[qubes-users] 4.0 - Feature Reqest: '--skip-if-halted' for 'qvm-shutdown'

[Graumann, Johannes]

Hello, 

Analogous to the capabilities of 'qvm-start' ('--skip-if-running'), it
would be helpful to have the option '--skip-if-halted' for
'qvm-shutdown'. 

Thank you for your consideration. 

Sincerely, Joh

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e4508ab34208555874e40b967a9004ff%40graumannschaft.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] 4.0-rc1 - No 'qvm-trim-template'?

[Graumann, Johannes]

Hello,

Can anyone enlighten me why 4.0-rc1 does not (yet?) have 
'qvm-trim-template'? Is this not yet implemented or not needed any 
longer given the new infrastructure?


Sincerely, Joh

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4a276287301d8d6bac6587f3ea7e0752%40graumannschaft.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] UEFI secureboot issue

[taii...@gmx.com]

Secure boot is a stupid Microsoft controlled project to eventually 
remove the ability for commercial PC's to run non windows operating systems.


SB 1.0 specs mandate owner controlled (an option to shut it off), SB2.0 
doesn't and PC's built to that spec such as the Windows 10 ARM PC's and 
MS's "signature series" PC's prevent you from installing non microsoft 
operating systems.


"Secure" boot is simply a marketing name for kernel code signing, you 
can easily do this with coreboot and a grub payload (grub supports 
kernel signing).


SB doesn't stop virii as that wasn't what it was designed to do, 
preventing rootkits from modding the kernel is irrelevant as you can 
simply change another critical system file of which there are

many on windows.

Kernel code signing is only useful in an AEM context with an encrypted 
filesystem but unencrypted kernels.


I myself have a variety of owner controlled fully libre firmware devices 
such as the KGPE-D16 and KCMA-D8 asus motherboards, those two are the 
only ones that offer full libre functionality along with high 
performance - they also run qubes great - having 32 cores and 128GB ram 
is excellent for it.
Please note these are the only owner controlled devices that support 
v4.0 (purism isn't owner controlled and their firmware isn't and can't 
ever be open source)
Another neat feature is an addon user configurable CRTM TPM module (very 
rare).


As always I offer free tech support for libre motherboards if you wish 
to buy one.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5954f0ad-5a54-31d1-af3a-601b7c16b363%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes OS 4.0 first release candidate (rc1) has been released!

[Sean Dilda]

On Mon, Aug 14, 2017 at 6:53 AM Sean Dilda  wrote:

> On Mon, Aug 14, 2017 at 6:23 AM ora...@riseup.net 
> wrote:
>
>
>> for me fresh install on x230 using legacy boot and there is no grub, so
>> how make the iommu=no-igfx edit?
>>
>
> I had to make the same edit..  however, I did see the grub screen for a
> few seconds until it started the boot, and rebooted the system.
>
>
>>
>> install again using EFI boot but installer stuck at beginning "Xen 4.8.1
>> (c/s) EFI loader" screen.
>>
>>
> What's the process for installing with EFI?  On my Dell Precision 5520, I
> wasn't able to see the USB as bootable until I enabled legacy boot mode and
> never saw any EFI options after that, so I'm stuck in legacy boot mode.
>

I tried again (EFI on, secureboot Off) with the same media and was able to
install with EFI this time.  After the install, I did have the problem of
the reboot loop, but no grub screen to pause at.

I fixed this by booting off the install media again and went into the
rescue mode.  I then edited /boot/efi/EFI/qubes/xen.cfg and removed the
iommu=no-igfx  from two different lines.   After that I was able to boot
normally.

What I don't know is if anything will update that file again.  From
https://github.com/QubesOS/qubes-issues/issues/2953 that you need to edit
/etc/default/grub to make sure grub changes persist, but I'm not finding
anything similar for EFI.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAKZBO18cDJNeBoR6XL%3D29%3DawCDk%3DASg00iyOq5krUU9UhHF5VQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Win 7, Qubes 3.2, qubes-windows-tools 3.2.2-3 struggles

[Daniel Nelson]

On Friday, August 11, 2017 at 1:39:52 PM UTC-7, PR wrote:
> Hello Daniel,
> 
> 
> 
> when working with Qubes, I write all information into my own Wiki.
> 
> Here my notes regarding the installation of a Window 7 HVM:
> 
> 
> 
>  Windows HVM
> 
> Skip to end of metadata
> 
> 
> 
> See also: https://www.qubes-os.org/doc/windows-appvms/
> 
> 
> 
> 
>   Update Windows Tools
> 
> sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing
> qubes-windows-tools
> 
> 
> 
>   
>   Mount External HDD containing the windows installer ISO to the
> VM untrusted
> 
> qvm-usb -a untrusted sys-usb:4-3
> 
> 
> 
>   
>   Create new windows VM
> 
> qvm-create win7 --hvm --label green
> 
> 
> 
>   
>   Start new windows VM with attached installer-ISO
> 
> qvm-start globits
> --cdrom=untrusted:/run/media/user/WDEXT2TB/win7pro-32-de.iso
> 
> (will start the VM and run the installer ISO)
> 
> 
> 
>   
>   First restart after ~4 min
> 
> restart manually qvm-start globits
> 
> 
> 
>   
>   Further installation, restart manually
> 
> qvm-start globits
> 
> 
> 
>   
>   Further installation, restart manually
> 
> qvm-start globits
> 
> 
> 
>   
>   Start into Desktop / Updates -> decide later
> 
> 
> 
>   
>   Allow unsigned drivers by opening a CMD as administrator
> 
> bcedit /set testsigning on
> 
> 
> 
>   
>   Install Windows Tools 
> 
> qvm-start globits --install-windows-tools
> 
> 
> 
>   
>   Change qrexec timeout because User Folder will be moved
> 
> qvm-prefs -s  qrexec_timeout 300
> 
> 
> 
>   
>   Enable Debug Mode via Qubes Manager GUI
> 
> 
> 
>   
>   Enable auto-Login by starting netplwiz within Windows vm
> 
> 
> 
>   
>   Enable Seamless Mode / Disable Debug Mode via Qubes Manager
> GUI
> 
> 
> 
>  Attention:
> 
> i had big problems getting seamless mode to work, and found out the
> reason after lots of troubleshooting.
> 
> It seems that seamless mode will not work with all display
> resolutions.
> 
> I have 3 K-display with a native resolution of 2.880 x 1.620 Pixels.
> 
> 
> With this resolution seamless mode didn't work, I had to change the
> resolution to a standard resolution.
> 
> 
> 
> You might also look here:
> 
> https://groups.google.com/forum/#!msg/qubes-users/Ia73yb4lCGA/s8Qp9dl4CQAJ
> 
> 
> 
> https://github.com/QubesOS/qubes-issues/issues/1896
> 
> 
> 
> Which resolution are you using in Qubes?
> 
> 
> 
> - PhR
> 
> 
> 
> 
> 
> 
> 
> 
> On 08/11/17 22:02, Daniel Nelson wrote:
> 
> 
> 
>   On Friday, August 11, 2017 at 8:29:09 AM UTC-7, yura...@gmail.com wrote:
> 
>   
> On Friday, August 11, 2017 at 12:04:44 AM UTC, Daniel Nelson wrote:
> 
> 
>   Did you ever make additional progress on your problems with QWT?  I 
> encountered all the same issues you did, and the one I've not been able to 
> solve is always having to run my Win7 apps in debug mode, thus losing the 
> possibility of lovely seamless integration.
> 
> I tried what you suggested about backing out the latest QWT and installing 
> the previous version.  I tried it first with simply uninstalling from my VM, 
> with quirky results, so I went ahead and created a fresh VM.   This 
> particular behavior continues, though, also with the GUI agent outdated 
> protocol error on exit, and usually with two Win7 related QubesDB files that 
> need to be manually deleted prior to relaunching as well.
> 
> 
> Did you try the opposite approach and use the packages from the 
> testing repositories? 
> 
> sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing 
> qubes-windows-tools
> 
> I'm unaware if the fix is still in testing, however the MegaTraveller guy 
> verified (28 December, 2016) that this worked for him, in this thread 
> https://github.com/QubesOS/qubes-issues/issues/2488
> 
> Also, as annoying and time consuming it may be, you might want to make a 
> fresh HVM install again. As far as I've understood, it's not recommended to 
> re-install QWT.
> I would however suggest to make a fresh backup of your Win7 from the moment 
> it's just freshly installed, so you don't have to do more work than needed in 
> the future.
> 
>   
>   Thanks very much for the additional link.  I'll do more reading.
> 
> As to your questions...  I was unable to fetch QWT from the live repo.  I've 
> been using only what I can get from the test repo.
> 
> I tried both ways of doing things already...  meaning that I tried 
> uninstalling the tools from the Win7 VM, removing them from Qubes, fetching 
> the previous version, then 

Re: [qubes-users] UEFI secureboot issue

[wvervoorn]

On Wednesday, August 2, 2017 at 3:15:26 AM UTC+2, Jean-Philippe Ouellet wrote:
> On Tue, Aug 1, 2017 at 7:50 PM, cooloutac  wrote:
> > Qubes doesn't support secure boot unfortunately.  I think its batshit crazy 
> > to consider a pc even reasonably secure without it.
> 
> Secure boot in reality is quite far from the boot chain panacea its
> name may suggest.
> 
> If you haven't already, I'd suggest reading Joanna's "Intel x86
> considered harmful" paper [1] and checking out Trammell Hudson's Heads
> project [2].
> 
> FWIW, the systems I currently believe have the most secure boot chains
> do not involve UEFI at all.
> 
> Regards,
> Jean-Philippe
> 
> [1]: https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf
> [2]: http://osresearch.net/

Hello,

Suppose I want to create a secure boot chain in another way how do I do this 
for Qubes? As far as I can deduct from the security documents the packages are 
signed but the individual executables are not. Is this correct or am I making a 
mistake here?

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ab043313-f9f3-4808-97fa-721fc454678d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes OS 4.0 first release candidate (rc1) has been released!

[Sean Dilda]

On Mon, Aug 14, 2017 at 6:23 AM ora...@riseup.net  wrote:


> for me fresh install on x230 using legacy boot and there is no grub, so
> how make the iommu=no-igfx edit?
>

I had to make the same edit..  however, I did see the grub screen for a few
seconds until it started the boot, and rebooted the system.


>
> install again using EFI boot but installer stuck at beginning "Xen 4.8.1
> (c/s) EFI loader" screen.
>
>
What's the process for installing with EFI?  On my Dell Precision 5520, I
wasn't able to see the USB as bootable until I enabled legacy boot mode and
never saw any EFI options after that, so I'm stuck in legacy boot mode.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAKZBO1_dMTfwV-LTfr0tc6QbF-fZsSjwpQeBbHXazJJLr8t67g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes OS 4.0 first release candidate (rc1) has been released!

[ora...@riseup.net]

Justin wrote:
> On Wednesday, August 2, 2017 at 7:58:24 AM UTC-4, PR wrote:
>> Hello,
>> 
>> 
>> 
>> Am 02.08.2017 1:45 nachm. schrieb  :
>> 
>> On Monday, July 31, 2017 at 5:23:20 PM UTC-4, Micah Lee wrote:
>> 
>>> On 07/31/2017 04:43 AM, Marek Marczykowski-Górecki wrote:
>> (...), when I boot up, grub
>> 
>>> works, but then as soon as Qubes starts to boot the computer 
>>> reboots,
>> 
>>> and I end up back in grub.
>> 
>> 
>> 
>> Having the EXACT same issue with my T430s
>> 
>> 
>> 
>> Have you tried the suggestions from "Rusty Bird":
>> 
>> 
>> I ran into the same behavior on a T420. Removing iommu=no-igfx
>> from the Xen command line fixed it. [1] If that doesn't help,
>> _adding_ console=vga should let you see what's going on.
>> 
>> 
>> @codgedodger: Did this help in your case?
>> 
>> 
>> Kind regards
>> 
>> 
>> - PhR
> 
> I had this issue on my Thinkpad X230 with a fresh install of 4.0-rc1
>  and the fix let me boot, but, when I shutdown, the system hangs and
>  when I hit escape on the shutdown screen, I see errors in device- 
> mapper failing to remove ioctl on the VMs and then a bunch of the
> error "failed to write error node for backend/" for xen-pciback and
> vbd.

for me fresh install on x230 using legacy boot and there is no grub, so
how make the iommu=no-igfx edit?

install again using EFI boot but installer stuck at beginning "Xen 4.8.1
(c/s) EFI loader" screen.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e4adf8d3-f026-f7bf-879d-f81e0dd6c473%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Reboot a VM that is connected as net/proxy VM

[mittendorf]

Hi there,

from time to time a net or proxy vm crashes - connected App/Proxy-VMs
are obviously no longer able to connect to an (external) network.
In Qubes 3.2, the user has to disconnect connected VMs manually before
the user is allowed to reboot the crashed VM.

Suggestion: Qubes could and I think even should do this (disconnect,
reboot, reconnect) automatically. However, there should be a warning
telling the user which VMs (s)he is about to disconnect.

What do you thin?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9400caa3-087f-fd76-2a2d-1a3a186db699%40digitrace.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Lenovo ThinkPad T450s 20BX001LUS

[cyrinux]

Le dimanche 13 août 2017 19:49:50 UTC+2, Malin Fylking a écrit :
> Hello, will 
> https://www.amazon.com/Lenovo-ThinkPad-20BX001LUS-14-Inch-Laptop/dp/B00TO8IYV6
> be able to run qubes?
> Best regards Malin

yes

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4bdd690c-d824-4af5-b6ba-c46e2279e08c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.