[qubes-users] Re: HCL - LENOVO Thinkpad P1

2019-02-24 Thread Eric Duncan
On Thursday, February 21, 2019 at 7:20:58 PM UTC-5, vadimkly...@gmail.com wrote:
> 
> Eric, any chance you could try updating the Bios to the recently released 
> version 1.18 which I think should fix the graphics issues allow you to use 
> the intel chip and try again with the latest version of Qubes 4.1 and report 
> back? I literally have a Thinkpad P1 XEON w/32GB ECC and 2x2TB and the 
> upgraded UHD display config that is pending for shipment and if the problems 
> have not been resolved I would really like to know now like you I got this 
> just for Qubes and if I cancel now can avoid $650 in restocking fees.

Hello:

Unfortunately I am traveling and am not able to test Qubes on this machine any 
time soon - at least well past their cancellation time-frame.

In short, all of Lenovo's recent machines for most of 2018 and 2019 all have 
the Sleep issue - that lenovo purposely got rid of the industry-wide S3 sleep 
mode in favor of Windows' new "Si03" crap that does nothing for us Linux people.

All, except the Lenovo Thinkpad X1 Carbon 6th Gen - enough Linux gurus 
complained that Lenovo actually released a BIOS specifically for that machine 
that re-enabled S3.  

I've logged a support ticket with Lenovo, and they said they aren't going to do 
it anytime soon.  Please open a ticket, and complain as well.

As far as the "graphics" issue, I was running 1.17 BIOS at the time.  1.18 
doesn't change anything for graphics, except an "edge case" that could brick 
the laptop.  1.18's main fix is the Sound Card - if you were to disable the 
Sound Card in 1.17 or earlier, you would brick you P1.  1.18 fixed that.

I have 1.18 now, and it doesn't make a difference with any other Linux distro.  
So I don't think it would matter with Qubes, sorry.

Regarding the kernel, Qubes 4.1 is only using 4.14.  As you can see in my tests 
above, I tried Qubes with the latest 4.19 kernel.  It's a no go, sorry, so 4.1 
won't make any difference with it's old(er) 4.14 kernel.

With all that said...  There is hope.  It's a painful process to get there, but 
you can get a pretty decent system going with the P1 and Qubes (with enough 
compromises).

Follow the instructions I posted in the OP of this thread to get Qubes 
installed: https://groups.google.com/d/msg/qubes-users/z51dkaEOiqc/wNhQ_86NGQAJ

You can get Nvidia drivers installed in dom0, and that should really help out 
things.  However, I don't think you'll have brightness control nor the ability 
to switch to Intel only iGPU (aka bbswitch) by using Xen.

As for Arch Linux, I installed Arch but it was a PITA to get anywhere near 
usable - kind of like Qubes.  

Just before returning the laptop under the principal that Lenovo has killed 
Linux-abilities, I decided to try Pop!_OS by System76, which is Ubuntu with a 
skinjob + nvidia drivers built in.  BINGO!  Never in my life have I ever, not 
even once, found a distro that worked 100% out of the box.  We're talking 
brightness control, iGPU Intel-only switching, and most of all - SUSPEND is 
working!  How they got Suspend working, when no one else has posted the ACPI 
tables for the P1 to hack around the sleep mode yet, I am at a loss.  I really 
hated going back to Ubuntu - but things are just too damn silky smooth with 
Pop!_OS.  It's been a 100% dream, and the way Linux (Gnome) should be 
experienced for everyone.  I'm getting 7-9 hours battery life every day out of 
the laptop with Intel only graphics.  I've since installed Pop!_OS on my wife's 
iMac 2015, on my daughter's XPS laptop and on my monster gaming desktop (that 
can't normally run Linux!).  Whatever they did to Pop is what Ubuntu and Gnome 
should pay them to submit back upstream.

Currently I try to follow basic Qubes principals with Pop, such as installing 
nothing - I use Snap and AppImage for everything (even created a few that 
didn't exist).  I also use Docker for development of everything.  So basically 
my OS is barebones with just Pop!_OS. 

Anyhow... For now, I have a functional laptop while traveling and working.  
This fall I'll have more time to try again with Qubes.  Or at least Xen-only (I 
run pure Xen on a few servers myself, isolating things like Qubes does).

Ps, I've also installed some NH1 thermal paste on the CPU and GPU heatsinks as 
the fans were getting annoying - doing nothing but just browsing the web.  If 
on Nvidia graphics, wow they were almost always spinning.  Installing the NH1 
grease dropped temps down by about 20C and the fans hardly ever kick on with 
Nvidia graphics - Intel graphics, I don't think I've ever heard them since with 
normal usage.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 

[qubes-users] HCL - LENOVO Thinkpad P1

2019-01-16 Thread Eric Duncan
Difficult to setup due to the "I219-LM" Network controller needing 
permissive=true and no-strict-reset=true and unable to install latest nvidia 
cuda drivers. Kernel-latest and/or Xen 4.8 does not support the Intel UHD GPU 
even when disabling nouveau - must use Nvidia only for now.

Sleep not working with BIOS 1.17 (known issue of all the latest Lenovo Thinkpad 
models since they removed S1 and S3 from BIOS). Log a support ticket with 
Lenovo.

Tested with 4.0.1 RTM and kernel-latest (4.19).

See this post for more debugging information: 
https://groups.google.com/d/msg/qubes-users/z51dkaEOiqc/wNhQ_86NGQAJ

Tip: don't set nomodeset for the Hybrid graphics with blacklisting nouveau - 
won't work completely. And setting nouveau.modeset=0 nouveau.blacklist=yes or 
modprobe.blacklist=nouveau will only get you 0.33 Frames Per Second refresh 
pain which makes the system unusable.  Force it to discrete graphics (nvidia) 
and leave the nouveau for now.

Lots of screen flickering with nouveau, and lots of battery drain.

This model has 32 GB of ECC ram with the Xeon and p2000, used by the 4K screen.



VM sys-usb exists
Qubes release 4.0 (R4.0)

Brand:  LENOVO
Model:  20MDCTO1WW
BIOS:   N2EET35W (1.17 )

Xen:4.8.4
Kernel: 4.19.12-3

RAM:32385 Mb

CPU:
  Intel(R) Xeon(R) E-2176M  CPU @ 2.70GHz
Chipset:
  Intel Corporation Device [8086:3ec4] (rev 07)
VGA:
  NVIDIA Corporation Device [10de:1cba] (rev a1) (prog-if 00 [VGA controller])

Net:
  Intel Corporation Device a370 (rev 10)
  Intel Corporation Ethernet Connection (7) I219-LM (rev 10)

SCSI:

HVM:Active
I/O MMU:Active
HAP/SLAT:   Yes
TPM:Device not found
Remapping:  yes

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/019643de-e1f5-4c22-9eeb-de505c3ac15f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-LENOVO-20MDCTO1WW-20190113-140540.yml
Description: Binary data


[qubes-users] HCL - LENOVO Thinkpad X1 Tablet 3rd Gen

2019-01-16 Thread Eric Duncan
sys-usb option is disabled during install due to keyboard being USB.  Suspend 
not working due to known Lenovo BIOS issues (they removed S1 and S3).

Very simple install overall.  Touchscreen/pen input acts as normal mouse like 
most other touchscreens.  

Sleep issue is a known issue of all the latest Lenovo Thinkpad models since 
they removed S1 and S3 from BIOS).  You might be able to look at the ACPI 
tables the Thinkpad Carbon G6 owners are doing and manually edit them on this 
device to get working. Log a support ticket with Lenovo, because they fixed the 
Thinkpad Carbon G6 BIOS due to popular demand.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/15397718-7883-4ade-9adc-5702f76c1f7e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-LENOVO-20KJCTO1WW-20190107-152837.yml
Description: Binary data


[qubes-users] HCL - LENOVO Thinkpad X1 Yoga 3rd Gen

2019-01-16 Thread Eric Duncan
Simple install. Most things working except Suspend and "Yoga Mode" not 
disabling the trackpad nor flipping the monitor.  Sleep not working with BIOS 
1.17

Sleep issue is a known issue of all the latest Lenovo Thinkpad models since 
they removed S1 and S3 from BIOS).  There are some ACPI hacks for this model 
posted online to get it working. Log a support ticket with Lenovo, because they 
fixed the Thinkpad Carbon G6 BIOS due to popular demand.

For the beautiful HiDPI screen, I built a custom version of Xrandr in a DVM 
from master that has the "nearest" filter commit (they haven't released the 
latest Xrandr in a while).  Using the nearest filter allows for a much sharper 
scaling than the default xrandr.  However, it still had a bit of fuzziness for 
me.  I then just switched the resolution to 1368x720 which gave the clearest 
results (still just a tad fuzzy, but also lost of resolution!).  I could not 
get xrandr working for any VMs though with the virtual display.

i3wm is a dream come true on this device. Once installing i3wm, the DPI 
settings were picked up (maybe my previous hacking, maybe it actually detected 
it) and things were scaled 100% pixel perfect!  Some VMs still have GUI apps 
that are wrong though for DPI.  But close enough.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/683a290b-a5d9-474d-b304-06bdcabd4f41%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-LENOVO-20LD0017US-20190107-232107.yml
Description: Binary data


Re: [qubes-users] Install errors on Thinkpad P1 (aka X1 Extreme) with R4.0 and R4.0.1-rc2

2019-01-13 Thread Eric Duncan
On Sunday, January 13, 2019 at 10:51:14 AM UTC-5, awokd wrote:
> Weird, not sure how it can detect that 14.3 device with it supposedly 
> disabled. Check sys-net's Qube Setting/Devices and remove 14.3 from the 
> right if it's there. Leave 1f.6/Ethernet enabled and assigned if it's 
> not causing problems, then try to start sys-net.

It was a combination of me enabling/disabling multiple things.

I got it going - though I've exhausted all the time I had to spend on Qubes on 
this laptop...  I'm going to make a HCL with the information as well to help 
the next person, or when I get more time this summer to spend days/weeks with 
it again.

>From a fresh install...

* Make sure you have BIOS 1.17 or later for the Thinkpad P1.  Anything earlier 
than that WILL BRICK your laptop with these instructions.
* BIOS: switch to Discrete Graphics (nvidia only for now).
* BIOS: Under Security -> I/O Port Access, disable "Ethernet LAN". This is the 
"I219-LM" onboard ethernet controller that causes the 00:1f.6 PCI error 
mentioned above, about how the sys-* VMs won't start because it can't reset it.

Now, boot the media and install Qubes 4.0.1 normally.  I wipe the entire disk 
and all Windows partitions personally, never a dual boot so I can't help with 
that.

After the first install phase, it will reboot into the Post Install phase 
screen (where it asks you which VMs you want to configure).  Go ahead and 
select what you want.

However, the Post Install steps will fail at the end with the original error 
stated in the OP, or something close to it (perhaps 00:14.3 as well).  Just 
ignore this for now.  Press OK to "Finish Installation." 

Note: Do not step away from the laptop at this time.  If you do, and the 10 
minute timeout occurs after the post install/error message displays, the 
screensaver will kickin - and you won't get back.  It was a number of ACPI 
errors in the logs.  Power-off (hold power for 4 seconds) and start the Post 
Install phase again.

You will get prompted to login.  Go ahead and login.  Or reboot for good 
measure.  

You will notice none of the sys-firewall, sys-usb, nor sys-net are running.  
The sys-net may start now, manually, but the others will continue to error.  To 
confirm the error, open a Terminal in dom0 and run:

$ sudo systemctl status qubes-vm@sys-net.service

It should the errors I listed above, such as "PCI device dom0:00_14.3 does not 
exist" and when you run an "lspci" you don't see it either.  There's nothing to 
do on this error.  We're going to re-enable the Ethernet controller now.  The 
14.3 device is the Wireless card btw, but don't worry about this error - it 
will resolve itself when you fix the next error below.

Reboot into BIOS and re-Enable the "Ethernet LAN" you disabled earlier above.  
F10, Save and reboot back into Qubes.  If you press ESC after the disk 
encryption key, you'll see that sys-net nor sys-firewall starts (and maybe 
sys-usb may fail as well).  That's fine, we're going to fix that now.

Now that you have the I219-LM ethernet controller re-enabled, if you run the 
systemctl status command again you'll see a different error - the one I 
originally posted in the OP above, "Unable to reset PCI device :00:1f:6".

To fix this one error, that also happens to resolve the 0:14.3 not found error, 
you need to detach the "1f:6" device from sys-net, and reattach it with special 
permissions:

$ qvm-pci detach sys-net dom0:00_1f.6
$ qvm-pci attach --persistent --option permissive=true \
--option no-strict-reset=true sys-net dom0:00_1f.6

After this, you can qvm-start sys-net and then sys-firewall.  You may want to 
reboot just for good measure.

I think I also detached the reattached the 00:14.3 during my debugging.  But I 
currently see I don't have the permissive nor no-strict-reset flags set on my 
14.3 device - so that's not needed to get sys-net to start.

The reason sys-firewall give the same error on "Unable to reset PCI device 
:00:1f:6" when trying to start them is, I can only guess, sys-firewall is 
dependent on sys-net running - and if sys-net fails to start with the error, 
that error message propagates up to the originally started vm, sys-firewall - 
showing the same error.  Makes sense, as when the error message changes, they 
both had the same error under systemctl logging (and journalctl).

I then spent several days trying to get Nvidia drivers loaded to no avail.  
Also, trying to get just the Intel card working (hybrid graphics) but I've hit 
a brick wall there - Xen just freezes on the initial splash screen of the 4 
lines showing what kernel is loading.  The system hard locks up there, with no 
logs.  I highly prefer the Intel drivers for battery life.

At this point, I'm just throwing Arch Linux on it and will come back and 
revisit it when I have time.  It's too bad... I purposely bought this laptop 
specifically for Qubes.  

-- 
You received this message because you are subscribed to the Google Groups 

Re: [qubes-users] Install errors on Thinkpad P1 (aka X1 Extreme) with R4.0 and R4.0.1-rc2

2019-01-12 Thread Eric Duncan
For the record, I am now using 4.0.1 since it released (same problems).

On Monday, January 7, 2019 at 12:49:52 AM UTC-5, awokd wrote:
>
> Try temporarily disabling your wifi card for the install.
>

Good idea!  I disabled it, along with just about every device I could find.  It 
generated a different GUI error during the Post installation qubes 
configuration screen, with everything disabled and disconnected:

['/usr/bin/qvm-start', 'sys-firewall'] failed:
stdout: ""
stderr: "PCI device dom0:00_14.3 does not exist"

Once logged in, I see that Fedora in dom0 isn't detecting the 4K resolution 
like it has on my Thinkpad Yoga 3rd gen and Thinkpad Tablet 3rd gen devices - 
everything is tiny text.

Running lspci shows me that 00_14.3 is described as the network controller (it 
has an onboard network card, along with the wifi card).  Given, the PCIe device 
IDs could change since I have been disabling/enabling various devices at this 
point.  But the error would seem to point to the onboard network card, even 
though it is Disabled in the bios.

Now, I've noticed that none of the VMs startup (sys-firewall, sys-net, sys-usb).

$ sudo systemctl status qubes-vm@sys-net.service

This shows the exact same error message as above.  Going into the bios and 
re-enabling everything, generates the original error in the first message in 
this thread.

00:1f.6 points to "Ethernet controller"
00:14.3 points to "Network controller"

Going back into the bios and disabling "Wireless" and "Ethernet" devices (under 
Security), sys-usb is now able to start.  However, sys-net and sys-firewall 
gives the exact same "00:14.3 does not exist" error on starting any VM.

However, now it does not show under lspci with everything disable.  Nor does 
14.3 show up under any Qubes settings as attached to either sys-net or 
sys-firewall.

I did another full install with everything disabled, and the same error of 14.3 
does not exist keeps showing up, preventing sys-net and sys-firewall from 
starting.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bd18842b-bf03-4133-ab62-b6ee6e149a71%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Install errors on Thinkpad P1 (aka X1 Extreme) with R4.0 and R4.0.1-rc2

2019-01-12 Thread Eric Duncan
See inlines.

On Friday, January 4, 2019 at 5:16:16 PM UTC-5, Achim Patzner wrote:
> 
> The good old I219-LM problem...  Before assigning (or after 8-) it to
> sys-net (I do not really see any reason it should be assigned to sys-
> firewall... are you sure?) it needs to get set to no-strict-reset=true
> and permissive=true; take a look at qubes-os.org.

I think you mis-understand.  I am not assigning/attaching anything.  This is 
doing installation only that generates the error.

> Use the dGPU or take care of turning off the nouveau driver completely
> (nouveau.modesetting=0).
> 
> Why don't you use the nVidia GPU instead? It is definitely faster than
> the iGPU anyway, booting faster, using (at least on my machine) less
> energy and you do not meed to modify the kernel command line. And on
> kernel-latest my system is working with all cores.
> 

That is not ideal.  The main reasons to disable the dGPU is for battery life.

Under Arch, I can do this (not efficiently have you) with bbswitch.  However, I 
am not making it that far with Qubes as I cannot boot into the system after 
installation.


> > WARNING (to anyone else installing on a P1/X1 Extreme/P52, etc): To 
> > install, you must switch to discrete graphics in BIOS (no hybrid).  But, DO 
> > NOT DO THIS unless you have BIOS 1.17 or later or you will BRICK YOUR 
> > THINKPAD!
> 
> That didn't break mine. Turning on Thunderbolt BIOS support and turning
> off secure boot did that for me. Switching to dGPU is only causing
> problems if you do not wait on the next reboot for the system to
> reinitialize the device tree in ME (and thus starting with empty ACPI
> tables) by resetting it at just the right time during the 30 seconds
> this would take.
> 

First of all, what laptop do you have?  "That didn't break mine" indicates you 
also have a P1?  Please share your experience installing Qubes to a fully 
functional state (including suspend - not even us Arch guys have figured out 
suspend yet with the ACPI tables on the P1).

It is an extremely well known bricking problem with all modern (early to late 
2018) Lenovo Thinkpad models: 

https://www.reddit.com/r/thinkpad/comments/a2g0k4/warning_do_not_change_from_hybrid_graphics_to/

(and dozens of threads on the Lenovo forums)

If you have an early 2018 Thinkpad, you're pretty much ok.  My warning applies 
to all current models.

It got so bad Lenovo actually pulled the last 2 or 3 BIOS from just about every 
Thinkpad and Yoga series from the downloads site.  The 1.15 my P1 came with is 
long gone, as well as the 1.13 version that was there.  

Only 1.10 and 1.17 are available now - and 1.17 I can confirm does not brick it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6dfd1f09-1434-4639-9afc-15959fc8eeb5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Install errors on Thinkpad P1 (aka X1 Extreme) for R4.0 and R4.0.1-rc2

2019-01-06 Thread Eric Duncan
Trying to install Qubes R4.0 and R4.0.1-rc2 and receiving the same install 
error each time.

https://imgur.com/a/haBeVee

/usr/bin/qvm-start sys-firewall failed
stdout: ""
stderr: "Start failed: internal error: Unable to reset PCI device 
:00:1f:6: 
no FLR, PM reset or bus reset available

Clicking OK gives the same error on sys-net and whonix qubes as well, all 
failing to start.  And then, I can get to the login screen.

Both the 4.0 and 4.0.1-rc2 ISOs (checksum confirmed) had the same errors.

Note: I also had the same error (maybe a different address) on a Thinkpad X1 
Tablet 3rd Gen with 4.0.1-rc2.  However, after using different USB sticks and 
switching to 4.0 stable in an effort to debug, the error went away and i've 
been able to install 4.0 several times on the X1 Tablet oddly enough.

/TL;DR

NOTE: you have to disable hybrid in BIOS and switch to discrete graphics to 
install, as well as disable secure boot.  AND, you have to have BIOS 1.17+ 
before selecting discrete graphics or you will BRICK YOUR THINKPAD with a known 
BIOS bug Lenovo has with the X1 Extreme and P1 systems!!!

Latest 1.17 BIOS. BIOS VT-d and Virtualization are both enabled.

Normal Anaconda install works, partitions disks and reboots with encrypted 
drive.

After reboot and select which Qubes to setup (whonix, sys-usb, etc), the 
process continues normally.  But after a while, I suspect after the domUs are 
finished being installed, the installer attempts to start sys-firewall, 
sys-net, etc before continuing to the login screen for the first time.

It is at this attempt to start the VMs that the system fails with an error 
above.

I can click ok, and 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b7d4eecc-6dee-4b60-bfb8-78f00236e4e2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: R4.0 and R4.0-rc2 Instructions for USB Keyboard w/Sys-USB fails

2019-01-04 Thread Eric Duncan
> The guide also shows how to hide all USB controlles from Dom0. This is now 
> default, so you need to unhide them.

Do you think I need to pass an entire controller?  Could I start of focus on 
what IDs the USB keyboard is using and just pass that?  I'm new to USB pass 
through processes, so these are my first attempts.

Whichever is the case, I'll update the guide as well with a PR to add this 
step.  

The guide is also a bit annoying as for other a year I always thought it was 
only for USB block devices - until I recently scrolled all the way down - and 
now see the info about other USB devices.  I'll add an Introduction as well to 
help clarify things and what all that guide covers.


On Friday, January 4, 2019 at 12:54:56 PM UTC-5, Lorenzo Lamas wrote:
> On Friday, January 4, 2019 at 6:29:37 PM UTC+1, Eric Duncan wrote:
> > 
> > The odd part is... I can press ESC and get to the text output of LUKS 
> > asking for password.  So something is kind of working?
> 
> Indeed strange though that ESC is still working.

It's a race condition when Xen is attaching USB controllers?  If I act quickly, 
I can get a few characters typed until the keyboard goes dead.  Which begs the 
question, why does Xen allow me to even type a few chars before the usb is 
redirected?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/82cfa581-92c5-4699-9a9e-b788d8e45c5d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: R4.0 and R4.0-rc2 Instructions for USB Keyboard w/Sys-USB fails

2019-01-04 Thread eric . duncan
On Friday, January 4, 2019 at 9:54:56 AM UTC-8, Lorenzo Lamas wrote:
> The guide also shows how to hide all USB controlles from Dom0. This is now 
> default, so you need to unhide them.

Do you think I need to passthrough an entire controller?  Or should I try to 
narrow down just the one keyboard USB device?

Whichever it is, I'll push a PR to update the docs - as the doc seems to 
indicate that running the one command is all you need to do (I also have a 
problem with the doc having no introduction paragraph, as when you first read 
it you think it's all about USB block devices only - until you scroll way way 
down).


On Friday, January 4, 2019 at 9:54:56 AM UTC-8, Lorenzo Lamas wrote:
> > The odd part is... I can press ESC and get to the text output of LUKS 
> > asking for password.  So something is kind of working?
> 
> Indeed strange though that ESC is still working.

Yeah, I think it's a race condition.  If i act quickly, I can get a few 
characters typed before the keyboard stops working.  But a few characters of a 
30+ long passphrase... I'm not that fast of a typer.  :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3d5e0363-bbfd-4b03-b082-418496de2eb0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] R4.0 and R4.0-rc2 Instructions for USB Keyboard w/Sys-USB fails

2019-01-04 Thread Eric Duncan
Following this guide to enable a sys-usb qubes, but with a USB keyboard fails:

https://www.qubes-os.org/doc/usb/#how-to-use-a-usb-keyboard

Tried on two ISOs: R4.0 (bare ISO install, no updates) and R4.0-rc2 (up to 
date).

Tried on two systems: Thinkpad X1 Tablet 3rd Gen and Apple Macbook Pro mid-2014.

Both systems reboot to a keyboard that does not work to enter LUKS password, 
and therefore losing all access to the system.

I'm guessing I need to configure the keyboard for USB pass through?  As a step 
missing perhaps?

The command executes properly:

sudo qubesctl state.sls qvm.usb-keyboard

And after a reboot, the system doesn't allow USB keyboard.

The odd part is... I can press ESC and get to the text output of LUKS asking 
for password.  So something is kind of working?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/adbb8ff4-d1a0-47d8-aa15-cce0dfbce7f0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Install errors on Thinkpad P1 (aka X1 Extreme) with R4.0 and R4.0.1-rc2

2019-01-04 Thread Eric Duncan
Latest 1.17 BIOS, VT-d and Virtualization enabled in BIOS. Various thunderbolt 
assists disable/enable, etc options tried on/off.  Must use discrete graphics 
during install, which is an Nvidia Quatro P2000 (similar to the GTX 1050qm 
generation).

Anaconda installer gets past the initial setup, partitions the drive, etc and 
reboots.  After first reboot, when selecting which qubes to configure, the 
system starts to configure all the Qubes.

It is upon completion of this step, just before the system switches to the 
login screen, that the error message pops up:

/usr/bin/qvm-start sys-firewall failed
stdout: ""
stderr: "Start failed: internal error: Unable to reset PCI device 
:00:1f:6:
no FLR, PM reset or bus reset available, see 
/var/log/libvirt/libxl/libxl-driver.log for details.
"

Click OK switches a black screen, and the system become unresponsive.  Only a 
hard reset gets it to reboot, at which it boots up to the LUKS password, I 
enter it, and the system boots to a black screen again - unresponsive.

I've tried flipping various options in BIOS to no avail.

I suspect it's the Nvidia graphics.  However, I can't get the installer to boot 
past Xen with Hybrid graphics - Xen pauses for 5 minutes or something, and goes 
black.

NOTE: I got the same error on a Thinkpad X1 Tablet 3rd Gen using R4.0.1-rc2.  
However, switching to R4.0 RTM did not get the error and the system installed 
normally.

WARNING (to anyone else installing on a P1/X1 Extreme/P52, etc): To install, 
you must switch to discrete graphics in BIOS (no hybrid).  But, DO NOT DO THIS 
unless you have BIOS 1.17 or later or you will BRICK YOUR THINKPAD! Known issue 
across most latest-generation Thinkpads these days with discrete graphics.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9bc8512c-7e90-4467-99ac-64dd8c3f6a3a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Nvidia drivers for Qubes 4

2018-12-16 Thread Eric Duncan
On Saturday, December 15, 2018 at 12:52:49 PM UTC-5, archie...@gmail.com wrote:
>
> The second thing i'm wondering is that I don't have /etc/default/grub file
> Where do i have to add the nouveau blacklist? Would echo "blacklist nouveau" 
> >> /etc/modprobe.d/blacklist.conf work?
> 

Yes, and I would prefer this myself so that GRUB upgrades do not wipe it out.  

May I recommend a dedicated file for it?

echo "blacklist nouveau" >> /etc/modprobe.d/blacklist-nouveau.conf

And thank you for posting this.  My P1 arrives this week.  I'm hoping I can get 
Bumblebee or some alternative working in dom0, since it doesn't seem i can 
disable the dGPU in the bios.  We'll see, others are having issues as well.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c3f63c0f-9bcd-4a1c-8893-93300c8db43b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] TPM usage

2018-12-16 Thread Eric Duncan
On Sunday, December 16, 2018 at 1:03:45 PM UTC-5, Brendan Hoar wrote:
> On Sunday, December 16, 2018 at 10:44:07 AM UTC-5, Eric Duncan wrote:
> > AES hardware acceleration happens in your CPU, FYI. And usually the more 
> > higher end ones.
> 
> I would wager that any CPU that meets the Qubes R4 requirements (e.g. Intel 
> VT-d + EPT or similar AMD features) assuredly implements the AES-NI opcodes.
> 
> Not that what you said indicates otherwise, but just to clarify. :)
> 
> Brendan

True true.  Though, I've had an old Core i5 that did not have AES-NI... And 
yet, the N4200 Pentium quad core in my tiny UP Squared does!  Go figure.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ede966ba-a82c-443d-8460-db79ede77afb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] TPM usage

2018-12-16 Thread Eric Duncan
TPM is basically is just a key/value storage on a chip on your motherboard. The 
idea is that Secure Boot's certificate is used to gain access to the TPM to 
pull out the stored keys. Then the keys are used as the key to unlock your 
encrypted partition.

TPM is not used by Qubes by default. 

The additional hardening featured called AEM (Anti-Evil Maid) is the only 
feature of Qubes that uses the TPM.

One thing to note: there are LUKS+TPM versions out there.  But my research led 
me to older versions that don't work on the newest TPM chips.

Also, most govt bodies will have access to the TPM chip to download the binary 
since they have the root CA used for the bios secure boot. So it won't prevent 
them access to the TPM keys.

Therefore, it's best to think of TPM as two-factor auth: always combine your 
long passphrase + TPM for a combination that will be unique.  And the LUKS+TPM 
project is dead for that.  So oh well...

AES hardware acceleration happens in your CPU, FYI. And usually the more higher 
end ones. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/48c657e2-f6d6-43c7-b67c-17e6dd55971a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes with newer hardware and error messages still safe enough?

2018-12-13 Thread Eric Duncan
Nice setup. I have an 2950x under the tree waiting for qubes for my kiddo.

TPM is only used for the Anti-Evil Maid feature. You can read up on it and if 
your threat model includes such an attack or not.  Tip, the deal breaker 
decision: you loose sys-usb, USB isolation, if you enable AEM because it has to 
be attached to dom0. (Well, last I used it with R3.2 that was). My personal 
threat model are random USB sticks I use in various work a double client 
computers.  So I'd rather have the USB isolation than AEM, IMO. But each person 
should review their own threat models.  That's why we love qubes.

Tai's valid concerns is that AMD has implemented a remote system monitoring and 
maintenance utility that remote sys admins use to manage the system, same as 
Intel ME (now called vPro I think that had wider and wireless adoption).  
Intel's ME can be neutered to still pass TLS validation given the right 
hardware (or like me, disable the NIC port and change the vPro wireless device 
from 9265 to a non-vPro 9260).  However, there is no such disabling for AMD - 
mostly because no one has tried. And no, disabling it in your bios does not 
turn it off. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/67a8430f-067f-41fe-9e1d-ea1732406205%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Nvidia dGPU (MX150) Passthrough Issues

2018-12-06 Thread Eric Duncan
FYI, I plan on doing this as well when I get my P1 in a few weeks.

> I've installed the nvidia driver and disabled/blacklisted nouveau, however I 
> can't use bumblebee due it complaining there's no Intel GPU (Using `00:03.0 
> VGA compatible controller: Device 1234: (rev 02)`)
>

My research led me to believe that you won't be able to use bumblebee with 
Qubes, as bumblebee expects both the Intel iGPU and Nvidia dGPU drivers in the 
same domain and Hybrid Graphics enabled in the BIOS.  Since Qubes separates 
this by having the iGPU in dom0 (soon to be a new GUI domU?), and you are using 
pci-passthru dGPU to another domU, it won't have both.

I plan on experimenting with this as well; however, I already know that the 
dGPU will always have to be active in this setup - killing any battery savings. 
 

What I don't know is if xen will put the dGPU will go into a power-savings mode 
if the domU it is attached to is shutdown.  Or, better yet, if bumblebee can be 
installed in dom0 even with dGPU set as pci-passthru.  I have my doubts; but, 
that is my plan to experiment with.  My fallback is to disable the dGPU in the 
BIOS when on the road and switch back to Hybrid when only docked and only when 
I want to loadup AutoCAD or Blender (very rarely).  However, I already know the 
X1 Exteme, and I'm guessing the P1, won't allow the Nvidia GPU to be disabled 
in the bios like earlier generation Thinkpads.  Bleh, lots of workarounds.

 
> So it's there, I just can't tell applications to render on the dGPU, so 
> close...
> 

How can you tell "it's there"?  Maybe look for it in the log such as:

# grep "X Driver" /var/log/Xorg.0.log

If you see something listed as Nvidia, then it is indeed loaded and could be 
used to offload hardware acceleration (such as Blender or perhaps AutoCAD 
shading).

What I don't know is if rendering 3D to the screen would work within Qubes.


OT: On my new Qubes/gaming desktop I am upgrading, I'll have all 4 displays 
connected to a single low-end GPU via HDMI inputs (monitors are currently all 
1080p@120Hz).  However, the 2x Vega 64s will connect via DVI (DP-to-DVI) to my 
primary 3 monitors for EyeFinity.  

A trick I saw someone do with Xen on youtube was to "disconnect" the monitors 
from HDMI of the first GPU - this frees up their signal.  Then, within another 
domU, enable the DP output and BAM, the monitors come back - dedicated to the 
gaming domU.

That should work with Qubes I believe with an HVM.  However, I don't think that 
works with laptops though - unless you want to try dedicating the output of a 
specific external port to an external display.  Maybe that might work? - 
keeping it disconnected from dom0, and enabling the output via xrandr within 
your nvidia dom0?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/92324f5e-f474-45ef-93ee-bc5b41eaa6e4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Problems of Installation on macOS 10.14 Mojave

2018-12-01 Thread Eric Duncan
On Saturday, November 24, 2018 at 4:54:13 PM UTC-5, micr0@gmail.com wrote:
> Thanks do you have a Link to the merged PR.. 

Sorry for the delay.

All work was here:

https://github.com/QubesOS/qubes-installer-qubes-os/pull/20

> then you mean mounting the installer usb in macOS
> cd to /Volumes and then cd into stick? Or mount macOS EFI and cd into the EFI 
> ?

If you have a dual-boot setup, or installed Qubes to a USB stick, when you boot 
macOS normally you'll see a new mount for HFS+ on your desktop (or after you 
plug in the USB stick).  You'll see the 00-README.txt in the root of that EFI 
partition when you open it.

If you don't have a dual-boot, you'll need to boot off of some other Live USB 
boot disk.  I personally prefer Arch Linux as I am used to its utility stack.  
But you could also easily boot a Ubuntu Desktop Live USB (normal USB install, 
just asks as an option on grub when booting).  

Once you boot that Live USB and at the desktop, you can then drop to a terminal 
and run "lsblk" to see what disks and partitions you have.  You should be able 
to easily identify the /dev/sdXy disk and partition that has the 200 MB EFI 
HFS+ format.  Mount it as rw and then you can read the readme, and make changes 
to the Xen.cfg file.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e49cb710-e15e-4003-aa28-aaea2dbdf94f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Compatibility Lenovo P52

2018-11-25 Thread Eric Duncan
Just off the bat, the biggest concern is that dGPU: you can't turn it off in 
the bios (as ithet Thinkpad users have reported on /r/thinkpad).

I just ordered the Thinkpad P1 myself, which is the same as the X1 Extreme just 
with ECC and Xeon.

I specifically got it for its 32GB ECC ram for stability, quadro for some light 
modelling and hex core.  I've been using Qubes on a dual core for years with 8 
GB and it's beyond frustrating when running iur if resources (mem and CPU).

Needless to say, it is going to be a challenge. 
 The biggest being dGPU control, hopefully via Bumblebee and Nvidia drivers in 
dom0 (boo, but it's the only way).

After I ordered my P1, I just found out that the Dell Precision 5520 (same as 
the famous XPS 15) had the option to be ordered with no GPU! This means it 
would be perfect for qubes as it's fairly low cost, 32 GB ram (no ECC though) 
and hex core. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/af357547-d717-4aae-96be-75ea865f4f9a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Problems of Installation on macOS 10.14 Mojave

2018-11-24 Thread Eric Duncan
Oh, one other thing to note in the PR that was merged... I added an 
00-README.txt to the /boot/EFI partition of Qubes.

Here's a trick to tweak Qubes settings over and over, especially on Macs...

You can boot into macOS normally.  You should seen the EFI boot partition 
mounted under /Volumes/.  It is a fat32 partition.

As soon as you browse into this location, you'll see the 00-README.txt where I 
explain how to open the xen.cfg file and tweak the parameters of your boot 
kernel and xen.efi options.

So if you are having problems booting Xen.efi on a device, you should be able 
to boot with another OS (e.g. a Ubuntu Live USB stick, or Arch Linux Installer 
stick, or even macOS if installed on the same machine, etc) and edit the fat32 
boot partition manually to tweak the configuration.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/390fd1d2-ddf0-466c-8bf3-9c9f90bb00c8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Problems of Installation on macOS 10.14 Mojave

2018-11-24 Thread Eric Duncan
On Tuesday, November 20, 2018 at 2:23:13 PM UTC-5, Koma Kurt wrote:
>
> Hi there im new to Qubes OS and i want to install it on external ssd...
> 

Btw, this is exactly how I install Qubes R4 (and RCs) for all the testing I 
did.  I installed Qubes OS on an M.2 USB3.0 adapter that uses the ASM1153E 
chipset, so it acts as an external HDD.  Though a lot of my devices don't 
support SSD HDD booting, my Macbook Pro 2014 does and works fine with it.

https://www.newegg.com/Product/Product.aspx?Item=9SIA2RP5G19609

What I did is simply down the ISO and used Etcher to write to a USB3.0 stick.  
Then I rebooted with that stick, holding down OPTION key and select "EFI Boot" 
to boot the stick.

I then immediately insert the USB SSD enclosure AFTER it starts to boot.  I do 
this because if you have it in any sooner, than the OPTION boot process sees it 
and doesn't allow the USB stick to boot.

> rEFInd 0.11.4 is already installed and macOS is updated to macOS 10.14 Mojave.
> 
> ...
> 
> there are now 3 options to boot from:
> 
> -->legacy mode (doesnt work)
> 
> -->vmlinuz (doesnt work -->freeze install progress @ dracut..with 4 
> penguins
> 
> -->fallback...it works installer starts but then where i have to 
> choose language ..i cant choose cause the keyboard and trackpad are 
> frozen :-/
> 
> the xen.efi is also missing or broken...
> @eduncan911
> 
> you write above Apple hardware has been fixed: 
> QubesOS/qubes-installer-qubes-os#20 ...
> 
> can you please tell me (step-by-step)
> 

Do not use rEFInd.  Or rather, Qubes doesn't support it nor have I even touched 
it.  None of my macs (I have 3) has any boot manager installed.  Just plan 
macOS and my USB boot stick I carry round.

In short, when using a true UEFI BIOS to boot Qubes OS, Qubes R4 will only 
configure the boot partition to boot the Xen.efi file directly - no EFI boot 
manager is installed nor used.

Xen supplies an xen.efi wrapper binary that will handle the boot sequence.

The downside to this approach is that you can't pass any parameters to the Xen 
EFI process - you can only tweak the efi.cfg file for boot params and kernel 
options.

Depending on your mac, you sometimes have to disable nomodeset or intel i915s 
to get things to boot.  

> for what is the qubes-installer-qubes-os used for (to build iso?)
> how to Compile/ build / use qubes-installer-qubes-os ??
> 
> i couldnt figure out how to use this repo cause there is no README file ??
> 
> Do i have to make it like the qubes builder? does it output an ISO ?
> 

I started with R4 rc3, and went to rc4 and rc5 and now R4 RTM ISOs directly 
from the downloads.  No special builds.

Note, I have had several corrupt downloads and corrupt USB writes to USB 
sticks.  Please always verify the ISO after downloading with at least md5sum.  
Etcher has built in "Verify" support - but sometimes it still corrupts.  I end 
up writing to 2 or 3 USB sticks until one works.


> @marmarek
> 
> is there a way how i could build my own iso with all the fixes inside which 
> works on my macbook?
> 
> i read in the issues that the problems where fixed but i didnt know how to 
> fix it ..
> 

So about that... That's been the biggest PITA for me.  I am surrounded by no 
less 8 different PCs and laptops and tablets - and none of them helped me get 
the Broadcom drivers installed for my Macbook Pro 2014 Retina (15").  It is 
super annoying, no matter the dozen blog pops you follow online for Fedora 
kernels and all...

I can't recall on exactly which combination I did before... But I know my USB 
SSD enclosure worked on my late-2015 iMac 27" Retina 5k - with nomodeset if I 
recall.  The GUI was painfully slow at that resolution (like 0.25 FPS!!!), but 
I was able to change the resolution and get a partially using system.  I think 
that is where I installed the dkms drivers manually for the Fedora kernel in 
dom0 for the broadcom drivers.

Truth be told though, since my Mid-2015 Macbook Pro 15" retina uses an "Nvidia" 
GPU, not an AMD like the 2015, it's been a real PITA since I can't control the 
optimus easily.  Battery life sucks as the GPU is always on and no matter how I 
configure the vendor for backlights, I can't control the retina-eyeball-burning 
brightness.  You may have better luck with the AMD card in the 2015 edition you 
have I believe.

In the end, after tinkering with it off and on for 8 months, Ive given up and 
just ordered a Thinkpad P1 over the Blackfriday weekend.  They had a special of 
20% off for Thanksgiving (expired last night).  You can still call them and 
tell them about the website problems over the last several days of "Under 
maintenance" and they will give it to you over the phone. The trick is to add 
it to your cart first, then "Save for later" so when on the phone, add it back 
to cart and given them the cart number.  They will credit it over the phone.

I digress though... I still may have serious issues with Optimus and the 
Thinkpad P1 graphics, reading that the dGPU 

Re: [qubes-users] Re: Whonix update error in Qubes 3.2, release file expired

2017-11-20 Thread Eric Duncan
On Monday, November 20, 2017 at 12:39:58 PM UTC-5, Unman wrote:
> On Mon, Nov 20, 2017 at 09:04:35AM -0800, Eric Duncan wrote:
> > On Monday, November 20, 2017 at 11:55:35 AM UTC-5, Adrian Rocha wrote:
> > > Hi,
> > > 
> > > When I try to update my Whonix gateway I have the following error:
> > > 
> > > user@host:~$ sudo apt-get update 
> > > Hit http://deb.whonix.org jessie InRelease
> > >  
> > > Hit http://deb.qubes-os.org jessie InRelease  
> > >  
> > > E: Release file for http://deb.whonix.org/dists/jessie/InRelease is 
> > > expired (invalid since 4h 5min 45s). Updates for this repository will not 
> > > be applied.
> > > user@host:~$
> > > 
> > > I tried to clean the cache, change the URL protocol to https, but the 
> > > error continues. Any ideas?
> > 
> > Yeah, i was just about to post this as well.  
> > 
> > I think Whonix needs to update the file?  As it looks like it was created 
> > 30 days ago.
> > 
> > Looking at the file, it shows this:
> > 
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA512
> > 
> > Origin: whonix
> > Label: Whonix
> > Codename: jessie
> > Date: Fri, 20 Oct 2017 12:41:17 UTC
> > Valid-Until: Mon, 20 Nov 2017 12:41:17 UTC
> > Architectures: amd64 arm64 armel armhf hurd-i386 hurd-amd64 i386 
> > kfreebsd-amd64 kfreebsd-i386 mips mipsel powerpc ppc64el s390x sparc
> > Components: main
> > Description: Whonix jessie APT Repository
> > 
> You're right Eric.
> It's on the server side.
> ccing Patrick in case he isnt aware.

Here's who last signed the file list:

:signature packet: algo 1, keyid CB8D50BB77BB3C48
version 4, created 1508503277, md5len 0, sigclass 0x01
digest algo 10, begin of digest bf 10
hashed subpkt 33 len 21 (issuer fpr v4 
6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48)
hashed subpkt 2 len 4 (sig created 2017-10-20)
hashed subpkt 20 len 94 (notation: 
issuer-...@notations.openpgp.fifthhorseman.net=6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48)
subpkt 16 len 8 (issuer key ID CB8D50BB77BB3C48)
data: [4092 bits]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7d128c56-12d8-48c1-845f-2e2495daf66e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Whonix update error in Qubes 3.2, release file expired

2017-11-20 Thread Eric Duncan
On Monday, November 20, 2017 at 11:55:35 AM UTC-5, Adrian Rocha wrote:
> Hi,
> 
> When I try to update my Whonix gateway I have the following error:
> 
> user@host:~$ sudo apt-get update 
> Hit http://deb.whonix.org jessie InRelease
>  
> Hit http://deb.qubes-os.org jessie InRelease  
>  
> E: Release file for http://deb.whonix.org/dists/jessie/InRelease is expired 
> (invalid since 4h 5min 45s). Updates for this repository will not be applied.
> user@host:~$
> 
> I tried to clean the cache, change the URL protocol to https, but the error 
> continues. Any ideas?

Yeah, i was just about to post this as well.  

I think Whonix needs to update the file?  As it looks like it was created 30 
days ago.

Looking at the file, it shows this:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Origin: whonix
Label: Whonix
Codename: jessie
Date: Fri, 20 Oct 2017 12:41:17 UTC
Valid-Until: Mon, 20 Nov 2017 12:41:17 UTC
Architectures: amd64 arm64 armel armhf hurd-i386 hurd-amd64 i386 kfreebsd-amd64 
kfreebsd-i386 mips mipsel powerpc ppc64el s390x sparc
Components: main
Description: Whonix jessie APT Repository

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6d45673e-8091-4026-a0e9-145819153661%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] R4 rc2: Multiple EFI Machines Install Failures

2017-11-11 Thread Eric Duncan
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I'm having a difficult time attempting an EFI install of 
Qubes-R4.0-rc2-x86_64.iso across 4 different machines and 3 different USB 
sticks made by various procedures.

* Installing to an Asmedia USB3 device (all systems detect as HDD)
* Must use EFI installation

On all of the following, I have used 3 different USB sticks made by various 
procedures (Rufus in Windows on a USB2, dd in OSX and Etcher in OSX on two USB3 
sticks).  Also, I downloaded the ISO 3 different times and verified its PGP 
signature each time.  All USB sticks act exactly the same, except for on my 
Lenovo Helix: the Helix doesn't have proper EFI init that I've experienced with 
other installations.

I am attempting to install Qubes on an M.2 SSD via an Asmedia USB3 enclosure 
from all of the machines below.  This has worked flawless for Windows 10, 
Ubuntu 16.04 and ArchLinux installations as it is detected as a HDD.


Macbook Pro Retina mid-2014
- --
I get the first initial boot menu, asking to install with testing.

Selecting any option flashes the Xen boot for a microsecond, and returns back 
to the menu.


iMac 27" 5k late-2015
- --
Upon selecting Test installation media and install, it shows the Xen EFI boot - 
and freezes the system right there.  IOW, one more step than the Macbook Pro 
2014.


Lenovo Helix (1st gen)
- --
I already have Qubes R3.2 on this device.

The installer is not recognized from any of the Qubes 4.0 rc2 USB sticks under 
EFI.

It shows and loads under Legacy; but, I require it to be EFI for the various 
machines I'll be booting in going forward (namely, some UP boards that only 
have EFI bios options).


(Desktop) Asus Rampage IV Black Edition
- --
Saved the best for last.  And by "best" meaning the most inconsistent issues.  
This is my high end gaming desktop, dual Titans, overclocked, water cooled, etc.

For the record, I have been running Windows 8.1, 10 and Arch Linux for the past 
4 years on this system (mostly Arch) with about 20 test installations over and 
over using several high end devices.  I know this system very well, and is 
extremely stable under Linux kernel as well as Windows with zero instability.  
Though, I have never tried FreeBSD kernels before.

I get various results using the same USB stick over and over.  I have removed 
all overclocking with various results.  "Various" results meaning I cannot 
reproduce the same error or condition all of the time.

Most common result:

When Anaconda starts, it flashes a graphic background with a "Progress" bar 
that slowly moves across the bottom for about 30s - and freezes the entire 
system, forcing a power off with power button 4s.

This screen does not show under normal installation.

Serious bug in the Installer:

Whenever the system freezes from one of the various issues, most of the time it 
marks the USB3 device as "Dirty" - before it even gets to any installation 
screen!  Worse off, it does this to my Arch and Ubuntu installs on the local 
SSDs!  I've since disconnected the internal HDDs, but it still marks dirty the 
USB3 I am installing to.  I usually have to remove it, and format it in another 
machine, between installation attempts.

Occasional Progress:

Sometimes, the system will get past the Xen and Anaconda init and actually load 
the Installation menu!  Where it asks for options for installing, encrypt disk, 
and starts installing!

But when it gets to this point, which I have only made it to twice, it has hard 
locked the system with the progress bar pretty close to the end running some 
script.  I didn't write the script name down, but I will next time.


If anyone has any advice, please let me know.  If Qubes 4.0 RTM will have a lot 
of installer fixes, I may just wait for that.

Thanks!
Eric
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEcy6ry51h71BXa58r1HXhRIZm5iYFAloGxlsACgkQ1HXhRIZm
5iYKaRAAxTE64Fua+TmnkbRfM3lwl+5lz9N2FHYMDCkwbv7wE6TKbR2Z5KgYdN+n
SfgA7pBhEj5m317nC1MfzbFuZyHuwBlWsIfqnWxzs1n9Xjy7l5miu052mhEG5Wlw
QyWYaPBBegd5bkrYH+I/4IEwOqKWVzE77qhrgSrfscAQhwXdH4mgU7J7PfdI8HZH
NpjShlXelER9zBiUB1Huw9vcL3SM0b7cnI/qY5s5FyMb8OjPDYAmAEzaXWEUyIvQ
V5AmZrv9cS2IyQ/PklSQsL4J1zNkSLv9z/OZuEyZY2tvBMFzqdJGlAAbmmB1vmIO
RV8tRWlOhi+Qu0DR4xHN90ERLYIAZ6NZ1EC80pYKlcHPIyQW6fMBfn2IRlGxUs1X
Zm8ox14b0oTmVPhDc0pjjuLNcxzHhzFpeA9Iav+OBF5MJRHVNOxKTUEnaFN8DTlw
LymeuLFtBmlUptxGtgCgpaJ7jhaZh68WYWYLVINsr6apd/Oo+iHYU0evFr7qeMjX
S+yM8H34/pah2qdPtrHrizwb0xDVSrcXnih4bF0113aX8rBEF7mJaFY0wrsWDaA1
5gCVzUMxZFbtvn1BRnGjaAX/+givCk5TjhLYPrleXqSSvS6fPeZlH5SBba+mmaLd
TejeduMh5j3nIvjTOYDnPLOF4uOSRlqbGdpqQXzZGUFzVt8SRLw=
=T0FM
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 

[qubes-users] Re: Preparing installation USB from Mac OSX

2017-11-11 Thread Eric Duncan
On Tuesday, February 17, 2015 at 6:20:36 AM UTC-5, onnozw...@gmail.com wrote:
> Hi,
> 
> I didn't find any recipe to install Qubes on a USB stick from OSX; 
> specifically at https://qubes-os.org/wiki/InstallationGuideR2 where I would 
> expect such info. I'd like to suggest the following text (trac markup 
> included):
> 
> To install on Mac OSX, use the {{{ mount }}} command to determine the USB 
> device name:
> 
> {{{
> macbook:~ user$ mount
> /dev/disk1 on / (hfs, local, journaled)
> ...
> /dev/disk2s1 on /Volumes/MYUSB4GB (msdos, local, nodev, nosuid, noowners)
> }}}
> 
> In this case, the device is /dev/disk2. The first is the OS disk, so leave 
> that alone. Unmount the filesystem:
> 
> {{{
> macbook:~ user$ diskutil unmount /Volumes/MYUSB4GB/
> Volume MYUSB4GB on disk2s1 unmounted
> }}}
> 
> Then copy the iso to the RAW device. In this example that's rdisk2, not 
> disk2. All data on the USB stick will be erased.
> 
> {{{
> macbook:~ user$ sudo dd if=Qubes-R2-x86_64-DVD.iso of=/dev/rdisk2 bs=1m
> Password:
> 2935+0 records in
> 2935+0 records out
> 3077570560 bytes transferred in 613.278852 secs (5018224 bytes/sec)
> }}}
> 
> Don't forget to specify the block size, because it may take hours if you 
> don't. Using Unetbootin for OSX to write the USB stick seems to result in a 
> USB stick that hangs during boot.
> 
> Hope this helps anyone,
> 
> Kind regards
> Onno

Thanks for this.  Though, macOS Sierra needs a capital "1M" instead of "1m". 

$ sudo dd if=~/Downloads/Qubes-R4.0-rc2-x86_64.iso of=/dev/rdisk3 bs=1M

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/12b4fd29-9f51-43a7-b34d-e444f6eddeb8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] HCL - Dell Inc. Studio XPS (1640)

2017-07-09 Thread Eric Duncan
ModelDell Inc. Studio XPS (1640) (Core2 Duo P8600, PM45, ATI)
BIOSA15
HVMyes
IOMMUno
SLATno
TPMno
QubesR3.2
Kernel4.4.62-12
RemarkRuns great, but no IOMMU nor HAP/SLAT.
CreditEric Duncan


Notes:

With a CPU score exactly half of my Lenovo Helix Core i7 Tablet (that does 
support IOMMU and SLAT and TPM), it really surprised me on how snappy and fast 
this Studio 1640 seems.  

Installed on an 120 GB SSD, it was really fast and responsive.  

Installation was silky smooth - much easier than any other machine I've 
installed QubesOS on (most likely because it is only Legacy bios).

Ubuntu 14.10, Debian Jessie, ArchLinux and Mint I have tried - they were all 
super slow and clunky on this old Core2 Duo laptop (compared to Core i7 
machines).

That is why I am quite impressed with how nicely QubesOS runs on this laptop.  
Chromium in the Personal VM is a bit on the slow side (when isn't it?); but 
really, QubesOS is the only OS I can run on this laptop now and have it be 
usable.  

Was using it for about two months before moving onto my Helix Tablet.


Qubes release 3.2 (R3.2)

Brand:  Dell Inc.
Model:  Studio XPS 1640
BIOS:   A15

Xen:4.6.5
Kernel: 4.4.62-12

RAM:4060 Mb

CPU:
  Intel(R) Core(TM)2 Duo CPU P8600  @ 2.40GHz
Chipset:
  Intel Corporation Mobile 4 Series Chipset Memory Controller Hub [8086:2a40] 
(rev 07)
VGA:
  Advanced Micro Devices, Inc. [AMD/ATI] RV635/M86 [Mobility Radeon HD 3670] 
[1002:9593] (prog-if 00 [VGA controller])

Net:
  Intel Corporation Centrino Advanced-N 6235 (rev 24)
  Broadcom Limited NetLink BCM5784M Gigabit Ethernet PCIe (rev 10)

SCSI:
  ST95005620AS Rev: SD28
  DVDRWBD CA10NRev: A108
  UDiskRev: 5.00

HVM:Active
I/O MMU:Not active
HAP/SLAT:   No
TPM:Device not found

Qubes HCL Files are copied to: 'dom0'
Qubes-HCL-Dell_Inc_-Studio_XPS_1640-20170709-134200.yml - HCL 
Info


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3709a819-7b86-4d1f-aade-a015ea751ced%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-Dell_Inc_-Studio_XPS_1640-20170709-133934.yml
Description: Binary data


[qubes-users] Re: Dell XPS 9560 4k resolution issues

2017-07-06 Thread Eric Duncan
On Friday, June 23, 2017 at 10:51:17 AM UTC-4, David Nogueira wrote:
> Hi all,
> 
> I have been struggling to find a good way to use my 4k display. For context, 
> I have looked for setting HiDPI, am aware of 
> https://github.com/QubesOS/qubes-issues/issues/1951 and others, but at least 
> for now I see HiDPI as a half solution.
> 
> I don't care about my full screen resolution in Qubes, so I am ok in setting 
> it to something like 1920x1080, the issue is I am not being able to. Since 
> the only mode available in xrandr is 3840x2160 I am forced to add a new mode.
> 
> I ran cvt 1920 1080 60 in dom0, get:
> 
> Modeline "1920x1080 60.00" 173.00  1920 2048 2248 2576   1080 1083 1088 1120 
> -hsync +vsync
> 
> I --newmode and --addmode to default and when I try setting the mode:
> 
> xrandr --verbose --output default --mode 1920x1080_60.00
> xrandr: Failed to get size of gamma for output default
> crtc 0: disable
> screen 0: 1920x1080 508x286 mm  95.92dpi
> crtc 0: 1920x1080_60.00  59.96 +0+0 "default"
> xrandr: Configure crtc 0 failed
> crtc 0: disable
> screen 0: revert
> crtc 0: revert
> 
> I have tried a few things, ran out of ideas, sorry if this is a bit too basic 
> but am a bit stuck.
> 
> Best.
> David

When I had ArchLinux on my Thinkpad, I found out that Gnome had at least 3 
different UX frameworks that needed scaling (built-in, GTK and Qt).  Each one 
had their own setting files.  

R3.2 uses Xfce.  I believe apps continue to use GTK and Qt though.  So I would 
start there (each has their own scaling properties).  

I couldn't stand Qubes and Xfce and basically back to my beloved i3wm tiling 
manager when I installed Qubes (it gave me a nice excuse to go back to i3 after 
I left i3 for Gnome's latest touchscreen goodies and eye candy).

With i3wm, it's easy to scale the fonts in the config file however i like.  I 
spend 96.21% of my time in terminals any ways.

GTK and Qt apps still need to be scaled.  I used some of the Xfce user settings 
apps to do it and it seemed to handle most of the windows I care about anyways. 
 Only thing left was Chromium and Tor Browser (I have yet to find a good way to 
scale Tor Browser bundle).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6597de3b-e980-469b-8def-cfb17bd978af%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Long-time Beta Users, do you wipe or upgrade?

2017-06-26 Thread Eric Duncan
On Monday, June 26, 2017 at 10:44:41 PM UTC-4, cooloutac wrote:
>I guess just use testing or unstable repos if you want to have the latest 
> for now.   I have no idea where to get the beta for 4.0 if thats what you're 
> asking.

Yes, that's partly what I am asking.  I read where 4.0 is going to have a bit 
more restrictive requirements and while I have tested most of my hardware, I 
still want to use the latest 4.0 "beta" for now.

Yeah, where do you get 4.0 beta?  I see the source seems to point to version 
4.0.0:

https://github.com/QubesOS/

I also see "branches" of each release, such as Release 3.2:

https://github.com/QubesOS/qubes-core-admin/tree/release3.2

Are we supposed to pull the 4 main repos and build 4.0 ourselves?  It doesn't 
look that difficult. 

Overall, I am wondering if there basically is a way to enable a "repo" and just 
update to mostly what the devs are pushing to.  

But yeah, if there are separate branches... I guess I can just pick a version 
and stick to it.

I replace Xfce with i3wm anyways... Which removes the vast majority of the GUI 
work by the team.  All that is left is basically the hypervisor and inner-VM 
communications (and Display VM - which has some issues with i3wm, such as that 
I haven't found a way to fullscreen something yet).  

If there has been significant infrastructure changes to those, I see the point 
of repaving and restoring.  Then again, Arch is more than happy to break your 
current installation with its rolling release because of a change (e.g. the 
move to "systemd" one sunny day that shocked everyone).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0792f6c6-2b45-489f-8a48-437c1de32821%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Long-time Beta Users, do you wipe or upgrade?

2017-06-26 Thread Eric Duncan
On Monday, June 26, 2017 at 1:27:19 PM UTC-4, cooloutac wrote:
> 
> upgrading to the latest release from previous version didn't go well for me. 
> There are instructions on how to do so and maybe I did something wrong.  But 
> I had to reinstall fresh and restore backups which went smooth.
> 
> Most Qubes users are paranoids and probably wipe their drive occasionally 
> anyways.
> 
> I wouldn't consider Qubes a rolling release Its one big huge version update. 
> Next Qubes version I think will be 4.0.

Yeah, I don't plan to upgrade.  This will be another clean install.  

That's what I am trying to get.. 4.0, or the latest "tip" of Qubes that 
everyone is using for development and submitting updated packages for.

Would I get "4.0" from just a fresh install, and then enabling the 
Testing/SecurityTesting repos and upgrading?

Or, is Qubes not setup to roll the latest from a tip?  But instead, there are 
separate branches for each release (3.1, 3.2, 4.0, etc) and a "Testing" branch 
for each one of them?

That's kind of how Kali used to do it (I think) which annoyed some of us that 
wanted to contribute, but our contributions got lost in the older versions or 
wasn't merged to the latest branches, etc.  Then Kali switched to Rolling 
releases, with a single Tip/Testing branch - and snapshots (with branches) for 
official releases.



Ps: Heh, paranoids - wiping often.  I did that a lot w/Windows, mostly cause of 
instability after 6mos.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0b19516a-f1cb-490c-bbdf-e369ea769355%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Long-time Beta Users, do you wipe or upgrade?

2017-06-26 Thread Eric Duncan
On Monday, June 26, 2017 at 10:09:23 AM UTC-4, Noor Christensen wrote:
> On Thu, Jun 22, 2017 at 08:21:10AM -0700, Eric Duncan wrote:
> > Alternatively... Is there a way to use some type of "Testing" repo for
> > Qubes?  Something like rolling updates of Debian Testing does?
> > 
> > I was perfectly happy with Debian Testing on a previous build, until I
> > moved to Arch which was a bit more stable with its rolling releases.
> > 
> > I wouldn't mind installing a "rolling release" of Qubes under a
> > Testing repo, if there is one.  
> 
> Yes, there are three repos that offer packages not yet merged to stable:
> 
> qubes-dom0-current-testingtesting packages that will eventually land in 
> the stable (current) repository
> qubes-dom0-security-testing   a subset of qubes-dom0-current-testing that 
> contains packages that qualify as security fixes
> qubes-dom0-unstable   packages that are not intended to land in the 
> stable (qubes-dom0-current) repository; mostly experimental debugging packages
> 
> See the "Testing repositories" section of the official docs:
> https://www.qubes-os.org/doc/software-update-dom0/#how-to-update-software-in-dom0
> 
> -- noor
> 
> |_|O|_|
> |_|_|O|  Noor Christensen  
> |O|O|O|  no...@fripost.org ~ 0x401DA1E0


Thanks!  Yep, I found that wiki after I posted (oops).

One question: would these repos be considered "Rolling" releases?  I mean, they 
aren't cut as releases, but would always have the "Tip" of packages, fixes and 
updates?

qubes-dom0-current-testingtesting packages that will eventually land in the 
stable (current) repository 
qubes-dom0-security-testing   a subset of qubes-dom0-current-testing that 
contains packages that qualify as security fixes 

I do not plan on running unstable.  :)

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/99aca823-36f1-4db1-9ece-7392e07a7a20%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Long-time Beta Users, do you wipe or upgrade?

2017-06-22 Thread Eric Duncan
Currently running Qubes 3.2 on one machine.  Have a need to install it on 
another.

To all of you long-term beta users of 3.x and now 4.x... 

1a) Are upgrades simple to RTM versions of Qubes?

Or 1b) Do you wipe and format each time a beta or RC comes out?

I'm debating install Qubes 4.0 beta/rc, and going for the upgrade.


Alternatively... Is there a way to use some type of "Testing" repo for Qubes?  
Something like rolling updates of Debian Testing does?

I was perfectly happy with Debian Testing on a previous build, until I moved to 
Arch which was a bit more stable with its rolling releases.

I wouldn't mind installing a "rolling release" of Qubes under a Testing repo, 
if there is one.  

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8b2bb304-1db2-4a4f-adca-482c05829b27%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: HCL - Surface Pro 3 (i5-4300U 4Gb)

2017-06-08 Thread Eric Duncan
On Wednesday, May 3, 2017 at 10:54:50 AM UTC-4, seans...@gmail.com wrote:
> I got Qubesos 3.2 installed on my Surface Pro 3, however the newer touch 
> cover (the one made for the pro 4,but works on pro 3) doesn't work out of the 
> box and as such I can't type anything, nor login, since the on-screen 
> keyboard doesn't come up either. Any guidance on this?

Maybe related, but the Type Cover for the Surface 3 (non-Pro) has to be 
kernel-patched and recompiled to enable.  Back when the Surface Pro 3 first 
came out, the same kernel-patching had to be done to enable the type cover.  

A quick search found this Surface Pro 4 Type Cover kernel patch: 
https://ubuntuforums.org/showthread.php?t=2300868

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8fdb-c192-4b70-be6d-f643b756d318%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] HCL - Dell Lattitude E5570

2017-06-03 Thread Eric Duncan
My Lenovo Thinkpad Helix has the same issue with the touchscreen.  

Doesn't matter the number of input devices.  The TouchPoint, Trackpad and an 
logitech unified mouse adapter works perfect fine with 0 configuration.  

The Helix has a wacom digitizer, as well as mouse input - so it's really two 
additional inputs.  There are drivers I previously installed per Arch packages 
when I had arch on it:

xf86-input-wacom

https://wiki.archlinux.org/index.php/Lenovo_ThinkPad_Helix

Do we have to build them for dom0 or usb-vm?

Thanks!
-E




On Friday, June 2, 2017 at 11:46:51 PM UTC-4, haw...@bitmessage.ch wrote:
> On Sun, 19 Feb 2017 20:49:43 -0500
> "'Qubes Lovitt' via qubes-users"  wrote:
> 
> > Everything working great so far
> > 
> > -Windows7 HVM template & appvms fine.
> > -sys-usb fine and able to pass through individual USB devices
> > -PCI passthrough working (sound, usb, SD card reader) -- will try
> > external thunderbolt 3 GPU enclosure next month and report GPU
> > passthrough results once/if working -Contacted smartcard working with
> > PGP/Enigmail. Next will try contactless NFC along with -fingerprint
> > scanner and will report any results of where I got that working -TPM
> > available but booting in UEFI mode so have not tried AEM yet
> > 
> > I believe this notebook should be Qubes 4.0-ready based on what I
> > have seen.
> > 
> > Cheers. Attached HCL tool YML output.
> > 
> > 
> > 
> > 
> 
> 
> If you have the touchscreen version of the Dell Lattitude E5570, were
> you able to pass the touchscreen back to dom0? 
> 
> The touchscreen on the lattitude E5570 works great without a usb-vm. 
> 
> Though other usb devices can be passed via usb-vm just fine, I'm getting
> an error with the touchscreen:
> 
> "ValueError: Dom0 do not have libvirt object"
> 
> As best I can tell, all of the usb devices are on one controller for
> this model Dell.
> 
> I'm not sure if anyone at all has had luck with touchscreens passed via
> usb-vm, or whether the effort has been wholly unsuccessful so far:
> 
> https://github.com/QubesOS/qubes-issues/issues/2281

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2cb754df-e253-4d57-83bb-4ca857655405%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] HCL - Dell Lattitude E5570

2017-06-03 Thread Eric Duncan
I am in the same position with a Lenovo Thinkpad Helix tablet w/touchscreen.  I 
selected usb-vm on installation, and cannot get the touchscreen working either.

Subscribing for updates, or of someone wants me to test (not sure how to debug 
or try to enable it).

-E

On Friday, June 2, 2017 at 11:46:51 PM UTC-4, haw...@bitmessage.ch wrote:
> On Sun, 19 Feb 2017 20:49:43 -0500
> "'Qubes Lovitt' via qubes-users"  wrote:
> 
> > Everything working great so far
> > 
> > -Windows7 HVM template & appvms fine.
> > -sys-usb fine and able to pass through individual USB devices
> > -PCI passthrough working (sound, usb, SD card reader) -- will try
> > external thunderbolt 3 GPU enclosure next month and report GPU
> > passthrough results once/if working -Contacted smartcard working with
> > PGP/Enigmail. Next will try contactless NFC along with -fingerprint
> > scanner and will report any results of where I got that working -TPM
> > available but booting in UEFI mode so have not tried AEM yet
> > 
> > I believe this notebook should be Qubes 4.0-ready based on what I
> > have seen.
> > 
> > Cheers. Attached HCL tool YML output.
> > 
> > 
> > 
> > 
> 
> 
> If you have the touchscreen version of the Dell Lattitude E5570, were
> you able to pass the touchscreen back to dom0? 
> 
> The touchscreen on the lattitude E5570 works great without a usb-vm. 
> 
> Though other usb devices can be passed via usb-vm just fine, I'm getting
> an error with the touchscreen:
> 
> "ValueError: Dom0 do not have libvirt object"
> 
> As best I can tell, all of the usb devices are on one controller for
> this model Dell.
> 
> I'm not sure if anyone at all has had luck with touchscreens passed via
> usb-vm, or whether the effort has been wholly unsuccessful so far:
> 
> https://github.com/QubesOS/qubes-issues/issues/2281

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7180c86b-166f-4df4-ab31-1dffba3e7530%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: HCL - LENOVO Thinkpad Helix (36984SU)

2017-05-31 Thread Eric Duncan
Is there any specific VTd or VTx testing I can do?  

It doesn't seem to complain about anything not working, and really is a fully 
functional PC.  

I went ahead and disabled the cameras and bluetooth in the bios.  Should I 
enable those and report on their functionality?  (for privacy, those tend to be 
disabled, right?)

All in all, I am quite happy with this tiny 11.5" tablet and Qubes.  I get 
about 8+ hours of battery lightly browsing w/Tor (in whonix) and Chromium (in 
personal), along with a few IRC and XMPP command line utils connected in the 
background.  Heavy Chromium work (developing, videos, etc) runs the battery out 
at around 6 hours.  For comparison, the same workload gets about the same in 
Windows.  So I'm happy with the battery life.

As noted in the original notes I submitted, I force Windows Boot Manager to be 
my boot manager, not grub.  I do this for Windows' built in TouchScreen support 
for their windows boot manager.  It's a PITA to configure, copying the first 
512 bytes of the boot partition to a bin file and manually configuring Windows 
to boot it.  But, occasionally the device's battery is dead, or I forget what 
state it is in, etc and when I boot it and not docked in the keyboard, I need 
to be able to "touchscreen" it to boot in Windows.

About two years ago I setup this machine with Arch + Gnome with every 
Touchscreen trick in the book available -and I even modified a few drivers for 
it and compiled it myself.  Gnome, which is hte leading "Touchscreen" WM out 
there for Linux, was o-k that it was functional.  But I couldn't get off the 
lost of no touchscreen on the Login screen.  The LOGIN SCREEN!  THere were 
hacks to enable this, but they all leaked keystrokes to the root bus - and I 
was not happy to do that.

I'll give Gnome (and Mint, Xfce, etc) a few more years and will try touchscreen 
again on Linux.  Until a smooth, and secure, login method + UX experience is 
available, I'm afraid I have to continue with Windows 10 on the tablet for now.

And with Qubes, that means dual-boot as Xfce has next to no touchscreen 
abilities - especially at login.  I am sure Touchscreen is not a priority for 
Qubes anytime soon either.  Oh wells.  i3wm + keyboard dock works awesome.

Eric

On Wednesday, May 31, 2017 at 2:53:39 PM UTC-4, Eric Duncan wrote:
> Model Lenovo Thinkpad Helix (36984SU) (i7-3667U, Ivy Bridge, HD4000)
> BIOS  GFET56WW (1.35 )
> HVM   yes
> IOMMU yes
> SLAT  yes
> TPM   yes
> Qubes R3.2
> Kernel4.4.67-12
> RemarkCSM legacy boot on USB3 only, no touchscreen.
> CreditEric Duncan?
> 
> Notes:
> 
> With such a small screen, tight keyboard and overly sensitive trackpad, i3wm 
> is highly preferred over Xfce's need for mouse-and-click everything.  
> 
> Works with CSM Legacy (non-EFI) booting only.  Had to use a USB3 stick with 
> USB3 enabled in Keyboard dock for it to be recognized.
> 
> Currently testing with Dual Boot of Windows 10 as boot manager, booting Grub, 
> so unable to test out Anti-Evil Maid yet (will do with external ssd soon).
> 
> Xfce's mouse controls are too sensitive for the trackpad.  Had to dial them 
> back to 1 acceleration (0 would cause wild movements, had to be set to 1).
> 
> Touchscreen does not work.  Haven't investigated why (I use i3wm on Linux, so 
> I have no need for touchscreen, especially since the Xfce/KDE/Gnome login 
> screens have zero touchscreen functionality).
> 
> Everything else seems to work out of the box.  I used the usbvm to isolate 
> everything.
> 
> 
> qubes-hcl-report output below:
> 
> Qubes release 3.2 (R3.2)
>  
> Brand:  LENOVO
> Model:  36984SU
> BIOS:   GFET56WW (1.35 )
>  
> Xen:4.6.5
> Kernel: 4.4.67-12
>  
> RAM:7884 Mb
>  
> CPU:
>   Intel(R) Core(TM) i7-3667U CPU @ 2.00GHz
> Chipset:
>   Intel Corporation 3rd Gen Core processor DRAM Controller [8086:0154] (rev 
> 09)
> VGA:
>   Intel Corporation 3rd Gen Core processor Graphics Controller [8086:0166] 
> (rev 09) (prog-if 00 [VGA controller])
>  
> Net:
>   Intel Corporation Centrino Advanced-N 6205 [Taylor Peak] (rev 96)
>  
> SCSI:
>   SAMSUNG MZMTD256 Rev: 4L3Q
>  
> HVM:Active
> I/O MMU:Active
> HAP/SLAT:   Yes
> TPM:Device present
> Remapping:  yes
>  
> Qubes HCL Files are copied to: 'dom0'
> Qubes-HCL-LENOVO-36984SU-20170531-142016.yml- HCL Info

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/977756bf-effa-4087-92f5-03b6beb92089%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] HCL - LENOVO Thinkpad Helix (36984SU)

2017-05-31 Thread Eric Duncan
Model   Lenovo Thinkpad Helix (36984SU) (i7-3667U, Ivy Bridge, HD4000)
BIOSGFET56WW (1.35 )
HVM yes
IOMMU   yes
SLATyes
TPM yes
Qubes   R3.2
Kernel  4.4.67-12
Remark  CSM legacy boot on USB3 only, no touchscreen.
Credit  Eric Duncan?

Notes:

With such a small screen, tight keyboard and overly sensitive trackpad, i3wm is 
highly preferred over Xfce's need for mouse-and-click everything.  

Works with CSM Legacy (non-EFI) booting only.  Had to use a USB3 stick with 
USB3 enabled in Keyboard dock for it to be recognized.

Currently testing with Dual Boot of Windows 10 as boot manager, booting Grub, 
so unable to test out Anti-Evil Maid yet (will do with external ssd soon).

Xfce's mouse controls are too sensitive for the trackpad.  Had to dial them 
back to 1 acceleration (0 would cause wild movements, had to be set to 1).

Touchscreen does not work.  Haven't investigated why (I use i3wm on Linux, so I 
have no need for touchscreen, especially since the Xfce/KDE/Gnome login screens 
have zero touchscreen functionality).

Everything else seems to work out of the box.  I used the usbvm to isolate 
everything.


qubes-hcl-report output below:

Qubes release 3.2 (R3.2)
 
Brand:  LENOVO
Model:  36984SU
BIOS:   GFET56WW (1.35 )
 
Xen:4.6.5
Kernel: 4.4.67-12
 
RAM:7884 Mb
 
CPU:
  Intel(R) Core(TM) i7-3667U CPU @ 2.00GHz
Chipset:
  Intel Corporation 3rd Gen Core processor DRAM Controller [8086:0154] (rev 09)
VGA:
  Intel Corporation 3rd Gen Core processor Graphics Controller [8086:0166] (rev 
09) (prog-if 00 [VGA controller])
 
Net:
  Intel Corporation Centrino Advanced-N 6205 [Taylor Peak] (rev 96)
 
SCSI:
  SAMSUNG MZMTD256 Rev: 4L3Q
 
HVM:Active
I/O MMU:Active
HAP/SLAT:   Yes
TPM:Device present
Remapping:  yes
 
Qubes HCL Files are copied to: 'dom0'
Qubes-HCL-LENOVO-36984SU-20170531-142016.yml- HCL Info


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/419c43ce-74ca-44e3-a9ea-4da49dc92ac9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-LENOVO-36984SU-20170531-142016.yml
Description: Binary data


[qubes-users] Re: Booting USB Quebes across multiple machines?

2017-05-31 Thread Eric Duncan
I believe my tablet does support vt-x and vt-d:

Qubes release 3.2 (R3.2)
 
Brand:  LENOVO
Model:  36984SU
BIOS:   GFET56WW (1.35 )
 
Xen:4.6.5
Kernel: 4.4.67-12
 
RAM:7884 Mb
 
CPU:
  Intel(R) Core(TM) i7-3667U CPU @ 2.00GHz
Chipset:
  Intel Corporation 3rd Gen Core processor DRAM Controller [8086:0154] (rev 09)
VGA:
  Intel Corporation 3rd Gen Core processor Graphics Controller [8086:0166] (rev 
09) (prog-if 00 [VGA controller])
 
Net:
  Intel Corporation Centrino Advanced-N 6205 [Taylor Peak] (rev 96)
 
SCSI:
  SAMSUNG MZMTD256 Rev: 4L3Q
 
HVM:Active
I/O MMU:Active
HAP/SLAT:   Yes
TPM:Device present
Remapping:  yes
 
Qubes HCL Files are copied to: 'dom0'
Qubes-HCL-LENOVO-36984SU-20170531-142016.yml- HCL Info




On Wednesday, May 31, 2017 at 3:32:45 AM UTC-4, blacklight wrote:
> On Thursday, 25 May 2017 19:00:18 UTC+2, Eric Duncan  wrote:
> > Hello:
> > 
> > Does Quebes perform a machine-specific installation?  IOWs, can I install 
> > Quebes on a single USB device and share it across different machine setups?
> > 
> > E.g. if I install Qubes on an 8 core desktop, w/64GB ram, SSD (just keep it 
> > simple - only 1 SSD), Nvidia GPUs, etc - can I then take that exact same 
> > install and boot it in my Core i7 dual-core tablet with only 8 gb of ram 
> > without any issues?
> > 
> > I ask because of two reasons:
> > 
> > * I cannot format entire HDDs to dedicate to Qubes OS.  I still do some 
> > Windows 10, iOS and Linux development and need macOS for other various 
> > things.  A dual-boot setup is not "secure."
> > 
> > * I was thinking of setting up an mSATA drive and USB3 adapter for Quebes, 
> > encrypt the partitions and evil-maid protection and etc, and boot it in 
> > multiple devices.
> > 
> > I currently have it installed as a dual-boot on my Lenovo Helix (full 
> > support for 4.x btw!).  But, I'd like to boot Quebes on my desktop and 
> > other machines I use...
> > 
> > ...while keeping it secure, by using the entire mSATA drive for Quebes.
> > 
> > Thanks in advance!
> > -E
> > 
> > Ps, I have already attempted to try this with a USB3 stick and had possibly 
> > unrelated failures.  Hence, why I am asking about the installation process 
> > and hardware configurations- if any.  
> > 
> > Before I invest into an external drive setup, I'd like to know if there are 
> > any foreseen issues first.
> 
> well as far as i know, it will work if it meets the minimum requirements.
> i wonder if your tablet supports vt-x and vt-d though.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5ebd7f87-5e82-4867-a5ea-fb2c4e0a25d2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Booting USB Quebes across multiple machines?

2017-05-29 Thread Eric Duncan
Thanks Vit and Dave C!

@Dave:

Yep, USB sticks get too hot - and the USB2 sticks I tried were far too slow for 
my taste.

I have a couple of these laying around from previous laptop builds:

https://www.amazon.com/Transcend-128GB-MSA370-mSATA-TS128GMSA370/dp/B00K64HXAA/?tag=eduncan911-20

Was going to use one and the smallest msata usb3 adapter I could find, like 
this:

https://www.newegg.com/Product/Product.aspx?Item=9SIA6V83ZJ7496

But didn't want to buy that, and go through the trouble of setting things up 
and migrating over if it was going to have problems.

Hearing that you have a multi-machine setup, with just a tweak it seems, 
assures me.  

Ordering today!

Thank you guys!
Eric

On Monday, May 29, 2017 at 8:59:16 AM UTC-4, Dave C wrote:
> On Saturday, May 27, 2017 at 12:23:37 AM UTC-7, Vít Šesták wrote:
> > I've asked some slightly similar question like a month ago. I was told I 
> > should run dracut without hostonly mode in order to have all the modules I 
> > need.
> > 
> > Your case is a bit harder. You would need to either run dracut after any 
> > kernel update (without this, it might make Qubes unbootable on other 
> > machines than the one you have updated it from) or reconfigure dracut (like 
> > edit something in /etc) if possible.
> > 
> > Regards,
> > Vít Šesták 'v6ak'
> 
> To always run dracut without hostonly, make a file 
> /etc/dracut.conf.d/no-hostonly.conf, and in there put:
> 
> hostonly="no"
> 
> 
> I do the above to have a portable Qubes that I can boot on multiple machines. 
>  Mostly this works fine, but occasional issues:
> 
> * If you ever assign PCI devices, those will of course change from machine to 
> machine.
> * I find USB sticks get hot, and slow.  I recommend installing on a portable 
> SSD instead (which can plug into USB port).
> * I have a laptop which boots incredibly slowly.  There is a roughly 2 minute 
> delay in the boot process.  I suspect it is waiting for PS/2, but the machine 
> has none. Although I'm not sure, and not sure how to troubleshoot.
> 
> -Dave

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cf4e64f8-6821-474b-b864-42e3def11eba%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes OS version (e.g., R3.2): Having an issue in the last part of the installation

2017-05-26 Thread Eric Duncan
On Friday, May 26, 2017 at 3:27:18 PM UTC-4, tombulku...@gmail.com wrote:
> Thanks a lot Eric, already read this post and did all installation after 
> verifying it but it didn't solve my issue.
> I need another method to fix this up, KERNEL FAILED is not the only issue, i 
> cannot complete the installation.

Can you provide more details as to what the problems are?

All I saw was the Failed to load kernel modules error, which I replied wasn't 
an issue normally.

If you have more issues, please post them with as much information as possible.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8161cf62-ff80-4f61-93cd-63592cb82eb4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes OS version (e.g., R3.2): Having an issue in the last part of the installation

2017-05-26 Thread Eric Duncan
I get the same message on R3.2, and it works perfectly fine.

https://groups.google.com/forum/#!topic/qubes-users/iKs1ueF0ez8

Verify it with instructions in that thread.  If passes, I wouldn't sweat it.

Btw, /r/Qubes didn't get a lot of traffic for me either.  I would only post to 
this Google group going forward.


On Friday, May 26, 2017 at 11:26:59 AM UTC-4, tombulku...@gmail.com wrote:
> Hello there,
> I'd like to ask a question to this community before taking further action.
> I'll buy a Librem 13 with pre installed Qubes if I can't sort this out.
> I'll buy one even if i sort it but while i'm in US so it'll be a lifesaver 
> without paying custom taxes.
> Anyways,
> I'm a long time Tails user and it's so simple but I wanted to switch to Qubes 
> but as you already know it's a lot harder for a GNU/Linux newbie.
> I think i'll be able to figure it out if i pass this last installation 
> process.
> Can you please look at this post on reddit and tell me what i'm doing wrong 
> if you know the solution for this ?
> HUGE THANKS IN ADVANCE,
> 
> https://www.reddit.com/r/Qubes/comments/6b484q/having_an_issue_in_the_last_part_of_the/?st=J35Y5Y0X=83624631
> 
> Highlights for the ones who doesn't wanna browse reddit ;
> Having an issue in the last part of the installation • r/Qubes
> 
> Hi there dear experienced Qubes users, I'm a newbie about Qubes but a long 
> time user of Tails and VMs. Trying to figure it out and to switch to...
> I have tried everything for the last 2 months and i have tried this on all of 
> my 3 PCs
> I did verify ISO and test media before the installation, first i have tried 
> without verifying but same error occurred so then i deleted all and start 
> again with verifying also checked the hardware list and i have tried with 
> Dell Inspiron N5010 and Dell Xps15 and Hp Envy Desktop...
> Facing with the same issue on every single machine i have tried also using ex 
> SSD as an external HDD. I was thinking if it was related to WIFI cards these 
> machines have
> 
> Also the main issue can be this :
> 
> [Failed to start Kernel Modules ](http://imgur.com/a/8xowA) 
> 
> Please help me if you can I just don't wanna pay 2.600$ + 1.500$ as 
> custom tax without knowing OS i'll use.
> I just wanna practice some before getting deep into it.
> BEST REGARDS great community.
> FatBird.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2dfca796-0f63-49e7-85b5-cdfc0fa77134%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Booting USB Quebes across multiple machines?

2017-05-26 Thread Eric Duncan
To clarify my original post/question:

What does Qubes use from the physical machine's properties to set up an 
installation?  I could not find any documentation on the site about this in the 
Wiki (I'm happy to contribute it to the Qubes wiki, if it can be explained 
here).

Some ideas I have that might cause issues with a single installation used 
across multiple configurations.

- # of cores are used to pre-set all VMs to # of vCPUs (e.g. like Docker does)
- amount of Memory used to pre-set all VMs to certain percentages (with a min). 
use swap for the rest.

But, I don't know if Qubes does this or not.  Could be plausible though, if it 
did read these values.  

I have one installation that uses the USB VM, and I think that is perfect.  I 
can write custom scripts with that VM to look for and mount certain things 
depending on if they present or not (Logitech webcam on desktop, not on macbook 
pro, etc).

As for the # of cores/memory, I could write a script in dom0 that would 
"adjust" the VMs according to the system properties, before they start.  That 
doesn't seem like a big deal either.


What I'd like to know if there is anything else specific, like graphics drivers 
or device drivers that are detected, installed and enabled as per the 
installation.  Like, is there a specific Xen installation done on Qubes install?

Thanks!
Eric

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9177a7d9-99c1-4b34-b676-e8761e090971%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Booting USB Quebes across multiple machines?

2017-05-26 Thread Eric Duncan
Thank you.  But, my question was more about how Qubes gets installed and does 
it use any system properties to customize the install?


I know what you are saying though.  If running Windows/macOS, a piece of 
firmware of a device (or bios) could be infected.  And when booting Qubes from 
the external device, it could infect it.

Then again, that argument could be made against 100% of all PCs, laptops, 
motherboards of custom builds, etc - even brand new devices.  So are you ever 
safe?  Perhaps if you built your own device from scratch and coded your own 
BIOS.  

The edge case you mention would most likely be valid only from a targeted 
attack, not part of a toolkit.  

Say if a state actor wanted access to my Qubes install, they would need to know 
some very specific information:

* specific macbook with specific hardware (very likely, AppleCare registered 
and all, blogging/bragging of hardware used, etc).  
* the exact mSATA drive and USB device I use for Qubes OS (very likely, I can 
just blog about it - or they can get NewEgg purchase history).  
* knowledge of exact firmware versions installed on those devices.

Virtually, they would need to exploit some Windows/macOS 0-day to gain access 
to the machine (somewhat likely, sure).  Physically, they would need to 
evil-maid my machines when we are gone on vacation or something (plausible, 
sure).

The attack would have to look like this:

1) They could devise a custom mSATA firmware to install onto the device.  Well, 
that would require me having the Qubes OS usb device attached when booting 
under some other OS installed on that machine.  So, always disconnect it before 
booting native OS.  Easy.

2) They could use the exploit to infect the BIOS, or Nvidia GPU firmware - 
something that would boot when booting the Qubes install. 

2A) that could install a keylogger, to gain access to the /boot LUKS partition 
password (like an evil-maid attack).  plausible, yes - at a very edge case.

2B) that could install some other firmware installer, that waits for the linux 
kernel to boot and then side-loads itself into the boot process, or exploit 
some Qubes 0-day to gain root on the device.  very unlikely, but plausible, yes.

So plausible? Sure, with explicit details in hand. 

But that is acceptable to me as the level of sophistication required to pull 
off that level of attack, with knowledge of devices and their exact firmware 
versions, most likely would only come from state actors.  (*cough* Stuxnet 
*cough*)

If you are worried about state actors, then yes format your machines and 
install only Qubes.

-E




On Thursday, May 25, 2017 at 11:14:30 PM UTC-4, cooloutac wrote:
> On Thursday, May 25, 2017 at 1:00:18 PM UTC-4, Eric Duncan wrote:
> > Hello:
> > 
> > Does Quebes perform a machine-specific installation?  IOWs, can I install 
> > Quebes on a single USB device and share it across different machine setups?
> > 
> > E.g. if I install Qubes on an 8 core desktop, w/64GB ram, SSD (just keep it 
> > simple - only 1 SSD), Nvidia GPUs, etc - can I then take that exact same 
> > install and boot it in my Core i7 dual-core tablet with only 8 gb of ram 
> > without any issues?
> > 
> > I ask because of two reasons:
> > 
> > * I cannot format entire HDDs to dedicate to Qubes OS.  I still do some 
> > Windows 10, iOS and Linux development and need macOS for other various 
> > things.  A dual-boot setup is not "secure."
> > 
> > * I was thinking of setting up an mSATA drive and USB3 adapter for Quebes, 
> > encrypt the partitions and evil-maid protection and etc, and boot it in 
> > multiple devices.
> > 
> > I currently have it installed as a dual-boot on my Lenovo Helix (full 
> > support for 4.x btw!).  But, I'd like to boot Quebes on my desktop and 
> > other machines I use...
> > 
> > ...while keeping it secure, by using the entire mSATA drive for Quebes.
> > 
> > Thanks in advance!
> > -E
> > 
> > Ps, I have already attempted to try this with a USB3 stick and had possibly 
> > unrelated failures.  Hence, why I am asking about the installation process 
> > and hardware configurations- if any.  
> > 
> > Before I invest into an external drive setup, I'd like to know if there are 
> > any foreseen issues first.
> 
> I'm not sure it would really be keeping it secure that way either.  dual boot 
> is not only unsafe cause it can change /boot but also because other os could 
> infect hardware.   In other words windows or mac could infect the firmware or 
> netcard, gpu, cdrom, etc... which could then sniff or infect your usb 
> installation.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, 

[qubes-users] Booting USB Quebes across multiple machines?

2017-05-25 Thread Eric Duncan
Hello:

Does Quebes perform a machine-specific installation?  IOWs, can I install 
Quebes on a single USB device and share it across different machine setups?

E.g. if I install Qubes on an 8 core desktop, w/64GB ram, SSD (just keep it 
simple - only 1 SSD), Nvidia GPUs, etc - can I then take that exact same 
install and boot it in my Core i7 dual-core tablet with only 8 gb of ram 
without any issues?

I ask because of two reasons:

* I cannot format entire HDDs to dedicate to Qubes OS.  I still do some Windows 
10, iOS and Linux development and need macOS for other various things.  A 
dual-boot setup is not "secure."

* I was thinking of setting up an mSATA drive and USB3 adapter for Quebes, 
encrypt the partitions and evil-maid protection and etc, and boot it in 
multiple devices.

I currently have it installed as a dual-boot on my Lenovo Helix (full support 
for 4.x btw!).  But, I'd like to boot Quebes on my desktop and other machines I 
use...

...while keeping it secure, by using the entire mSATA drive for Quebes.

Thanks in advance!
-E

Ps, I have already attempted to try this with a USB3 stick and had possibly 
unrelated failures.  Hence, why I am asking about the installation process and 
hardware configurations- if any.  

Before I invest into an external drive setup, I'd like to know if there are any 
foreseen issues first.  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/98354b40-a391-4695-a0e4-337add7a4ea7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: R3.2: suspended laptop, cannot login

2017-05-22 Thread Eric Duncan
For the record, I still don't know what happened with this install.  It was 
from a USB stick, without verification.  Perhaps it was a corrupted install 
(3rd install, btw from the same USB stick).

Recently I switched to a USB3 stick, and made sure to 'verify' before 
installing.

This time the password prompt comes up after the blank screen.  So it is all 
fine now.

I'll chalk it up to a bad installation.

On Friday, May 5, 2017 at 7:38:43 PM UTC-4, Eric Duncan wrote:
> New install, system went into suspend.  Upon resume:
> 
> - I cannot login / there is no login box.  
> - Window days that says XScreenSaver 5.35, dom0, "Authentication Failed!" <- 
> I haven't done anything to authenticate.
> - Username: "user" (my username), but there is no Password box.
> 
> How do I type a password?  I tried typing just into the black void, but it 
> just flashes the screen and constantly re-displays that XScreenSaver window.
> 
> More info...
> 
> I just installed Qubes OS R3.2 and can't wait to get my Arch and Debian 
> testing stuff running next to each other along with BlackArch and Whonix.  
> Y'all just combined my 4 laptops into one!  :)
> 
> I literally just logged in.  I closed the laptop screen, which put the laptop 
> into suspend, to move to a new room where I can focus on my newfound glory.
> 
> Except, when I open the screen I am showing a black screen with XScreenSaver 
> and my username telling me "Authentication Failed!"  Except, I haven't tried 
> to log in yet.
> 
> If it matters:
> 
> - Installed to USB3 stick
> - Current booted up on Asus G750JW
> 
> How do I get back into Qubes OS?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f52d6964-f582-48ce-94ee-4f55a40ebef7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: FYI: don't install with username "qubes"...

2017-05-07 Thread Eric Duncan
Humm.  Thanks, but a simple validation error would have sufficed.  :)

I was wondering where to add bugs.  I'll do i there from now on.  

On Saturday, May 6, 2017 at 12:34:15 AM UTC-4, Andrew Morgan wrote:
> On 05/05/2017 04:32 PM, Eric Duncan wrote:
> > ...because after waiting nearly two hours to install onto a USB stick, 
> > you'll get an error at the very end stating the Python script had an error 
> > and installation has been halted.
> > 
> > Error message: can't create user. user already exists (something like that)
> > 
> > I actually went through three installations on two USB sticks until I dug 
> > in to see what the error was.  
> > 
> > It would be nice if the installer stated not to use "qubes" as the username 
> > when creating a user (better yet, have validation that prevents going 
> > forward with that username).  :)  
> > 
> 
> That sounds like a bad bug, but one that can be remedied pretty easily.
> 
> I've created an issue in QubesOS/qubes-issues for this here:
> https://github.com/QubesOS/qubes-issues/issues/2793
> 
> Andrew Morgan

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2d62ddd9-6b15-4ab2-84b9-b75a47ca8169%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] R3.2: suspended laptop, cannot login

2017-05-05 Thread Eric Duncan
New install, system went into suspend.  Upon resume:

- I cannot login / there is no login box.  
- Window days that says XScreenSaver 5.35, dom0, "Authentication Failed!" <- I 
haven't done anything to authenticate.
- Username: "user" (my username), but there is no Password box.

How do I type a password?  I tried typing just into the black void, but it just 
flashes the screen and constantly re-displays that XScreenSaver window.

More info...

I just installed Qubes OS R3.2 and can't wait to get my Arch and Debian testing 
stuff running next to each other along with BlackArch and Whonix.  Y'all just 
combined my 4 laptops into one!  :)

I literally just logged in.  I closed the laptop screen, which put the laptop 
into suspend, to move to a new room where I can focus on my newfound glory.

Except, when I open the screen I am showing a black screen with XScreenSaver 
and my username telling me "Authentication Failed!"  Except, I haven't tried to 
log in yet.

If it matters:

- Installed to USB3 stick
- Current booted up on Asus G750JW

How do I get back into Qubes OS?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d31dd8c6-cee2-4cb4-a043-391f7ea91206%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] FYI: don't install with username "qubes"...

2017-05-05 Thread Eric Duncan
...because after waiting nearly two hours to install onto a USB stick, you'll 
get an error at the very end stating the Python script had an error and 
installation has been halted.

Error message: can't create user. user already exists (something like that)

I actually went through three installations on two USB sticks until I dug in to 
see what the error was.  

It would be nice if the installer stated not to use "qubes" as the username 
when creating a user (better yet, have validation that prevents going forward 
with that username).  :)  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d6f7e516-75af-4025-b518-6ab2232810db%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.