Re: [qubes-users] Help sending multiple files using qrexec
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I should have mentioned that this was part of a bigger script, using qvm-copy would have required me to also pass along the qube name, so I could then cd to the correct QubesIncoming directory. Keeping it simple I went with tar: Script one on the client: tar -c $@ | cat Script two on the server: cat | tar -x Thanks for the help! > Can a hacker use the same script to transfer files from a victims pc remotely > ? > And if so, how easy is it ? This can't be used remotely, the server I mention above is another virtual machine in the same Qubes system. This is just sending files between two qubes -BEGIN PGP SIGNATURE- iIgEARMKADAWIQRFNnsoPo7HH0XEMXc88cBGMbAIWAUCXehqqxIccHJhZ29AdHV0 YW5vdGEuZGUACgkQPPHARjGwCFi0VwD/WbakvtO9963x9VgVn6Is1Rs2TdNml0Mk dNVQ/FJccIsA/isQ3sCnd0cD7TKgYVKFSkcw4gdqOkEVP4k6PiUuaoA1 =L1d7 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/LvIsq6O--3-1%40tutanota.de.
[qubes-users] Re: Help regarding IOMMU and HVM
The log file you provided as xl_log.txt is actually the Xen hypervisor log. Yes, there are some warnings - which show that there are some bugs in the BIOS, but overall, the virtualization and all the required features needed for IOMMU are there and enabled. So this is strange. Maybe - and I just now noticed - you use kernel version 5.x from kernel latest in sys-usb - that is still a development version, might not work. I'd switch that back to the stable 4.19.x version in the VM settings for sys-usb. Do you have logs for the stubdoms? (eg. dom0: /var/log/xen/console/guest-sys-usb-dm.log or similar log for sys-net). It might show what is wrong, as the stuboms provide the device model (emulated pci devices) needed for HVMs. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c4720476-d9bd-47bb-a2d2-aa741fd763ec%40googlegroups.com.
[qubes-users] HCL - Lenovo 81XG, Flex 14 inch, Model 81XG000EUS
*Installation* Installed to hard drive. Secure boot was disabled. Legacy boot mode can be enabled, but EUFI works fine; no troubleshooting was required. Trackpad/touchpad didn't work during installation. I used a Logitech M510 USB mouse. To make the hard drive visible during installation, in the BIOS, change the Storage Controller from RST to AHCI. USB Qubes not configurable from initial configuration menu. The keyboard could be a USB keyboard. Or maybe the USB Mouse prevented me from configuring the USB Qubes. On start-up and shut-down, I get > [FAILED] Failed to start Load Kernel Modules. > See 'systemctl status systemd-modules-load.service' for details. > *Works without further troubleshooting* Lock screen *Requires Troubleshooting* Wifi Trackpad/touchpad Suspend Touchscreen HDMI external display Troubleshooting steps may be similar to those listed at https://groups.google.com/forum/#!msg/qubes-users/zCLYDy1bRKw/E58GDOgRBAAJ *Untested* Fingerprint scanner Bluetooth Camera Ethernet Microphone (although it shows up in devices with other USB drives) *Thoughts* There appears to be no TPM. Built-in keyboard and USB mouse are a bit laggy. This model uses a 10th gen i5-10210U processor; a newer model. This was the cheapest 16gb ram laptop available at Costco.com at this time at $721 after tax and shipping. Making newer, cheaper models compatible with Qubes could be a way to bring more new users to the OS. *Purchase Link:* https://www.costco.com/lenovo-flex-14-2-in-1-touchscreen-laptop---10th-gen-intel-core-i5-10210u---1080p.product.100517162.html -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b68621d3-a579-4473-b55a-d1e6f73f9abb%40googlegroups.com. Qubes-HCL-LENOVO-81XG-20191204-102948.yml Description: Binary data
Re: [qubes-users] How do I get Started?
By default network cards are assigned to sys-net and are not visible in dom0 (as far as I know). Open the Qubes Manager -> sys-net -> VM settings -> Devices tab, and make sure your network card is assigned to it. So you need to run lsusb or lspci from within sys-net, not dom0. You should also run `iw list`, `iwconfig`, and/or `ifconfig` in sys-net. Let me clarify: PCI network cards are assigned to sys-net and not visible in dom0 by default, regardless of USB Qube. Other PCI devices remain in dom0. I can "see" they exist by typing lspci in dom0 (including network cards, and the usb controller). My understanding is that while dom0 can see them, they cannot see dom0 nor other qubes than the one they are attached to (and dom0 will not talk to them unless a game-over event occurred). If using a USB Qube: all USB devices are assigned to sys-usb and not visible in dom0. I assume USB network cards are automatically passed thru to sys-net from sys-usb. I never checked that. Maybe you need to pass them over by hand. That is what I would expect at least. You also have the option of combining sys-net and sys-usb into the same Qube so no passthru is necessary. (Or is that mandatory when using USB network cards and a USB Qube?) USB is one attack surface, network another. I would suggest to keep them apart. In fact, a USB qube does not need any networking at all (not even internet access). Imagine its becomes victim of a "bad-usb" then it still cannot 'break out' and phone home, for example. Actually my sys-usb is halted by default unless I really need it (consequence: if you plug any usb device, nothing happens. just nothing.). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0bc7459b-6110-4b93-b3d7-a8cd9ed16cf9%40web.de.
[qubes-users] Minor problem when changing wireless networks Qubes 4.0.2.rc2
I'm using a VPN, and constructed VMs for them using the Mullvad instructions. I have two vpn domains, mullvadus and mullvaddenmark, both of which are in turn attached to the default sys-firewall. My "untrusted" domain is attached to the vpn going to Denmark, and my "work" domain is attached to the one going to the US. It works great. Except... If I disconnect from one wireless network and attach to another, nothing gets updated in the vpn domains, and my "untrusted" and "work" domains lose connection. In order to get things working I either have to reboot my box, or "kill" the mullvad vpn domains and the sys-firewall domain ( can't shut them down normally because I don't want to kill what I'm working on in the "work" domain), then bring them back up again -- then things work fine. So, it's not the end of the world -- it's a 30 second workaround. But... is there some configuration thing that I'm not doing right? Thanks, billo -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/27ce7d9f-f115-4e32-99f8-047f639d0560%40googlegroups.com.
[qubes-users] Re: How do I get Started?
I'm a relatively new user, too. I played with Qubes for a month or so a year or two ago, installing it on an external hard drive for a test run. It was too slow loading for me. I got a new laptop and put it on my SSD drive a month ago, and it's been working great. I had the same issue with a second display. Here's what worked for me with an HP laptop. I plugged in the second display, then went up to the menu in the left side of the upper panel in the Xfce desktop, clicked on System tools -> Display and it was there. I used that tool to arrange things, and it worked fine. Since then, it's recognized whenever I plug it into the hdmi port, and a little requestor comes up asking me how I want to organize the displays. So, for me, at least, I had to do it using the display tool once, and then it worked fine. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d0e036b0-8227-4223-af91-262259476886%40googlegroups.com.
Re: [qubes-users] How do I get Started?
Claudia: By default network cards are assigned to sys-net and are not visible in dom0 (as far as I know). Open the Qubes Manager -> sys-net -> VM settings -> Devices tab, and make sure your network card is assigned to it. So you need to run lsusb or lspci from within sys-net, not dom0. You should also run `iw list`, `iwconfig`, and/or `ifconfig` in sys-net. Let me clarify: PCI network cards are assigned to sys-net and not visible in dom0 by default, regardless of USB Qube. Other PCI devices remain in dom0. If using a USB Qube: all USB devices are assigned to sys-usb and not visible in dom0. I assume USB network cards are automatically passed thru to sys-net from sys-usb. You also have the option of combining sys-net and sys-usb into the same Qube so no passthru is necessary. (Or is that mandatory when using USB network cards and a USB Qube?) If not using a USB Qube: all USB devices live in dom0, and USB network cards are passed thru to sys-net the same way they would be from sys-usb if it were present. Therefore, USB network cards should be visible in dom0 lsusb, but not dom0 ifconfig, and they should be visible in sys-net ifconfig but not sys-net lsusb. I think, at least. Can anyone else verify if this is correct? - This free account was provided by VFEmail.net - report spam to ab...@vfemail.net ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1e625031-af5d-63f0-6270-56c8ffafdea1%40vfemail.net.
Re: [qubes-users] How do I get Started?
Qubes User: Thank you for your help. Happy to do what I can. First, if you can, please generate an HCL report on the machine and send it to the mailing list. This will tell us some basic info about your machine so we have a better idea what we're troubleshooting. (It also helps the Qubes developers improve compatibility.) Here's how: https://www.qubes-os.org/doc/hcl/ When I click the applet, I see: Ethernet Network device not managed VPN Connections > I don't see my WiFi networks. When I launch network manager in sys-net, I tried to manually input the information for my WiFi (with the SSID and WPA2/Personal), but it doesn't connect after. When I run "lsusb" in the dom0 terminal, I get: Realtek Semiconductor Corp VIA Labs, Inc. Linux Foundation 3.0 root hub blank Chicony Electronics Co., Ltd VIA Lbs, Inc. Logitech, Inc. Unifying Receiver (for my usb mouse) Terminus Technology Inc. VIA Labs, Inc. Intel Corp. Linux Foundation 2.0 root hub None of these are my network cards, right? By default network cards are assigned to sys-net and are not visible in dom0 (as far as I know). Open the Qubes Manager -> sys-net -> VM settings -> Devices tab, and make sure your network card is assigned to it. So you need to run lsusb or lspci from within sys-net, not dom0. You should also run `iw list`, `iwconfig`, and/or `ifconfig` in sys-net. Off the top of my head, the realtek device could be a wireless network adapter, wired ethernet adapter, or soundcard. There are several others in that list I don't know what they are. Use `lsusb -v` to show more information including the device class. If you still can't find it, next step would probably be to post the output of `journalctl -k -b` from both dom0 and sys-net. Also, as another user mentioned, open the **template** for sys-net (probably fedora-29, or such -- look in the template column of sys-net in the Qubes Manager) and make sure your wireless card firmware is installed. Don't attempt to install it in sys-net directly, because it will be lost on reboot. Some info about wireless firmware: https://fedoraproject.org/wiki/Firmware https://wiki.debian.org/WiFi#USB_Devices Info about how templates work in Qubes, if you're not familiar: https://www.qubes-os.org/doc/templates/ https://www.qubes-os.org/doc/software-update-domu 2. How do I use an external display with HDMI? (just plugging it in doesn't work for me) What do you see when you plug it in? "No signal"? Blank screen? You might have to do some configuration in XFCE. Look under system tools for monitor/screen settings. Otherwise, you could try installing KDE. https://www.qubes-os.org/doc/kde/ Note that a lot of hardware features don't always work in Qubes. HDMI is not tested very often by Qubes users, so I don't know if HDMI usually works or not. Does it work when running a Fedora 25 live CD? Did you have it working on this machine on any other operating systems? When I plug in my HDMI, nothing happens. On Windows, the external display works when I plug it in. I can try running Fedora on a live usb to see what happens. Let us know if it works in Fedora, preferably Fedora 25 as that's what Qubes 4.0.x is based on. If it doesn't work in F25, try it in F31. You may want to try each of those in the XFCE flavor as well (https://spins.fedoraproject.org/xfce/download/index.html), because Qubes uses XFCE. You could also try a newer dom0 kernel. https://www.qubes-os.org/doc/software-update-dom0/#kernel-upgrade Also, just wanted to add, it would be helpful for us to know what GPU you're using. 3. How do I reduce the lag on my USB mouse? I'm afraid I don't know much about this. Are you using dom0 or sys-usb? Is anything else laggy? Does the touchpad (if any) work alright? You can try temporarily disabling sys-usb so devices are attached to dom0. See if it works any better that way. https://www.qubes-os.org/doc/usb-qubes/#removing-a-usb-qube I don't think I have usb-qubes enabled. I wasn't able to enable them after installation, maybe because I have a USB keyboard. However, my touchpad/trackpad doesn't work. What can I do about that? That I'm also not real sure about. It's been a while since I've had to troubleshoot a touchpad. Typically they are USB devices, I think. Does it show up in dom0 lsusb? Do you see anything in `journalctl -k -b | grep -i input`? Do you know what touchpad you have (e.g. Synaptics, ALPS, Elantec)? Here are some basic, non-Qubes tips to start with. Follow these and let us know what you get. https://wiki.ubuntu.com/DebuggingTouchpadDetection Also, once again, boot a Fedora live CD and make sure the touchpad works there. Try 25 first, and if it doesn't work try 31. This will help narrow it down. You can also try a newer kernel, as mentioned above. - This free account was provided by VFEmail.net - report spam to ab...@vfemail.net ONLY AT VFEmail! - Use our Metadata Mitigator to
[qubes-users] Re: Help regarding IOMMU and HVM
Hi. I tried everything you said (in both sys-usb and sys-net). I even tried to not assign any pass through devices and I still get the same output in /var/log/xen/console/guest-sys-net.log. But not assigning any device, or giving all devices strictreset as you mention gives me this output in /var/log/libvirt/libxl/libxl-driver.log: libxl_linux.c:155:libxl_loopdev_cleanup: unable to release device /dev/loop0: No such device or address I guess there are some errors in deeper level or my installation/BIOS is just bugged with IOMMU. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/11f7d05f-509f-4e2d-b4a2-6e533d22d393%40googlegroups.com.
[qubes-users] Re: Help regarding IOMMU and HVM
The libxl-driver.log shows symptoms, when indeed the USB device cannot be
reseted (FLR functionality missing).
As I wrote, you can disable strictreset for HVM passed through devices:
- go for the "Qube Settings" of one of the HVMs (sys-usb), where the USB
devices (PCI: 00:10.0, 00:10.1, 00:12.0, 00:13.0 in your case) are passed
through
- under tab "Devices", you should see in the right side box ("Selected")
all the USB device I noted above
- there is a horizontal bar in the bottom "Configure Strict Reset for PCI
Devices" --> push this, then a selection box comes up
- make sure you highlighted all visible devices by clicking on each
- then OK --> (Apply) --> OK
This should disable Strict Reset, and - if no other problems are there -
the HVM should start
One note: I also have and AMD based PC (laptop). For me, not all USB
devices should be passed through to sys-usb, because some of the devices
(eg. camera, wifi-card usb BT module and somehow the internal keyboard) are
internally connected to an USB port, and passing those through sys-usb qube
results sometimes in weird problems like not having WIFI or not being able
to type etc. So I only pass through one USB device, which I know don't
have any internal connections.
Lastly, you might need to experiment, which devices and ports would work
for you (passed through to eg. sys-usb), but make sure, that PCI devices
with multiple functions (00:10.0 and 00:10.1) are "moving" together either
way.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/a7da7171-a225-4be4-b994-f5bfe8f56c68%40googlegroups.com.
Re: [qubes-users] Help sending multiple files using qrexec
Can a hacker use the same script to transfer files from a victims pc remotely ? And if so, how easy is it ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2e7faba4-3be4-42dc-9b00-8121041f29f4%40googlegroups.com.
Re: [qubes-users] Help sending multiple files using qrexec
This successfully sends the first file, but not the second, can anyone help with this or should I be using qvm-copy? I don't say what you should, or should not, but what I think is more easy: recall that qvm-copy or qvm-move take certainly multiple files. The question is more intriguing if the list of files is produced by a find command, or a for loop in bash. Then you don't want to click each time on the "target qube" window that dom0 will present. In such a case, to avoid loosing time, I would simply write the list of all files in a small file (no newlines, just blanks) and then use qvm-copy command on that list once. Or you through everything in a non-comressed tar file and push that one over. Not elegant, but fast & easy. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0d5cd631-bb53-ab66-31dc-142ce3a1d5b5%40web.de.
[qubes-users] Re: Help sending multiple files using qrexec
qvm-copy. if this done often between trusted qubes, you can pre approve the file copy in /etc/qubes-rpc/policy/qubes.Filecopy with a line like srcvm destvm allow On Tuesday, December 3, 2019 at 5:40:29 PM UTC-8, pr...@tutanota.de wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Hi, > > I am trying to send mutliple files using qrexec by catting the files using > the > following scripts: > > Script one on the client: > > echo "$#" > while [ $1 ]; do > echo $(wc -l $1) > cat $1 > shift > done > > > Script two on the server: > > read NUMFILES > READFILES=0 > while [ $READFILES -lt $NUMFILES ]; do > read CATFILESIZE CATFILENAME > head -n $CATFILESIZE > "$CATFILENAME" > ((READFILES++)) > done > > > This successfully sends the first file, but not the second, can anyone help > with this or should I be using qvm-copy? > > Thanks for reading > -BEGIN PGP SIGNATURE- > > iIgEARMKADAWIQRFNnsoPo7HH0XEMXc88cBGMbAIWAUCXecNwhIccHJhZ29AdHV0 > YW5vdGEuZGUACgkQPPHARjGwCFiw0gD/TPKyOcTLN94aJYJd8oaf+4ciHy1jKZ9W > XBlIif0fJHMA/jy3LS32Ed21PcbACGz0RZIIGYGFoSptsyLQM5SH9fNd > =F4IQ > -END PGP SIGNATURE- > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/02d539f4-5821-4b17-8c28-19105b7e2774%40googlegroups.com.
Re: [qubes-users] How do I get Started?
When I click the applet, I see: Ethernet Network device not managed VPN Connections > I don't see my WiFi networks. When I launch network manager in sys-net, I tried to manually input the information for my WiFi (with the SSID and WPA2/Personal), but it doesn't connect after. Try lspci in dom0 and look for your wireless adapter (try "lspci |grep -i wireless" if you are lazy). Then go in the sys-net template (! not sys-net itself) and verify the firmware for your hardware is installed. Then reboot sys-net and have a look again. Also check that the hardware is accessible to sys-net via the "devices" tab of the qubes settings. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2f734aa6-9019-9359-18f0-3dae118629b1%40web.de.
[qubes-users] Re: How do I get Started?
On Monday, December 2, 2019 at 8:43:51 PM UTC-8, Qubes User wrote: > > I just installed Qubes on a new laptop. I'm trying to do some basic things > not listed on https://www.qubes-os.org/getting-started/ > > 1. How do I get connected to my wi-fi? > 2. How do I use an external display with HDMI? (just plugging it in > doesn't work for me) > 3. How do I reduce the lag on my USB mouse? > What laptop do you have? what mouse do you have? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7cb3b1fd-69d9-4266-b81c-abad242d79b9%40googlegroups.com.
