RE: [SPAM] Re: [qubes-users] validate IOMMU support

2018-01-15 Thread Wim Vervoorn
Hello,

Thanks, I overlooked the no-strict-reset option. I will give this a try and see 
how it works out.

Wim

-Original Message-
From: awokd [mailto:aw...@danwin1210.me] 
Sent: Monday, January 15, 2018 12:26 PM
To: Wim Vervoorn 
Cc: qubes-users@googlegroups.com
Subject: RE: [SPAM] Re: [qubes-users] validate IOMMU support

On Mon, January 15, 2018 9:40 am, Wim Vervoorn wrote:
> Hello,
>
>
> I can understand that but there is no general rule for that. In many 
> cases this won't be possible at all. In some cases this can be 
> achieved by changing some configurations in the chip but in many cases 
> this will not be documented in public documents.
>
> I do think some things in Qubes can be improved regarding this support.
>
>
> What I noticed is that all PCI devices in the systems are listed and 
> can be assigned to a VM BUT when I try to do this the VM will not 
> start (without any message to the user). I think two things can be 
> improved here. 1) Only list the devices that can actually be used ( so 
> they should support FLR or PM reset or bus reset). Listing the others 
> is confusing and will cause frustration by the users 2) Provide some 
> user feedback anyhow when a VM fails to start. Now a user needs to 
> consult the log to check what happens. This is not really convenient.

There is a FAQ entry on it at least: https://www.qubes-os.org/faq/ Often you 
can still use them if you disable the strict reset requirement.



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cd995e70248246d29547dacb23742e74%40Eltsrv03.Eltan.local.
For more options, visit https://groups.google.com/d/optout.


RE: [SPAM] Re: [qubes-users] validate IOMMU support

2018-01-15 Thread Wim Vervoorn
Hello,

I can understand that but there is no general rule for that. In many cases this 
won't be possible at all. In some cases this can be achieved by changing some 
configurations in the chip but in many cases this will not be documented in 
public documents.

I do think some things in Qubes can be improved regarding this support.

What I noticed is that all PCI devices in the systems are listed and can be 
assigned to a VM BUT when I try to do this the VM will not start (without any 
message to the user). I think two things can be improved here.
1) Only list the devices that can actually be used ( so they should support FLR 
or PM reset or bus reset). Listing the others is confusing and will cause 
frustration by the users
2) Provide some user feedback anyhow when a VM fails to start. Now a user needs 
to consult the log to check what happens. This is not really convenient.


Best regards,

Wim Vervoorn

-Original Message-
From: Frans Hendriks 
Sent: Monday, January 15, 2018 9:42 AM
To: Wim Vervoorn 
Subject: FW: [SPAM] Re: [qubes-users] validate IOMMU support 



-Original Message-
From: taii...@gmx.com [mailto:taii...@gmx.com]
Sent: vrijdag 12 januari 2018 18:24
To: aw...@danwin1210.me; Wim Vervoorn 
Cc: qubes-users 
Subject: [SPAM] Re: [qubes-users] validate IOMMU support 

On 01/12/2018 06:31 AM, 'awokd' via qubes-users wrote:

> On Fri, January 12, 2018 8:23 am, Wim Vervoorn wrote:
>> Hello,
>>
>>
>> Thanks. I tried this. Now I am running into problems with the PCI 
>> devices I am using. Qubes can't reset those. For some reason they are 
>> not exposing the FLR capability. I am trying to find out why because 
>> they should according to the datasheet.
> I'm personally interested in this because I have the same issue with a 
> Corebooted laptop so please let me know if you figure it out, but 
> there are probably going to be more subject matter experts over on the 
> Coreboot mailing list!
>
> For purposes of validating IOMMU support though, as long as you can 
> get one PCI device passed through I think that would be all that matters?
If you can pass through a device, you have quality IOMMU groups and IOMMU-IR is 
enabled in dmesg then you are good to go.

I too would like to know how to modify the PCI capabilities list.






-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/83f5b81ac92e44ed82771489374006b8%40Eltsrv03.Eltan.local.
For more options, visit https://groups.google.com/d/optout.


RE: [qubes-users] validate IOMMU support

2018-01-12 Thread Wim Vervoorn
Hello,

Thanks. I tried this. Now I am running into problems with the PCI devices I am 
using. Qubes can't reset those. For some reason they are not exposing the FLR 
capability. I am trying to find out why because they should according to the 
datasheet.

Best regards,

-Original Message-
From: awokd [mailto:aw...@danwin1210.me] 
Sent: Thursday, January 11, 2018 10:50 AM
To: Wim Vervoorn 
Cc: qubes-users 
Subject: Re: [qubes-users] validate IOMMU support

On Thu, January 11, 2018 9:43 am, Wim Vervoorn wrote:
> Hello,
>
>
> I added IOMMU support to coreboot (DMAR tables with filled DHRD and 
> RMRR
> structures) and want to make sure everything is configured correctly.
>
> I did check this using the Ubuntu fwts and also checked using 
> qubues-hcl-report. All of these seem fine and I don't notice any 
> obvious issues issues in my Qubes 4.0 rc 3 installation.
>
> There are no warnings regarding this in the dmesg and journalctl.
>
>
> Can I assume everything has been implemented correctly in Qubes or 
> should I perform additional testing to  make sure this is really working?

Not sure how "obvious" you mean, but I think if you have tested PCI passthrough 
to an HVM and it works, you should be good.




-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a980234ef1b74ba5b802ff80a9d7321b%40Eltsrv03.Eltan.local.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] validate IOMMU support

2018-01-11 Thread Wim Vervoorn
Hello,

I added IOMMU support to coreboot (DMAR tables with filled DHRD and RMRR 
structures) and want to make sure everything is configured correctly.

I did check this using the Ubuntu fwts and also checked using 
qubues-hcl-report. All of these seem fine and I don't notice any obvious issues 
issues in my Qubes 4.0 rc 3 installation.

There are no warnings regarding this in the dmesg and journalctl.

Can I assume everything has been implemented correctly in Qubes or should I 
perform additional testing to  make sure this is really working?

Best regards,

Wim Vervoorn



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d35313c4f9dc418f824db307aa92f975%40Eltsrv03.Eltan.local.
For more options, visit https://groups.google.com/d/optout.


RE: [qubes-users] UEFI secureboot issue

2017-09-18 Thread Wim Vervoorn
Hello Marek,



This is clear. Do you have any plans to do this in the future?



Best regards,



Wim Vervoorn





Van: Marek Marczykowski-Górecki<mailto:marma...@invisiblethingslab.com>
Verzonden: zaterdag 16 september 2017 00:32
Aan: Wim Vervoorn<mailto:wvervo...@eltan.com>
CC: taii...@gmx.com<mailto:taii...@gmx.com>; 
qubes-users<mailto:qubes-users@googlegroups.com>; 
raahe...@gmail.com<mailto:raahe...@gmail.com>
Onderwerp: Re: [qubes-users] UEFI secureboot issue



-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Tue, Aug 15, 2017 at 07:20:01AM +, Wim Vervoorn wrote:
> Basically I am not asking for some type of religious war on Secure Boot. All 
> I am basically asking for is if the executables provided in the Qubes 
> distribution are signed and if so which keys have been used.
>
> If they are not and we should sign them ourselves (either for grub or 
> secureboot) this is good to know as well.

No, currently neither of those binaries (xen.efi, kernel, initramfs) are
signed. Only rpm packages carrying them.

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJZvFTJAAoJENuP0xzK19csyYQIAJagCeOm29MPiQC8rG/tyxlA
/4OdRu/LmerqyxFW1jUjE19YeH0i+/Lr2VVOI07/NcZeEpH2VfoRmWZYeNExyH+x
FyxOBQIJjg+FyvihtHfPlGRHkRBtvAVrJcFCZgteUH5zN5fa/pY+05X3WjhnReNg
se9EQeMGY8VRyPHXxV4xKjfI77CUF6ezv4p5+1DwP3jbG/jPjFgskfUtfEHjP04N
aIpbbW204hAc4k6bWvRnGbEum+vXuYd318f8R7JzdEtJ1MVvv/DQt1JxQw8FPfUN
nLKv4tmHxqnQWIMktgqenT73t51eOFpdtEBcXnQvWk9XtiLfA8LQZ8b531ZogbU=
=CdQG
-END PGP SIGNATURE-


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1cdfa840052c4f00905bce0360c94545%40Eltsrv03.Eltan.local.
For more options, visit https://groups.google.com/d/optout.


RE: [qubes-users] UEFI secureboot issue

2017-08-15 Thread Wim Vervoorn
-Original Message-
From: taii...@gmx.com [mailto:taii...@gmx.com] 
Sent: Tuesday, August 15, 2017 2:50 AM
To: Wim Vervoorn ; qubes-users 

Cc: raahe...@gmail.com
Subject: Re: [qubes-users] UEFI secureboot issue

Secure boot is a stupid Microsoft controlled project to eventually remove the 
ability for commercial PC's to run non windows operating systems.

SB 1.0 specs mandate owner controlled (an option to shut it off), SB2.0 doesn't 
and PC's built to that spec such as the Windows 10 ARM PC's and MS's "signature 
series" PC's prevent you from installing non microsoft operating systems.

"Secure" boot is simply a marketing name for kernel code signing, you can 
easily do this with coreboot and a grub payload (grub supports kernel signing).

SB doesn't stop virii as that wasn't what it was designed to do, preventing 
rootkits from modding the kernel is irrelevant as you can simply change another 
critical system file of which there are many on windows.

Kernel code signing is only useful in an AEM context with an encrypted 
filesystem but unencrypted kernels.

I myself have a variety of owner controlled fully libre firmware devices such 
as the KGPE-D16 and KCMA-D8 asus motherboards, those two are the only ones that 
offer full libre functionality along with high performance - they also run 
qubes great - having 32 cores and 128GB ram is excellent for it.
Please note these are the only owner controlled devices that support
v4.0 (purism isn't owner controlled and their firmware isn't and can't ever be 
open source) Another neat feature is an addon user configurable CRTM TPM module 
(very rare).

As always I offer free tech support for libre motherboards if you wish to buy 
one.

**

Hello,

Basically I am not asking for some type of religious war on Secure Boot. All I 
am basically asking for is if the executables provided in the Qubes 
distribution are signed and if so which keys have been used.

If they are not and we should sign them ourselves (either for grub or 
secureboot) this is good to know as well.

Best regards,

Wim Vervoorn

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fad326868c7e42219681d63feb020859%40Eltsrv03.Eltan.local.
For more options, visit https://groups.google.com/d/optout.


RE: [qubes-users] UEFI secureboot issue

2017-08-01 Thread Wim Vervoorn
Hello,

I would like to use Qubes on a UEFI system with secure boot enabled.

Until now this fails with a security violation.

I assume this is because the Qubes efi application is not signed by the 
"microsoft-uefica"  key. 

We can of course make it boot by adding the hash of the loader to the UEFI "db" 
but we don't like to do this because we would need to do this again if a change 
is made. We assume you also signed the laoder with an appropriate key but I 
have not been able to find the certificate of the public key so I can add this 
to the "db" database and allow all efi binaries that are released by Qubes. Can 
you tell me where I can find that and share it with me?


Best Regards,
Wim Vervoorn

Eltan B.V.
Ambachtstraat 23
5481 SM Schijndel
The Netherlands

T : +31-(0)73-594 46 64
E : wvervo...@eltan.com
W : http://www.eltan.com

"THIS MESSAGE CONTAINS CONFIDENTIAL INFORMATION. UNLESS YOU ARE THE INTENDED 
RECIPIENT OF THIS MESSAGE, ANY USE OF THIS MESSAGE IS STRICTLY PROHIBITED. IF 
YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER 
BY TELEPHONE +31-(0)73-5944664 OR REPLY EMAIL, AND IMMEDIATELY DELETE THIS 
MESSAGE AND ALL COPIES." 



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2a5bc82b17ab42088013f3373f3a56c7%40Eltsrv03.Eltan.local.
For more options, visit https://groups.google.com/d/optout.


RE: [qubes-users] UEFI installation issue

2017-04-24 Thread Wim Vervoorn


-Original Message-
From: Marek Marczykowski-Górecki [mailto:marma...@invisiblethingslab.com] 
Sent: Monday, April 24, 2017 3:54 PM
To: Wim Vervoorn 
Cc: qubes-users 
Subject: Re: [qubes-users] UEFI installation issue

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Mon, Apr 24, 2017 at 01:44:35PM +, Wim Vervoorn wrote:
> Hello Marek,
> 
> I tried this by changing the "coreboot" name in my coreboot version.
> 
> After that I performed a re-install.
> 
> After doing so this issue is solved. The xen.cfg is generated correct and the 
> bootoptions are set correctly as well.
> 
> After this the system boots correctly without manual interactions.
> 
> I did run into another issue however but this is not related to writing the 
> boot options I assume. After finalizing the setup the system is stuck with a 
> cursor in the top left corner. I need to turn the system off to proceed. I 
> try to gather some more information about this and post this as well.
> 
> Besides that I am wondering how you will deal with this issue. Will this be 
> included in a new 3.2 release at some point in time or do I need to create a 
> custom version to include this fix?

See the issue I linked before[1]. There will updated 3.2 installation image 
("3.2.1") in some not-so-distant future.

[1] https://github.com/QubesOS/qubes-issues/issues/2553

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJY/gOAAAoJENuP0xzK19cscQ8H/AvXmWEExm/OBstwLUoHb6tB
PQ23ylmv1OA52xtUpgUPFRaTNuQWWMK8cZlkAdi1eNzDQjiRvHjRxNMyUkUPjPLz
wQGpKIupqambM+WbxXo84soeyvI9mJ6waC4pElDv9Ku7R/I4qeYubdrcPnK669Nx
C/G/shrnSw93cAKboNYofufcNhLJUMiPhuTxakKoSgi4NsGUq0z+hITzZaHGu3cj
1ZUJIK9jK+LJrbvI5vEZW2K9meYUq9NpH2pqJ9FYps0zJsiX+UoqRvnYTgJtsuAG
jBI9Tn/Bo1eXtbSPXvyjtTlbrZurdfpKMDdrwi367YZ0m8e6Os8WE2j9zje86qM=
=rVn6
-END PGP SIGNATURE-

Hello Marek,

Thanks for the feedback.

This is my last line of the anaconda logging:

22:50:35,609 INFO anaconda: Running kickstart %%post script(s)

So my system seems to be stuck here:

def runPostScripts(scripts):
postScripts = [s for s in scripts if s.type == KS_SCRIPT_POST]

if len(postScripts) == 0:
return

log.info("Running kickstart %%post script(s)")
for script in postScripts:
script.run(iutil.getSysroot())

** STUCK BEFORE THIS
log.info("All kickstart %%post script(s) have been run")

Problem is that I don't know the process well enough to figure out which 
scripts are executed here.

Do you have some suggestions?

Best regards,

Wim Vervoorn



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9b2e299a0b1e4515a8d45b5b02ba769f%40Eltsrv03.Eltan.local.
For more options, visit https://groups.google.com/d/optout.


RE: [qubes-users] UEFI installation issue

2017-04-24 Thread Wim Vervoorn
Hello Marek,

I tried this by changing the "coreboot" name in my coreboot version.

After that I performed a re-install.

After doing so this issue is solved. The xen.cfg is generated correct and the 
bootoptions are set correctly as well.

After this the system boots correctly without manual interactions.

I did run into another issue however but this is not related to writing the 
boot options I assume. After finalizing the setup the system is stuck with a 
cursor in the top left corner. I need to turn the system off to proceed. I try 
to gather some more information about this and post this as well.

Besides that I am wondering how you will deal with this issue. Will this be 
included in a new 3.2 release at some point in time or do I need to create a 
custom version to include this fix?

Best regards,

Wim

-Original Message-
From: Marek Marczykowski-Górecki [mailto:marma...@invisiblethingslab.com] 
Sent: Monday, April 24, 2017 2:05 PM
To: Wim Vervoorn 
Cc: qubes-users 
Subject: Re: [qubes-users] UEFI installation issue

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Mon, Apr 24, 2017 at 04:45:08AM -0700, wvervo...@eltan.com wrote:
> Hello,
> 
> I think this is the culprit:
> 
> This code is in bootloader.py  line 1422:
> 
> if subprocess.check_output(
> ['dmidecode', '-s', 'bios-vendor'],
> universal_newlines=True) == "coreboot\n":
> log.info("dmidecode -s bios-vendor returns coreboot")
> self.encryption_support = True
> self.skip_bootloader = True
> self.stage2_format_types += ["lvmlv"]
> 
> This indicates the bootloader can be skipped for coreboot, which may be 
> correct for coreboot with a grub payload integrated but not when the UEFI 
> payload is used as it is in our case.

Yes, this is probably the case. There is very similar issue with
Coreboot+SeaBIOS[1].
The problem is exactly what you've identified - the above should really check 
for coreboot+grub2, but it checks only for coreboot.

[1] https://github.com/QubesOS/qubes-issues/issues/2553

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJY/en3AAoJENuP0xzK19csPmoIAIt4ZJSffGxqH3rZH0WN5ysS
zID829cggBZcq2xBpBrgFUxmg6Zf7U0A8qcROWMq3tIkOTg8yLFAmMYm2thuE31c
cTWDdNN2HA2aCtSpJLnp5p+KktXi7CGwYFRzRFXc8rU3theaSprSTmVryno3QgvJ
XLANDrom7SA4Hw4J76kft35qK2K8ezCE13n8IqAjG57PsBF+Q9VVHUmDEqYlGusp
sSxA91kYtn1wN1HsHwguoJmSdvcEWmyEkqG5Bq1kqTQLrI0iC15Dnwdk2kiRowme
dZWTGI6ip9ODQa+QnOaCqjCRynJ7gnbxKaPWLPQw0mlPv1ARbUHDhTSec7/Ybio=
=zPGn
-END PGP SIGNATURE-


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8ee2061bbf74448ab3f2f2965c89f3e0%40Eltsrv03.Eltan.local.
For more options, visit https://groups.google.com/d/optout.


RE: [qubes-users] UEFI installation issue

2017-04-20 Thread Wim Vervoorn
Hello Marek,

One other item came to mind thinking about this.

When I install Qubes and indicate I want the default partitions to be created 
it does create the three partitions mentioned on the website but it doesn't 
create the UEFI ESP partition which of course is also required on a UEFI system.

Is this expected behavior or is this a sign that the installer doesn't 
completely recognize this system as being a UEFI system? Perhaps the installer 
doesn't complete properly because of this?


Best Regards,
Wim Vervoorn

Eltan B.V.
Ambachtstraat 23
5481 SM Schijndel
The Netherlands

T : +31-(0)73-594 46 64
E : wvervo...@eltan.com
W : http://www.eltan.com
"THIS MESSAGE CONTAINS CONFIDENTIAL INFORMATION. UNLESS YOU ARE THE INTENDED 
RECIPIENT OF THIS MESSAGE, ANY USE OF THIS MESSAGE IS STRICTLY PROHIBITED. IF 
YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER 
BY TELEPHONE +31-(0)73-5944664 OR REPLY EMAIL, AND IMMEDIATELY DELETE THIS 
MESSAGE AND ALL COPIES." 





-Original Message-
From: qubes-users@googlegroups.com [mailto:qubes-users@googlegroups.com] On 
Behalf Of Wim Vervoorn
Sent: Thursday, April 20, 2017 11:57 AM
To: Marek Marczykowski-Górecki 
Cc: qubes-users 
Subject: RE: [qubes-users] UEFI installation issue

Hello Marek,

The previous logging was with a debug version of the UEFI code.

I now tried a release version as well. 

The good thing is that the EFI_UNSUPPORTED response from efivars: 
get_next_variable doesn't show up any longer.

The bad news is that I still see the "INFO anaconda: skipping boot loader 
install per user request" message so somehow anaconda is concluding the 
bootloader install should be skipped.

This is the final part of the anaconda log:

22:39:12,715 INFO anaconda: Installing boot loader
22:39:14,663 DEBUG anaconda: new default image: 

22:39:14,737 INFO anaconda: skipping boot loader install per user request
22:39:14,738 INFO anaconda: Installing boot loader
22:39:14,739 INFO anaconda: Performing post-installation setup tasks
22:39:14,760 INFO anaconda: Performing post-installation setup tasks
22:39:14,763 INFO anaconda: Thread Done: AnaInstallThread (140483890104064)
22:39:46,558 DEBUG anaconda: Entered spoke: UserSpoke
22:40:08,695 DEBUG anaconda: Left spoke: UserSpoke
22:40:20,756 INFO anaconda: Running Thread: AnaConfigurationThread 
(140483890104064)
22:40:20,759 INFO anaconda: Configuring installed system
22:40:22,320 INFO anaconda: Configuring installed system
22:40:22,321 INFO anaconda: Writing network configuration
22:40:22,330 INFO anaconda: setting installation environment host name to dom0
22:40:22,661 INFO anaconda: Writing network configuration
22:40:22,662 INFO anaconda: Creating users
22:40:22,664 INFO anaconda: user account root setup with no password
22:40:22,664 INFO anaconda: user account root locked
22:40:23,215 ERR anaconda: User eltan already exists, not creating.
22:40:23,217 INFO anaconda: Creating users
22:40:23,218 INFO anaconda: Configuring addons
22:40:23,219 INFO anaconda: Configuring addons
22:40:23,220 INFO anaconda: Generating initramfs
22:50:35,588 INFO anaconda: Generating initramfs
22:50:35,607 INFO anaconda: Running post-installation scripts
22:50:35,609 INFO anaconda: Running kickstart %%post script(s)

The OS is booting fine after creating the boot option manually (and performing 
the other steps like copying a correct xen.cfg file)

So at this point the main item to tackle is the reason why anaconda skips the 
bootloader install.


Best Regards,

Wim Vervoorn

Eltan B.V.
Ambachtstraat 23
5481 SM Schijndel
The Netherlands

T : +31-(0)73-594 46 64
E : wvervo...@eltan.com
W : http://www.eltan.com

"THIS MESSAGE CONTAINS CONFIDENTIAL INFORMATION. UNLESS YOU ARE THE INTENDED 
RECIPIENT OF THIS MESSAGE, ANY USE OF THIS MESSAGE IS STRICTLY PROHIBITED. IF 
YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER 
BY TELEPHONE +31-(0)73-5944664 OR REPLY EMAIL, AND IMMEDIATELY DELETE THIS 
MESSAGE AND ALL COPIES." 




-Original Message-
From: qubes-users@googlegroups.com [mailto:qubes-users@googlegroups.com] On 
Behalf Of Marek Marczykowski-Górecki
Sent: Wednesday, April 19, 2017 9:39 PM
To: Wim Vervoorn 
Cc: qubes-users 
Subject: Re: [qubes-users] UEFI installation issue

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Apr 19, 2017 at 09:06:48AM +, Wim Vervoorn wrote:
> Hello Marek,
> 
> Thanks for getting back to me.
> 
> I obtained the logs and had a look at them. 
> 
> I couldn't find anything obvious. Can you have a look at them.

Hmm, I found this in anaconda.log:
23:19:35,474 INFO anaconda: skipping boot loader install per user request

Do you remember some question about it, or changing such option?

> 
> Please be aware this isn't a standard UEFI BIOS but coreboot with a TianoCore 
> payload on top of it. This implementation is UEFI only and doesn't suppor

RE: [qubes-users] Re: UEFI installation issue

2017-04-20 Thread Wim Vervoorn
Thanks, 

The failure of the verification is not a real issue. It's basically an error in 
the verification mechanism triggered by the fact that Windows creates an 
additional folder with some volume information on the fat partition of the disk.

Wim

-Original Message-
From: qubes-users@googlegroups.com [mailto:qubes-users@googlegroups.com] On 
Behalf Of hft.huu...@gmail.com
Sent: Wednesday, April 19, 2017 11:11 PM
To: qubes-users 
Subject: [qubes-users] Re: UEFI installation issue

Op dinsdag 18 april 2017 14:45:09 UTC+2 schreef wver...@eltan.com:
> Hello,
> 
> I am trying to install Qubes on a UEFI only system (no CSM).
> 
> Everything seems to work fine but after the install I have 2 problems:
> 
> 1) The boot option isn't added
> 2) The efi\qubes directory doesn't contain xen.efi (just the one with the 
> version in it) and the xen.cfg file is created but is 0 bytes in length so 
> not very usefull.
> 
> Do you have any suggestion of what could be the problem? Or how this can be 
> located?
> 
> If I run qubes repair I can use efibootmgr and I can also use the efivars 
> file system so it doesn't look related to that.
> 
> When I tried to verify my boot media this failed but from the other posts it 
> looks to me as this is standard for boot media created from Windows
> 
> Best regards,
> 
> Wim Vervoorn

"When I tried to verify my boot media this failed"
Yup, my bootable usb couldn't verify itself. But then within the installer, I 
chose different install medium and selected the same downloaded iso file from 
my Windows data partition. Verification of this file was success.
No problems installing this way. :) 
Have you tried this? This is more like a workaround, not a solution to the 
failed verification. 
Otherwise I'm not of any help to you hehe sorry.

-- 
You received this message because you are subscribed to a topic in the Google 
Groups "qubes-users" group.
To unsubscribe from this topic, visit 
https://groups.google.com/d/topic/qubes-users/WLAf7nOh9Qg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to 
qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5727811d-4a35-45fd-ba1a-5e7a366f5127%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/64d2806e84dd42668510f90f09d8df8a%40Eltsrv03.Eltan.local.
For more options, visit https://groups.google.com/d/optout.


RE: [qubes-users] UEFI installation issue

2017-04-20 Thread Wim Vervoorn
Hello Marek,

I reformatted the disk and now the system is working after copying the correct 
xen.cfg file.

The issue that is left is now the correct setting of the boot option by the 
install process.


Best Regards,

Wim Vervoorn

Eltan B.V.
Ambachtstraat 23
5481 SM Schijndel
The Netherlands

T : +31-(0)73-594 46 64
E : wvervo...@eltan.com
W : http://www.eltan.com

"THIS MESSAGE CONTAINS CONFIDENTIAL INFORMATION. UNLESS YOU ARE THE INTENDED 
RECIPIENT OF THIS MESSAGE, ANY USE OF THIS MESSAGE IS STRICTLY PROHIBITED. IF 
YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER 
BY TELEPHONE +31-(0)73-5944664 OR REPLY EMAIL, AND IMMEDIATELY DELETE THIS 
MESSAGE AND ALL COPIES." 




-Original Message-
From: Marek Marczykowski-Górecki [mailto:marma...@invisiblethingslab.com] 
Sent: Wednesday, April 19, 2017 9:26 PM
To: Wim Vervoorn 
Cc: qubes-users 
Subject: Re: [qubes-users] UEFI installation issue

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Apr 19, 2017 at 09:21:10PM +0200, Marek Marczykowski-Górecki wrote:
> On Wed, Apr 19, 2017 at 02:07:37PM +, Wim Vervoorn wrote:
> > Hello Marek,
> > 
> > I also tried booting using the xen.cfg file.
> > 
> > As far as I can see the cfg file is OK but the qubes os still fails.
> > 
> > The there is no request for the password and so the volumes are not 
> > unlocked.
> > 
> > I added both the xen.cfg I am using and the log file.
> > 
> > FYI /dev/sda1 is the ESP, /dev/sda2 is /boot and /dev/sda3 is the 
> > LVM partition
> > 
> > When I am using the rescue mode the password is asked and all seems to be 
> > fine.
> 
> Looks like your system use different LV names and also have LUKS 
> applied to individual LVM volumes, not the whole LVM volume group.
> 
> [2.548486] dom0 dracut-initqueue[362]: inactive '/dev/qubes_dom0/00' 
> [20.00 GiB] inherit
> [2.548886] dom0 dracut-initqueue[362]: inactive '/dev/qubes_dom0/01' 
> [10.00 GiB] inherit
> [2.556716] dom0 dracut-initqueue[362]: File descriptor 98 
> (socket:[9738]) leaked on lvm
> invocation. Parent PID 489: /bin/sh
> [2.557017] dom0 dracut-initqueue[362]: File descriptor 99 
> (socket:[9739]) leaked on lvm
> invocation. Parent PID 489: /bin/sh
> [2.564504] dom0 dracut-initqueue[362]: Failed to find logical volume 
> "qubes_dom0/root"
> [2.572468] dom0 dracut-initqueue[362]: File descriptor 98 
> (socket:[9738]) leaked on lvm
> invocation. Parent PID 489: /bin/sh
> [2.572874] dom0 dracut-initqueue[362]: File descriptor 99 
> (socket:[9739]) leaked on lvm
> invocation. Parent PID 489: /bin/sh
> [2.580150] dom0 dracut-initqueue[362]: Failed to find logical volume 
> "qubes_dom0/swap"
> 
> Try using qubes_dom0/00 instead of qubes_dom0/root and qubes_dom0/01 
> instead of qubes_dom0/swap. Or the other way around. And also adjust 
> root= accordingly (may require using UUID=... notation, but I cannot 
> tell based on the above info, before decrypting it).

Based on installation log (the other email), I actually can tell you what to 
put in root= option: /dev/mapper/luks-298b7206-1b82-46c0-8c1a-2b27a02f2384

Anyway, this layout (LUKS over LVM, instead of LVM over LUKS) isn't the best 
idea. I suggest you reinstall and make sure to have the other one (which should 
be the default...).

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEbBAEBCAAGBQJY97neAAoJENuP0xzK19cssfAH+NQmb0JoDPL0qR/Y6J4is0aT
0lR04AynMNz+41pX0KilORAd02lob9my/rTrriiL2k6pgMC5rnpgMTFBG9Y/J0NF
rDuyvyhPIw6A524dhG2nRZbqRb91oyS8z/TNgHeDdviWzT7Wt+FX+qXbvDlcJkdE
7JIEfzoAgWEeOtu0NUowQ3D1gX0AWVdCxykh/fYw4sUZuV1DXhdXLSYbGSrJrevn
KODd5au6oe0EWw+MzOzMqVSXKTxDVS2CHs71HN4YEvygXjCiqk9IOrqN702tUwmV
4MkS/QDV/EOscUVFMKttSLXM6hz8bOT44vjiFCiqknLZ90qDpE90duzkNflsgg==
=+OLV
-END PGP SIGNATURE-


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5e14db6ef4b4445d8de03a3e393de4de%40Eltsrv03.Eltan.local.
For more options, visit https://groups.google.com/d/optout.


RE: [qubes-users] UEFI installation issue

2017-04-20 Thread Wim Vervoorn
Hello Marek,

Please look at my comments below:

Wim 

-Original Message-
From: qubes-users@googlegroups.com [mailto:qubes-users@googlegroups.com] On 
Behalf Of Marek Marczykowski-Górecki
Sent: Wednesday, April 19, 2017 9:39 PM
To: Wim Vervoorn 
Cc: qubes-users 
Subject: Re: [qubes-users] UEFI installation issue

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Apr 19, 2017 at 09:06:48AM +, Wim Vervoorn wrote:
> Hello Marek,
> 
> Thanks for getting back to me.
> 
> I obtained the logs and had a look at them. 
> 
> I couldn't find anything obvious. Can you have a look at them.

Hmm, I found this in anaconda.log:
23:19:35,474 INFO anaconda: skipping boot loader install per user request

Do you remember some question about it, or changing such option?

* WIM: No I have not seen anything like this

> 
> Please be aware this isn't a standard UEFI BIOS but coreboot with a TianoCore 
> payload on top of it. This implementation is UEFI only and doesn't support a 
> CSM in any way.

This may be important details. We have some code targeting specifically 
coreboot, but then assuming grub payload there...
But it shouldn't disable installing UEFI entries, only allow to have encrypted 
/boot (since grub in coreboot can handle it).

Some relevant log entries:

anaconda.log:
01:50:16,997 INFO anaconda: bootloader XenEFI on EFI platform
01:50:17,067 INFO anaconda: dmidecode -s bios-vendor returns coreboot

syslog:
01:49:52,515 WARNING kernel:[  223.240750] efivars: get_next_variable: 
status=8003

Hmm, this actually may be a problem. I'm not sure what
status=8003 is, but if accessing efivars does not work, efibootmgr 
would not work, so can't add Qubes entry. Does `efibootmgr
- -v` show anything?

Other than that, I also can't see anything interesting.

** WIM : the efivars filesystem is populated and the efibootmgr -v is reporting 
the options I am expecting so that seems to be fine. The 0x8003 is 
EFI_UNSUPPORTED

This could be because the request has been made with attributes that aren't 
supported by the system, without know the call parameters I can't tell if this 
is the case.

  if ((Attributes & EFI_VARIABLE_ATTRIBUTES_MASK) == 0) {
//
// Make sure the Attributes combination is supported by the platform.
//
return EFI_UNSUPPORTED;

#define EFI_VARIABLE_ATTRIBUTES_MASK (EFI_VARIABLE_NON_VOLATILE | \
  EFI_VARIABLE_BOOTSERVICE_ACCESS | \
  EFI_VARIABLE_RUNTIME_ACCESS | \
  EFI_VARIABLE_HARDWARE_ERROR_RECORD | \
  EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | 
\
  
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | \
  EFI_VARIABLE_APPEND_WRITE)


- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJY97zYAAoJENuP0xzK19cszh4H/2uGpcbGXvUsflXZvyo5A08Y
/kXqiO8mHfcCTWsu1knqVT2WJ8KmjJm8ERNDg3pVxor1paZBZ+BKkCzrp20zBJ/d
prhv9j3M9wHNJF+4BSJKUse7gy1RBJrKFnz85gvLBT55PH/k9BGGVk/+eXylmTuM
0yJXkYBqAik84XFRGXWrdm/Rn40h4Gjj1MlXicewKctu8oymqdzOxsIlTxeNYXZa
ZiVen8cFlc4Nsh1LvDfKi61JHrhj/0I623Pacyf/xvsSgynBK5ymRHUY3NlAGHSs
otU9IzsfCUTE6SSaQwKibWRt7P2+MSR4gW6OOgviHr5Ei0bXSQRCf0uCvVyXyQw=
=tbyJ
-END PGP SIGNATURE-

--
You received this message because you are subscribed to a topic in the Google 
Groups "qubes-users" group.
To unsubscribe from this topic, visit 
https://groups.google.com/d/topic/qubes-users/WLAf7nOh9Qg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to 
qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170419193904.GE1486%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2e6b8dd062294a3fadfaf69a3e7c68a7%40Eltsrv03.Eltan.local.
For more options, visit https://groups.google.com/d/optout.


RE: [qubes-users] UEFI installation issue

2017-04-19 Thread Wim Vervoorn
Hello Marek,

I also tried booting using the xen.cfg file.

As far as I can see the cfg file is OK but the qubes os still fails.

The there is no request for the password and so the volumes are not unlocked.

I added both the xen.cfg I am using and the log file.

FYI /dev/sda1 is the ESP, /dev/sda2 is /boot and /dev/sda3 is the LVM partition

When I am using the rescue mode the password is asked and all seems to be fine.


Best Regards,

Wim Vervoorn

Eltan B.V.
Ambachtstraat 23
5481 SM Schijndel
The Netherlands

T : +31-(0)73-594 46 64
E : wvervo...@eltan.com
W : http://www.eltan.com

"THIS MESSAGE CONTAINS CONFIDENTIAL INFORMATION. UNLESS YOU ARE THE INTENDED 
RECIPIENT OF THIS MESSAGE, ANY USE OF THIS MESSAGE IS STRICTLY PROHIBITED. IF 
YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER 
BY TELEPHONE +31-(0)73-5944664 OR REPLY EMAIL, AND IMMEDIATELY DELETE THIS 
MESSAGE AND ALL COPIES." 








-Original Message-----
From: Wim Vervoorn 
Sent: Wednesday, April 19, 2017 11:07 AM
To: 'Marek Marczykowski-Górecki' 
Cc: qubes-users 
Subject: RE: [qubes-users] UEFI installation issue

Hello Marek,

Thanks for getting back to me.

I obtained the logs and had a look at them. 

I couldn't find anything obvious. Can you have a look at them.

Please be aware this isn't a standard UEFI BIOS but coreboot with a TianoCore 
payload on top of it. This implementation is UEFI only and doesn't support a 
CSM in any way.


Best Regards,

Wim Vervoorn

Eltan B.V.
Ambachtstraat 23
5481 SM Schijndel
The Netherlands

T : +31-(0)73-594 46 64
E : wvervo...@eltan.com
W : http://www.eltan.com

"THIS MESSAGE CONTAINS CONFIDENTIAL INFORMATION. UNLESS YOU ARE THE INTENDED 
RECIPIENT OF THIS MESSAGE, ANY USE OF THIS MESSAGE IS STRICTLY PROHIBITED. IF 
YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER 
BY TELEPHONE +31-(0)73-5944664 OR REPLY EMAIL, AND IMMEDIATELY DELETE THIS 
MESSAGE AND ALL COPIES." 





-Original Message-
From: Marek Marczykowski-Górecki [mailto:marma...@invisiblethingslab.com]
Sent: Tuesday, April 18, 2017 9:30 PM
To: Wim Vervoorn 
Cc: qubes-users 
Subject: Re: [qubes-users] UEFI installation issue

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Tue, Apr 18, 2017 at 05:45:09AM -0700, wvervo...@eltan.com wrote:
> Hello,
> 
> I am trying to install Qubes on a UEFI only system (no CSM).
> 
> Everything seems to work fine but after the install I have 2 problems:
> 
> 1) The boot option isn't added
> 2) The efi\qubes directory doesn't contain xen.efi (just the one with the 
> version in it) and the xen.cfg file is created but is 0 bytes in length so 
> not very usefull.
> 
> Do you have any suggestion of what could be the problem? Or how this can be 
> located?
> 
> If I run qubes repair I can use efibootmgr and I can also use the efivars 
> file system so it doesn't look related to that.
> 
> When I tried to verify my boot media this failed but from the other 
> posts it looks to me as this is standard for boot media created from 
> Windows

Logs from installation would be useful, you can find them in /var/log/anaconda 
in installed system (mounted in /mnt/sysimage if you boot in "Rescue a Qubes 
system" mode). I suspect some problem with detecting that you're using UEFI and 
installer simply skipped that part.
Anyway, I've just added instruction what to do now:

https://www.qubes-os.org/doc/uefi-troubleshooting/#installation-finished-but-qubes-boot-option-is-missing-and-xencfg-is-empty


- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJY9mkxAAoJENuP0xzK19csnWAH+wVviEzfnXpbtA+HPwUgcgWG
0eDz74hKDLR+WPxLBSTa2tiXmRrpqKDON7GVrxB6bFqhmhI+7JD3e8HtKmJsmxdw
GuLdMp/3RoDM/Rw4IXxiamB0Ez6m0b3+ClAagjPEVvtUlf25NGNzwqjU8+N6yypz
29+sUKC4Qq4rLgcgaYYcGU2iMFBkzBszq6JKJWRlsqsfWlT/3Og/bJE4rvToaDcF
8LxSMzH052x7pMcHTUJ+fDJ4r4JI4TGxTJh1/rlYjv7eSXyIJfssO65tEfytBfmu
rO1ezSogPzxbmI/Hpa4Hk6OR5N6ATgPMASmKW2lGX5fQ/Af837IFgOIrW7pSvzs=
=idr1
-END PGP SIGNATURE-


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ad1d2f3cf5ac408a933afe2a76b1b698%40Eltsrv03.Eltan.local.
For more options, visit https://groups.google.com/d/optout.
+ cat /lib/dracut/dracut-043-63.git20151211.fc23
dracut-043-63.git20151211.fc23
+ cat /proc/cmdline
root=/dev/mapper/qubes_dom0-root rd.lvm.lv=qubes_dom0/root 
rd.lvm.lv=qubes_dom0/sw

RE: [qubes-users] UEFI installation issue

2017-04-19 Thread Wim Vervoorn
Hello Marek,

When I looked at what happens when xen starts I also see this error message:

ConvertPages: failed to find range 82D08000 - 82D0811F

As far as I can see this the area used by the xen file itself, is that correct? 
Could this be causing problems as well?

Normally we only see these calls to het e.g. the virtual address of an mmio or 
other reserved area.


Best Regards,

Wim Vervoorn

Eltan B.V.
Ambachtstraat 23
5481 SM Schijndel
The Netherlands

T : +31-(0)73-594 46 64
E : wvervo...@eltan.com
W : http://www.eltan.com

"THIS MESSAGE CONTAINS CONFIDENTIAL INFORMATION. UNLESS YOU ARE THE INTENDED 
RECIPIENT OF THIS MESSAGE, ANY USE OF THIS MESSAGE IS STRICTLY PROHIBITED. IF 
YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER 
BY TELEPHONE +31-(0)73-5944664 OR REPLY EMAIL, AND IMMEDIATELY DELETE THIS 
MESSAGE AND ALL COPIES." 








-Original Message-
From: qubes-users@googlegroups.com [mailto:qubes-users@googlegroups.com] On 
Behalf Of Wim Vervoorn
Sent: Wednesday, April 19, 2017 11:07 AM
To: Marek Marczykowski-Górecki 
Cc: qubes-users 
Subject: RE: [qubes-users] UEFI installation issue

Hello Marek,

Thanks for getting back to me.

I obtained the logs and had a look at them. 

I couldn't find anything obvious. Can you have a look at them.

Please be aware this isn't a standard UEFI BIOS but coreboot with a TianoCore 
payload on top of it. This implementation is UEFI only and doesn't support a 
CSM in any way.


Best Regards,

Wim Vervoorn

Eltan B.V.
Ambachtstraat 23
5481 SM Schijndel
The Netherlands

T : +31-(0)73-594 46 64
E : wvervo...@eltan.com
W : http://www.eltan.com

"THIS MESSAGE CONTAINS CONFIDENTIAL INFORMATION. UNLESS YOU ARE THE INTENDED 
RECIPIENT OF THIS MESSAGE, ANY USE OF THIS MESSAGE IS STRICTLY PROHIBITED. IF 
YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER 
BY TELEPHONE +31-(0)73-5944664 OR REPLY EMAIL, AND IMMEDIATELY DELETE THIS 
MESSAGE AND ALL COPIES." 





-Original Message-
From: Marek Marczykowski-Górecki [mailto:marma...@invisiblethingslab.com]
Sent: Tuesday, April 18, 2017 9:30 PM
To: Wim Vervoorn 
Cc: qubes-users 
Subject: Re: [qubes-users] UEFI installation issue

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Tue, Apr 18, 2017 at 05:45:09AM -0700, wvervo...@eltan.com wrote:
> Hello,
> 
> I am trying to install Qubes on a UEFI only system (no CSM).
> 
> Everything seems to work fine but after the install I have 2 problems:
> 
> 1) The boot option isn't added
> 2) The efi\qubes directory doesn't contain xen.efi (just the one with the 
> version in it) and the xen.cfg file is created but is 0 bytes in length so 
> not very usefull.
> 
> Do you have any suggestion of what could be the problem? Or how this can be 
> located?
> 
> If I run qubes repair I can use efibootmgr and I can also use the efivars 
> file system so it doesn't look related to that.
> 
> When I tried to verify my boot media this failed but from the other 
> posts it looks to me as this is standard for boot media created from 
> Windows

Logs from installation would be useful, you can find them in /var/log/anaconda 
in installed system (mounted in /mnt/sysimage if you boot in "Rescue a Qubes 
system" mode). I suspect some problem with detecting that you're using UEFI and 
installer simply skipped that part.
Anyway, I've just added instruction what to do now:

https://www.qubes-os.org/doc/uefi-troubleshooting/#installation-finished-but-qubes-boot-option-is-missing-and-xencfg-is-empty


- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJY9mkxAAoJENuP0xzK19csnWAH+wVviEzfnXpbtA+HPwUgcgWG
0eDz74hKDLR+WPxLBSTa2tiXmRrpqKDON7GVrxB6bFqhmhI+7JD3e8HtKmJsmxdw
GuLdMp/3RoDM/Rw4IXxiamB0Ez6m0b3+ClAagjPEVvtUlf25NGNzwqjU8+N6yypz
29+sUKC4Qq4rLgcgaYYcGU2iMFBkzBszq6JKJWRlsqsfWlT/3Og/bJE4rvToaDcF
8LxSMzH052x7pMcHTUJ+fDJ4r4JI4TGxTJh1/rlYjv7eSXyIJfssO65tEfytBfmu
rO1ezSogPzxbmI/Hpa4Hk6OR5N6ATgPMASmKW2lGX5fQ/Af837IFgOIrW7pSvzs=
=idr1
-END PGP SIGNATURE-


--
You received this message because you are subscribed to a topic in the Google 
Groups "qubes-users" group.
To unsubscribe from this topic, visit 
https://groups.google.com/d/topic/qubes-users/WLAf7nOh9Qg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to 
qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ab89ef80b1fa4a839fa986090b8090ef%40Eltsrv03.Eltan.local.
For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are sub

RE: [qubes-users] UEFI installation issue

2017-04-18 Thread Wim Vervoorn
Hello,

In the mean time I tried this one:

efi=no-rs (xen command line) - disable EFI runtime services at all - this would 
make installer unable to setup EFI boot, but at least may make your system 
bootable (once you setup xen.efi path in your EFI BIOS manually)

To eliminate any issues with the Efi runtime variables but this doesn't make 
any difference.

I still get this:

fs0:\EFI> cd qubes

fs0:\EFI\qubes> ls
Directory of: fs0:\EFI\qubes

  04/18/17  02:54a   8,192  .
  04/18/17  02:54a   8,192  ..
  04/18/17  03:25a0  xen.cfg
  07/26/16  11:56a2,126,535  xen-4.6.1.efi
  04/18/17  03:25a5,970,752  vmlinuz-4.4.14-11.pvops.qubes.x86_64
  04/18/17  03:26a   20,973,576  
initramfs-4.4.14-11.pvops.qubes.x86_64.img
  4 File(s)  29,070,863 bytes
  2 Dir(s)


Best Regards,
Wim Vervoorn

Eltan B.V.
Ambachtstraat 23
5481 SM Schijndel
The Netherlands

T : +31-(0)73-594 46 64
E : wvervo...@eltan.com
W : http://www.eltan.com
"THIS MESSAGE CONTAINS CONFIDENTIAL INFORMATION. UNLESS YOU ARE THE INTENDED 
RECIPIENT OF THIS MESSAGE, ANY USE OF THIS MESSAGE IS STRICTLY PROHIBITED. IF 
YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER 
BY TELEPHONE +31-(0)73-5944664 OR REPLY EMAIL, AND IMMEDIATELY DELETE THIS 
MESSAGE AND ALL COPIES." 




-Original Message-
From: qubes-users@googlegroups.com [mailto:qubes-users@googlegroups.com] On 
Behalf Of wvervo...@eltan.com
Sent: Tuesday, April 18, 2017 2:45 PM
To: qubes-users 
Subject: [qubes-users] UEFI installation issue

Hello,

I am trying to install Qubes on a UEFI only system (no CSM).

Everything seems to work fine but after the install I have 2 problems:

1) The boot option isn't added
2) The efi\qubes directory doesn't contain xen.efi (just the one with the 
version in it) and the xen.cfg file is created but is 0 bytes in length so not 
very usefull.

Do you have any suggestion of what could be the problem? Or how this can be 
located?

If I run qubes repair I can use efibootmgr and I can also use the efivars file 
system so it doesn't look related to that.

When I tried to verify my boot media this failed but from the other posts it 
looks to me as this is standard for boot media created from Windows

Best regards,

Wim Vervoorn

-- 
You received this message because you are subscribed to a topic in the Google 
Groups "qubes-users" group.
To unsubscribe from this topic, visit 
https://groups.google.com/d/topic/qubes-users/WLAf7nOh9Qg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to 
qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a9192c25-8279-4688-b2de-990692371403%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/11b986ca836b409290ff7a313bada750%40Eltsrv03.Eltan.local.
For more options, visit https://groups.google.com/d/optout.


RE: [qubes-users] installing qubes 3.2 from a usb disk behind a hub

2017-03-07 Thread Wim Vervoorn
Hello All,

I have an update to this posting. The problem is  a bit different. I tried the 
install with another USB disk, an older USB 2.0 8GB SanDisk Cruzer. In this 
case it works fine. The problem I have is with a SanDisk Ultra USB 3.0 64GB 
stick. 

So the problem is either related to this specific usb stick or the USB 3 
support.


Best regards,

Wim Vervoorn



-Original Message-
From: qubes-users@googlegroups.com [mailto:qubes-users@googlegroups.com] On 
Behalf Of wvervo...@eltan.com
Sent: Monday, March 6, 2017 4:24 PM
To: qubes-users 
Subject: [qubes-users] installing qubes 3.2 from a usb disk behind a hub

Hello,

I have a UEFI system that I try to install Qubes 3.2 on.

This system only has a single USB port available. So I connected a hub to the 
system and the USB disk is connected behind this Hub.

The installation starts but the usb disk is not recognized so the installation 
fails because of that. If I unplug the disk and plug it in again it is 
recognized properly so I guess Qubes has problems mounting the disk behind the 
hub while it is starting the kernel.

Do you have any suggestions?

Best regards,

Wim Vervoorn

-- 
You received this message because you are subscribed to a topic in the Google 
Groups "qubes-users" group.
To unsubscribe from this topic, visit 
https://groups.google.com/d/topic/qubes-users/udDbNxjwC88/unsubscribe.
To unsubscribe from this group and all its topics, send an email to 
qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e7a7381f-263d-458e-b282-62b77aca6124%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d5781b26188e44a49190a80c4dcd7eee%40Eltsrv03.Eltan.local.
For more options, visit https://groups.google.com/d/optout.