Re: [qubes-users] 3.2.1 / An updated 3.2 iso?

['awokd' via qubes-users]

On Fri, December 22, 2017 1:33 pm, 'awokd' via qubes-users wrote:
> On Wed, December 20, 2017 11:51 pm, 'awokd' via qubes-users wrote:
>
>> On Wed, December 20, 2017 10:22 pm, Marek Marczykowski-Górecki wrote:
>>
>
>>> Try building ISO based on example-configs/qubes-os-3.2.conf, with
>>> changed:
>>>
>>>
>>>
>>>
>>> DISTS_VM = fc26 stretch
>>> BRANCH_linux_kernel = stable-4.9
>>>
>>>
>>>
>>>
>>> And adjusted qubes-src/installer-qubes-os/conf/comps-qubes.xml for
>>> qubes-template-fedora-26 and qubes-template-debian-9 (simply modify
>>> existing entries to updated versions).

Finally got it. Build321.html are the steps I followed; bold where I
customized with line numbers on the file edits. BRANCH_linux_kernel =
stable-4.9 was already set. Had to add a line in
qubes-src/template-whonix/builder.conf for the current TBB version or that
template failed to build.

Installed in MBR mode on an AMD laptop. Installer warned it was a
pre-release/testing version. Ran into this bug 
(https://groups.google.com/forum/?_escaped_fragment_=msg/qubes-users/TS1zfKZ7q8w/JQFkVF4xBgAJ#!msg/qubes-users/TS1zfKZ7q8w/JQFkVF4xBgAJ)
but the workaround still worked. Had the same bug when I installed
official 3.2 on this laptop before. Got a "default-template fedora-23 does
not exist" when I first tried to install the default qubes so edited a
couple more qubes-src files to change the default to 26. Rebuilt
installer-qubes-os and the iso and then they installed.

The Stretch template was a lot easier to build this time than when I did
it a year or so ago! However, it's MIA from my install. I see a 583MB
qubes-template-stretch-4.0.0-20171308.noarch.rpm in
qubes-src/linux-template-builder/rpm/noarch but it didn't get installed
with the others in there. Do I also need to edit some of the comps.xml
under linux-yum?

Hypervisor command line is just "placeholder"; this caused dom0 to consume
most of my RAM.

Good news is dom0 and the qubes are all on Linux
4.9.56-21.pvops.qubes.x86_64. Haven't done any testing past that. Will try
install on a UEFI Intel later.

For future reference, is it possible to "make -j4 qubes", and/or to make
each component in the order given in "make help" instead of my all or
nothing approach? Also, should I open a qubes-issue to track this build?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/25354718bbc79bf07ab2e0037cd1e776.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.




Qubes 3.2 build 22Dec2017

dom0:

sudo qubes-dom0-update qubes-template-fedora-25

[from https://www.qubes-os.org/doc/building-archlinux-template/]

Create standalone appVM from fedora 25 template named dev25
Set private storage to 6MB, more if additional templates beyond default list
Increase CPU and RAM, disable memory balancing as desired

dev25: 

sudo dnf upgrade
sudo reboot
sudo dnf install git createrepo rpm-build make wget rpmdevtools dialog rpm-sign gnupg dpkg-dev debootstrap python2-sh

gpg --keyserver pgp.mit.edu --recv-keys 0xDDFA1A3E36879494
Verify its fingerprint, set as ‘trusted’. This is described here https://www.qubes-os.org/doc/VerifyingSignatures.
gpg --edit-key 0x36879494
fpr
trust
5
q
wget https://keys.qubes-os.org/keys/qubes-developers-keys.asc
gpg --import qubes-developers-keys.asc
gpg --keyserver pgp.mit.edu --recv-keys 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA

git clone git://github.com/QubesOS/qubes-builder.git qubes-builder
mkdir qubes-builder/keyrings
mkdir qubes-builder/keyrings/git
cp .gnupg/pubring.gpg qubes-builder/keyrings/git/
cp .gnupg/trustdb.gpg qubes-builder/keyrings/git/
cd qubes-builder
git tag -v `git describe`


gedit example-configs/qubes-os-r3.2.conf
	13: DISTS_VM = fc26 stretch

./setup
Select 3.2
Stable
No for a full build
Select builder-fedora, builder-debian, template-whonix, mgmt-salt
Y to download
Select fc26, stretch, whonix-gateway, whonix-workstation

make install-deps
make get-sources

gedit qubes-src/installer-qubes-os/conf/comps-qubes.xml
1164: qubes-template-fedora-26
1174: debian-9
1175: Debian 9 (stretch) template
1179: qubes-template-debian-9
1211: debian-9
gedit qubes-src/template-whonix/builder.conf
22: WHONIX_TBB_VERSION ?= 7.0.11
gedit qubes-src/installer-qubes-os/qubes-anaconda-addon/firstboot-qubes-text
	107: qubes-prefs --set default-template 'fedora-26'
gedit qubes-src/installer-qubes-os/qubes-anaconda-addon/org_qubes_os_initial_setup/gui/spokes/qubes_os.py
	230: self.default_template = 'fedora-26'

make qubes
make iso

Re: [qubes-users] Which 3.2 VMs to backup and for eventual 4.0 migration?

[yrebstv]

On 2017-12-22 09:50, awokd wrote:
> On Fri, December 22, 2017 10:29 am, 'Tom Zander' via qubes-users wrote:
>> On Friday, 22 December 2017 02:42:57 CET yreb...@riseup.net wrote:
>>
>>> assuming 4.0 is going to come out of the box with like Debian 9 and Fed
>>> 26?
> 
> If you have room for it, back up everything! You can restore selectively
> later.

thanks for the two replies, *However, neither gets to the gist of my
inquiry. Namely, which VMs am I supposed to be backing up, Dom0 (which
for some reason is over *500GB!)  , hence  I can't backup "everything"
even with a 2GB internal HD that I'm trying to use 

I was thinking of skipping the 1 large offline AppVM where I keep old
photos, and did, so why did  the Templates and Dom0  come out to such a
*Huge filesize,   what would be typical ??? 

>From what your saying can I skip the Debian 8 Template, I have 2 AppVMs
and the Whonix stuff based on it I guess 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/31d315564e9db9c896af46fcbb4fa81e%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qubes-mirage-firewall 0.4

[donoban]

El 22 de diciembre de 2017 22:59:24 CET, Roy Bernat  
escribió:
>On Friday, 22 December 2017 23:51:29 UTC+2, donoban  wrote:
>> >Hi All 
>> >
>> >i tried to install mirage-firewall followed by the Readme . and
>didn't
>> >succeed 
>> >to run the mirage firewall . 
>> >
>> >error : libxenlight failed to create new domain log
>> >
>> >2017-12-22 19:13:01.320+: libxl:
>> >libxl_device.c:1235:device_hotplug_child_death_cb: script: Device
>> >/dev/mapper/snapshot-fd01:25956374-fd01:25956356-fd01:26346316 does
>not
>> >exists error 
>> >
>> >any help ? 
>> 
>> Do you get this when you try to start your mirage vm? Could you
>detail how did you create it?
>
>Followed the Readme .   put the files inside the
>/var/lib/qubes/vm-kernels/ and create app vm 32 MB _ 1cpu  choose the
>the mirage kernel . and trying to start . 
>
>Am i doing somethng wrong ?   
>
>i am using qubes 4 rc3 
>
>R

Maybe is qubes 4 related, i've only tested in 3.2 . Did you switch virt mode tu 
pv?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2FB29BFC-865C-4C9A-82AF-EFCC3523329B%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qubes-mirage-firewall 0.4

[Roy Bernat]

On Friday, 22 December 2017 23:51:29 UTC+2, donoban  wrote:
> >Hi All 
> >
> >i tried to install mirage-firewall followed by the Readme . and didn't
> >succeed 
> >to run the mirage firewall . 
> >
> >error : libxenlight failed to create new domain log
> >
> >2017-12-22 19:13:01.320+: libxl:
> >libxl_device.c:1235:device_hotplug_child_death_cb: script: Device
> >/dev/mapper/snapshot-fd01:25956374-fd01:25956356-fd01:26346316 does not
> >exists error 
> >
> >any help ? 
> 
> Do you get this when you try to start your mirage vm? Could you detail how 
> did you create it?

Followed the Readme .   put the files inside the /var/lib/qubes/vm-kernels/ and 
create app vm 32 MB _ 1cpu  choose the the mirage kernel . and trying to start 
. 

Am i doing somethng wrong ?   

i am using qubes 4 rc3 

R

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/05a4b516-1575-40df-bd64-148215036f6a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qubes-mirage-firewall 0.4

[donoban]

>Hi All 
>
>i tried to install mirage-firewall followed by the Readme . and didn't
>succeed 
>to run the mirage firewall . 
>
>error : libxenlight failed to create new domain log
>
>2017-12-22 19:13:01.320+: libxl:
>libxl_device.c:1235:device_hotplug_child_death_cb: script: Device
>/dev/mapper/snapshot-fd01:25956374-fd01:25956356-fd01:26346316 does not
>exists error 
>
>any help ? 

Do you get this when you try to start your mirage vm? Could you detail how did 
you create it?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/282ABC1B-7E7D-4CA7-811D-1CB4C4F4F776%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Verifying Install Files: Confused About How to Verify R3 ISO file

[Kyle Breneman]

On Wed, Dec 20, 2017 at 11:00 PM, Chris Laprise  wrote:

> On 12/20/2017 10:44 PM, Kyle Breneman wrote:
>
>> I'm new to verifying keys and signatures.  I downloaded the Qubes R3 ISO
>> file and accompanying signature file, as well as the Qubes Master Signing
>> Key.  I verified and trusted the Qubes Master Signing Key.  I am stuck on
>> how to verify the ISO file using the accompanying key.  GPG tells me that
>> it cannot check the signature as there is no public key.  See attached
>> screenshots.  What am I doing wrong?  Please help!
>>
>> Kyle
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "qubes-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to qubes-users+unsubscr...@googlegroups.com > qubes-users+unsubscr...@googlegroups.com>.
>> To post to this group, send email to qubes-users@googlegroups.com
>> .
>> To view this discussion on the web visit https://groups.google.com/d/ms
>> gid/qubes-users/CAOtZr%3DEPevaHZ%2BJsumX0hcPpEpMVu0vbu7vSmvo
>> HHME5YpeTJQ%40mail.gmail.com > sgid/qubes-users/CAOtZr%3DEPevaHZ%2BJsumX0hcPpEpMVu0vbu7vSmv
>> oHHME5YpeTJQ%40mail.gmail.com?utm_medium=email_source=footer>.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> The Master key just verifies the release keys (one for each Qubes
> version). You need to import the v3 release key also.
>
> --
>
> Chris Laprise, tas...@posteo.net
> https://github.com/tasket
> https://twitter.com/ttaskett
> PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886
>

​Thanks, Chris!  ​I got one step further: successfully verifying the ISO
signature with the Qubes OS Release 3 Signing Key.  Should I still use the
Qubes Master Signing Key to verify that my Qubes OS Release 3 Signing Key
is good?  If so, how to I use gpg4win to do this?

Kyle

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAOtZr%3DFS7cjm%2Bp0eApjERx5TkPE7Y_q008FOyO%3D--foAATnt3A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: VM's fail to start after fixing chock-full LVM thinpool

[dimlev]

Hi Patrick,

> I found the problem! :-D My /var/lib/qubes/qubes.xml file was corrupted

Do you remember chaning any vm settings when the disk was full?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b0a26f7a-697c-4c6d-a556-13778e13c830%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HOWTO restore old qubes-backup in Q4.0-rc3 using qvm-backup-restore?

['awokd' via qubes-users]

On Fri, December 22, 2017 6:12 pm, Josefa Hays wrote:


> I recently installed Q4.0-rc3. I have an old qubes-backup (from 2016) on
> a LUKS encrypted external HDD. How do I restore my backup in 4.0 using
> qvm-backup-restore? I guess I don't want to mount the drive directly in
> Dom0, so, how do I do? Create a designated "backup-vm" and then exactly
> how do I proceed?
>
> What would be the step-by-step guide for restoring an old qubes-backup
> using the commandline interface? Until the backup-GUI gets up and running
> in 4.0 I guess many users will have the same question.

Attach external drive to sys-usb
"qvm-block" to list partitions
"qvm-block a backup-vm sys-usb:sda1" (whichever is your LUKS partition)
mount and unlock inside backup-vm
"qvm-backup-restore -d backup-vm /path/to/backupfileinbackupvm oldvm1
oldvm2 oldvm3" to selectively restore certain vms
unmount inside backup-vm
"qvm-block d backup-vm sys-usb:sda1"
Detach drive



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8760193e6576395cf7cdee3374a00b16.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Which 3.2 VMs to backup and for eventual 4.0 migration?

['awokd' via qubes-users]

On Fri, December 22, 2017 10:29 am, 'Tom Zander' via qubes-users wrote:
> On Friday, 22 December 2017 02:42:57 CET yreb...@riseup.net wrote:
>
>> assuming 4.0 is going to come out of the box with like Debian 9 and Fed
>> 26?

If you have room for it, back up everything! You can restore selectively
later.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c5c7299a732439f748c74d4474a0e450.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: AW: Re: [qubes-users] Qubes 4rc3 :: 50% reduced battery runtime compared to Qubes 3.2 on Lenovo X230

['awokd' via qubes-users]

On Fri, December 22, 2017 8:55 am, '[799]' via qubes-users wrote:
>
> This I also what I assumed as there must be a good reason why Qubes Team
> has switched to HVM instead of using PV VMs. Still I'd like to learn more
> about the vulnerabilities, so I can make a decision risk vs. runtime. And
> as we can easy switch the Virtualization Mode via qvm-prefs, I could use
> a script to do so: - shutdown VMs
> - change virt_mode
> - restart VMs

See https://www.qubes-os.org/news/2017/07/31/qubes-40-rc1/

> If I switch to disposable VMs, I assume the risk would be reduced.
> Can this be done for the sys-vms?

I remember some discussion of allowing that but not the conclusion!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/10db6fa2795009771a845d7f340ddd7c.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] How to hide all except one USB controller?

['Chris' via qubes-users]

Hi,

I bought a second internal USB controller (A) to connect a flash drive for 
booting from SD.

How can I prevent the internal controller(B) (with the keyboard attached) to be 
recognized during startup? I can still type my boot password with it, that 
means the controller is visible, right?

So how can I configure Qubes OS to:

1) At boot time, only controller (A) should be attached to dom0. Controller (B) 
should be unable to affect Qubes OS maliciously
2) After boot, controller (A) should be attached to dom0, controller (B) to 
sys-usb.
3) hide-all-usb does not seems to support this. How can I configure Grub to 
ignore all usb controllers except one specific one?

Cheers
Chris

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/qMRVLcTfS-Ee22yK7-KkyQI3Vcip4jG0BPZoJwfw1aqktnG4oiorKcqptVXAy7apco97G8ziafgZ2HApa4JEfsTQtnR2gH1-PJDMb0bJPPQ%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qubes-mirage-firewall 0.4

[Roy Bernat]

On Thursday, 21 December 2017 23:03:56 UTC+2, donoban  wrote:
> On 12/21/2017 04:02 PM, Thomas Leonard wrote:
> >> This is what I have on mind:
> >>
> >> - Some kind of struct/object for store firewall rules in memory
> >> - A func which parses this rules object for a packet
> >> - A func for add/delete/flush rules (called from qrexec or xen console
> >> or qubesdb)
> >>
> >> What do you think?
> > 
> > Sounds reasonable.
> > 
> > 
> 
> Ok, I will try to study OCaml and both your code and the
> user_supplied_rules fork this weekend.

Hi All 

i tried to install mirage-firewall followed by the Readme . and didn't succeed 
to run the mirage firewall . 

error : libxenlight failed to create new domain log

2017-12-22 19:13:01.320+: libxl: 
libxl_device.c:1235:device_hotplug_child_death_cb: script: Device 
/dev/mapper/snapshot-fd01:25956374-fd01:25956356-fd01:26346316 does not exists 
error 

any help ? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/13975d63-3c40-4f0d-855b-2144b4ab44e6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HOWTO restore old qubes-backup in Q4.0-rc3 using qvm-backup-restore?

[Josefa Hays]

Hi mailinglist,

(I know many developers are busy building 4.0, so I won't quarrel about
the missing GUI - I just wanna restore my backups :-) )

I recently installed Q4.0-rc3. I have an old qubes-backup (from 2016) on
a LUKS encrypted external HDD. How do I restore my backup in 4.0 using
qvm-backup-restore? I guess I don't want to mount the drive directly in
Dom0, so, how do I do? Create a designated "backup-vm" and then exactly
how do I proceed? 

What would be the step-by-step guide for restoring an old qubes-backup
using the commandline interface? Until the backup-GUI gets up and
running in 4.0 I guess many users will have the same question. 

Best regards,
Josefa 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6fc1cfc42279e1c7a1c4d712c9e38d66%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: new Desktop build recommendation

[taii...@gmx.com]

On 12/20/2017 08:24 PM, Wael Nasreddine wrote:


On Friday, December 8, 2017 at 5:28:12 PM UTC-8, tai...@gmx.com wrote:

On 12/08/2017 04:54 PM, Wael Nasreddine wrote:


On Friday, December 8, 2017 at 12:07:56 AM UTC-8, tai...@gmx.com wrote:

On 12/08/2017 02:43 AM, Yethal wrote:


W dniu czwartek, 7 grudnia 2017 21:23:18 UTC+1 użytkownik Wael Nasreddine 
napisał:

Hello,

I'm looking to build a new Desktop specifically for Qubes OS, so my most 
important requirement is compatibility. I currently have 64GB (4 x 16GB) 
288-Pin DDR4 SDRAM DDR4 3400 (PC4 27200)[0] that I'd like to use, and I'm 
looking for a recommendation for the motherboard and CPU. Preferably a 6+ cores 
CPU. What do you guys use?

I'm aware of the HCL page, but I'm mostly interested in knowing your personal 
experience with your current hardware.

[0]: https://www.newegg.com/Product/Product.aspx?Item=N82E16820232264

Zero issues with i7-6800K on an AsRock X99 board. Has PS/2 port, disabling 
Management Engine is possible via built in flashing tool, all hardware sensors 
were detected and it supports PCI-E bifurcation alongside SR-IOV. I'm running 
Mini-itx version which may be unsuitable for your needs as it only takes 32GB 
of ram but it would be pretty safe to assume that full-size AsRock X99 
motherboards would also be fully compatible with Qubes.

That isn't disabling ME, nor ME cleaner - you can NOT disable ME - it is
impossible even the HAP tool doesn't do so.

What's the ME and why disable it?


Your only hope is to buy hardware without it such as the new enough to
be useful Socket G34 and C32 AMD PRE-PSP Systems, boards KGPE-D16 and
KCMA-D8 have libre firmware available and can play video games in a VM
via IOMMU-GFX, they also have dual onboard separate USB controllers (you
can use the second via a breakout bracket)

So I looked at both of these boards[0], they take a DDR3 board, but I found 
this one[1] that takes DDR4, does it still have opensource firmware?

[0]: 
https://www.newegg.com/Product/Productcompare.aspx?CompareItemList=%2D1%7C13%2D131%2D670%5E13%2D131%2D670%2C13%2D131%2D643%5E13%2D131%2D643
[1]: https://www.newegg.com/Product/Product.aspx?Item=N82E16813132257


That is an entirely unrelated motherboard, the only thing in common is
that they re-used the model suffix "D16" other than that is is
completely different and as it is intel no it can't and it doesn't.

Just get a KGPE-D16 or KCMA-D8 - they're great boards - not only do they
have libre firmware but they also have a secure libre OpenBMC firmware
for remote management.
https://www.raptorengineering.com/coreboot/kgpe-d16-bmc-port-status.php

The D16 comes with the required BMC module (ASMB4-iKVM or ASMB5-iKVM)
but the D8 doesn't.

Sell your DDR4 RAM, the only thing with open source firmware that
accepts DDR4 is the TALOS 2 for $4K - while that is an average price for
server hardware in its performance class (actually a good deal compared
with intel where a single xeon CPU alone costs thousands and only has
one thread per core vs POWER9 8 SMT threads per core) it is still a lot
of money unless you have a need for incredible speed and or incredible
security (POWER9 is open source hardware and entirely owner owner
controlled with no hardware code signing enforcement one can even modify
the microcode)

What do you think of this build 
https://screenshots.firefox.com/fHb14uahx7lEeAGe/secure.newegg.com ? I'm still 
missing cooler, power supply and possibly a TPM, I'd love your recommendation 
for these.

I would buy the RAM and CPU off of ebay, there is no reason to pay 
$80/ea for that ram or $172 for a 6380 ($100 on ebay) you could get a 
6386SE for that price. (needs 140W cooler FYI) No reason to get the 
"protection plan" for anything either its a waste of money.


For the cooler I would get the 140W G34 cooler from noctua (needs 4U 
case as it is tall)


PSU make sure you get a good brand with dual EPS12V (not adapters), I 
suggest one that has modular cables.


If you want to have 192GB RAM there is a guide on the coreboot wiki you 
gotta follow to make it work in terms of placement, otherwise I would 
just get 8GB DIMM's and save money if you only want 128GB.


That case will not work, it is ATX and the KGPE-D16 needs SSI-EEB (only 
available on a server case)
Damn $230 for a crappy ATX case and it isn't even brand new, you could 
get a really nice 4U supermicro server case for that!


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eefb2997-80fc-7f39-2d74-08201cae7dc5%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Slow network speed in Windows HVM?

[taii...@gmx.com]

On 12/22/2017 03:46 AM, Jarle Thorsen wrote:


In Qubes 3.2 I have a Windows 7 HVM (with windows tools installed) connected to 
a NetVM with a 10Gbe network card.

The Windows VM has plenty of memory and cpu-cores allocated. I use iperf to 
test the bandwith to an external server using similar iperf settings in both 
VM's. (Trying different -w and -P settings)

In the netvm I get around 9Gbits/sec as expected, but in the Windows VM it 
maxes out at about 2Gbit/sec?

Is this a known limit in a Windows HVM?

Single file network transfers aren't multi-threaded and you have the 
overhead from emulated VM>VM networking.


Try assigning an SR-IOV VF to that VM if you want better speed (SR-IOV 
VF is more secure than simply assigning the whole card)


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a538b217-4eda-fe8c-4420-cbc2ca9aaadc%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] 3.2.1 / An updated 3.2 iso?

['awokd' via qubes-users]

On Wed, December 20, 2017 11:51 pm, 'awokd' via qubes-users wrote:
> On Wed, December 20, 2017 10:22 pm, Marek Marczykowski-Górecki wrote:

>> Try building ISO based on example-configs/qubes-os-3.2.conf, with
>> changed:
>>
>>
>>
>> DISTS_VM = fc26 stretch
>> BRANCH_linux_kernel = stable-4.9
>>
>>
>>
>> And adjusted qubes-src/installer-qubes-os/conf/comps-qubes.xml for
>> qubes-template-fedora-26 and qubes-template-debian-9 (simply modify
>> existing entries to updated versions).
>
> On it. Would be nice to upgrade dom0 from fc23 while I'm at it but I know
>  that's a lot harder than it appears...

Still working this. My internet connection isn't the most reliable and the
build takes a long time, so depending which file fails to download it's
sometimes forcing me to start over. Once I do get a successful full build
I'll test installing the ISO.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fc2e83f596a285b9a092973a8687d4a7.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: Re: [qubes-users] Qubes 4rc3 :: 50% reduced battery runtime compared to Qubes 3.2 on Lenovo X230

[Vít Šesták]

As far as I remember, there was an idea to kill stubdoms after boot, which 
would both reduce risk (as stubdoms run in PV) and CPU+memory overhead. I 
cannot try it right now, because I haven't installed Q4.

> If I switch to disposable VMs, I assume the risk would be reduced.

You can sort reduce some risk of having your AppVMs permanently pwned. As a 
result, this  could prevent some kinds of gradual pwnage of dom0.

OTOH, if attacker pwns some your VM and has a reliable way to escape from the 
VM to dom0, it does not matter if it is DispVM or not.

> Can this be done for the sys-vms?

Not sure about 4, but I have done something similar for sys-usb in Q3.2. 
Strictly speaking, it is not a DVM, but it behaves similarly. The hack is 
simple in Q3.2: 1. Truncate VM's private.img to zero bytes. 2. Ensure that the 
VM template has created /home/user in root.img. (You can do something like 
this: sudo mkdir /tmp/root && sudo mount --bind / /tmp/root && sudo mkdir 
/tmp/root/home/user && sudo chown user:user /tmp/root/home/user && sudo chmod 
700 /tmp/root/home/user)

In Q4, you will probably be able to do something similar, but you probably 
can't truncate LVM volume to zero bytes, so this will require some elaboration.

The VM sys-firewall could utilize the same hack unless you have some scripts 
there. VM sys-net probably cannot utilize this (at least not that 
straightforwardly) because of network config you have there.

Regards,
Vít Šesták 'v6ak'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8e6be7ab-6e57-4e44-ade2-c391d24bc4c5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Duplicate MAC address error

[Holger Levsen]

On Fri, Dec 22, 2017 at 02:34:41AM -0800, Reynir Björnsson wrote:
> It may be a coincidence, but when it happened to me I got sys-net running by 
> shutting down sys-whonix first. I've since disabled sys-whonix and haven't 
> had the issue again, although I haven't been rebooting much since.

I believe it's coincidence. I've had this several times, where I couldnt
restart sys-net (after it crashed) and then after shutting down some
random VMs I could start sys-net again...

:/


-- 
cheers,
Holger

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171222104859.gtm7uuw7dnzavu2a%40layer-acht.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature

[qubes-users] Re: Duplicate MAC address error

[Reynir Björnsson]

Hi,

On Tuesday, 19 December 2017 09:39:37 UTC+1, Kushal Das  wrote:
> Hi,
> 
> My Qubes 4.0rc3 (updated) is showing error for sys-net vm saying it
> has a duplicate mac address for the NIC. This error message came
> before (on the fresh install), and was fixed in a few reboots. But,
> now I could not make it work for the last few days :(
> 
> Any tips how to solve this? I could not find any duplicate NIC value
> in the /var/lib/qubes/qubes.xml file.
> 
> 
> Kushal
> -- 
> Staff, Freedom of the Press Foundation
> CPython Core Developer
> Director, Python Software Foundation
> https://kushaldas.in

It may be a coincidence, but when it happened to me I got sys-net running by 
shutting down sys-whonix first. I've since disabled sys-whonix and haven't had 
the issue again, although I haven't been rebooting much since.

- Reynir

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8f807435-8482-4e4f-b790-05cd8944e602%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Which 3.2 VMs to backup and for eventual 4.0 migration?

['Tom Zander' via qubes-users]

On Friday, 22 December 2017 02:42:57 CET yreb...@riseup.net wrote:
>  assuming
> 4.0 is going to come out of the box with like Debian 9 and Fed 26?

Fedora 26 is not going to be used in 4.0, maybe in 4.1

source;
https://groups.google.com/forum/#!msg/qubes-devel/13PZgSOaajA/RvBh02ANCAAJ

-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/36072167.FdIqrO2KI0%40strawberry.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] Qubes 4rc3 :: 50% reduced battery runtime compared to Qubes 3.2 on Lenovo X230

['[799]' via qubes-users]

 Original-Nachricht 
An 22. Dez. 2017, 06:49, MirrorWay schrieb:

>> Since watts is already energy/time,
>> this should just say 9.5W

Ok, thanks :-)

>> As I understand it, Xen PV code has bad
>> track record of vulnerabilities, hence the
>> change to HVM in Qubes 4.0.
>> Also why I set only set trustworthy
>> VMs to PV.

This I also what I assumed as there must be a good reason why Qubes Team has 
switched to HVM instead of using PV VMs.
Still I'd like to learn more about the vulnerabilities, so I can make a 
decision risk vs. runtime. And as we can easy switch the Virtualization Mode 
via qvm-prefs, I could use a script to do so:
- shutdown VMs
- change virt_mode
- restart VMs

If I switch to disposable VMs, I assume the risk would be reduced.
Can this be done for the sys-vms?

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/NcKMA5FrNQqQx8ikX9JjrHnd5BjcEF1XlO9UNwq7H6UCjr3csU_Pf-joQiguee5eVwVXv4KLfbVCYSqI-GptsZQiQViuw9YeVRWhfEciyqA%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Slow network speed in Windows HVM?

[Jarle Thorsen]

In Qubes 3.2 I have a Windows 7 HVM (with windows tools installed) connected to 
a NetVM with a 10Gbe network card.

The Windows VM has plenty of memory and cpu-cores allocated. I use iperf to 
test the bandwith to an external server using similar iperf settings in both 
VM's. (Trying different -w and -P settings)

In the netvm I get around 9Gbits/sec as expected, but in the Windows VM it 
maxes out at about 2Gbit/sec?

Is this a known limit in a Windows HVM?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/78add15d-31af-4961-8986-babac59508c1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.