[qubes-users] Is it possible to PCI passthrough my only GPU temporary to a VM?

2019-10-05 Thread Guerlan 
I only have one GPU, which is an Intel UDH graphics. Obviously Qubes uses 
it to display graphics. However, I think it's theoretically possible to 
disable my GPU from dom0 and do a PCI passthrough to another VM, which will 
then appear as fullscreen (I will not be able to use Qubes meanwhile). Then 
when I need Qubes again I can simply reattach the GPU to dom0.

Is it really possible, and if so, could someone guide me into how to 
achieve this? 

I mainly want this because my laptop don't have a dedicated GPU and I'm 
developing an application which decodes video and sometimes I need to test 
GPU decoding. It'd be also fun to play some video games.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/260544e4-59af-4a9d-9622-3be63bc7b77b%40googlegroups.com.

Re: [qubes-users] how to emacs on dom0

2019-10-05 Thread Sake 
Le 2019-10-05 22:13, Andrew David Wong a écrit :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2019-10-05 9:53 AM, Sake wrote:
>> Hello,
>>
>> I am looking for setup emacs in dom0, especially with EXWM.
>>
> 
> You can install any program you like in dom0, but this is generally
> discouraged for security reasons. (A malicious program in dom0 could
> potentially take over the entire system.)

Yes, i understand than installing more packages in dom0 is not advised.
However, it seems there is not so many to install for being able to use
emacs as an efficient window manager.

>> I know I can setup it in a WM and then pass it manually to dom0;
>>
> 
> Why would you want to do this? What goal are you actually trying to
> achieve? (This sounds like an XY problem.)

EXWM emacs'package can act as a Windows Manager, I have already I3wm
installed (which is very appreciable, I had to say) but I wish to switch
to EXWM.
Surely i did not understand in detail all the security involved by
qubes-dom0-update and emacs packaging system.
For now all I imagine is using a dedicated VM with a dedicated template
for homebrewing my emacs dom0-config and hopefully restrain risks 

>> I wonder how to do it more smarter and secure?
>>
> 
> Use Emacs in an AppVM.
I dunno if hold this until qubes 5 ;p



> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> 
> -BEGIN PGP SIGNATURE-
> 
> iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl2ZFZgACgkQ203TvDlQ
> MDAdeBAAj/ogIuRdBfUL1togjNeBZATF0UJ8Fn90j0WKo7PZonydHGh/9TtCFcL+
> BmXuCoBOhuftWyWjwwsP8PSMTbT/p36aXVgQ3Bb75i/m//y8Ew6BsL/n92sXtrqs
> lvmWJtsgm/bvy9a1QnQf0jMVLFZ29T6i4Hkc0NZuuwODxfT0XjAt1EVnuOGhz4uZ
> xUioDo+E35Pc/UCuRbot0qDTLmoL3qffBQFU9ZQMztlYQdIwnWGVakwsVIrXNRW8
> oCYb5l7r4NxqBlVICVrb4/59n/Zsn0LJUTlmSfHOAkK/h2TTwjQ2Zrj4qtnEAV72
> /i6lNspqxwisc70GS+0iT9uuif150VxIljAVSaoJ6ahDSST0uhgfR7ZKqT+1JII5
> 50WriQKGmWOla6mF69FxF7pOHRxVD0vjnV6wH3EOUyozYIPwah5cjvNh3WmnYn+k
> h+dxSM28oGZ6bL1bZGOfFdo/GnGNB55g01i6DR9huFwRPtoT4AOaERS4dUGwzOrQ
> VMRjyPW9SG5zj0s6b9mssNtM8MrGl8H6CK7wMTgimbSHjwpxolA7UYsTPaElSCrl
> iYPPomFHotVardUA8i6/NueE3SjVvEwWUCfKSZAvlKVgX3zavPpIb1Wwx+xKKhNa
> fmJrx2sfdmMl416siz7NSjox+yIAeCPgypTXixEX27Up3u1RIOA=
> =KfwM
> -END PGP SIGNATURE-

-- 
<:3nn~~ 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/037afe61b715e24c987d8b92c8bf0d09%40riseup.net.

Re: [qubes-users] how to emacs on dom0

2019-10-05 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2019-10-05 9:53 AM, Sake wrote:
> Hello,
>
> I am looking for setup emacs in dom0, especially with EXWM.
>

You can install any program you like in dom0, but this is generally
discouraged for security reasons. (A malicious program in dom0 could
potentially take over the entire system.)

> I know I can setup it in a WM and then pass it manually to dom0;
>

Why would you want to do this? What goal are you actually trying to
achieve? (This sounds like an XY problem.)

> I wonder how to do it more smarter and secure?
>

Use Emacs in an AppVM.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl2ZFZgACgkQ203TvDlQ
MDAdeBAAj/ogIuRdBfUL1togjNeBZATF0UJ8Fn90j0WKo7PZonydHGh/9TtCFcL+
BmXuCoBOhuftWyWjwwsP8PSMTbT/p36aXVgQ3Bb75i/m//y8Ew6BsL/n92sXtrqs
lvmWJtsgm/bvy9a1QnQf0jMVLFZ29T6i4Hkc0NZuuwODxfT0XjAt1EVnuOGhz4uZ
xUioDo+E35Pc/UCuRbot0qDTLmoL3qffBQFU9ZQMztlYQdIwnWGVakwsVIrXNRW8
oCYb5l7r4NxqBlVICVrb4/59n/Zsn0LJUTlmSfHOAkK/h2TTwjQ2Zrj4qtnEAV72
/i6lNspqxwisc70GS+0iT9uuif150VxIljAVSaoJ6ahDSST0uhgfR7ZKqT+1JII5
50WriQKGmWOla6mF69FxF7pOHRxVD0vjnV6wH3EOUyozYIPwah5cjvNh3WmnYn+k
h+dxSM28oGZ6bL1bZGOfFdo/GnGNB55g01i6DR9huFwRPtoT4AOaERS4dUGwzOrQ
VMRjyPW9SG5zj0s6b9mssNtM8MrGl8H6CK7wMTgimbSHjwpxolA7UYsTPaElSCrl
iYPPomFHotVardUA8i6/NueE3SjVvEwWUCfKSZAvlKVgX3zavPpIb1Wwx+xKKhNa
fmJrx2sfdmMl416siz7NSjox+yIAeCPgypTXixEX27Up3u1RIOA=
=KfwM
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/31477b70-9fb8-11c5-8d9b-0d0ca800cb17%40qubes-os.org.

Re: [qubes-users] Should I Continue?

2019-10-05 Thread Chris Laprise 

On 10/5/19 12:10 PM, JimmyJames wrote:

Hello:

I want to install Qubues (for the first time) on a *LENOVO Thinkpad 
T430* 
. 
The hardware compatibility IOMMU column for that device says "no." The 
top of the page tells me a IOMMU is required for effective isolation of 
network VMs and PCI passthrough 
.""


Does this mean my hope of running Qubes is doomed on this device, and I 
shouldn't even try to continue?


Thank you very much.


It would surprise me if that report didn't suffer from some kind of 
error. Maybe the owner forgot to turn on the VT-d setting in the BIOS.


With a Thinkpad T430 its definitely worth trying to continue...its in 
one of the most Qubes-compatible product lines.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/15a2ad05-87d6-c541-1697-77114d89c492%40posteo.net.

Re: [qubes-users] Qubes on Dell Vostro 5581?

2019-10-05 Thread Tomáš Vondra 
On Friday, October 4, 2019 at 4:36:57 PM UTC+2, Claudia wrote:
>
> Tomáš Vondra: 
> > Hi, 
> > 
> > I'm still struggling with the suspend issue, unfortunately, and I'm 
> kinda 
> > stuck so I'd appreciate some ideas what to try. 
> > 
> > Everything else seems to be working, but during suspend the laptop gets 
> > stuck (black screen, but I can hear the fans still spinning). And then 
> it 
> > does not wake up, of couse. 
> > 
> > I've tried installing new kernel, as described on 
> > https://www.qubes-os.org/doc/software-update-dom0/ and I've even 
> switched 
> > to qubes-dom0-current-testing, but neither of that helped :-( 
> > 
> > I'm now on kernel 5.2.16, which is newer than what the Fedora/Ubuntu 
> > installs used (and suspend works fine with them), so there has to be 
> > something else, specific to qubes. But I have no idea what, and I'm not 
> > sure how to debug suspend. 
> > 
> > Any ideas? 
> > 
> > (I've been trying to build Qubes 4.1 as described on 
> > https://www.qubes-os.org/doc/qubes-iso-building/, but I keep running 
> into 
> > various issues with that too, so I haven't been able to actually test 
> it.) 
> > 
> > thanks 
> > 
>
> I have the exact same suspend/resume problem on an Inspiron 5975, and 
> another user here recently had the same issue with a different laptop. 
> So it's pretty common I guess. 
>
>
OK. Good to know I'm not the only one affected by this.
 

> Qubes is stuck on F25 right now, and the hardware is too new for the 
> software. Same as you, I had it working under F30 with an older kernel, 
> but not under Qubes (F25) with a newer kernel, so it appears that maybe 
> userland has something to do with it too, not just the kernel. 
>
>
Yeah, that's my impression as well.
 

> I haven't been able to find any general remedy for this. I remember 
> reading somewhere that upgrading dom0 to F30 is more or less impossible. 
> You might be able to narrow down the userland components and upgrade 
> them individually, but I have no idea how to go about that. If you find 
> anything out, please let me know! 
>
>
Not sure, but I suspect running a F25 with some random subset of packages 
randomly updated to current version is going to be a major pita, or perhaps 
even impossible (because of dependencies with other packages). I'd much 
probably prefer running a pre-release version of Qubes 4.1 than such a 
hybrid.

 

> There is a pre-release 4.1 iso available. 
> https://openqa.qubes-os.org/tests/3021 - this is a kind of old link so 
> newer builds may be available. I could not get it to install on my 
> machine so I couldn't test suspend on it, but it might work for you. 
>
>
Thanks for the link. I gave it a try and there seems to be some improvement 
compared - the installer now works out of the box, without having to tweak 
it like I had to with Qubes 4.0. Unfortunately, the suspend/resume issue is 
still there, although maybe it actually gets to sleep this time (but still 
does not wake up).

I've tried looking for a newer build (the one you posted is from July, so a 
couple of months ol), but I haven't found anything. I've been trying to 
build ISO locally over the past two weeks, but I keep running into issues 
so I haven't been successful in that.
 
thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/62421622-606f-4baa-bc4f-12c41be49762%40googlegroups.com.

[qubes-users] Re: Should I Continue?

2019-10-05 Thread Tomáš Vondra 


On Saturday, October 5, 2019 at 6:10:54 PM UTC+2, JimmyJames wrote:
>
> Hello:
>
> I want to install Qubues (for the first time) on a *LENOVO Thinkpad T430* 
> .
>  
> The hardware compatibility IOMMU column for that device says "no." The top 
> of the page tells me a IOMMU is required for effective isolation of network 
> VMs and PCI passthrough .""
>
> Does this mean my hope of running Qubes is doomed on this device, and I 
> shouldn't even try to continue?
>
>
I'm no security expert, but I don't think that's what it means. AFAIK 
without iommu it's impossible to prevent some types of attack, but there's 
still plenty of other attacks that Qubes prevents.

regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1cee13f8-b66d-4033-a28c-75ed70df6f3a%40googlegroups.com.

[qubes-users] Should I Continue?

2019-10-05 Thread JimmyJames 
Hello:

I want to install Qubues (for the first time) on a *LENOVO Thinkpad T430* 
.
 
The hardware compatibility IOMMU column for that device says "no." The top 
of the page tells me a IOMMU is required for effective isolation of network 
VMs and PCI passthrough .""

Does this mean my hope of running Qubes is doomed on this device, and I 
shouldn't even try to continue?

Thank you very much.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/db71f6b2-5204-4d4c-adf7-5a97ce40debd%40googlegroups.com.

[qubes-users] (No Subject)

2019-10-05 Thread 'James B' via qubes-users 
-James

Sent with [ProtonMail](https://protonmail.com) Secure Email.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/GZ3I81jkDeFYcHM6Sg5NtTNptY3an5smCcyIydAbqZwtLR-QMjqX6DU1jLOF5R2NEusq8_591qiFOZH_ZJs4SSBA3QLeaxdvSPXQX9uy63c%3D%40protonmail.com.

Re: [qubes-users] persistance of change by iptables for portforwarding

2019-10-05 Thread Chris Laprise 

On 10/5/19 10:35 AM, lik...@gmx.de wrote:

Hi!

I found a script to ease the setup of port forwarding, which uses iptables:
https://gist.github.com/Joeviocoe/6c4dc0c283f6d6c5b1a3f5af8793292b

Can anyone assess how persistant these changes are? I've noticed that 
internal qube IPs as well IPs in my private networks change, so that I'm 
not sure whether the changes applied by the script above will

- survive a reboot of qubes?
- survive a reboot of netvm?
- survive a rebbot of the AppVm which is used as routing target?

Thxs in advance! Pete.



Depending on the type of VM you probably want to modify one of the 
following:


/rw/config/qubes-ip-change-hook
/rw/config/qubes-firewall.d
/rw/config/qubes-firewall-user-script

The qubes-firewall.d is a directory where you can add multiple scripts.

See https://www.qubes-os.org/doc/config-files/

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8e964d56-be19-dfbd-2a84-9aee9a00d8fc%40posteo.net.

[qubes-users] how to emacs on dom0

2019-10-05 Thread Sake 
Hello,

I am looking for setup emacs in dom0, especially with EXWM.

I know I can setup it in a WM and then pass it manually to dom0;

I wonder how to do it more smarter and secure?

-- 
<:3nn~~ 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0e0f4ae91d497703c4ccf9301dfd1bda%40riseup.net.

[qubes-users] persistance of change by iptables for portforwarding

2019-10-05 Thread liked2 

Hi!

I found a script to ease the setup of port forwarding, which uses iptables:
https://gist.github.com/Joeviocoe/6c4dc0c283f6d6c5b1a3f5af8793292b

Can anyone assess how persistant these changes are? I've noticed that internal 
qube IPs as well IPs in my private networks change, so that I'm not sure 
whether the changes applied by the script above will
- survive a reboot of qubes?
- survive a reboot of netvm?
- survive a rebbot of the AppVm which is used as routing target?

Thxs in advance! Pete.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aacc7e23-d7a7-011b-f1c0-677d0abf7a09%40gmx.de.