Re: [qubes-users] issues with i3, xrandr and keyboard

2021-01-19 Thread Jarrah


> For the qubes way to change the vm keymaps, idk sorry. I only know it
> does
> not allow to change your keyboard options so I looked away.


For me at least, changing the xfce setting carries through to i3. This
also propagates to VMs, but only once on VM start. Repeated propagation
is slated for r4.1.

Alternatively, VM keyboards can be changed from Qube Manager (right
click, set keyboard layout) when VMs are powered on. This should
persist, but is specific to one VM.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1d45ddad-1496-77c6-19ba-23127ba7d0d0%40undef.tools.


Re: [qubes-users] Re: High dom0 CPU usage by qubesd

2021-01-06 Thread Jarrah
This is some really nice tracing work. I'm sure it would be appreciated
as an issue in the qubes-issues repository so it can be tracked properly.

While I haven't gone to the same depth, I can confirm that `qubesd`
jumps to ~25% CPU regularly on my (albeit much beefier) system with i3.
This does correlate with qubes-i3status running on my system as well.


As a temporary work around, you could modify the script
(/usr/bin/qubes-i3status:123) to run every minute or longer. This would
have the downside of the clock updating slower, but otherwise should not
be a problem.

Alternatively, if the number of running VMs doesn't interest you, you
could comment out line 113 and modify 122 to suit this.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/47a92b74-22ad-276b-8c81-05dc9970dfe0%40undef.tools.


Re: [qubes-users] Disable lock screen / screenshot question

2020-12-22 Thread Jarrah


> How do you disable the automatic screen lock? I have the screensaver 
> disabled and the lock screen option unchecked but it still locks after a 
> few minutes.


For me, there is a "presentation mode" on the battery icon (which shows
on both desktop and laptop) that disables the screen lock.

> Also when using the screenshot function in system tools, is it possible to 
> save to the AppVM file system you are currently using rather than to Dom0? 
> Or how do I access it once it is saved to Dom0? 


You should be able to get them to your AppVM using `qvm-copy-to-vm  `  from the terminal.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f128f3f5-f63a-e64a-5556-60e0b373bec6%40undef.tools.


Re: [qubes-users] Errors updating Fedora 30 template

2020-11-07 Thread Jarrah


> I tried running 'dnf install qubes-template-fedora-32' as root and get:
>
> Failed to synchronize cache for repo 'qubes-dom0-cached', disabling. 
> No package qubes-template-fedora-32 available
> Error: unable to find a match
>
> Also tried: sudo qubes-dom0-install qubes-template-fedora-32 and get the 
> same output
`sudo qubes-dom0-update qubes-template-fedora-32` is the command you
want. The update script wraps all installs and updates in Dom0 on Qubes.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2ede61ed-b297-2215-a97e-1ee1379bdce3%40undef.tools.


Re: [qubes-users] Errors updating Fedora 30 template

2020-11-06 Thread Jarrah
First step will be getting an up-to-date template to work off. Fedora 30
is well past EOL. Try installing `qubes-template-fedora-32` in dom0.
> I am just learning Qubes and have found I can update a Fedora based App VM 
> running "dnf update" as root, but when I run the same command to update the 
> Fedora 30 template I get these errors:
>
> created by dnf config-manager from https://dl.f 0.0 B/s | 0 B 00:00
> Errors during downloading metadata for repository 
> 'dl.fedoraproject.org_pub_archive_fedora_linux_updates_29_everything_x86_64_':
> - Curl error (56): Failure when receiving data from the peer for 
> https://dl.fedoraproject.org/pub/archive/fedora/linux/updates/29/everything/x86_64/repodata/repomd.xml
>  


This indicates that you are either running Fedora 29 or have changed a
config to get packages from 29. Either way, the above recommendation
stands.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c4554a08-c51a-eb01-a622-d26a962d5e2f%40undef.tools.


Re: [qubes-users] Intel CPU frequency scaling and boost mode?

2020-11-06 Thread Jarrah


> I just installed (not to say it was easy) Qubes on gen10 intel NUC.
> It has a "mobile" type CPU, 1.6Ghz with turbo boost up to 4GHz.
> However, Xentop never shows frequencies higher than 1.6 no matter if I have 
> a CPU-intensive task or not. Does turbo boost work as expected?


There is a lengthy discussion at 
https://github.com/QubesOS/qubes-issues/issues/4604 about this with some
potential fixes.

I just resolved a similar issue on 4.1 where my laptop was locked to 800
MHz. The `xen-acpi-processor` kernel module was the problem there. Your
issue may be something else, but that thread is likely the best place to
find information about it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5fa7927f-026b-72c2-0ceb-c9d9ff5f898c%40undef.tools.


Re: [qubes-users] Typed text being copied to clipboard, etc

2020-10-25 Thread Jarrah


> 2. How do I make installed changes to an AppVM survive a reboot? Such as when 
> I install Opera or Brave browser, if I need to reboot I usually have to redo 
> the installation, or parts of it like libcurl.


Software that you want to survive reboots or use on multiple AppVMs
should be installed in the respective templateVM. `qvm-ls` will tell you
which VM that is, start it and install normally, then shutdown the
template and start the AppVM. Your program will be there persistently.
If you don't trust the application, best to create a separate templateVM
for it.

>
> 3. Lately when I suspend the system to RAM overnight, when I log back on the 
> system wakes up but the screen is just black, which forces me to reboot. This 
> didn't used to happen. Not sure if that is Qubes related or hardware related.
This may be Qubes related. I had a similar bug on my laptop that is only
fixed in 4.1 alpha. Do you have the same issue if you install/boot
fedora 25 without Xen/Qubes?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a769f800-7c9b-6dca-a0ee-7a674c969562%40undef.tools.


Re: [qubes-users] Installing Qubes OS contributed packages? (rofi and tunnel packages)

2020-10-17 Thread Jarrah


> I just tried to install qubes-tunnel in a fedora template and that
> also didnt work,
>
> sudo dnf install qubes-repo-contrib && sudo dnf install qubes-tunnel


Try with `dnf install --refresh --enablerepo=qubes-repo-contrib
qubes-tunnel`. It may be that either the new metadata hasn't come down
(happens a lot on Debian, not so much fedora) or the repo isn't enabled
by default in the package.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/151dfa93-27a8-35fd-b193-1b7d0d7c5ef3%40undef.tools.


Re: [qubes-users] Creating a sys-usb for my desktop?

2020-10-14 Thread Jarrah


> Add rd.break at the end of kernel options
> mount -o remount,rw /sysroot
> chroot /sysroot
> qvm-prefs sys-usb autostart False
> exit
> exit

This is the first half, which will stop the VM from starting. The other
half is to remove `rd.qubes.hide_all_usb` from the kernel Commandline.
For UEFI, that's in `/boot/efi/EFI/qubes/xen.cfg`. For BIOS, you can
edit it for individual boots in grub and permanently change it in
`/etc/default/grub`.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e97cc400-fdcc-dad7-0101-458bcebdfe82%40undef.tools.


Re: [qubes-users] Can hardly run anything? every dom0 command results in Errrno2?

2020-10-11 Thread Jarrah


> First, thanks to Jarrah!
> I inadvertantly booted my computer with my defucnt instalation plugged
> in and it booted my desktop drive on my laptop... go figure, but
> regardless I was now able to use Jarrah's response to mount and copy
> over most of the appvms (actually just mounted, tar'd up the entire
> thing, and saved to trusted ext drive). Thanks Jarrah!


Nice work. Glad it worked out for you.

>
> Caveat though, two actually, a few of the appvms gave errors, most of
> them were not hugely important appvms but the second issue (kinda) is
> about the possbility of copying the whole appvm, more specifically I
> have some vpn proxy vms which (for me) wasnt easy to setup so I was
> hoping to copy the whole appvm over to the new installation... I have
> tar'd the entire contents/configs of each of those vpn proxy vms but
> wasnt sure if that would be sufficient?


The /rw/config directory (just /config in the private image you copied)
should be enough, depending on how you configured it. You should be able
to make a new VM, overwrite its files with these and reboot. Your VPN
should "just come up".

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e3a76d85-f2df-3078-2e2b-d66c7c944e34%40undef.tools.


Re: [qubes-users] Grsecurity+Debian 10 has issues when PCI devices are being attached

2020-10-08 Thread Jarrah


> I've been trying to get a Debian 10 sys-net running with grsecurity as a 
> kernel. However, i've been running into some trouble when the PCI devices 
> are being attached to it. libxenlight is giving me errors and the PVH VM 
> will never even attempt to boot. 


Just to check, are you trying to boot a PVH VM with PCI devices? That's
only supported on HVM (and PV). Try changing 'virt_mode' to 'hvm'


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b5587fb8-9aed-f5cc-7320-d32fe9cd8a2c%40undef.tools.


Re: [qubes-users] Can hardly run anything? every dom0 command results in Errrno2?

2020-10-08 Thread Jarrah


> xvdj  202:144  1 931.5G  0 disk
> ├─xvdj1   202:145  1 1G  0 part
> └─xvdj2   202:146  1 930.5G  0 part
>   └─Templates 253:0    0 930.5G  0 crypt
>
> When i ls ~/Templates it shows nothing. 


You have successfully decrypted the partition, but not mounted to
"~/Templates".

> I guess part of my problem is that LVMs make no sense to me, or more
> accurately confuse me so the accessing LVM logical volumes is where my
> understanding decreases precipitously - I thought I was using an AppVM
> but LVM does not seem to be automatically discoering my LVM config?

The commands you are looking for are `lvscan` and `vgscan`, which should
populate the LVM disks in your `lsblk` output above.

For the private volumes, you should be able to then directly mount them
with `mount /dev/qubes_dom0/vm--private /`. So if you want to mount a VM called "vault" to "~/Templates" it
would be `sudo mount /dev/qubes_dom0/vm-vault-private ~/Templates`. At
this point, your files from just the VM "vault" are available in
"~/Templates".

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/26a3cb8e-aed1-832c-4339-873c21a11bd4%40undef.tools.


Re: [qubes-users] Can hardly run anything? every dom0 command results in Errrno2?

2020-10-07 Thread Jarrah


>> Ok so on the mount from other os page its not totally clear for me.
>>
>> I do have a barebones qubes system on another computer (laptop), so
>> would/should I take my ssd from my desktop connect it (have an adapter
>> cable) to my laptop then "pass" the whole disk to an isolated appvm?

Yes, this is the idea. Using `qvm-block a  ` or the
equivalent GUI widget.
>> If yes, then,,, what is meant by passing the disk to an appvm
>> (copying?) and when it says isolated appvm does that just mean, in my
>> case, an appvm on my laptop? 

Isolated was added because at this point, your AppVM is receiving the
same level of trust as your desktop Dom0. So don't do this is your
internet connected untrusted VM.
>> Lastly, as my laptop drive is smaller
>> than my desktop drive, would I be able to selectively copy/mount to my
>> laptop appvm or would I need to go another route?

When copying data off you would need a drive of that capacity, but to
mount, see files and modify them, there is no copying, it's all done on
the original drive.
>
> btw, on my desktop, I am still able to access a dom0 terminal and can
> connect to an external drive (I think), so can i just cp the appvms to
> an external drive and then extract the contents of the critical appvms?

By default the AppVMs are LVM volumes, making it a bit hard to just copy
them. If it still works, the Qubes backup tool would be the easiest way
to do this. Otherwise, "isolated AppVM" is interchangeable with dom0.
You could mount them and pull off your files manually, though this may
compromise Dom0 with anything untrusted in the AppVMs.
>
> Sorry, the mount from other os page is a bit over my head hence my
> attempting to find options that I can understand :/

Maybe once this is sorted, we could use this thread to improve that
document.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8de7967a-bc55-3256-9ce7-48ef89a23031%40undef.tools.


Re: [qubes-users] Any reason I shouldn't be able to use an internal sound card?

2020-09-25 Thread Jarrah


>> Is there any reason i shouldn't be able to (fairly easily) use an
>> internal sound card with Qubes? If not, any recommendations on sounds
>> cards that work well with Qubes?
>> Thx!
> Or USB as well, actually would one necessarily work/be more compatible
> than the other?

I can vouch for PCI based cards working fine. They operate in Dom0, so
the only requirement is Linux drivers. I'm using an older Asus Xonar
card, but You can probably find better than that.

As for USB, I'd expect they would work fine, assuming you can get the
audio stream to sys-usb or your USB controllers are active in Dom0. This
hasn't been implemented as a stardand feature, so it would be far more
restrictive than PCI.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e4a6e34f-b80c-217d-b5d7-1b8906792cbd%40undef.tools.


Re: [qubes-users] [TemplateVM error] could not resolve host: github.com #2

2020-09-24 Thread Jarrah


>
> user@kali:~$ git clone https://github.com/LionSec/katoolin.git
> Cloning into 'katoolin'...
> fatal: unable to access 'https://github.com/LionSec/katoolin.git/':
> Could not resolve host: github.com

Git does not know about the update proxy. Have a look at
https://www.qubes-os.org/doc/software-update-domu/ under "updates proxy"
for the configuration. Use the following command to configure git with
this proxy:

git config --global http.proxy http://:

Alternatively, download and verify katoolin in any other trusted AppVM
and use `qvm-copy` to move it over.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/507517e3-9a5b-3044-7d62-8bc256f6851f%40undef.tools.


Re: [qubes-users] Witch one is the best?

2020-09-19 Thread Jarrah


>
> My question is, would some of the newer/faster AMD CPUs and chipsets
> work with Qubes?

I can speak for the 2000 series working. I believe some people have
working 3000 series, but 4000 has been a serious issue. Not sure if
that's the CPU or the specific laptop.

https://qubes-os.discourse.group/t/qubes-support-on-amd-4000-series-lenovo-x13-t14/202/1

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/154d92d0-24d3-ef23-ddb0-cb7e6493b2b3%40undef.tools.


Re: [qubes-users] startx over ssh leads to many new Qubes windows

2020-09-19 Thread Jarrah
> Here's exactly what I do:
> $ ssh -X me@host.
The `-X` here forwards all X11 windows on the remote host back to your
local machine. Is this your goal?
> $ /usr/local/bin/startxfce4 --with-ck-launch
This will start a bunch of X11 windows, which are then forwarded back to
you.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/977fbcb8-9e88-44f6-5166-a9bd6e42cfc6%40undef.tools.


Re: [qubes-users] Fresh Install of Qubes 4.0.3 - No Wi-fi on sys-net with Intel Wireless-AC 9462 Card

2020-08-20 Thread Jarrah
> Hi All,

Hi,

> As a complete novice who has never even touched Linux before, I read 
> through the introductory documentation and finally through the install 
> guide. Then I performed a fresh install of Qubes 4.0.3 on a an ASUS ZenBook 
> Flip 15 UX562FA directly over Win10. Everything went well during the 
> installation. Only suspects were:
>
>1. installer claimed the SSD was full and that space needed to be 
>reclaimed
>   1. Reclaimable space was the Win10 OS partition, the Win10 Recovery 
>   Partition and the UEFI Partition
>   2. I deleted only the OS and the Recovery partitions while leaving 
>   the UEFI partition intact (with fears that if deleted I would mess up 
> the 
>   bootloader) 

Qubes would have replaced the UEFI partition had you done this. But it
seems everything to this point is working fine.

>1. After install, I rebooted
>2. I get the Failed to Load Kernel error during the boot sequence
>3. Though that threw me off, boot sequence continued and asked for SSD 
>password (no GUI just the terminal).
>4. Then proceeded to enter the user password and went into qubes OS
>5. Noticed there NetworkManager Applet displays red indicating No 
>Network Devices Available

In Qubes, these icons are coloured to the VM they come from. Sys-net's
icons will always be red. But there is a small x in the corner when they
are not connected.You should still be able to left click the icon to set
up WiFi. If that doesn't work, right click and ensure both networking
and WiFi are enabled.

>1. Not sure if the applet is looking for an Ethernet card as the laptop 
>   does not have an ethernet card installed. It only has the Wireless card.
>   2. Also not sure this is the issue.
>   
> The wireless card is an Intel Wireless-AC 9462 which is supported in 
> Kernels 4.14+
Have a look at https://github.com/QubesOS/qubes-issues/issues/5615 and
the recent mail to this list under the subject "[qubes-users] X1 Carbon
Gen 8". Other people are having (now somewhat worked around) issues with
this card.
>
> With my very limited troubleshooting abilities I have managed to confirmed 
> the following:
>
>1. sys-net has the Network Controller under Qube Settings > Devices
>   1. qvm-pci command in dom0 also shows the device being used by sys-net
>   2. lspci -v command in sys-net lists the wireless card with all its 
>information
>   1. except for "capabilities" which shows "" - not sure 
>   if this is a problem.
>   3. I can also confirm that the Fedora 30 TemplateVM has the same 
>iwlwifi-9000-pu-b0-jf-34.ucode firmware file in lib/firmware/from the 
> Intel 
>Website's iwlwifi-9000-pu-b0-jf-34.618819.0.tgz firmware package 
>   1. The other two file from that package LICENSE.iwlwifi-9000.ucode 
>   and README.iwlwifi-9000.ucode files are not present in /lib/firmware/. 
> (I 
>   tried to copy them from QubesIncoming/sys-usb into the lib/firmware/ 
> using 
>   the GUI but got an access denied error) - not sure if this is a problem.

This tells me that Qubes has set up sys-net correctly (WiFi card passed
through). You will need root privileges to get to those items. Try the
same command with `sudo` prefixed.

>   
> I have tried the following:
>
>1. Tried to go to Qubes Manager > sys-net > settings to check on wifi 
>networks but  settings dialog does not open

If left clicking on the Network Manager Applet doesn't give you anything
useful, try running the command `nm-connection-editor` from sys-net
terminal.

It's odd that the settings did not open, but that settings panel
controls the VM (Qube), rather than settings within the VM.

>2. Cannot ping www.google.com or 8.8.8.8 from sys-net
>3. I also installed the whonix option
>   1. Switching the sys-net template to whonix did not work
>   4. Switching sys-net to the Debian template does not work
>   1. haven't downloaded or installed any files post install on that 
>   template
>
> I was really hoping it was a firmware issue with the wireless card but it 
> does not seem to be the case, and so I am pretty clueless as to what else 
> it could be. 
>
> If you see an issue with my install procedure or any red flags from my 
> observations, or if you have any idea of how to get wifi going it would be 
> greatly appreciated. 

Your install and troubleshooting seem pretty good. This seems to just be
a qubes context thing. Have a go at the above and let us know whether
you can get connected.

> I love the idea of using Qubes as my main driver and learning about 
> configuring it and all. But unfortunately without wifi it's pretty useless
>
> thanks!
> Ivan M

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the 

Re: [EXT] Re: [qubes-users] Google requiring login to access qubes-users

2020-08-18 Thread Jarrah


> With the changes in Google Group's interface, I'm tempted to abandon this 
> place entirely and shift to mail, but for the sake of having more 
> participants, it'd be nice to have the forum/mailing list somewhere less 
> restrictive.
There was quite a large discussion about this under the subject "Help
create a Qubes Users Forum!" on qubes-devel a while back. It's  even
more of a ghost town currently, but there's only one way to fix that.
It's at https://qubes-os.discourse.group/. Maybe it could solve the problem?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8a8e07ad-1fcd-a7cf-ab2b-f905557958a9%40undef.tools.


Re: [qubes-users] Qubes on Lemur Pro - system 76

2020-08-14 Thread Jarrah
> I would like to test QUbes on my Lemur Pro but this machine requires a very
> recent kernel to work and unfortunately Qubes 4.0.3 can't boot the
> machine...

Do you have another machine you could do the install on? Once installed,
you could try installing the `kernel-latest` package which will give you
5.7.12, then put the drive back in the laptop.

Last laptop I bought had the same problem. This was the best option at
the time.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/331122f0-e824-812b-3fca-431b2b969c03%40undef.tools.


Re: [qubes-users] Re: HCL - ASRock-X399-Taichi

2020-07-11 Thread Jarrah
> Correction: I meant UEFI install, not IOMMU. I can't brain today, apparently. 
> IOMMU works and can be enabled from the BIOS settings as well. 
> BIOS-compatibility mode is enabled by default and is necessary to perform the 
> install.
I also have the same board. UEFI works on 4.1, but has never worked on
4.0 for me.
>  Currenly reports that there is no TPM found, but this motherboard has
> a huge number of settings that could possibly change both issues. AMD
> has an "fTMP" which can be enabled/disabled from the BIOS settings,
> but unclear if this simply a subtype of TPMs or a wholly different thing. 
This is the only TPM on this board. It's a firmware TPM built into all
Ryzen processors. Sadly, there is an ACPI based bug which causes the
wrong IO memory location to be provided to the Linux kernel. I have an
(exceptionally dirty) patch which gets it working, but it looks like the
patch I built that from will never make it upstream. Work on it has been
stalled for nearly a year.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/49ec02b8-440b-bebe-f842-12a39c71ec6e%40undef.tools.


Re: [qubes-users] Template Installation Problem

2020-07-04 Thread Jarrah
> What do you mean I am trying to install the Fedora-32 template in
> dom0? I am issuing the command to do it from dom0 yes, but I am not
> trying to install it in dom0 itself as the dom0 OS. I am not
> performing an upgrade from 31 to 32, which would have to be done in
> the template itself, I am installing the new Fedora-32-minimal
> template. That has to be done from dom0.
Installing a template is installing a package in Dom0. That package
contains the disk image and configuration of the template. This is why
the repositories point to fc25, not fc32.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e09b84eb-a59e-e8a5-c1d1-f1b9714dc474%40undef.tools.


Re: [qubes-users] fedora-32

2020-07-01 Thread Jarrah
> Hello, is fedora-32 minimal adequate for use as sys-firewall? or is
> there some reason that its better to use the full F32 template?
It will work, but requires some extra packages. See
https://www.qubes-os.org/doc/templates/minimal/ under the heading
"Distro-Specific Notes".

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9fb3244a-c656-c107-a7d6-78636478bff0%40undef.tools.


Re: [qubes-users] Quebes for noobs (Installation)

2020-06-25 Thread Jarrah


>> I get an error at once i start the installation.
> Is that something i need ot change in the bios?

Exactly this.

The machine you posted should support the features listed, but they may
not be enabled by default.

Boot into BIOS/UEFI and ensure SVM and IOMMU are enabled.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/00086443-7463-9ba3-31ea-8b5ffa02d0c9%40undef.tools.


[qubes-users] Kernel Panic using kernel-latest from current-testing and RX5700XT

2020-06-23 Thread Jarrah
Good Morning,

Is anyone else getting a kernel panic at "amdgpu_debugfs_init" booting
the new 5.7.4-1 kernel from current-testing with an AMD GPU?

I'm not particularly worried about it because the GPU didn't work with
4.0 anyway and the bug doesn't affect 4.1. I'd like to know whether
anyone else has the same problem.

Workaround (assuming you have another GPU) is to add
`modprobe.blacklist=amdgpu` to your kernel parameters. Though if you
only have AMD GPUs, this will block them.

Thanks,

Jarrah.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6beb12cc-01fd-3052-ad5f-b6347cee5ebd%40undef.tools.


Re: [qubes-users] How to split into two gateways

2020-06-23 Thread Jarrah
> Can someone please tell me if you were able to achieve the following?
> - Have two NICs handling two separate sys-net
> - Behind each sys-net their own firewall
> - behind the firewalls their own set of VMs.

Yes, the machine I am on has this setup.

Both sys-net VMs have a dedicated NIC PCI passed through to them. They
each have a sys-firewall, which each has VMs on it.

I cloned the original sys-net, but if you follow the instructions for
creating a new one, it should work fine.

> I was able to handle the firewall rules and everything else but I cannot make 
> it work to have 2 sys-net each handling a NIC separately. Can someone please 
> tell me step by step how you achieved that?

Try just doing the passthrough first. If you can get the NICS to show up
in `lspci` in the two sys-nets and configure networking so you can ping
out.

Command to attach the NIC: `qvm-pci attach sys-net2 dom0:`.
PCI-address can be found in the output of `qvm-pci`.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8451224f-59f5-fe85-b35e-3d08413dd8e4%40undef.tools.


Re: [qubes-users] qubes installation problem on MS-16R3

2020-06-22 Thread Jarrah
> I'm having this installation issue when trying to Install Qubes on a MSI 
> Laptop
Can we get a little more info on the laptop? CPU, GPU, etc.
> [image: qubes_error.png]
> How should I find out how to continue the installation (if there is any 
> chance) ?

Could you provide output of `dmesg` in a terminal while installing?
(ctl-alt-f2 for TTY2) Also have a look at the logs in `/tmp/` and
`/var/log/`, specifically the Xorg logs.

If you need to get a file off, the installer will detect and allow you
to mount another USB drive to copy them to.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1440cb55-a5ca-c8a7-39c2-eb16520e9252%40undef.tools.


Re: [qubes-users] installing qubes

2020-06-22 Thread Jarrah


> Sorry for the late response, It took forever for the iso to download.
> IT'S WORKING! There is just one last problem. I can't get wireless
> working. Any ideas?
Congratulations on getting it working. Just remember that is a
pre-release version of Qubes. It's not fully supported and may have bugs.

Looks like your card isn't well supported in Linux, but there is a DKMS
driver [0].

If you trust this and want to install it, I would recommend creating a
new template and installing the driver [2] in that template. You may
need to set sys-net and the new template to use a VM provided kernel [1]
for this to work, I haven't tried it.


[0] https://github.com/tomaspinho/rtl8821ce

[1] https://www.qubes-os.org/doc/managing-vm-kernel/ (under "Using
kernel installed in the VM")

[2]
https://ask.fedoraproject.org/t/install-drivers-for-rtl8821ce-network-chipset-on-fedora-30/3672

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c5b7151b-010a-9898-5652-8c69055734b0%40undef.tools.


Re: [qubes-users] installing qubes

2020-06-20 Thread Jarrah


> Here is what I got. Do you think I should upgrade to qubes 4.1? If so
> where is the ISO? How can I get it?
>
Going to need the output as a file sorry. That's only the end of it. If
you plug another USB drive in you should be able to write the file to it
using `dmesg > /mount/point/of/usb/filename`.

At this point, we don't really have enough information to go off to
determine whether it will help at all. If you want to give it a go, the
latest unsigned iso is
https://openqa.qubes-os.org/tests/9426/asset/iso/Qubes-4.1-20200614-x86_64.iso

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4750add5-9673-713f-7d04-a60dbc90791b%40undef.tools.


Re: [qubes-users] installing qubes

2020-06-20 Thread Jarrah
> I apologize but you have it wrong. I want to INSTALL qubes. The above
> is all I have to tell you.
>
My bad, I missed that and thought you were getting that error on boot
after install.

Could you switch to another TTY on install (ctl-alt-f2 should do it) and
provide the output of `dmesg`. That should tell us what the driver is
doing on boot.

AMD cards (as I recently found out) can be a bit finicky under Xen. Mine
no-longer works at all under qubes 4.0.3, but works fine on 4.1. That
might also be an option, though it is pre-release, so only try it if you
are willing to debug.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/38a5c495-d5de-963f-5008-de78b948493d%40undef.tools.


Re: [qubes-users] installing qubes

2020-06-20 Thread Jarrah


> I now have a screenshot of the LUKS error in text mode I mentioned. 
> It reads "Encryption requested for LUKS device nvme0n1p2 but no
> encryption key specified for this device". Any ideas?

This sounds like the disk encryption went wrong. Do you get a prompt for
your disk password on boot? It "should" default to asking on boot.

Could you provide the content of the relevant "module" line in your
`/boot/grub2/grub.cfg` if you use BIOS boot or
`/boot/efi/EFI/qubes/xen.cfg` will have an equivalent line on UEFI.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d0adfd52-38d7-9109-c6c7-7221c2934deb%40undef.tools.


Re: [qubes-users] issue with building Qubes Windows Tools

2020-06-17 Thread Jarrah


> ***
> ***   ERROR
>   ***
> *** Cannot create chroot because the current filesystem is mounted as 
> nodev. ***
> *** Build Qubes on a different filesystem, or run 'make remount' to 
> remount  ***
> ***  with dev option.
> ***
>   ***
> ***

Haven't used qubes windows tools at all, but the error output above
seems to point at a mount options issue. It cannot create the chroot
because the filesystem is mounted with `nodev`.

As it says above, try `make remount`. Or manually with `mount -o
remount,dev ` for example, if you are working in your home
directory in an AppVM, the command would be `mount -o remount,dev /rw`.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/17f3899b-80d0-b3dc-dd32-31a18501eb8c%40undef.tools.


Re: [qubes-users] Next update of Qubes?

2020-05-23 Thread Jarrah


> I see that Qubes does not announce planned new releases of Qubes, or state 
> what should trigger an update. 
Releases are announced when ready for testing. In addition, releases of
templateVMs are announced in the Qubes-users/devel mailinglists.
> I am between updating Qubes with Fedora 32, which also means creating 
> AppVMs, I am not sure how I would update the Work VM, as it is, I am 
> guessing, based on Fedora 32.  All this translates to my working with Salt, 
> which is shown a lot of in this forum.  Meaning I should learn Salt and 
> some other things.  
I can't comment on doing it through salt, but using the Qubes Template
Manager you can select which template a VM uses and mass change the
templates.
> Just seems like it would be so much easier if we had an entire new version 
> of Qubes, which I could install.  At the same time, I am making sure any 
> Malware I might have picked up gets clobbered.   And leaving me with the 
> problem of re installing all of my personal files, my own personal fixes to 
> Template VMs.  Instead many are learning Salt.  
I'm not sure that reinstalling the entire OS and adding all changes made
to it would be better for most people. Installing a new template with
`qubes-dom0-update qubes-template-fedora-32` and moving VMs over to it
took me 10 minutes. Installing Qubes and getting the OS customised can
take me a few hours.
> This question also comes back to making Qubes easy for Human Rights 
> Activists and Journalists.   I do not think those two groups will go to the 
> trouble of learning how to install Salt.  I agree that since most of the 
> changes for Human Rights Activists/Journalists are made inside Template VMs 
> of (now usually Debian, or Fedora), that the folks who create Qubes for us, 
> should not concern themselves with those things.  
>
> So, anyone here have a guess as to what new version of Qubes might be 
> nearly out?  Or should I start reading about how to work with Salt?  

The next version of Qubes (4.1) is well on it's way. You can see
progress in the following links:

https://github.com/QubesOS/qubes-issues/issues/5529

https://github.com/QubesOS/qubes-issues/issues/5763

https://github.com/QubesOS/qubes-issues/issues?q=is%3Aopen+is%3Aissue+milestone%3A%22Release+4.1%22


As for salt, it's always recommended to learn and use a configuration
management system. But it's not necessary. It entirely depends on
whether you need to be able to rebuild your system from scratch or
automate updates.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d3843ce5-1017-8e38-764c-0fda02791586%40undef.tools.


Re: [qubes-users] AMD RX 5700 XT suddenly stopped working with Qubes

2020-05-17 Thread Jarrah


> Doesn't seem likely that it's a kernel problem if 5.6.4 used to work
> and now it doesn't.  What was the bios issue?
>
A power fault caused it to drop all settings. I believe I have reset it
to the previous config and, at a minimum, it is compatible with Qubes
without the problem card.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/00a983f4-1c0c-4700-3a61-d68e818b6468%40undef.tools.


Re: [qubes-users] AMD RX 5700 XT suddenly stopped working with Qubes

2020-05-17 Thread Jarrah


> At this point, I would rather suggest you to check in changelog of kernel
> if there would be related commits but still, post a BZ issue on kernel.
>
There are a couple in 5.6.11 that I will have a better look at tomorrow.
Not sure this will be it though. The system fails to boot on both 5.6.4
(previously working) and 5.6.11 (new).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bf47e1a2-d8fc-dd81-1fdc-aa7dba2045db%40undef.tools.


[qubes-users] AMD RX 5700 XT suddenly stopped working with Qubes

2020-05-17 Thread Jarrah
Good Morning,

About a month ago, kernel-latest 5.6.4 was released which resolved the
issues booting Qubes on the RX 5700 XT. This has been working and stable
since this time.

Yesterday I installed a number of updates (including Xen and
kernel-latest) and (after the updates had completed) had an issue which
reset my bios. Since then, I have been unable to boot Qubes using the
5700 XT. System works fine in another OS.


The only error output I have seen is as follows (observed on different
boots):

"[Firmware Bug]: cpu 2, try to use APIC520 (LVT offset 2) for vector
0xF4, but the register is already in use for vector 0x0 on this cpu."

A failure to start IOMMUv2 (does not occur with the other graphics card)


After fixing the bios settings, my next thought was to roll back the Xen
and kernel update. However, this did not solve the issue.

Other attempts:

* Boot the system with another GPU: Works fine

* Boot the system without Xen (just the dom0 kernel): works fine.

* Boot the system outputing to the hypervisor console: system boots to
login screen. All autostarted VMs boot. Keyboard entry does not get sent
to dom0, but ctl-alt-del reboots the system and outputs to screen.

* Boot the system and let it sit after the screen locks up: All
autostarted VMs boot but I cannot interact with the system. I can tell
by the hvc above and the fact that my mouse turns on.

* The error above has been connected to an ACPI issue. Adding the
"acpi=off" boot parameter resulted in a kernel panic probably unrelated
to the GPU issue.

* Tested the just-released 5.6.13 kernel: Same issue now found on 5.6.4
(previously good) through 5.6.13.

* Set every IOMMU/ACS/SVM setting I can find in my bios.


I'm stuck for ideas at this point. Has anyone experienced something similar?

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/35b974a3-13f1-cabf-9731-5e9aa1fcbed2%40undef.tools.


Re: [qubes-users] Connect to wifi - settings doesnt load

2020-05-14 Thread Jarrah


> I think my problem is common and also new, i read the thread you sent me
> and many more but couldnt understand how to do the workaround? I read that
> intel ax201 works on fedora perfectly, but on qubes no, how should i update
> the fw? Can you please explain the steps or refer me to a good reference?
> That would save me a lot of time.
>
You're right, it is a common problem for that card on Qubes.

As described in https://github.com/QubesOS/qubes-issues/issues/5615,
there is no simple answer to this one. You will have to patch and
re-compile the kernel or replace the card. Is there an option to use a
wired network while you wait for the patch to be pulled by upstream?

If not, and you decide you want to learn how to patch and compile the
kernel, there is quite a long (but very enlightening) path ahead of you.
Start with https://www.qubes-os.org/doc/qubes-builder/. You will want to
follow the steps in "Making a customized build" and insert the patch
into src/linux-kernel/ and apply it in the spec file. The command `make
kernel` should then result in a "kernel-qubes-vm" package that you can
install in dom0.

As I said, this will not be something that is easy, but you will learn a
lot. The alternative is replacing the Wifi card with something supported
(I can vouch for the Intel 9462 series being supported) or using wired
ethernet for now.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bab27ff3-139d-73c1-aae6-4e5a01e26e4d%40undef.tools.


Re: [qubes-users] Connect to wifi - settings doesnt load

2020-05-12 Thread Jarrah


> If i left click I only see ethernet network, could it be that my network
> device is not working? I have Wireless Intel AX201 11ax, 2x2 + BT5.0.

There are a few reports on this mailing list of that not working from a
few months back. See "[qubes-users] Missing wifi on Intel NUC10i7FNK"
for example.

I can't comment on that specific card, but the output of the following
three commands (run in sys-net) will tell you whether the card is
available to configure:

* ip l -> should see a wls* interface.

* iwconfig -> same wls* interface but with more wifi specific information

* sudo dmesg | grep iwlwifi -> should show the driver starting and
firmware loading, but will print any errors which occurred. This This
output will be useful debugging here.


A potential stab in the dark, the "kernel-latest-qubes-vm" package may
have updates which solve the issue with that WiFi card. If the above
commands don't give you anything useful, try installing it and setting
that as the kernel for the sys-net VM. You'll find that setting in the
"advanced" tab of the sys-net settings in "Qube Manager".

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c8a9feef-9236-d544-4ddd-b55520bf3364%40undef.tools.


Re: [qubes-users] Connect to wifi - settings doesnt load

2020-05-12 Thread Jarrah


> clicked save, but i didnt find a way to actually connect to it, how do i do
> that?
Try left clicking on the same icon. You should receive a list of
available networks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/50380f3d-121c-3e04-be4f-e3236bd2557d%40undef.tools.


Re: [qubes-users] Dividing Qubes Into Separate Networks (FAILED)

2020-05-12 Thread Jarrah


>
> I also have an almost identical setup. I wanted to do what you were 
> attempting (Zsolt) but had the same outcome so I quit trying . I thought it's 
> not possible. I tried following this old article but the commands did no 
> longer work the same way 
> https://blog.invisiblethings.org/2011/09/28/playing-with-qubes-networking-for-fun.html
This document is quite old, but conceptually not bad. The commands in it
are likely to fail now, but the theory still applies.
>
> I am not sure if your goal is feasible at all. It didn't work for me but I am 
> fairly new to Linux so actually don't listen to me lol :)
I can confirm that splitting Qubes networking into two zones with two
different NICs is feasible. I have exactly this configuration using a
dual-nic motherboard and handling VLANs on a managed switch.
>
> I have the quad port commercial pfsense netgate appliance but I only use an 
> unmanaged switch unlike your unifi. I could not make the VLAN work. I ended 
> up just having 1 sys-net and separate everything with two firewalls and can 
> chose on each VM which route to take similar to what DG was saying. 
Having an unmanaged switch defeats the purpose of this. You will receive
two IP addresses on the same network. You may be able to assign the VLAN
on the NIC and have the PFSense device recognize it, but this is not
guaranteed to work.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d1cea2dc-8b99-7ce3-8dc4-e24b320fd641%40undef.tools.


Re: [qubes-users] Connect to wifi - settings doesnt load

2020-05-12 Thread Jarrah


> Not able to run sys-net Settings. I would like to configure the wireless
> networks.
>
> After adding "Settings" to sys-net in Qube Manager, clicking on "Service:
> sys-net | Settings" produced no observable system response.
>
> Also running gnome_control_center fails.
>
> If i run:
>
> export XGD_CURRENT_DESKTOP=GNOME gnome_control_center

Try configuring it from network manager either by right clicking on the
icon in the taskbar and selecting "Edit Connections" or running
`nm-connection-editor` at the sys-net terminal.

Gnome settings isn't really a useful part of Qubes within a VM.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b8ee8a99-ebb2-8ca7-e654-a2292200dad1%40undef.tools.


Re: [qubes-users] How to bridge a subnet ot the firewall

2020-05-07 Thread Jarrah


>> you are simply sniffing the wrong side of the SPS.
>> sniff the downstream interface(s) instead of upstream.
> wouldn't a tcpdump -i eth0 sniff rx tx? 

You will get the NAT'd addresses with this. You want to listen on the
vif* addresses.

eth0 is the upstream interface. In your SPS it goes to the firewall.

vif* are the downstream interfaces. They go to your VMs.


If you want the individual IP addresses, you need to listen on all of
the downstream interfaces.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/df45ef2e-2981-43a3-fa7d-8e53d25465fe%40undef.tools.


Re: [qubes-users] Dividing Qubes Into Separate Networks (FAILED)

2020-05-04 Thread Jarrah


> My apologies unman that I am not a Linux poweruser. I have only been using it 
> casually for the past 20 years. I have yet to run into a situation where I 
> was not able to configure my network on any SUSE/Slackware, Debian or RHEL 
> based systems. The reason I came here is to get help, not to be reminded what 
> I do not understand or know about networking. 
You got that response because of the terse replys to Unmans ask for more
information. Had you been a little more forthcoming, we might have a
solution.
> So my understanding is that it would not solve the DHCP settings but
> if I were to try manually setting it then Fedora stores the settings
> in /etc/sysconfig/network-scripts/ifcfg-Wired_connection_# which is
> not a permanent location in Qubes so I'd lose it with every reboot. 

These settings are re-written at each reboot. However, network manager
is not (see /rw/config/NM-system-connections). Try configuring it from
network manager (nmcli or nm-connection-editor). Also ensure that things
such as link speed negotiation, MTU and MAC address (if you are using
port security) are correct. All of the above are in pentest-gw, which I
assume is a clone of sys-net.

What you are doing is absolutely possible in Qubes.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bcb16c5c-5eb7-3da1-e4d5-75f8fd9f6ff3%40undef.tools.


Re: [qubes-users] Re: connecting an iPhone to a AppVM - 4 non-working attempts

2020-04-30 Thread Jarrah


> Right. That was my 5th non-working attempt, because I get this error,
> when trying to attach my USB controler from my Lenovo L380:
>
> Start failed: internal error: Unable to reset PCI device :00:15.0:
> no FLR, PM reset or bus reset available, see
> /var/log/libvirt/libxl/libxl-driver.log for details:
> 2020-04-29 21:03:20.397+: libxl:
> libxl_pci.c:1202:libxl__device_pci_reset: The kernel doesn't support
> reset from sysfs for PCI device :00:14.0
>
This will be an issue with the controller not respecting PCI reset. try
with `-o no-strict-reset`. This is less secure, theoretically some state
from the original VM/dom0 can persist to the new VM. In practice, it is
up to your judgement. See `man qvm-pci` for more info.
> How have you've chosen the correct USB controller?
Usually I'll pick a controller, assign it to a VM with no USB devices
attached to any ports and see which ports are assigned to the VM by
plugging a trusted device in. It's not easy to match them.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9e9866ca-5952-15fc-b94d-8613f2fafa4e%40undef.tools.


Re: [qubes-users] TPM settings for Qubes OS

2020-04-27 Thread Jarrah


> "sudo dd if=Qubes-R3-x86_64.iso of=/dev/sdX bs=1048576 && sync"
> Both produced exactly the same results, which is to install just fine, but 
> then fail when rebooting/initial configuring.
Is this the exact command you are using? If so, why exactly are you
using Qubes R3? 4.0 is the current supported version and will likely
work far better.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2435c2af-4622-1d99-612f-5c4c19523482%40undef.tools.


Re: [qubes-users] Qubes-vpn-support Tor Browser not working

2020-04-18 Thread Jarrah
> My goal is connect to my VPN after the TOR routing (Bypass the 
> tor censorpship in some websites). 
This somewhat defeats the purpose of using TOR. You now have an
identifiable address due to having a (hopefully paid) vpn. They can
track you. Any anonymity provided by TOR is taken away by the VPN.
> The problem is, when I set mt whonix-workstation to connect to sys-VPN over 
> whonix-gw, My Tor Browser do not work anymore. If I disconnect the VPN 
> inside sys-VPN, the Tor Browser start working as usual, but when my VPN is 
> connected, it stops.

This is by design. TOR browser assumes it can speak TOR protocols and
connect to .onion addresses (etc). However, the VPN will come out onto
the clearnet, rather than TOR's network. TOR browser cannot lookup TOR
addresses, nor can it connect to anything relying on TOR.

If you want to do this to access clearnet sites, you'd have to use a
standard browser. The VPN should work just fine, so long as you're not
trying to connect to TOR specific services through it. Though, please
see above warning about doing so.

The only reason I can think of to do this is if you live in a location
that blocks VPNs, but is fine with TOR. Otherwise, you have exactly the
same security model as just using the VPN, plus the overhead and attack
surface of TOR/Whonix.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a7339a4a-697d-614b-e760-b07633e5fcc7%40undef.tools.


[qubes-users] Has anyone a intel Wi-Fi 6 AX200 working in sys-net (fedora/debian)?

2019-12-17 Thread Jarrah Gosbell
>  [    4.776112] iwlwifi :00:06.0: Detected Killer(R) Wi-Fi 6 AX1650x

Not a solution but I believe the above line might help. Iwlwifi is
picking up the wrong device. I have another machine doing the same but
haven't got a solution. All I can say is that it came about with Kernel
5.3.x and isn't specifically a Qubes thing.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/507cca62-3ed5-fac1-820b-691b89bc2812%40TLRcommunications.com.au.


[qubes-users]

2019-10-31 Thread Jarrah Gosbell
> Also, since you have built an

> ISO try making a 4.1 one.

Having difficulty getting this to build. Qubes builder on a fedora 29
qube. `make qubes` runs fine. But `make iso` fails with the following
output:

```
-> Building installer-qubes-os iso for fc29 (logfile:
build-logs/installer-qubes-os-iso-fc29.log)...
--> build failed!
  - conflicting requests
  - package kdump-anaconda-addon-005-2.20180730git966223e.fc29.noarch
requires anaconda >= 21.33, but none of the providers can be installed
  - package anaconda-29.24.7-1.fc29.x86_64 requires
anaconda-install-env-deps = 29.24.7-1.fc29, but none of the providers
can be installed
  - package anaconda-29.24.7-2.fc29.x86_64 requires
anaconda-install-env-deps = 29.24.7-2.fc29, but none of the providers
can be installed
  - cannot install both anaconda-install-env-deps-29.24.7-1.fc29.x86_64
and anaconda-install-env-deps-1000:29.24.7-3.fc29.x86_64
  - cannot install both anaconda-install-env-deps-29.24.7-2.fc29.x86_64
and anaconda-install-env-deps-1000:29.24.7-3.fc29.x86_64
  - nothing provides xen-libs = 4.12.1-2.fc29 needed by
xen-runtime-2001:4.12.1-2.fc29.x86_64
```


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1f5b0986-5502-378e-2250-02f5ead42e0f%40TLRcommunications.com.au.


[qubes-users] Re: Qubes fails to boot using RX 5700 XT

2019-10-31 Thread Jarrah Gosbell
Please disregard the above. I replied to the wrong email.


> Saw you tried kernel-latest. Was that a 5.x version?

It was. 5.3.7 is the version I have installed.

> Also, since you have built an ISO try making a 4.1 one.

Currently building. I'll get back when it's done.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c58361ed-231b-860b-2514-5fee75d42a4b%40TLRcommunications.com.au.


[qubes-users] Re: Dom0 Kernel panic when using iGPU

2019-10-31 Thread Jarrah Gosbell
> Have you tried taking out iommu=no-igfx (in both places) and/or

> i915.alpha_support=1?

I have just tried this. No change. Using the serial console still
results in the same kernel panic. Without the serial console, there is
no output from Dom0.

I also was recommend pci=nocrs in the console output while testing. Same
result for this.


Of interest, while testing the above I accidentally left the Nvidia GPU
active. I received exactly the same kernel panic in serial console with
the Nvidia GPU as I usually do with the iGPU. It may be that the error I
am looking at is a result of the console, and the real error is
something else.

Thanks.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5436a22d-9001-f4ca-1d04-5c72aec26d18%40TLRcommunications.com.au.


Re: [qubes-users] Dom0 Kernel panic when using iGPU

2019-10-31 Thread Jarrah Gosbell
> Have you tried taking out iommu=no-igfx (in both places) and/or
i915.alpha_support=1?

I have just tried this. No change. Using the serial console still
results in the same kernel panic. Without the serial console, there is
no output from Dom0.

I also was recommend pci=nocrs in the console output while testing. Same
result for this.


Of interest, while testing the above I accidentally left the Nvidia GPU
active. I received exactly the same kernel panic in serial console with
the Nvidia GPU as I usually do with the iGPU. It may be that the error I
am looking at is a result of the console, and the real error is
something else.

Thanks.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dbd84549-e0b6-5def-6684-088002526dca%40TLRcommunications.com.au.


[qubes-users] Qubes fails to boot using RX 5700 XT

2019-10-30 Thread Jarrah Gosbell
I have upgraded an existing Qubes system to use the AMD RX 5700 XT.
However, when booting with Xen, the driver is unable to install the GPUs
firmware. I receive the following error message:

```

amdgpu [...]: (-14) failed to allocate kernel bo
amdgpu [...]: failed to create kernel buffer for firmware.
amdgpu [...]: amdgpu_device_ip_init failed
amdgpu [...]: Fatal error during GPU init.

```

On the standard tty output, the screen will go blank at this point. On
the serial hypervisor console, I receive the above error message and
eventually am dropped at a non-interactive console login screen.


Solutions I have tried:

- Initially, the navi_* firmware files did not exist. I have added these
from a Fedora 30 install.

- All attempts have been on kernel-latest. Older kernels do not support
this card.

- Allocate exactly 6GB to dom0 to ensure no OOM or similar conditions
exist.

- Allocate exactly 4vcpus pinned to dom0.

- Tried multiple IOMMU settings and increased swiotlb.

- Booted Qubes without Xen. System boots perfectly to graphical login.

- All three options of amdgpu.fw_load_type with the following results

    0) Graphical system without Xen stops display. Can be interacted
with without the screen (eg ctl-alt-del results in a reboot). Xen
console session gives the below error:

```

[drm:amdgpu_device_init [amdgpu]] *ERROR* hw_init of IP block failed

```

    1/2) Graphical system boots fine. Xen console session shows the
first error described above.


I have been discussing this on Github here:

https://github.com/QubesOS/qubes-issues/issues/5416


Thanks.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c022c004-1ac7-6413-6d5a-46b27a252206%40TLRcommunications.com.au.


[qubes-users] Dom0 Kernel panic when using iGPU

2019-10-30 Thread Jarrah Gosbell
I have been attempting to get Qubes installed on my Metabox Prime-V
laptop, which has resulted in the following kernel panic on each boot.

https://user-images.githubusercontent.com/43260698/67632046-025ddf00-f896-11e9-9012-e6813789a3f5.jpg


This kernel panic seems to be caused by the interaction of Xen and the
iGPU. I can boot Qubes using the Nvidia card or using the iGPU without
Xen perfectly fine. Neither of these solutions are usable however, qubes
without Xen defeats the purpose and the Nvidia card is not supported by
Nouveau.


Solutions I have tried so far:

- Install from Normal 4.0, 4.0.1 and 4.0.2-rc1 ISO.

- Manually create the above isos using Qubes Builder

- Install on another machine, fully update the system and install
kernel-latest.

- Disabling power management (cstates, etc) in both bios and xen/linux
boot line.

- Hiding the nvidia pci device using `xen-pciback.hide`

The following boot configuration has been used:

```

[qubes-verbose]
options=console=vga efi=no-rs iommu=no-igfx loglvl=all
dom0_mem=min:1024M dom0_mem=max:4096M ucode=scan vga=current,keep
guest_loglvl=all
#noexitboot=1
#mapbs=1
kernel=vmlinuz inst.stage2=hd:LABEL=Qubes-20190628-x86_64
i915.alpha_support=1 nouveau.modeset=0 iommu=no-igfx console=hvc0 acpi=off
ramdisk=initrd.img
```


This has allowed be to gather error messages from the console (see above
link). But I have run out of ideas.

I've been posting this on the following github issue as well:

https://github.com/QubesOS/qubes-issues/issues/5422

Thanks.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/63a8b55f-014d-a32a-d7d3-a58f10ce90e6%40TLRcommunications.com.au.