Re: [qubes-users] Re: Is Fedora Really A Good Choice For QubeOS?
The LUKS issue was all about getting a root shell as opposed to being able to defeat LUKS or get the keys or decrypt the data. I know this was a bit misreported in the press. A bigger issue is if /boot is not encrypted. And with modern GRUB there is no need for it not to be. Someone could then use this shell to put a keylogger in /boot process then they could use this vulnerability to do some damage. But the same is true from booting from removable custom media to access the encrypted partitions. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ad049ceb-dacf-93d5-cc0c-daffb69e2a3c%40gmsl.co.uk. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Synaptic touchpad not working through usbVM
On 28/12/2016 21:33, Marek Marczykowski-Górecki wrote: > Interesting, do you have that touchpad really as a USB device? If so, > it's probably not supported by InputMouse service - probably we need > InputTouchpad, or sth like this. That's a good question. It's an Acer laptop. The usbVM shows it in lsusb as a USB device but it's not listed in /dev/input. I'll install that tool and report back here with the results. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3df36252-e897-a6aa-7878-b3cc808e7afe%40gmsl.co.uk. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Dom0 (System tools) shortcuts suddenly disappeared
On 03/01/2017 04:35, Otto Kratik wrote: > I am using Qubes R3.2. Suddenly almost all of the KDE shortcuts > usually found under applications-> system tools have completely > vanished. I have no konsole, file manager, system settings etc. Only > four remain: I can't help but I had this happen once using Xfce as the desktop. All my 'start menu' disappeared bar a few. I re-installed. Possibly a bug then in this case? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/94a635b3-9e5f-9f12-97e8-b311c90e19d8%40gmsl.co.uk. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Windows HVM keyboard weirdness
Right shift key doesn't seem to work in windows HVM but is fine in Linux Vms. Weird. Ideas? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/72cede73-2a45-5f2c-c1d5-3579032e3a5d%40gmsl.co.uk. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Issues after switching to pvgrub2 following Wiki instructions and using Template fedora-23
After switching to pvgrub2 and distro kernel within VM I'm seeing alerts from time to time about dmroot crashing (something like 'sorry, dmroot seems to have crashed'). Also to install kernel-devel I had to use allowerasing to install it as package 1000:4.4.31-11.pvops.qubes was blocking it. Wasn't sure what to do here. Now I get constant Update alerts for the template VM to replace the kernel-devel I installed. Not sure if this is related (can't see why, unless an important kernel module is built on boot by Qubes/) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/96ddd0f5-da74-562f-a77e-264ebd7b2558%40gmsl.co.uk. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to use bonjour (mDNS/DNS-SD) in a Qube?
Oh forgot to add. I did try setting the NetVM for the Windows HVM to sys-net to no avail. Thought that might give a non-NAT'd direct connection. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6d70a1ea-90c8-fee7-29a2-36b93f91c055%40gmsl.co.uk. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to use bonjour (mDNS/DNS-SD) in a Qube?
So I have iTunes in a Qube -- the best place for it IMHO ;-). I'd like to be able to use AirPlay. Since I'm not bridged and the AirPlay protocol uses mDNS/DNS-SD I need a way for the multicast to work from a Qube without violating any of the Qubes careful network design. e.g. One idea is to have my Windows HVM have a direct non NAT'd connection. But I'm not sure how to do this and if it's even desirable/sensible from an isolation PoV. Another idea is to install/enable something like avahi in fedora23 template and then on each network devices set it to reflect. I've not used avahi before but a) it's in fedora and even seems to be in the default template though disabled and b) seems like it's a one liner in its config to get cross subnet multicast working. But I'm not sure what the consequences of that are. Another service enabled in the template just to satisfy a single Qubes requirements does seem to be a bit much. Perhaps a third option is to create dedicated network infrastructure for the Windows HVM to use (sys-net-avahi sys-firewall-avahi). I thought this might be a (semi)common issue and was keen to hear others suggestions or if not maybe a pointer in how to best solve the issue of Qubes consuming services which require cross-subnet or multicast support. I'd imagine this could also be a problem with other similar services (video, voice). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d13245ad-a55c-3ce5-8c9d-75da72c37f64%40gmsl.co.uk. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Synaptic touchpad not working through usbVM
Hi all, My touchpad doesn't work now that I've started using a usbVM. If I attach a USB mouse I get a prompt asking me if I wish to allow it. For the touchpad no prompt and it doesn't work even if I set the RPC policy for InputMouse to allow. Thoughts? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c568c8ac-c8f6-8fda-be1c-847907c9574a%40gmsl.co.uk. For more options, visit https://groups.google.com/d/optout.
[qubes-users] VMs die when screen is locked for too long
I've noticed this problem a few times now: If the screen is locked for too long (this problem doesn't seem to occur if I unlock the screen a short time after the screen locking) when I unlock the screen the VMs that were running are now in a yellow state. There is an error message about error reclaiming memory or something like that. The memory in use for the VMs still seems to be there and the CPU is on 0%. Does this sound like some known open issue? I'll grab more details the next time it happens. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/08a8f325-486a-cb5b-fe55-72ba1417b80e%40gmsl.co.uk. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes Security Bulletin #27
Will qubes-dom0-update work for Qubes users not using the testing repositories? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b6e7a8d9-f40f-46ac-7d34-d274574c1eca%40gmsl.co.uk. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cryptsetup Vulnerability affects QubesOS?
On 2016-11-19 11:54, Andrew David Wong wrote: On 2016-11-16 13:31, Fred wrote: A good time to ask if Qubes encrypts /boot in it's LUKS setup. I've not checked myself. By default, Qubes does not encrypt /boot. Traditionally, that's because doing so would render the system unbootable. However, that's no longer true with newer versions of GRUB, which are now capable of booting from encrypted block devices. So, it's worth considering for Qubes. Tracking: https://github.com/QubesOS/qubes-issues/issues/2442 Yup. I know these days GRUB supports LUKS and things like mdadm, LVM etc so the days are hopefully gone since people need to worry about the position of /boot on disk or which esoterica are required to boot (and any intitrd issues). I guess the bigger question is if it actually provides any real added protection? Someone can still re-install GRUB by booting from other media and reinstalling GRUB. If the authenticity of /boot can also be verified then maybe it does? But once physical access is gained the game is over I guess? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a4d7d1ec901a8457f54936b2e27685b7%40email.gmsl.co.uk. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Can't update dom0?
On 16/11/2016 20:10, Loren Rogers wrote: > Clicking the "Update VM System" button with dom0 selected seems like it > starts, but it doesn't really go anywhere. I recall reading something about this issue in the Qubes Wiki. IIRC, they suggested to run the command manually from the command line; qubes-dom0-update -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d48df016-e2f5-1b63-636c-93e33ec5065b%40gmsl.co.uk. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cryptsetup Vulnerability affects QubesOS?
On 16/11/2016 19:10, berthold_...@web.de wrote: > Does this affect QubesOS? > > https://threatpost.com/cryptsetup-vulnerability-grants-root-shell-access-on-some-linux-systems/121963/ > Looks like a fairly low priority to me. You can get initramfs shell in a Busybox and have access to /boot (on some systems) and see the encrypted drives. Some articles seemed to imply that you'd have access to the decrypted data (which isn't possible!). A good time to ask if Qubes encrypts /boot in it's LUKS setup. I've not checked myself. You'd get the same effect if you boot via GRUB to an initrd shell. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/72fa3b43-d246-c136-76b7-bbf214dd39cb%40gmsl.co.uk. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Using distribution kernel in Template VM
On 16/11/2016 00:31, Marek Marczykowski-Górecki wrote: >> Is there any way to debug this further? Have any steps been >> missed? > > Check if u2mfn module was built automatically. Simply login on the > template console and check `modinfo u2mfn`. If it's not there, build > it using `dkms autoinstall` command (see its manual page for exact > parameters). Hi Marek, Thanks for your reply. I got this fixed in the end by going back to the Qubes web link and double-checking everything. I saw the dkms autoinstall comment there and so I tried it and it worked. The strange thing is, I saw u2mfn in lsmod output so didn't think this step was necessary. So was this just the wrong version or something? So booting a fedora kernel is now working but I'm unable to do what I was trying to achieve with all of this in the first place which is get my wifi card working in sys-net. I can now boot using a vanilla upstream Fedora kernel in sys-net and associated kernel-devel. I built a wifi driver using akmods for my broadcom device in the template fedora vm. I assigned my wifi pci device over to sys-net and although I can see the pci device in lspci in sys-net and the wl module is loaded, no cigar. As a proof of process/concept I followed the same steps without Qubes/Xen by getting a fedora-23 ISO and installing it to USB. Booted that, built driver, modprobed it and bingo. So for some reason this isn't working when done through Qubes/Xen. But I'm not sure what could be preventing it and what to look at next. Some kind of PCI issue perhaps? In the meantime I've just assigned an entire USB controller over to sys-net and am using a USB wireless which works just fine but isn't ideal from some other perspectives. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/95356e9b-060f-ff1e-1b27-a4c0db7179f4%40gmsl.co.uk. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] DispVM
Thanks! I'll stop trying to get DispVMs working for now then. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a96af410-7d0a-0785-e2a1-9ba1df9dd267%40gmsl.co.uk. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] DispVM
On 14/11/2016 21:32, Unman wrote: > Is there anything in /var/log/libvirt/libxl logs? The following; 2016-11-14 20:38:15 GMT libxl: error: libxl_pci.c:1041:libxl__device_pci_reset: The kernel doesn't support reset from sysfs for PCI device :01:00.1 2016-11-14 20:40:12 GMT xc: error: X86_PV_VCPU_MSRS record truncated: length 8, min 9: Internal error 2016-11-14 20:40:12 GMT xc: error: Restore failed (0 = Success): Internal error 2016-11-14 20:40:12 GMT libxl: error: libxl_stream_read.c:749:libxl__xc_domain_restore_done: restoring domain: Success 2016-11-14 20:40:12 GMT libxl: error: libxl_create.c:1145:domcreate_rebuild_done: cannot (re-)build domain: -3 2016-11-14 20:42:58 GMT xc: error: X86_PV_VCPU_MSRS record truncated: length 8, min 9: Internal error 2016-11-14 20:42:58 GMT xc: error: Restore failed (0 = Success): Internal error 2016-11-14 20:42:58 GMT libxl: error: libxl_stream_read.c:749:libxl__xc_domain_restore_done: restoring domain: Success 2016-11-14 20:42:58 GMT libxl: error: libxl_create.c:1145:domcreate_rebuild_done: cannot (re-)build domain: -3 2016-11-14 20:43:18 GMT xc: error: X86_PV_VCPU_MSRS record truncated: length 8, min 9: Internal error 2016-11-14 20:43:18 GMT xc: error: Restore failed (0 = Success): Internal error 2016-11-14 20:43:18 GMT libxl: error: libxl_stream_read.c:749:libxl__xc_domain_restore_done: restoring domain: Success 2016-11-14 20:43:18 GMT libxl: error: libxl_create.c:1145:domcreate_rebuild_done: cannot (re-)build domain: -3 2016-11-14 20:46:41 GMT xc: error: X86_PV_VCPU_MSRS record truncated: length 8, min 9: Internal error 2016-11-14 20:46:41 GMT xc: error: Restore failed (0 = Success): Internal error 2016-11-14 20:46:41 GMT libxl: error: libxl_stream_read.c:749:libxl__xc_domain_restore_done: restoring domain: Success 2016-11-14 20:46:41 GMT libxl: error: libxl_create.c:1145:domcreate_rebuild_done: cannot (re-)build domain: -3 2016-11-14 20:56:02 GMT xc: error: X86_PV_VCPU_MSRS record truncated: length 8, min 9: Internal error 2016-11-14 20:56:02 GMT xc: error: Restore failed (0 = Success): Internal error 2016-11-14 20:56:02 GMT libxl: error: libxl_stream_read.c:749:libxl__xc_domain_restore_done: restoring domain: Success 2016-11-14 20:56:02 GMT libxl: error: libxl_create.c:1145:domcreate_rebuild_done: cannot (re-)build domain: -3 2016-11-14 20:56:12 GMT xc: error: X86_PV_VCPU_MSRS record truncated: length 8, min 9: Internal error 2016-11-14 20:56:12 GMT xc: error: Restore failed (0 = Success): Internal error 2016-11-14 20:56:12 GMT libxl: error: libxl_stream_read.c:749:libxl__xc_domain_restore_done: restoring domain: Success 2016-11-14 20:56:12 GMT libxl: error: libxl_create.c:1145:domcreate_rebuild_done: cannot (re-)build domain: -3 2016-11-14 21:03:34 GMT xc: error: X86_PV_VCPU_MSRS record truncated: length 8, min 9: Internal error 2016-11-14 21:03:34 GMT xc: error: Restore failed (0 = Success): Internal error 2016-11-14 21:03:34 GMT libxl: error: libxl_stream_read.c:749:libxl__xc_domain_restore_done: restoring domain: Success 2016-11-14 21:03:34 GMT libxl: error: libxl_create.c:1145:domcreate_rebuild_done: cannot (re-)build domain: -3 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2d62348c-f65e-c424-59dc-94a29dc56355%40gmsl.co.uk. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] DispVM
On 14/11/2016 17:56, Unman wrote: > I'm not aware of any particular issues, although there have been some > reports of issues with customisation. Here is what I get after removing and recreating. No errors and the save file says it was created OK. I found an xterm command to run in dom0 to try and debug and I got the following; time=1479157412.67, qfile-daemon-dvm init time=1479157412.67, creating DispVM time=1479157412.82, collection loaded time=1479157412.91, VM created time=1479157412.97, VM starting time=1479157412.97, creating config file time=1479157413.32, calling restore Traceback (most recent call last): File "/usr/lib/qubes/qfile-daemon-dvm", line 200, in main() File "/usr/lib/qubes/qfile-daemon-dvm", line 188, in main dispvm = qfile.get_dvm() File "/usr/lib/qubes/qfile-daemon-dvm", line 150, in get_dvm return self.do_get_dvm() File "/usr/lib/qubes/qfile-daemon-dvm", line 103, in do_get_dvm dispvm.start() File "/usr/lib64/python2.7/site-packages/qubes/modules/01QubesDisposableVm.py", line 193, in start domain_config, libvirt.VIR_DOMAIN_SAVE_PAUSED) File "/usr/lib64/python2.7/site-packages/libvirt.py", line 4405, in restoreFlags if ret == -1: raise libvirtError ('virDomainRestoreFlags() failed', conn=self) libvirt.libvirtError: internal error: libxenlight failed to restore domain 'disp7' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/35732788-20b6-5f26-a21b-851740669fdb%40gmsl.co.uk. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Please help, can't get into Qubes
On 14/11/2016 13:46, Unman wrote: > For future reference, I think the sys-net started because there were > OTHER qubes downstream set to autostart, e.g sys-firewall. If they are > still starting they will trigger the sys-net. So you need to either set > the netvm to none for them or stop them starting. That makes more sense. Thanks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e37e6bef-f7c3-0fa0-de1c-f5719c7b1713%40gmsl.co.uk. For more options, visit https://groups.google.com/d/optout.
[qubes-users] DispVM
Are there any known issues with the DispVM in Qubes 3.2 that I should be aware of? I cannot get it to work. I have also tried recreating it two ways based on the default template *and* choosing a different non-default one. i.e qvm-create-default-dvm fedora-23 and qvm-create-default-dvm --default-template both work and seem to create the vms. Trying to use it however gives no error and the vm does not start in Qubes Manager. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/755d71cb-e944-1f89-3ba0-daa0baa755d5%40gmsl.co.uk. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Please help, can't get into Qubes
On 12/11/2016 08:27, Alex wrote: > Try editing /var/lib/qubes/qubes.xml and set "autostart" to False > instead of True for the sys-net vm I had actually found this file and tried setting the autostart attribute but the VM still auto-started. I also tried editing the sys-net XML file directly (removing the bad assigned device(s)). There was a warning in the comments at the top about this file about changes potentially being overwitten but I couldn't find the correct file to make these changes manually. This file also existed in more than one place and the qvm-* commands didn't work as they couldn't connect. In any case I just reinstalled as it was quicker. The offline mode of the qvm-* commands may have worked (referred to in the link in Marek's response). Or maybe disabling the sysVM service via systemctl ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/691de818-3233-eb3c-d82d-11f2b447b91e%40gmsl.co.uk. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Please help, can't get into Qubes
I made a change to the PCI devices for the sys-net VM and now Qubes hangs on boot when starting this vm. I've tried using the installation image to get to system rescue via the troubleshooting link in the installer. I can get into my system this way but I'm unsure what to change as removing the pci device from the sys-net XML file doesn't seem to make this change persist -- something keeps generating a new one with the bad PCI device XML node. How can I disable sys-net from starting when connected via a rescue shell? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8460e4b6-0d13-d18c-37e5-ac5d272b5b26%40gmsl.co.uk. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Using distribution kernel in Template VM
I followed the instructions here https://www.qubes-os.org/doc/managing-vm-kernel/ for using the VM kernel. So in short: in dom0: sudo qubes-dom0-update grub2-xen in fedora-23 template vm: sudo yum install qubes-kernel-vm-support grub2-tools in fedora-23 template vm: installed a distro kernel and matching kernel-devel from fedora repo. in fedora-23 template vm: sudo grub2-mkconfig -o /boot/grub2/grub.cfg to create grub config. I can then set pvgrub2 as kernel for fedora-23 template and start it. fedora-23 boots without error, booting the VM kernel. Troubleshooting with sudo xl console fedora-23 shows no obvious problems and it finishes the boot sequence with a login prompt. The virt manager in dom0 shows for its status an amber dot. It momentarily goes green, but then changes back to amber. Is there any way to debug this further? Have any steps been missed? I'm just trying to use the pvgrub2 route as an easier way to get my broadcom wifi card working (have installed akmod-wl in template vm and that part seemed to work OK). I feel I'm close, but no cigar! :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e61e3afa56ed3227134b3bfd60e28a09%40email.gmsl.co.uk. For more options, visit https://groups.google.com/d/optout.