[qubes-users] Re: New HCL Entry: Lenovo ThinkPad T470 (20HDCTO1WW)
Apologize, just read you say it leads to an empty .cfg file. What do you mean? Grub file? thats weird. curious, are you multi booting? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bc94c27d-b1e1-4b04-856e-bc5e9077479f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: New HCL Entry: Lenovo ThinkPad T470 (20HDCTO1WW)
On Thursday, November 30, 2017 at 5:07:59 AM UTC-5, Joe Hemmerlein wrote:
> Hi,
>
> so far it was easy to install and run Qubes OS 4.0 RC3 (and RC2) on this
> hardware - as long as I keep boot mode on "Legacy Only".
>
> However, the TPM chip on this hardware works in UEFI boot mode only; and even
> with secureboot disabled and CSM support enabled, I can't get Qubes OS to
> boot in UEFI mode:
> - The installer doesn't run in UEFI mode (I get text mode grub, but whatever
> i select simply does nothing and returns to grub)
> - If I turn UEFI mode on after installing Qubes OS, I don't even get grub.- I
> tried the UEFI troubleshooting guide to no avail, although I was unable to
> run efibootmgr directly while in legacy boot mode ("EFI variables are not
> supported on this system") so in order to run efibootmgr, i booted a separate
> Fedora 26 Live image which does boot in UEFI mode. However, even with updated
> records, the result is the same: selecting those options from the UEFI boot
> menu simply makes the screen flicker once and then i'm back in the UEFI boot
> menu.
> - I tried copying the EFI and CFG file to /EFU/BOOT and renaming them to
> BOOTX64.EFI and .CFG, and also created new entries with efibootmgr for this,
> again without success.
>
>
> I also tried installing Qubes OS 3.2 on this system which didn't work and
> initial troubleshooting failed; but I'd like to concentrate my efforts on
> making this work for Qubes 4.0 so i didn't spend too much time on getting
> Qubes OS 3.2 on the T470.
>
>
>
> Any hints about troubleshooting the UEFI boot option are appreciated; i can
> also provide more exact details about what i already tried. Given the specs
> of this machine, I'm really determined to not give up easily.
>
>
> For now, I'll test other functionality in legacy mode only.
>
> Cheers,
> -joe
What if CSM enabled and legacy bios mode if you have it?
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/69cab2b7-66d3-40ef-8f9d-d6022518dc0b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: New HCL Entry: Lenovo ThinkPad T470 (20HDCTO1WW)
On Thursday, 30 November 2017 11:07:59 UTC+1, Joe Hemmerlein wrote:
> Hi,
>
> so far it was easy to install and run Qubes OS 4.0 RC3 (and RC2) on this
> hardware - as long as I keep boot mode on "Legacy Only".
>
> However, the TPM chip on this hardware works in UEFI boot mode only; and even
> with secureboot disabled and CSM support enabled, I can't get Qubes OS to
> boot in UEFI mode:
> - The installer doesn't run in UEFI mode (I get text mode grub, but whatever
> i select simply does nothing and returns to grub)
> - If I turn UEFI mode on after installing Qubes OS, I don't even get grub.- I
> tried the UEFI troubleshooting guide to no avail, although I was unable to
> run efibootmgr directly while in legacy boot mode ("EFI variables are not
> supported on this system") so in order to run efibootmgr, i booted a separate
> Fedora 26 Live image which does boot in UEFI mode. However, even with updated
> records, the result is the same: selecting those options from the UEFI boot
> menu simply makes the screen flicker once and then i'm back in the UEFI boot
> menu.
> - I tried copying the EFI and CFG file to /EFU/BOOT and renaming them to
> BOOTX64.EFI and .CFG, and also created new entries with efibootmgr for this,
> again without success.
>
>
> I also tried installing Qubes OS 3.2 on this system which didn't work and
> initial troubleshooting failed; but I'd like to concentrate my efforts on
> making this work for Qubes 4.0 so i didn't spend too much time on getting
> Qubes OS 3.2 on the T470.
>
>
>
> Any hints about troubleshooting the UEFI boot option are appreciated; i can
> also provide more exact details about what i already tried. Given the specs
> of this machine, I'm really determined to not give up easily.
>
>
> For now, I'll test other functionality in legacy mode only.
>
> Cheers,
> -joe
Hi,
I have managed to keep everything pretty standard in my installation on my
T470p.
* Turn off SecureBoot
* dd iso (qubes 4.0) to USB-stick
* add rEFInd to another USB-stick
* boot on the rEFInd USB-stick and start the installer.
I struggle with TPM, but I figure that I should go through the guide over here:
https://github.com/tklengyel/xen-uefi to sign the xen-efi and get TPM.
Regards
Josef
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/719c1ca8-157d-49c6-9a71-1dcc74ff8acf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: New HCL Entry: Lenovo ThinkPad T470 (20HDCTO1WW)
On Thursday, November 30, 2017 at 2:07:59 AM UTC-8, Joe Hemmerlein wrote: > Any hints about troubleshooting the UEFI boot option are appreciated; i can > also provide more exact details about what i already tried. Given the specs > of this machine, I'm really determined to not give up easily. > Here is a detailed log of what I tried. ThinkPad T470 (20HD-CT01WW) UEFI/BIOS configuration === Setup – Main - UEFI BIOS Version: N1QET68W (1.43) - UEFI BIOS Date: 2017-11-10 - Installed Memory: 32768 MB - UEFI Secure Boot: Off Setup – Config – USB - USB UEFI BIOS Support: Enabled Setup – Security – Security Chip - Security Chip Type: TPM 2.0 - Security Chip: Enabled - Intel TXT Feature: Enabled Setup – Security – Memory Protection - Execution Prevention: Enabled Setup – Security – Virtualization - Intel Virtualization Technology: Enabled - Intel VT-d Feature: Enabled Setup – Security – Secure Boot - Secure Boot: Disabled Setup – Security – Intel SGX - Intel SGX Control: Software - Current State: Enabled Setup – Security – Device Guard - Device Guard: Disabled Setup – Startup - Boot (Priority Order) includes "USB HDD" and "NVMe0 Intel SSDPEKKF256G7L" - UEFI/Legacy Boot: UEFI Only - CSM Support: Yes Initial Setup Experience - Created USB stick using Rufus with dd method from 4.0R3 ISO image - Able to boot USB stick by invoking UEFI Boot Menu with F12, then selecting USB HDD - This results in a text mode grub menu with the four options - Option 1 (Test media and install Qubes R4.0-rc3) is default and will start automatically - Option 1 then fails: "XEN 4.8.2 (c/s ) EFI loader // Failed to boot both default and fallback entries" Only way I found to install Qubes OS: - Change BIOS/UEFI setup configuration item "UEFI/Legacy Boot" to "Legacy Only" - Boot from USB and install. GUI install works fine with default options (all I change is my keyboard layout to Dvorak) - Reboot, and configure Qubes OS with default options - Qubes OS starts and is usable as long as BIOS/UEFI setup configuration is using "Legacy Only", but... --- Problem: no TPM available. According to Lenovo, the TPM2.0 will not be exposed in legacy boot scenario; in order for TPM to be exposed, it seems like we need UEFI boot. Trying to switch to UEFI - As described at https://www.qubes-os.org/doc/uefi-troubleshooting/#installation-finished-but-qubes-boot-option-is-missing-and-xencfg-is-empty, we have an empty (0 bytes) xen.efi file in /boot/efi/EFI/qubes. Followed steps in guide, essentially: - Booted into Qubes with legacy boot - Renamed xen-4.8.2.efi to xen.efi - Copied contents from xen.cfg I troubleshooting guide to xen.cfg in dom0 - Edited xen.cfg to adjust for current kernel number in four places - Rebooted - Booted with legacy boot from USB install stick - Selected Advanced – Rescue a Qubes installation - Selected option 1 to continue - Found installation on device nvme0n1p2 and entered LUKS passphrase - Got Shell - Changes made to files still visible in /mnt/sysimage/boot/efi/EFI/qubes - Ran the efibootmgr command as shown in the guide, but adjusted devicename. I didn’t know whether I should add nvme0n1 or nvme0, or maybe even nvme0n1p1 – so I ran the command three times with different labels. --- Problem: Can't run efibootmgr. Error: "EFI variables are not supported on this system" - Rebooted, but also changing BIOS/UEFI setup boot options again --- Boot option "Both" with "UEFI First" failed to boot from USB (went back to UEFI boot menu) --- Boot option "Both" with "Legacy First" allowed me to boot from USB to rescue a Qubes installation. --- Problem: efibootmgr command still fails with "EFI variables are not supported on this system". - It looks like I may need to somehow boot with UEFI enabled I order to run efibootmgr. - Trying a Fedora Live CD (Fedora-Workstation-Live-x86_64-26-1.5.iso) - Created USB stick with Rufus dd method - Booted USB stick with boot option set to "UEFI Only" and "CSM Support" enabled. - Fedora stick boots successfully into Fedora 26 Live - Efibootmr command generally works - Tried it: --- efibootmgr -v -c -u -L Qubes431 -l /EFI/qubes/xen.efi -d /dev/nvme0n1 -p 1 "placeholder /mapbs /noexitboot" --- efibootmgr -v -c -u -L Qubes431 -l /EFI/qubes/xen.efi -d /dev/nvme0n1p1 -p 1 "placeholder /mapbs /noexitboot" --- efibootmgr -v -c -u -L Qubes433 -l /EFI/qubes/xen.efi -d /dev/nvme0n1p1 "placeholder /mapbs /noexitboot" - Rebooted (still with "UEFI Only" and "CSM" boot options enabled) - Selected F12 again for UEFI boot menu, and I could see both new added entries. I tried both of them, but... --- Problem: selecting ay of those entries just gets us back to the UEFI boot menu. They’re failing visually the same way as the standard "Qubes" entry fails. - Rebooted back into the Live image - I noticed that on nvme0n1p1, the .efi file is actually in /efi/EFI/qubes/xen.efi, and not in /EFI/qubes/xen.efi. not sure if that matters, but let’s
