Re: [qubes-users] Installation problem on Dell Inspiron R15 laptop

2023-08-02 Thread Tobias Killer 

Am 01.08.23 um 16:29 schrieb Omri:

Hello group,

  


I'm trying for the last few days to install Qubes OS (no matter what
version) on my old laptop.

The laptop is:


- Dell Inspiron R15 (bought around 2013)
- CPU – Intel Core i7 - 3517U
   - VT-d ; VT-x ; EPT - included, according to Intel's website (
   
https://www.intel.com/content/www/us/en/products/sku/65714/intel-core-i73517u-processor-4m-cache-up-to-3-00-ghz/specifications.html
   (
   - On the BIOS though, there's no activation for any of these features
   specifically, but it has virtualization enable/unable in general.
- RAM – 8 GB
- Storage – 1 TB

  


It currently runs Windows 10 with no apparent problems other than slow
speed.

When I tried to install Qubes, at first it looked ok but quickly becomes
gibberish.

[image: 3. first few lines (sorry the camera lost focus).png] img 1 - first
few lines. the camera lost focus (sorry) but everything (4 lines) is
properly readable and makes sense.

[image: 4. text in dotted unreadable characters.png] img 2 - text appears
in dotted characters of no language and doesn't make sense (it's not even
Braille). Also, text cursor (underscore) appears oddly twice.

[image: 5. more of this text. it is now accepts input.png] img 3 - more of
this text... At the end it allows keyboard input but I can't know what
input to enter. If pressing "Enter" key, it reshows the last line.

* Between each image there's an empty black screen for about half a second.

** Couldn't attache images\videos


It than accepts input, but I can't know what input to enter.

I tried numerous versions, almost all of them; some did better, some less.
Version 4.0 looked better than all the others and this is what is shown in
the video.

Other versions asked me first if I want to "test and install", "install"
and so on, the normal menu.


I tried to look in the documentation and in forums. In addition, I've asked
in some forums – none of them helped.

I'm new to Qubes so it's possible my answer is out there but I didn't
notice.

  


Any tip, lead or advice would be much appreciated.

  


Thanks in advance,

Omri



Hello,

Is your installation medium fine? Maybe, you should check if there is no 
difference between the image on the installation medium and the original 
ISO image file. Do you use Linux? If yes, see


https://github.com/QubesOS/qubes-issues/issues/7030#issuecomment-1042944011

(Do not forget to replace `/dev/sda` with the actual installation medium 
and use the correct size and ISO image.)


If you need more help on this, don't hesitate to ask!

Best regards,
Tobias Killer

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/854c0d4e-52e2-2f8e-281c-3b49eb047d33%40posteo.de.

[qubes-users] Update for QSB-090: Zenbleed (CVE-2023-20593, XSA-433)

2023-08-02 Thread Andrew David Wong 
Dear Qubes Community,

We have updated [Qubes Security Bulletin 090: Zenbleed (CVE-2023-20593, 
XSA-433)](https://github.com/QubesOS/qubes-secpack/blob/main/QSBs/qsb-090-2023.txt).
 The text of this updated QSB (including a changelog) and its accompanying 
cryptographic signatures are reproduced below. For an explanation of this 
announcement and instructions for authenticating this QSB, please see the end 
of this announcement.

## Qubes Security Bulletin 090

```

 ---===[ Qubes Security Bulletin 090 ]===---

  2023-07-24

 Zenbleed (CVE-2023-20593, XSA-433)

Changelog
--

2023-07-24: Original QSB published
2023-08-01: Updated Xen packages with upstream bug fix (XSA-433 v3 [3])

User action required
-

Users must install the following specific packages in order to address
the issues discussed in this bulletin:

  For Qubes 4.1, in dom0:
  - linux-firmware 20230625-146
  - Xen packages 4.14.5-22

  For Qubes 4.2, in dom0:
  - linux-firmware 20230625-147
  - Xen packages 4.17.1-4

These packages will migrate from the security-testing repository to the
current (stable) repository over the next two weeks after being tested
by the community. [1] Once available, the packages are to be installed
via the Qubes Update tool or its command-line equivalents. [2]

Dom0 must be restarted afterward in order for the updates to take
effect.

If you use Anti Evil Maid, you will need to reseal your secret
passphrase to new PCR values, as PCR18+19 will change due to the new
Xen and initramfs binaries.

Summary


On 2023-07-24, the Xen Project published XSA-433, "x86/AMD: Zenbleed"
[3]:
| Researchers at Google have discovered Zenbleed, a hardware bug causing
| corruption of the vector registers.
|
| When a VZEROUPPER instruction is discarded as part of a bad transient
| execution path, its effect on internal tracking are not unwound
| correctly.  This manifests as the wrong micro-architectural state
| becoming architectural, and corrupting the vector registers.
|
| Note: While this malfunction is related to speculative execution, this
|   is not a speculative sidechannel vulnerability.
|
| The corruption is not random.  It happens to be stale values from the
| physical vector register file, a structure competitively shared between
| sibling threads.  Therefore, an attacker can directly access data from
| the sibling thread, or from a more privileged context.
|
| For more details, see:
|   https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html
|
| 
https://github.com/google/security-research/security/advisories/GHSA-v6wh-rxpg-cmm8


Impact
---

As explained in XSA-433, this vulnerability is specific to the AMD Zen 2
microarchitecture, and AMD does not believe that other
microarchitectures are affected. Exploiting this vulnerability would
allow an attacker to read data from different contexts on the same core.
Examples of such data include key material, ciphertext and plaintext
from AES-NI operations, and the contents of REP-MOVS instructions, which
are commonly used to implement `memcpy()`.

In order to exploit this vulnerability, an attacker must be capable of
executing code at any privilege level in any qube, e.g., JavaScript in a
web browser. Moreover, the code to reliably exploit this vulnerability
is publicly available. Accordingly, there is a high risk of this
vulnerability being exploited in practice.

Credits


Tavis Ormandy of Google Project Zero.

References
---

[1] https://www.qubes-os.org/doc/testing/
[2] https://www.qubes-os.org/doc/how-to-update/
[3] https://xenbits.xen.org/xsa/advisory-433.html

--
The Qubes Security Team
https://www.qubes-os.org/security/

```

*Source*: 


## [Marek 
Marczykowski-Górecki](https://www.qubes-os.org/team/#marek-marczykowski-górecki)'s
 PGP signature

```
-BEGIN PGP SIGNATURE-

iQIzBAABCAAdFiEELRdx/k12ftx2sIn61lWk8hgw4GoFAmTJuBUACgkQ1lWk8hgw
4Grm8g/8D4eC/PRmV2Kl5CSDZ4XPsM0UeV0UF6GhlSNXbMwkx2kzNkTJpi9ftJcz
cg/3y5z74aiVUFrHZmzya+PN+eza+Nh4AJdutuTwKs1TiUjiJ/hV0zt0mE+oUBa0
baQPbkFYciI7sv8q5TD5+P52ASgAd7IP0SAVp34sPPXZF1Mkw+Z4KcKR4Ua0pdzm
/WjrNWrDWPUWNT3SAZ9qaPdzMjtmHBYv1746XlPNh4kTkWCYI6ppX2AFSs72w7H4
DVylnA49mVOza2+ZRw518+wSJWoMFnl7QStVqqSPeQ5Ycf/ZZKIQmZq569tq0cAE
aYxA+eOTBG4u7sKBAWD7sMtmiJAmPm3g2NBjc27RdXawHlP1tgZeHXByfyRTAgBQ
MhKagCPQe8QUKxjX22G2fbhqf8V9Efkej7GbvJFRACZDtl7p+HJlC5MaYDl3X6zJ
iqMPjkLvdWz6dOGNy1djnF7rjaN8CsJHVbldSAsir6GWqBdjycRjzA4O3Z3ZuaRT
UdVuGa+Ec8M8x44snBv67AhTDT8FycFNjIw/3kak69+7Kc7o/mTUOPJ4jjvNqq/M
ku/a5m8RWPr9+Ysz2HOiqVvZqQ111M6nYCIxqJuEuyV5kqQMRwhl6vwbjjVZjTva
85KxOSQXPJgEz8jMTOPYBFZqLxOqf1mF4nuS0llMYkmlB3kgnSE=
=gT88
-END PGP SIGNATURE-
```

*Source*: 


## [Simon Gaiser (aka 
HW42)](https://www.qubes-os.org/team/#simon-gaiser-aka-hw42)'s PGP