE
top: 0x
size: 0MB (0B)
PUBLIC.KEY:
2d 67 dd d7 5e f9 33 92 66 a5 6f 27 18 95 55 ae 
77 a2 b0 de 77 42 22 e5 de 24 8d be b8 e3 3d d7 

***
 TXT measured launch: FALSE
 secrets flag set: FALSE
***
unable to find TBOOT log   

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f61e87e3-3f7c-48d5-921a-6d36cc56e49d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How can I test that my AEM configuration is correct?

2017-07-20 Thread Patrik Hagara 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/20/2017 07:32 AM, loke...@gmail.com wrote:
> On Friday, 14 July 2017 16:16:21 UTC+8, Patrik Hagara  wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256
>> 
>> On 07/14/2017 09:45 AM, loke...@gmail.com wrote:
>>> On Friday, 30 June 2017 04:17:08 UTC+8, Marek
>>> Marczykowski-Górecki wrote:
>>> 
 Oh, it isn't listed in updates-status[1], so I completely
 forgot. Probably it was uploaded to testing before
 introducing that system. Of course it should be migrated to
 current, will do.
>>> 
>>> I updated to the latest AEM, but after I did that, nothing
>>> worked anymore. I outlined it in this post, but no one replied
>>> to it. Is there anything I can do to collect more information?
>>> 
>>> https://groups.google.com/forum/#!topic/qubes-users/JMipWyv2heU
>>>
>>>
>>> 
Regards, Elias
>>> 
>> 
>> This error means that your AEM setup never worked, even before 
>> updating. The AEM boot would always succeed no matter what, even
>> if a hundred evil maids tampered with it.
>> 
>> Did you follow the AEM installation instruction to the letter? Do
>> you have Intel TXT enabled in BIOS? Did you download the right
>> SINIT module and add it to the GRUB config as a module loaded
>> last? Does GRUB load the SINIT module successfully?
>> 
>> If it still doesn't work, try fully resetting the TPM (usually
>> only possible from the BIOS) and setting it up again.
> 
> Thank you. This explains some of the things I have seen.
> 
> Unfortunately I have reset the TPM (multiple times, throughout my
> testing) and I keep getting the same error.
> 
> I have also double-checked the SINIT module, and it's the correct
> one.
> 
> As for Intel TXT, I can't find any option in the BIOS settings to
> control this specifically.
> 
> Regards, Elias
> 

Try checking the tboot log (from dom0) for any obvious error messages:
  sudo txt-stat


Cheers,
Patrik
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZcFk4AAoJEFwecd8DH5rl6xEQAIh0giBQUHatOGRkw8Q0mkdh
QVseDFR7sacWB15Zb9cYqnwg4grSpO/dazVh8ZH6xYaZFS3EZrBWwFwQ4hItWqzh
/TQ02i8IGLoa2LyVrNhYefXprPtzwBt9zz7KPpxqyzyol9i1E672GgJlq/P3FCjv
5asn0k//5WeNsgY6PRV7BMXaXVnLWWFeucEi4FE7uOcmyKHBpViIGrL3CM69Sqll
xNm/Rpy/n20gxNyQF2BbYaj+elV9LU4gw/8hH36TRtSaMpxNMOX/hZcHz5W+FKec
/DZxeLEJq+CSPLsGckLhV6rn1SzH3Y9eCc67VNP+wbjgjDdWeFiufmTT4nNzJnsF
ruMP4nvdJQ0g4APBQYk3GkpSOfgLqUlRC2WFdq8/acO2ht0vcEWFsNGq54XeZoxe
MQjRhXXQskpTApmcBOEUWzbNA2c3kLd7pYO+0J3/CLvmytnN+TKIbcq+iBO+Co2a
kgSgViJUQevzL+IAQ7qh12xFuGcth/Dfkj/BU4PQa0itwF9muOqeabcxW0eMyvU0
jrkr27lnppbVkm+V48jDYio1tOYykLAoIyd1XnzeLXdSWzPPhGtSUH54CDxJrsXk
jD91eYd11B64AkZi4d4iN1AlwriQjPGiXaSh+cvKtTmIs/d6PH0APA1bLl1tbtzJ
PWAqakWrXj/0wHI4Mk7g
=ZGT9
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7c15748e-4296-28e7-af91-6681df234b10%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


0x031F9AE5.asc
Description: application/pgp-keys


0x031F9AE5.asc.sig
Description: PGP signature