[qubes-users] AEM/HEADS and disk encryption

Forgive me if this should be obvious, but: when using an anti-evil-made technology like Qubes AEM or HEADS, the disk encryption key is stored in the TPM. The TPM then decides to release it (or not) according to PCRs it receives. What happens if the system configuration (and the PCRs)

Re: [qubes-users] How secure is a VM if a user tries to tampers it?

On 2/9/19 9:59 AM, unman wrote: It seems to me that Qubes simply doesn't fit the bill, and *does* make the situation significantly worse. OP said that: "The system administrators working in my company do not want to let user access to the internal network with OS that are not under their control

Re: [qubes-users] Which default settings have loose security? (InputMouse, VMShell on DispVMs, …)

On 2/11/19 9:39 AM, Dupéron Georges wrote: These features have a high security cost, and I prefer to disable them. * Deny /etc/qubes-rpc/policy/qubes.InputMouse . Rationale: BadUSB can   use the mouse to open a terminal and copy-paste existing characters to   build a malicious command. I'm

[qubes-users] qubes-dom0-update dependency missing

Attempting to update with 'sudo qubes-dom0-update' results in an error that nothing provides qubes-mgmt-salt-dom0-update >= 4.0.5 needed for qubes-desktop-linux-manager. I can see an appropriate package in the qubes-dom0-current-testing repository. Do I simply wait for that to be pushed to

[qubes-users] Re: Can I hope to run Qubes OS on Macbook Air 2013

On Tuesday, August 21, 2018 at 1:39:20 AM UTC+2, Jason Turner wrote: > On Wednesday, January 13, 2016 at 12:41:37 PM UTC-5, Eric Shelton wrote: > > On Wednesday, January 13, 2016 at 8:15:06 AM UTC-5, mariusz...@gmail.com > > wrote:Same as topic name. I am currently running mac os with heavy

[qubes-users] Which default settings have loose security? (InputMouse, VMShell on DispVMs, …)

These features have a high security cost, and I prefer to disable them. * Deny /etc/qubes-rpc/policy/qubes.InputMouse . Rationale: BadUSB can use the mouse to open a terminal and copy-paste existing characters to build a malicious command. * Deny /etc/qubes-rpc/policy/qubes.VMShell for

Re: [qubes-users] split gpg: multiple authorization windows popping, autoaccept not working

> I am having the same Issue with the Popups for Authentication between > VM's. I am running Qubes 4.0.1 fully updated and I have typed in this line > in /etc/qubes-rpc/policy/qubes.Gpg > > $work-email $work-gpg allow > > After this step Thunderbird doesnt see my gpg-key in work-gpg at all. It

Re: [qubes-users] Warning when following steps forSteps for Fedora 26 TemplateVM updates

> ** (gedit:813): WARNING **: 16:37:57.513: Set document metadata failed: > Setting attribute metadata: :gedit-position not supported > > I get this 3 times. When I go back to look, it appears to have saved the > changes. > GTK applications have a tendency to output a regular stream of fatal

Re: [qubes-users] Editing domains in virsh results in "Extra element os in interleave"

> > Well, the problem is that I wanted to add network to the booting options. > I want to PXE boot the VM. > qvm-prefs the-vm kernelopts 'your kernel options here' You might need to also edit the QEMU command-line if you're using HVM, e.g. in case PXE is not activated in the BIOS. It is fairly

Re: [qubes-users] Re: HCL - Librem 13 V3

for the librem13v2 -The coreboot was not up to date at the delivery (so i did it) -with QubesOS, i have some problems for connecting externals HDD, only one usb port accept it (no solutions for me now) -Coreboot don't reconize my encrypted TAILS key and have some problems with some others live

Re: [qubes-users] How secure is a VM if a user tries to tampers it?

On Friday, February 8, 2019 at 7:07:53 PM UTC-5, Chris Laprise wrote: > On 2/8/19 5:12 AM, Francesco Frassinelli wrote: > > > The issue you mention is more about trust in employees, the trust > > model, than about selected OS in usage. > > > > The problem is that there are cryptolockers,

Re: [qubes-users] How secure is a VM if a user tries to tampers it?

Feb 9, 2019, 3:41 AM by js...@bitmessage.ch: > brendan.h...@gmail.com > : > >> On Friday, February 8, 2019 at 10:24:17 AM UTC-5, Laszlo Zrubecz wrote: >> >>> This kind of total (enterprise) control was planned for qubes 4.x - >>> however I don't hear about real

[qubes-users] Re: Audio problem in Qubes 4

On Friday, February 8, 2019 at 2:07:38 PM UTC+3:30, Shahin Azad wrote: > Hi, > > After a fresh install on this device, I hear no sound from neither speakers > nor headphones. Pulse audio volume control (on dom0) has correctly selected > the audio card, and blue line indicators, already are

Re: [qubes-users] Editing domains in virsh results in "Extra element os in interleave"

søn. 10. feb. 2019 20.34 skrev Dupéron Georges : > I don't know if editing in virsh is supported. > > I use this to change settings from the command-line: > > qvm-prefs myvm vcpus 1 > Well, the problem is that I wanted to add network to the booting options. I want to PXE boot the VM. > Le jeu.