mirror of
https://github.com/Qubes-Community/Contents.git
synced 2025-01-08 13:57:58 -05:00
Convert relative official website links to absolute
https://github.com/QubesOS/qubes-issues/issues/4693
This commit is contained in:
parent
e3f40cc91f
commit
15eaa32692
@ -18,11 +18,11 @@ Archlinux template building instructions
|
|||||||
* The qube should be based on a Fedora template. I named the qube
|
* The qube should be based on a Fedora template. I named the qube
|
||||||
`build-archlinux2`, based on the minimal Fedora template.
|
`build-archlinux2`, based on the minimal Fedora template.
|
||||||
|
|
||||||
![arch-template-01](/attachment/wiki/ArchlinuxTemplate/arch-template-01.png)
|
![arch-template-01](https://www.qubes-os.org/attachment/wiki/ArchlinuxTemplate/arch-template-01.png)
|
||||||
|
|
||||||
* Ensure there is at least 15GB of free space in the private storage.
|
* Ensure there is at least 15GB of free space in the private storage.
|
||||||
|
|
||||||
![arch-template-02](/attachment/wiki/ArchlinuxTemplate/arch-template-02.png)
|
![arch-template-02](https://www.qubes-os.org/attachment/wiki/ArchlinuxTemplate/arch-template-02.png)
|
||||||
|
|
||||||
|
|
||||||
2: Create GitHub Account (optional)
|
2: Create GitHub Account (optional)
|
||||||
@ -30,7 +30,7 @@ Archlinux template building instructions
|
|||||||
* It can be helpful. Creating only a basic account is all that is needed. This will allow you to help, going forward, with the Qubes project. You could be help edit errors in documentation. It can also be of use building other templates.
|
* It can be helpful. Creating only a basic account is all that is needed. This will allow you to help, going forward, with the Qubes project. You could be help edit errors in documentation. It can also be of use building other templates.
|
||||||
* Create user account here https://github.com
|
* Create user account here https://github.com
|
||||||
|
|
||||||
![arch-template-03](/attachment/wiki/ArchlinuxTemplate/arch-template-03.png)
|
![arch-template-03](https://www.qubes-os.org/attachment/wiki/ArchlinuxTemplate/arch-template-03.png)
|
||||||
|
|
||||||
3: Install necessary packages to `build-archlinux2` qube for "Qubes Automated Build System"
|
3: Install necessary packages to `build-archlinux2` qube for "Qubes Automated Build System"
|
||||||
-----------------------------------------------------------------------------------------------
|
-----------------------------------------------------------------------------------------------
|
||||||
@ -44,7 +44,7 @@ Archlinux template building instructions
|
|||||||
```shell_session
|
```shell_session
|
||||||
$ gpg --import /usr/share/qubes/qubes-master-key.asc
|
$ gpg --import /usr/share/qubes/qubes-master-key.asc
|
||||||
```
|
```
|
||||||
* Verify its fingerprint, set as 'trusted'. [This is described here](/doc/VerifyingSignatures).
|
* Verify its fingerprint, set as 'trusted'. [This is described here](https://www.qubes-os.org/doc/VerifyingSignatures).
|
||||||
* Download the Qubes developers' keys.
|
* Download the Qubes developers' keys.
|
||||||
```shell_session
|
```shell_session
|
||||||
$ wget https://keys.qubes-os.org/keys/qubes-developers-keys.asc
|
$ wget https://keys.qubes-os.org/keys/qubes-developers-keys.asc
|
||||||
@ -74,69 +74,69 @@ $ make install-deps
|
|||||||
$ cd /home/user/qubes-builder/
|
$ cd /home/user/qubes-builder/
|
||||||
$ ./setup
|
$ ./setup
|
||||||
```
|
```
|
||||||
![arch-template-04](/attachment/wiki/ArchlinuxTemplate/arch-template-04.png)
|
![arch-template-04](https://www.qubes-os.org/attachment/wiki/ArchlinuxTemplate/arch-template-04.png)
|
||||||
|
|
||||||
* Install the missing dependencies
|
* Install the missing dependencies
|
||||||
|
|
||||||
![arch-template-05](/attachment/wiki/ArchlinuxTemplate/arch-template-05.png)
|
![arch-template-05](https://www.qubes-os.org/attachment/wiki/ArchlinuxTemplate/arch-template-05.png)
|
||||||
|
|
||||||
* First screen will ask you to import 'Qubes-Master-Signing-key.asc'. The 'setup' script not only downloads but confirms the key to that of the key on Qubes-OS website.
|
* First screen will ask you to import 'Qubes-Master-Signing-key.asc'. The 'setup' script not only downloads but confirms the key to that of the key on Qubes-OS website.
|
||||||
* Select '**YES**'
|
* Select '**YES**'
|
||||||
* Select '**OK**' Press '**Enter**'
|
* Select '**OK**' Press '**Enter**'
|
||||||
|
|
||||||
![arch-template-06](/attachment/wiki/ArchlinuxTemplate/arch-template-06.png)
|
![arch-template-06](https://www.qubes-os.org/attachment/wiki/ArchlinuxTemplate/arch-template-06.png)
|
||||||
|
|
||||||
* Next screen will ask you to import Marek Marczykowski-Goracki (Qubes OS signing key). Again 'setup' will confirm this key to the fingerprint.
|
* Next screen will ask you to import Marek Marczykowski-Goracki (Qubes OS signing key). Again 'setup' will confirm this key to the fingerprint.
|
||||||
* Select '**YES**'
|
* Select '**YES**'
|
||||||
* Select '**OK**' Press '**Enter**'
|
* Select '**OK**' Press '**Enter**'
|
||||||
|
|
||||||
![arch-template-07](/attachment/wiki/ArchlinuxTemplate/arch-template-07.png)
|
![arch-template-07](https://www.qubes-os.org/attachment/wiki/ArchlinuxTemplate/arch-template-07.png)
|
||||||
|
|
||||||
* This screen will give you the choice of which Qubes Release to build the template for.
|
* This screen will give you the choice of which Qubes Release to build the template for.
|
||||||
* Select '**Qubes Release 4.0**'
|
* Select '**Qubes Release 4.0**'
|
||||||
* Select '**OK**' Press '**Enter**'
|
* Select '**OK**' Press '**Enter**'
|
||||||
|
|
||||||
![arch-template-08](/attachment/wiki/ArchlinuxTemplate/arch-template-08.png)
|
![arch-template-08](https://www.qubes-os.org/attachment/wiki/ArchlinuxTemplate/arch-template-08.png)
|
||||||
|
|
||||||
* Screen "**Choose Repos To Use To Build Packages**"
|
* Screen "**Choose Repos To Use To Build Packages**"
|
||||||
* Select 'QubesOS/qubes- Stable - Default Repo'
|
* Select 'QubesOS/qubes- Stable - Default Repo'
|
||||||
* Select '**OK**' Press '**Enter**'
|
* Select '**OK**' Press '**Enter**'
|
||||||
|
|
||||||
|
|
||||||
![arch-template-09](/attachment/wiki/ArchlinuxTemplate/arch-template-09.png)
|
![arch-template-09](https://www.qubes-os.org/attachment/wiki/ArchlinuxTemplate/arch-template-09.png)
|
||||||
|
|
||||||
* Screen "**Git Clone Faster**"
|
* Screen "**Git Clone Faster**"
|
||||||
* Select '**OK**' Press '**Enter**'
|
* Select '**OK**' Press '**Enter**'
|
||||||
|
|
||||||
![arch-template-10](/attachment/wiki/ArchlinuxTemplate/arch-template-10.png)
|
![arch-template-10](https://www.qubes-os.org/attachment/wiki/ArchlinuxTemplate/arch-template-10.png)
|
||||||
|
|
||||||
* Screen '**Choose Pre-Build Packages Repositories**'
|
* Screen '**Choose Pre-Build Packages Repositories**'
|
||||||
* Select nothing, Press '**Enter**'
|
* Select nothing, Press '**Enter**'
|
||||||
|
|
||||||
![arch-template-11](/attachment/wiki/ArchlinuxTemplate/arch-template-11.png)
|
![arch-template-11](https://www.qubes-os.org/attachment/wiki/ArchlinuxTemplate/arch-template-11.png)
|
||||||
|
|
||||||
* Screen "**Build Template Only?**"
|
* Screen "**Build Template Only?**"
|
||||||
* Select '**Yes**' Press '**Enter**'
|
* Select '**Yes**' Press '**Enter**'
|
||||||
|
|
||||||
![arch-template-12](/attachment/wiki/ArchlinuxTemplate/arch-template-12.png)
|
![arch-template-12](https://www.qubes-os.org/attachment/wiki/ArchlinuxTemplate/arch-template-12.png)
|
||||||
|
|
||||||
* Screen '**Template Distribution Selection**' will give choices of distributions to build
|
* Screen '**Template Distribution Selection**' will give choices of distributions to build
|
||||||
* Deselect everything
|
* Deselect everything
|
||||||
* Select '**archlinux**'
|
* Select '**archlinux**'
|
||||||
|
|
||||||
![arch-template-13](/attachment/wiki/ArchlinuxTemplate/arch-template-13.png)
|
![arch-template-13](https://www.qubes-os.org/attachment/wiki/ArchlinuxTemplate/arch-template-13.png)
|
||||||
|
|
||||||
* Screen '**Builder Plugin Selection**' will give choices of builder plugins to use for the build.
|
* Screen '**Builder Plugin Selection**' will give choices of builder plugins to use for the build.
|
||||||
* Deselect everything
|
* Deselect everything
|
||||||
* Select '**builder-archlinux**'
|
* Select '**builder-archlinux**'
|
||||||
* Select '**OK**' Press **Enter**
|
* Select '**OK**' Press **Enter**
|
||||||
|
|
||||||
![arch-template-14](/attachment/wiki/ArchlinuxTemplate/arch-template-14.png)
|
![arch-template-14](https://www.qubes-os.org/attachment/wiki/ArchlinuxTemplate/arch-template-14.png)
|
||||||
|
|
||||||
* Screen '**Get sources**' wants to download additional packages needed for the choosen plugin/s.
|
* Screen '**Get sources**' wants to download additional packages needed for the choosen plugin/s.
|
||||||
* Select '**Yes**' Press '**Enter**'
|
* Select '**Yes**' Press '**Enter**'
|
||||||
|
|
||||||
![arch-template-15](/attachment/wiki/ArchlinuxTemplate/arch-template-15.png)
|
![arch-template-15](https://www.qubes-os.org/attachment/wiki/ArchlinuxTemplate/arch-template-15.png)
|
||||||
|
|
||||||
* Then wait for download to finish and press '**OK**'
|
* Then wait for download to finish and press '**OK**'
|
||||||
|
|
||||||
@ -192,7 +192,7 @@ $ ls
|
|||||||
qubes-template-archlinux-X.X.X-XXXXXXXXXXXX.noarch.rpm
|
qubes-template-archlinux-X.X.X-XXXXXXXXXXXX.noarch.rpm
|
||||||
```
|
```
|
||||||
|
|
||||||
![arch-template-16](/attachment/wiki/ArchlinuxTemplate/arch-template-16.png)
|
![arch-template-16](https://www.qubes-os.org/attachment/wiki/ArchlinuxTemplate/arch-template-16.png)
|
||||||
|
|
||||||
* **Transfer the install-templates.sh script file into Dom0**
|
* **Transfer the install-templates.sh script file into Dom0**
|
||||||
*Note: as there is not a typical file transfer method for Dom0, for security reasons, this less than simple transfer function has to be used*
|
*Note: as there is not a typical file transfer method for Dom0, for security reasons, this less than simple transfer function has to be used*
|
||||||
@ -294,7 +294,7 @@ Debugging the qube runtime
|
|||||||
If you are able to launch a terminal and execute command, just use your usual
|
If you are able to launch a terminal and execute command, just use your usual
|
||||||
archlinux-fu to fix the issue.
|
archlinux-fu to fix the issue.
|
||||||
If you are not able to launch a terminal, then, shutdown the qube, create a new
|
If you are not able to launch a terminal, then, shutdown the qube, create a new
|
||||||
DisposableVM, [mount the Archlinux disk in the DisposableVM](/doc/mount-lvm-image/), chroot to it, and then use
|
DisposableVM, [mount the Archlinux disk in the DisposableVM](https://www.qubes-os.org/doc/mount-lvm-image/), chroot to it, and then use
|
||||||
your archlinux-fu.
|
your archlinux-fu.
|
||||||
Below, and example of this kind of debugging [that happened on
|
Below, and example of this kind of debugging [that happened on
|
||||||
reddit](https://old.reddit.com/r/Qubes/comments/eg50ne/built_arch_linux_template_and_installed_but_app/):
|
reddit](https://old.reddit.com/r/Qubes/comments/eg50ne/built_arch_linux_template_and_installed_but_app/):
|
||||||
@ -326,7 +326,7 @@ I tried to rebuild archlinux and got the same issue.
|
|||||||
The issue come from a systemd unit named "qubes-mount-dirs". We want to know more about that. We can't execute command into the qube, so let's shut it down.
|
The issue come from a systemd unit named "qubes-mount-dirs". We want to know more about that. We can't execute command into the qube, so let's shut it down.
|
||||||
Then, we mount the archlinux root disk into a DisposableVM (
|
Then, we mount the archlinux root disk into a DisposableVM (
|
||||||
[mount_lvm_image.sh](https://github.com/Qubes-Community/Contents/blob/master/code/OS-administration/mount_lvm_image.sh)
|
[mount_lvm_image.sh](https://github.com/Qubes-Community/Contents/blob/master/code/OS-administration/mount_lvm_image.sh)
|
||||||
& [mount-lvm-image](/doc/mount-lvm-image/) )
|
& [mount-lvm-image](https://www.qubes-os.org/doc/mount-lvm-image/) )
|
||||||
```shell_session
|
```shell_session
|
||||||
$ ./mount_lvm_image.sh /dev/qubes_dom0/vm-archlinux-minimal-root fedora-dvm
|
$ ./mount_lvm_image.sh /dev/qubes_dom0/vm-archlinux-minimal-root fedora-dvm
|
||||||
```
|
```
|
||||||
|
@ -154,7 +154,7 @@ Start by retrieving a recent git and identify how you can build a package from i
|
|||||||
|
|
||||||
Find the .spec file in the git repository (this is the file used to build rpm packages), and try to adapt it to your OS in order to build a package similar to the target 'vmm-xen'.
|
Find the .spec file in the git repository (this is the file used to build rpm packages), and try to adapt it to your OS in order to build a package similar to the target 'vmm-xen'.
|
||||||
For example, a PKGBUILD has been created for
|
For example, a PKGBUILD has been created for
|
||||||
[ArchLinux](/doc/building-archlinux-template/) which can be found in the vmm-xen repository.
|
[ArchLinux](https://www.qubes-os.org/doc/building-archlinux-template/) which can be found in the vmm-xen repository.
|
||||||
|
|
||||||
Don't be afraid of the complexity of the PKGBUILD: most of the code is almost a copy/paste of required sources and patches found in the .spec file provided in the git repository.
|
Don't be afraid of the complexity of the PKGBUILD: most of the code is almost a copy/paste of required sources and patches found in the .spec file provided in the git repository.
|
||||||
|
|
||||||
|
@ -15,7 +15,7 @@ Many other Qubes templates can also be built by following this procedure.
|
|||||||
Simply choose the appropriate builder(s) and template(s) you wish to build in the `./setup` procedure below.
|
Simply choose the appropriate builder(s) and template(s) you wish to build in the `./setup` procedure below.
|
||||||
Always include the `mgmt-salt` builder.
|
Always include the `mgmt-salt` builder.
|
||||||
|
|
||||||
First, set up the [Build Environment](/doc/qubes-iso-building/#build-environment) (follow the build environment section only).
|
First, set up the [Build Environment](https://www.qubes-os.org/doc/qubes-iso-building/#build-environment) (follow the build environment section only).
|
||||||
|
|
||||||
Next, configure the builder:
|
Next, configure the builder:
|
||||||
|
|
||||||
|
@ -23,7 +23,7 @@ These are mostly USB audio cards, but firewire devices also might be used.
|
|||||||
Implementing external audio devices
|
Implementing external audio devices
|
||||||
-----------------------------------
|
-----------------------------------
|
||||||
|
|
||||||
First you need to identify an user VM dedicated to audio and [assign a device](/doc/AssigningDevices) to it.
|
First you need to identify an user VM dedicated to audio and [assign a device](https://www.qubes-os.org/doc/AssigningDevices) to it.
|
||||||
In the most common case the assigned device is the USB controller to which your USB audio card will be connected.
|
In the most common case the assigned device is the USB controller to which your USB audio card will be connected.
|
||||||
|
|
||||||
### Fedora VMs
|
### Fedora VMs
|
||||||
|
@ -11,7 +11,7 @@ redirect_from:
|
|||||||
Fetchmail
|
Fetchmail
|
||||||
=========
|
=========
|
||||||
|
|
||||||
Fetchmail is standalone MRA (Mail Retrieval Agent) aka "IMAP/POP3 client". Its sole purpose is to fetch your messages and store it locally or feed to local MTA (Message Transfer Agent). It cannot "read" messages — for that, use a MUA like Thunderbird or [Mutt](/doc/mutt/).
|
Fetchmail is standalone MRA (Mail Retrieval Agent) aka "IMAP/POP3 client". Its sole purpose is to fetch your messages and store it locally or feed to local MTA (Message Transfer Agent). It cannot "read" messages — for that, use a MUA like Thunderbird or [Mutt](https://www.qubes-os.org/doc/mutt/).
|
||||||
|
|
||||||
Installation
|
Installation
|
||||||
------------
|
------------
|
||||||
@ -23,7 +23,7 @@ Configuration
|
|||||||
|
|
||||||
Assuming you have more than one account (safe assumption these days), you need to spawn multiple fetchmail instances, one for each IMAP/POP3 server (though one instance can watch over several accounts on one server). The easiest way is to create template systemd unit and start it several times. Fedora does not supply any, so we have to write one anyway.
|
Assuming you have more than one account (safe assumption these days), you need to spawn multiple fetchmail instances, one for each IMAP/POP3 server (though one instance can watch over several accounts on one server). The easiest way is to create template systemd unit and start it several times. Fedora does not supply any, so we have to write one anyway.
|
||||||
|
|
||||||
**NOTE:** this assumes you use [Postfix](/doc/postfix/) or Exim4 as your local MTA.
|
**NOTE:** this assumes you use [Postfix](https://www.qubes-os.org/doc/postfix/) or Exim4 as your local MTA.
|
||||||
|
|
||||||
In TemplateVM create `/etc/systemd/system/fetchmail@.service`:
|
In TemplateVM create `/etc/systemd/system/fetchmail@.service`:
|
||||||
|
|
||||||
|
@ -153,4 +153,4 @@ This guide was initially written by Igor Bukanov in a [message] to the `qubes-de
|
|||||||
|
|
||||||
[archive]: https://groups.google.com/group/qubes-devel/attach/39c95d63fccca12b/proxy.tar.gz?part=0.1
|
[archive]: https://groups.google.com/group/qubes-devel/attach/39c95d63fccca12b/proxy.tar.gz?part=0.1
|
||||||
[message]: https://groups.google.com/d/msg/qubes-devel/UlK8P27UtD4/K6HM_GNdyTkJ
|
[message]: https://groups.google.com/d/msg/qubes-devel/UlK8P27UtD4/K6HM_GNdyTkJ
|
||||||
[mailing list]: /mailing-lists/
|
[mailing list]: https://www.qubes-os.org/mailing-lists/
|
||||||
|
@ -21,7 +21,7 @@ Support for newer cards is limited until AMDGPU support in the 4.5+ kernel, whic
|
|||||||
Built in Intel graphics, Radeon graphics (between that 4000-9000 range), and perhaps some prebaked NVIDIA card support that I don't know about. Those are your best bet for great Qubes support.
|
Built in Intel graphics, Radeon graphics (between that 4000-9000 range), and perhaps some prebaked NVIDIA card support that I don't know about. Those are your best bet for great Qubes support.
|
||||||
|
|
||||||
If you do happen to get proprietary drivers working on your Qubes system (via installing them), please take the time to go to the
|
If you do happen to get proprietary drivers working on your Qubes system (via installing them), please take the time to go to the
|
||||||
[Hardware Compatibility List (HCL)](/doc/hcl/#generating-and-submitting-new-reports )
|
[Hardware Compatibility List (HCL)](https://www.qubes-os.org/doc/hcl/#generating-and-submitting-new-reports )
|
||||||
Add your computer, graphics card, and installation steps you did to get everything working.
|
Add your computer, graphics card, and installation steps you did to get everything working.
|
||||||
|
|
||||||
Before continuing, you may wish to try the `kernel-latest` package from the `current` repository. This kernel may better support your card and if so, you would not have to rely on proprietary drivers. This can be installed from dom0 with:
|
Before continuing, you may wish to try the `kernel-latest` package from the `current` repository. This kernel may better support your card and if so, you would not have to rely on proprietary drivers. This can be installed from dom0 with:
|
||||||
@ -75,7 +75,7 @@ Reboot.
|
|||||||
|
|
||||||
This process is quite complicated: First - download the source from nvidia.com site. Here "NVIDIA-Linux-x86\_64-260.19.44.run" is used. Copy it to dom0. Every next step is done in dom0.
|
This process is quite complicated: First - download the source from nvidia.com site. Here "NVIDIA-Linux-x86\_64-260.19.44.run" is used. Copy it to dom0. Every next step is done in dom0.
|
||||||
|
|
||||||
See [this page](/doc/copy-to-dom0/) for instructions on how to transfer files to Dom0 (where there is normally no networking).
|
See [this page](https://www.qubes-os.org/doc/copy-to-dom0/) for instructions on how to transfer files to Dom0 (where there is normally no networking).
|
||||||
|
|
||||||
**WARNING**: Nvidia doesn't sign their files. To make it worse, you are forced to download them over a plaintext connection. This means there are virtually dozens of possibilities for somebody to modify this file and provide you with a malicious/backdoored file. You should realize that installing untrusted files into your Dom0 is a bad idea. Perhaps it might be a better idea to just get a new laptop with integrated Intel GPU? You have been warned.
|
**WARNING**: Nvidia doesn't sign their files. To make it worse, you are forced to download them over a plaintext connection. This means there are virtually dozens of possibilities for somebody to modify this file and provide you with a malicious/backdoored file. You should realize that installing untrusted files into your Dom0 is a bad idea. Perhaps it might be a better idea to just get a new laptop with integrated Intel GPU? You have been warned.
|
||||||
|
|
||||||
@ -137,5 +137,5 @@ Reboot to verify all this works.
|
|||||||
|
|
||||||
## Troubleshooting lack of video output during installation
|
## Troubleshooting lack of video output during installation
|
||||||
|
|
||||||
The GRUB menu may show up fine, the installation environment starts loading, and then the display(s) go into standby mode. This is, typically, related to some sort of an issue with the kernel's KMS/video card modules. See the [Nvidia Troubleshooting](/doc/nvidia-troubleshooting/#lack-of-video-output-during-nvidia-driver-installation) guide for troubleshooting steps.
|
The GRUB menu may show up fine, the installation environment starts loading, and then the display(s) go into standby mode. This is, typically, related to some sort of an issue with the kernel's KMS/video card modules. See the [Nvidia Troubleshooting](https://www.qubes-os.org/doc/nvidia-troubleshooting/#lack-of-video-output-during-nvidia-driver-installation) guide for troubleshooting steps.
|
||||||
|
|
||||||
|
@ -11,7 +11,7 @@ Introduction
|
|||||||
---------------------
|
---------------------
|
||||||
|
|
||||||
You should think carefully before dual booting Qubes on your box.
|
You should think carefully before dual booting Qubes on your box.
|
||||||
Read the [guidelines](/doc/security-guidelines) carefully.
|
Read the [guidelines](https://www.qubes-os.org/doc/security-guidelines) carefully.
|
||||||
|
|
||||||
One problem is that when you dual or multiboot, even if you are using
|
One problem is that when you dual or multiboot, even if you are using
|
||||||
encryption on your Qubes installation, /boot is still unprotected and
|
encryption on your Qubes installation, /boot is still unprotected and
|
||||||
@ -22,7 +22,7 @@ The other problem is firmware security - for example the other system
|
|||||||
could infect the BIOS firmware, which might enable compromise or spying on
|
could infect the BIOS firmware, which might enable compromise or spying on
|
||||||
the Qubes system.
|
the Qubes system.
|
||||||
|
|
||||||
You can use [Anti Evil Maid](/doc/anti-evil-maid/), which would inform
|
You can use [Anti Evil Maid](https://www.qubes-os.org/doc/anti-evil-maid/), which would inform
|
||||||
you if /boot had been modified, but it cannot prevent or fix the problem.
|
you if /boot had been modified, but it cannot prevent or fix the problem.
|
||||||
|
|
||||||
If you have considered these issues, tried out the live system and want to
|
If you have considered these issues, tried out the live system and want to
|
||||||
|
@ -16,8 +16,8 @@ Mutt is a fast, standards-compliant, efficient MUA (Mail User Agent). In some ar
|
|||||||
Mutt lacks true MTA (Message Transfer Agent aka "SMTP client") and MRA (Mail
|
Mutt lacks true MTA (Message Transfer Agent aka "SMTP client") and MRA (Mail
|
||||||
Retrieval Agent aka "IMAP/POP3 client"), thus there are some provisions
|
Retrieval Agent aka "IMAP/POP3 client"), thus there are some provisions
|
||||||
built-in. In principle it is only mail reader and composer. You may install
|
built-in. In principle it is only mail reader and composer. You may install
|
||||||
true MTA such as [Postfix](/doc/postfix/) or Exim and MRA such as
|
true MTA such as [Postfix](https://www.qubes-os.org/doc/postfix/) or Exim and MRA such as
|
||||||
[Fetchmail](/doc/fetchmail/). Alternatively you can synchronize your mailbox
|
[Fetchmail](https://www.qubes-os.org/doc/fetchmail/). Alternatively you can synchronize your mailbox
|
||||||
using [OfflineIMAP](https://github.com/OfflineIMAP/offlineimap) and just stick
|
using [OfflineIMAP](https://github.com/OfflineIMAP/offlineimap) and just stick
|
||||||
to integrated SMTP support. You can even use integrated IMAP client, but it is
|
to integrated SMTP support. You can even use integrated IMAP client, but it is
|
||||||
not very convenient.
|
not very convenient.
|
||||||
@ -32,7 +32,7 @@ Installation
|
|||||||
Configuration
|
Configuration
|
||||||
-------------
|
-------------
|
||||||
|
|
||||||
Mutt generally works out of the box. This configuration guide discusses only Qubes-specific setup. In this example we will have one TemplateVM and several AppVMs. It also takes advantage of [SplitGPG](/doc/split-gpg/), which is assumed to be already working.
|
Mutt generally works out of the box. This configuration guide discusses only Qubes-specific setup. In this example we will have one TemplateVM and several AppVMs. It also takes advantage of [SplitGPG](https://www.qubes-os.org/doc/split-gpg/), which is assumed to be already working.
|
||||||
|
|
||||||
**NOTE:** this requires `qubes-gpg-split >= 2.0.9`. 2.0.8 and earlier contains bug which causes this setup to hang in specific situations and does not allow to list keys.
|
**NOTE:** this requires `qubes-gpg-split >= 2.0.9`. 2.0.8 and earlier contains bug which causes this setup to hang in specific situations and does not allow to list keys.
|
||||||
|
|
||||||
|
@ -30,7 +30,7 @@ As a result, installation of such third-party RPMs in a default template VM expo
|
|||||||
(Again, it's not buggy or malicious drivers that we fear here, but rather malicious installation scripts for those drivers).
|
(Again, it's not buggy or malicious drivers that we fear here, but rather malicious installation scripts for those drivers).
|
||||||
|
|
||||||
In order to mitigate this risk, one might consider creating a custom template (i.e. clone the original template) and then install the third-party, unverified drivers there.
|
In order to mitigate this risk, one might consider creating a custom template (i.e. clone the original template) and then install the third-party, unverified drivers there.
|
||||||
Such template might then be made a DVM template for [DisposableVM creation](/doc/disposablevm/), which should allow one to print any document by right-clicking on it, choosing "Open in DisposableVM" and print from there.
|
Such template might then be made a DVM template for [DisposableVM creation](https://www.qubes-os.org/doc/disposablevm/), which should allow one to print any document by right-clicking on it, choosing "Open in DisposableVM" and print from there.
|
||||||
This would allow to print documents from more trusted AppVMs (based on a trusted default template that is not poisoned by third-party printer drivers).
|
This would allow to print documents from more trusted AppVMs (based on a trusted default template that is not poisoned by third-party printer drivers).
|
||||||
|
|
||||||
However, one should be aware that most (all?) network printing protocols are insecure, unencrypted protocols.
|
However, one should be aware that most (all?) network printing protocols are insecure, unencrypted protocols.
|
||||||
|
@ -11,7 +11,7 @@ redirect_from:
|
|||||||
Postfix
|
Postfix
|
||||||
=======
|
=======
|
||||||
|
|
||||||
Postfix is full featured MTA (Message Transfer Agent). Here we will configure it in smarthost mode as part of common [Mutt](/doc/mutt/)+Postfix+[Fetchmail](/doc/fetchmail/) stack.
|
Postfix is full featured MTA (Message Transfer Agent). Here we will configure it in smarthost mode as part of common [Mutt](https://www.qubes-os.org/doc/mutt/)+Postfix+[Fetchmail](https://www.qubes-os.org/doc/fetchmail/) stack.
|
||||||
|
|
||||||
Installation
|
Installation
|
||||||
------------
|
------------
|
||||||
|
@ -10,7 +10,7 @@ This section provides user suggested tips that aim to increase Qubes OS usabilit
|
|||||||
|
|
||||||
Opening links in your preferred AppVM
|
Opening links in your preferred AppVM
|
||||||
-------------------------------------
|
-------------------------------------
|
||||||
To increase both security and usability you can set an AppVM so that it automatically opens any link in an different AppVM of your choice. You can do this for example in the email AppVM, in this way you avoid to make mistakes like opening links in it. To learn more you can check [security guidelines](/doc/security-guidelines/) and [security goals](/security/goals/).
|
To increase both security and usability you can set an AppVM so that it automatically opens any link in an different AppVM of your choice. You can do this for example in the email AppVM, in this way you avoid to make mistakes like opening links in it. To learn more you can check [security guidelines](https://www.qubes-os.org/doc/security-guidelines/) and [security goals](https://www.qubes-os.org/security/goals/).
|
||||||
|
|
||||||
The command `qvm-open-in-vm` lets you open a document or a URL in another VM. It takes two parameters: vmname and filename.
|
The command `qvm-open-in-vm` lets you open a document or a URL in another VM. It takes two parameters: vmname and filename.
|
||||||
|
|
||||||
@ -44,7 +44,7 @@ Credit: [Micah Lee](https://micahflee.com/2016/06/qubes-tip-opening-links-in-you
|
|||||||
|
|
||||||
Preventing data leaks
|
Preventing data leaks
|
||||||
---------------------
|
---------------------
|
||||||
First make sure to read [Understanding and Preventing Data Leaks](/doc/data-leaks/) section to understand the limits of this tip.
|
First make sure to read [Understanding and Preventing Data Leaks](https://www.qubes-os.org/doc/data-leaks/) section to understand the limits of this tip.
|
||||||
|
|
||||||
Suppose that you have within a not so trusted environment - for example, a Windows VM - an application that tracks and reports its usage, or you simply want to protect your data.
|
Suppose that you have within a not so trusted environment - for example, a Windows VM - an application that tracks and reports its usage, or you simply want to protect your data.
|
||||||
|
|
||||||
|
@ -48,11 +48,11 @@ Set up a ProxyVM as a VPN gateway using NetworkManager
|
|||||||
|
|
||||||
1. Create a new VM, name it, click the ProxyVM radio button, and choose a color and template.
|
1. Create a new VM, name it, click the ProxyVM radio button, and choose a color and template.
|
||||||
|
|
||||||
![Create\_New\_VM.png](/attachment/wiki/VPN/Create_New_VM.png)
|
![Create\_New\_VM.png](https://www.qubes-os.org/attachment/wiki/VPN/Create_New_VM.png)
|
||||||
|
|
||||||
2. Add the `network-manager` service to this new VM.
|
2. Add the `network-manager` service to this new VM.
|
||||||
|
|
||||||
![Settings-services.png](/attachment/wiki/VPN/Settings-services.png)
|
![Settings-services.png](https://www.qubes-os.org/attachment/wiki/VPN/Settings-services.png)
|
||||||
|
|
||||||
3. Set up your VPN as described in the NetworkManager documentation linked above.
|
3. Set up your VPN as described in the NetworkManager documentation linked above.
|
||||||
|
|
||||||
@ -92,7 +92,7 @@ Set up a ProxyVM as a VPN gateway using NetworkManager
|
|||||||
|
|
||||||
6. Configure your AppVMs to use the new VM as a NetVM.
|
6. Configure your AppVMs to use the new VM as a NetVM.
|
||||||
|
|
||||||
![Settings-NetVM.png](/attachment/wiki/VPN/Settings-NetVM.png)
|
![Settings-NetVM.png](https://www.qubes-os.org/attachment/wiki/VPN/Settings-NetVM.png)
|
||||||
|
|
||||||
7. Optionally, you can install some [custom icons](https://github.com/Zrubi/qubes-artwork-proxy-vpn) for your VPN
|
7. Optionally, you can install some [custom icons](https://github.com/Zrubi/qubes-artwork-proxy-vpn) for your VPN
|
||||||
|
|
||||||
@ -107,7 +107,7 @@ Before proceeding, you will need to download a copy of your VPN provider's confi
|
|||||||
|
|
||||||
1. Create a new VM, name it, choose "provides network", and choose a color and template.
|
1. Create a new VM, name it, choose "provides network", and choose a color and template.
|
||||||
|
|
||||||
![Create\_New\_VM.png](/attachment/wiki/VPN/Create_New_VM.png)
|
![Create\_New\_VM.png](https://www.qubes-os.org/attachment/wiki/VPN/Create_New_VM.png)
|
||||||
|
|
||||||
Note: Do not enable NetworkManager in the ProxyVM, as it can interfere with the scripts' DNS features.
|
Note: Do not enable NetworkManager in the ProxyVM, as it can interfere with the scripts' DNS features.
|
||||||
If you enabled NetworkManager or used other methods in a previous attempt, do not re-use the old ProxyVM...
|
If you enabled NetworkManager or used other methods in a previous attempt, do not re-use the old ProxyVM...
|
||||||
@ -310,12 +310,12 @@ Usage
|
|||||||
|
|
||||||
Configure your AppVMs to use the VPN VM as a NetVM...
|
Configure your AppVMs to use the VPN VM as a NetVM...
|
||||||
|
|
||||||
![Settings-NetVM.png](/attachment/wiki/VPN/Settings-NetVM.png)
|
![Settings-NetVM.png](https://www.qubes-os.org/attachment/wiki/VPN/Settings-NetVM.png)
|
||||||
|
|
||||||
If you want to update your TemplateVMs through the VPN, you can enable the `qubes-updates-proxy` service for your new VPN VM and configure the [qubes-rpc policy](/doc/software-update-domu/#updates-proxy).
|
If you want to update your TemplateVMs through the VPN, you can enable the `qubes-updates-proxy` service for your new VPN VM and configure the [qubes-rpc policy](https://www.qubes-os.org/doc/software-update-domu/#updates-proxy).
|
||||||
|
|
||||||
|
|
||||||
Troubleshooting
|
Troubleshooting
|
||||||
---------------
|
---------------
|
||||||
|
|
||||||
See the [VPN Troubleshooting](/doc/vpn-troubleshooting/) guide for tips on how to fix common VPN issues.
|
See the [VPN Troubleshooting](https://www.qubes-os.org/doc/vpn-troubleshooting/) guide for tips on how to fix common VPN issues.
|
||||||
|
@ -13,10 +13,10 @@ Dark KDE in Dom0
|
|||||||
The following text describes how to change the default light theme to a dark theme. This is just an example, feel free to adjust the appearance to your taste.
|
The following text describes how to change the default light theme to a dark theme. This is just an example, feel free to adjust the appearance to your taste.
|
||||||
|
|
||||||
The image below shows the default light theme after installation.
|
The image below shows the default light theme after installation.
|
||||||
![begin light theme](/attachment/wiki/Dark-Theme/kde-fresh-installed-standard.png)
|
![begin light theme](https://www.qubes-os.org/attachment/wiki/Dark-Theme/kde-fresh-installed-standard.png)
|
||||||
|
|
||||||
This is the result after applying the steps described here.
|
This is the result after applying the steps described here.
|
||||||
![end result dark theme](/attachment/wiki/Dark-Theme/kde-end-result.png)
|
![end result dark theme](https://www.qubes-os.org/attachment/wiki/Dark-Theme/kde-end-result.png)
|
||||||
|
|
||||||
1. Change `Workspace Appearance`
|
1. Change `Workspace Appearance`
|
||||||
|
|
||||||
@ -24,17 +24,17 @@ This is the result after applying the steps described here.
|
|||||||
|
|
||||||
Qubes Menu -> System Tools -> System Settings -> Workspace Appearance
|
Qubes Menu -> System Tools -> System Settings -> Workspace Appearance
|
||||||
|
|
||||||
![Workspace Appearance](/attachment/wiki/Dark-Theme/kde-app-appearance-menu-style.png)
|
![Workspace Appearance](https://www.qubes-os.org/attachment/wiki/Dark-Theme/kde-app-appearance-menu-style.png)
|
||||||
|
|
||||||
2. Go to `Desktop Theme`
|
2. Go to `Desktop Theme`
|
||||||
|
|
||||||
![Desktop Menu](/attachment/wiki/Dark-Theme/kde-appearance-settings-desktop-theme-oxygen.png)
|
![Desktop Menu](https://www.qubes-os.org/attachment/wiki/Dark-Theme/kde-appearance-settings-desktop-theme-oxygen.png)
|
||||||
|
|
||||||
3. Select `Oxygen` and `Apply` the change
|
3. Select `Oxygen` and `Apply` the change
|
||||||
|
|
||||||
2. (Optional) Remove blue glowing task items
|
2. (Optional) Remove blue glowing task items
|
||||||
|
|
||||||
![blue glowing task bar items](/attachment/wiki/Dark-Theme/kde-taskbar-blue-glowing-border.png)
|
![blue glowing task bar items](https://www.qubes-os.org/attachment/wiki/Dark-Theme/kde-taskbar-blue-glowing-border.png)
|
||||||
|
|
||||||
1. Adjust Oxygen `Details`
|
1. Adjust Oxygen `Details`
|
||||||
|
|
||||||
@ -44,11 +44,11 @@ This is the result after applying the steps described here.
|
|||||||
|
|
||||||
3. Change `Theme Item -> Task Items` from `Oxygen Task Items` to `Air Task Items`
|
3. Change `Theme Item -> Task Items` from `Oxygen Task Items` to `Air Task Items`
|
||||||
|
|
||||||
![Change Task items look](/attachment/wiki/Dark-Theme/kde-desktop-theme-details.png)
|
![Change Task items look](https://www.qubes-os.org/attachment/wiki/Dark-Theme/kde-desktop-theme-details.png)
|
||||||
|
|
||||||
4. Apply changes
|
4. Apply changes
|
||||||
|
|
||||||
![task bar items blue glowing removed](/attachment/wiki/Dark-Theme/kde-taskbar-blue-glowing-removed.png)
|
![task bar items blue glowing removed](https://www.qubes-os.org/attachment/wiki/Dark-Theme/kde-taskbar-blue-glowing-removed.png)
|
||||||
|
|
||||||
3. Change `Application Appearance`
|
3. Change `Application Appearance`
|
||||||
|
|
||||||
@ -58,17 +58,17 @@ This is the result after applying the steps described here.
|
|||||||
|
|
||||||
2. Go to `Colors`
|
2. Go to `Colors`
|
||||||
|
|
||||||
![colors tab](/attachment/wiki/Dark-Theme/kde-app-appearance-menu-colors.png)
|
![colors tab](https://www.qubes-os.org/attachment/wiki/Dark-Theme/kde-app-appearance-menu-colors.png)
|
||||||
|
|
||||||
3. Select `Obsidian Coast`
|
3. Select `Obsidian Coast`
|
||||||
|
|
||||||
![set to Obsidian Coast](/attachment/wiki/Dark-Theme/kde-app-appearance-menu-colors-set.png)
|
![set to Obsidian Coast](https://www.qubes-os.org/attachment/wiki/Dark-Theme/kde-app-appearance-menu-colors-set.png)
|
||||||
|
|
||||||
4. Apply Changes
|
4. Apply Changes
|
||||||
|
|
||||||
Qubes VM Manager should now look like the image below.
|
Qubes VM Manager should now look like the image below.
|
||||||
|
|
||||||
![result black Qubes Manager](/attachment/wiki/Dark-Theme/kde-black-qubes-manager.png)
|
![result black Qubes Manager](https://www.qubes-os.org/attachment/wiki/Dark-Theme/kde-black-qubes-manager.png)
|
||||||
|
|
||||||
**Note:** Changing the `Window Decorations` from `Plastik for Qubes` will remove the border color and the VM name. The problem with `Plastik for Qubes` is that it does not overwrite the background and text color for Minimize, Maximize and Close buttons. The three buttons are therefore hard to read.
|
**Note:** Changing the `Window Decorations` from `Plastik for Qubes` will remove the border color and the VM name. The problem with `Plastik for Qubes` is that it does not overwrite the background and text color for Minimize, Maximize and Close buttons. The three buttons are therefore hard to read.
|
||||||
|
|
||||||
@ -78,10 +78,10 @@ Dark XCFE in Dom0
|
|||||||
The following text describes how to change the default light theme to a dark theme. This is just an example, feel free to adjust the appearance to your taste.
|
The following text describes how to change the default light theme to a dark theme. This is just an example, feel free to adjust the appearance to your taste.
|
||||||
|
|
||||||
The image below shows the default light theme after installation.
|
The image below shows the default light theme after installation.
|
||||||
![begin light theme](/attachment/wiki/Dark-Theme/xfce-fresh-installed.png)
|
![begin light theme](https://www.qubes-os.org/attachment/wiki/Dark-Theme/xfce-fresh-installed.png)
|
||||||
|
|
||||||
This is the result after applying the steps described here.
|
This is the result after applying the steps described here.
|
||||||
![end result dark theme](/attachment/wiki/Dark-Theme/xfce-end-result.png)
|
![end result dark theme](https://www.qubes-os.org/attachment/wiki/Dark-Theme/xfce-end-result.png)
|
||||||
|
|
||||||
1. Change Appearance
|
1. Change Appearance
|
||||||
|
|
||||||
@ -89,7 +89,7 @@ This is the result after applying the steps described here.
|
|||||||
|
|
||||||
Qubes Menu -> System Tools -> Appearance
|
Qubes Menu -> System Tools -> Appearance
|
||||||
|
|
||||||
![appearance dialog](/attachment/wiki/Dark-Theme/xfce-appearance-dialog.png)
|
![appearance dialog](https://www.qubes-os.org/attachment/wiki/Dark-Theme/xfce-appearance-dialog.png)
|
||||||
|
|
||||||
2. Change Style to `Albatross`
|
2. Change Style to `Albatross`
|
||||||
|
|
||||||
@ -101,7 +101,7 @@ This is the result after applying the steps described here.
|
|||||||
|
|
||||||
Qubes Menu -> System Tools -> Appearance
|
Qubes Menu -> System Tools -> Appearance
|
||||||
|
|
||||||
![window manager dialog](/attachment/wiki/Dark-Theme/xfce-window-manager-theme.png)
|
![window manager dialog](https://www.qubes-os.org/attachment/wiki/Dark-Theme/xfce-window-manager-theme.png)
|
||||||
|
|
||||||
2. Change the Theme in the `Style` Tab (e. g. Defcon-IV). All available themes work.
|
2. Change the Theme in the `Style` Tab (e. g. Defcon-IV). All available themes work.
|
||||||
|
|
||||||
@ -140,7 +140,7 @@ The advantage of creating a dark themed Template VM is, that each AppVM which is
|
|||||||
|
|
||||||
2. Select `Tweak Tool` and press the `>` button to add it
|
2. Select `Tweak Tool` and press the `>` button to add it
|
||||||
|
|
||||||
![Application Dialog](/attachment/wiki/Dark-Theme/dialog-add-gnome-tweak-tool.png)
|
![Application Dialog](https://www.qubes-os.org/attachment/wiki/Dark-Theme/dialog-add-gnome-tweak-tool.png)
|
||||||
|
|
||||||
5. Enable `Global Dark Theme`
|
5. Enable `Global Dark Theme`
|
||||||
|
|
||||||
@ -153,7 +153,7 @@ The advantage of creating a dark themed Template VM is, that each AppVM which is
|
|||||||
|
|
||||||
2. Start `Tweak Tool` from the VM application menu and set the `Global Dark Theme` switch to `on`
|
2. Start `Tweak Tool` from the VM application menu and set the `Global Dark Theme` switch to `on`
|
||||||
|
|
||||||
![Global Dark Theme enabled](/attachment/wiki/Dark-Theme/gnome-tweak-tool.png)
|
![Global Dark Theme enabled](https://www.qubes-os.org/attachment/wiki/Dark-Theme/gnome-tweak-tool.png)
|
||||||
|
|
||||||
6. *(Optional)* Modify Firefox
|
6. *(Optional)* Modify Firefox
|
||||||
|
|
||||||
|
@ -14,7 +14,7 @@ Language Localization
|
|||||||
Enable UTF-8 in dom0 title bars
|
Enable UTF-8 in dom0 title bars
|
||||||
-------------------------
|
-------------------------
|
||||||
|
|
||||||
You can enable UTF-8 characters in the title bar for all qubes or on a per-qube basis. Follow the instructions [here](/doc/config-files/#gui-and-audio-configuration-in-dom0) for further information.
|
You can enable UTF-8 characters in the title bar for all qubes or on a per-qube basis. Follow the instructions [here](https://www.qubes-os.org/doc/config-files/#gui-and-audio-configuration-in-dom0) for further information.
|
||||||
|
|
||||||
How to set up pinyin input in Qubes
|
How to set up pinyin input in Qubes
|
||||||
-----------------------------------
|
-----------------------------------
|
||||||
|
@ -81,7 +81,7 @@ Do these concern you?
|
|||||||
|
|
||||||
### Coreboot ###
|
### Coreboot ###
|
||||||
|
|
||||||
Cross reference [Coreboot](https://www.coreboot.org/Supported_Motherboards) capable systems with the [HCL](/doc/hcl).
|
Cross reference [Coreboot](https://www.coreboot.org/Supported_Motherboards) capable systems with the [HCL](https://www.qubes-os.org/doc/hcl).
|
||||||
See also the [board freedom index](https://www.coreboot.org/Board_freedom_levels).
|
See also the [board freedom index](https://www.coreboot.org/Board_freedom_levels).
|
||||||
[Search the mailing list](https://www.mail-archive.com/qubes-users@googlegroups.com/) for additional reports.
|
[Search the mailing list](https://www.mail-archive.com/qubes-users@googlegroups.com/) for additional reports.
|
||||||
Flash your system with Coreboot, including [ME_Cleaner](https://github.com/corna/me_cleaner).
|
Flash your system with Coreboot, including [ME_Cleaner](https://github.com/corna/me_cleaner).
|
||||||
|
@ -19,16 +19,16 @@ To switch, reinstall and uninstall a CentOS TemplateVM that is already installed
|
|||||||
|
|
||||||
#### After Installing
|
#### After Installing
|
||||||
|
|
||||||
After a fresh install, we recommend to [Update the TemplateVM](/doc/software-update-vm/).
|
After a fresh install, we recommend to [Update the TemplateVM](https://www.qubes-os.org/doc/software-update-vm/).
|
||||||
|
|
||||||
## Want to contribute?
|
## Want to contribute?
|
||||||
|
|
||||||
* [How can I contribute to the Qubes Project?](/doc/contributing/)
|
* [How can I contribute to the Qubes Project?](https://www.qubes-os.org/doc/contributing/)
|
||||||
|
|
||||||
* [Guidelines for Documentation Contributors](/doc/doc-guidelines/)
|
* [Guidelines for Documentation Contributors](https://www.qubes-os.org/doc/doc-guidelines/)
|
||||||
|
|
||||||
[switch]: /doc/templates/#switching
|
[switch]: https://www.qubes-os.org/doc/templates/#switching
|
||||||
[reinstall]: /doc/reinstall-template/
|
[reinstall]: https://www.qubes-os.org/doc/reinstall-template/
|
||||||
[uninstall]: /doc/templates/#uninstalling
|
[uninstall]: https://www.qubes-os.org/doc/templates/#uninstalling
|
||||||
[Minimal TemplateVMs]: /doc/templates/minimal/
|
[Minimal TemplateVMs]: https://www.qubes-os.org/doc/templates/minimal/
|
||||||
[Xfce TemplateVMs]: /doc/templates/xfce/
|
[Xfce TemplateVMs]: https://www.qubes-os.org/doc/templates/xfce/
|
||||||
|
@ -19,17 +19,17 @@ To switch, reinstall and uninstall a Gentoo TemplateVM that is already installed
|
|||||||
|
|
||||||
#### After Installing
|
#### After Installing
|
||||||
|
|
||||||
After a fresh install, we recommend to [Update the TemplateVM](/doc/software-update-vm/). We highlight that the template memory/CPU allocation certainly need to be adjusted in some cases. As Gentoo is a *linux source distribution*, the template needs resources to perform updates or installing any packages. By default, each TemplateVM has *2 VCPUs* for *4000 MB Max memory* allocated. If needed, double those values, *4 VCPUs* for *8000 MB Max memory*. For example, it has been observed failing updates or builds with *4 VCPUs* for *4000 MB Max memory* due to out of memory issue. For more general considerations, we refer to the official [Gentoo Handbook].
|
After a fresh install, we recommend to [Update the TemplateVM](https://www.qubes-os.org/doc/software-update-vm/). We highlight that the template memory/CPU allocation certainly need to be adjusted in some cases. As Gentoo is a *linux source distribution*, the template needs resources to perform updates or installing any packages. By default, each TemplateVM has *2 VCPUs* for *4000 MB Max memory* allocated. If needed, double those values, *4 VCPUs* for *8000 MB Max memory*. For example, it has been observed failing updates or builds with *4 VCPUs* for *4000 MB Max memory* due to out of memory issue. For more general considerations, we refer to the official [Gentoo Handbook].
|
||||||
|
|
||||||
## Want to contribute?
|
## Want to contribute?
|
||||||
|
|
||||||
* [How can I contribute to the Qubes Project?](/doc/contributing/)
|
* [How can I contribute to the Qubes Project?](https://www.qubes-os.org/doc/contributing/)
|
||||||
|
|
||||||
* [Guidelines for Documentation Contributors](/doc/doc-guidelines/)
|
* [Guidelines for Documentation Contributors](https://www.qubes-os.org/doc/doc-guidelines/)
|
||||||
|
|
||||||
[switch]: /doc/templates/#switching
|
[switch]: https://www.qubes-os.org/doc/templates/#switching
|
||||||
[reinstall]: /doc/reinstall-template/
|
[reinstall]: https://www.qubes-os.org/doc/reinstall-template/
|
||||||
[uninstall]: /doc/templates/#uninstalling
|
[uninstall]: https://www.qubes-os.org/doc/templates/#uninstalling
|
||||||
[Minimal TemplateVMs]: /doc/templates/minimal/
|
[Minimal TemplateVMs]: https://www.qubes-os.org/doc/templates/minimal/
|
||||||
[Xfce TemplateVMs]: /doc/templates/xfce/
|
[Xfce TemplateVMs]: https://www.qubes-os.org/doc/templates/xfce/
|
||||||
[Gentoo Handbook]: https://wiki.gentoo.org/wiki/Handbook:AMD64
|
[Gentoo Handbook]: https://wiki.gentoo.org/wiki/Handbook:AMD64
|
@ -14,7 +14,7 @@ Tips for Linux in HVM domain
|
|||||||
How to fix bootup kernel error
|
How to fix bootup kernel error
|
||||||
-------------------------------
|
-------------------------------
|
||||||
|
|
||||||
If the HVM pauses on boot and shows a series of warnings, visit [HVM Troubleshooting](/doc/hvm-troubleshooting/#hvm-pauses-on-boot-followed-by-kernel-error) for a fix.
|
If the HVM pauses on boot and shows a series of warnings, visit [HVM Troubleshooting](https://www.qubes-os.org/doc/hvm-troubleshooting/#hvm-pauses-on-boot-followed-by-kernel-error) for a fix.
|
||||||
|
|
||||||
Screen resolution
|
Screen resolution
|
||||||
-----------------
|
-----------------
|
||||||
|
@ -20,9 +20,9 @@ Penetration Testing Distributions
|
|||||||
|
|
||||||
The following instructions explain how to install a penetration testing distribution within Qubes OS.
|
The following instructions explain how to install a penetration testing distribution within Qubes OS.
|
||||||
|
|
||||||
- [BlackArch](/doc/pentesting/blackarch/)
|
- [BlackArch](https://www.qubes-os.org/doc/pentesting/blackarch/)
|
||||||
- [Kali](/doc/pentesting/kali/)
|
- [Kali](https://www.qubes-os.org/doc/pentesting/kali/)
|
||||||
- [PenTester Framework (PTF)](/doc/pentesting/ptf/)
|
- [PenTester Framework (PTF)](https://www.qubes-os.org/doc/pentesting/ptf/)
|
||||||
|
|
||||||
Using Qubes OS to host a "hacking" laboratory
|
Using Qubes OS to host a "hacking" laboratory
|
||||||
---------------------------------------------
|
---------------------------------------------
|
||||||
|
@ -27,7 +27,7 @@ Create ArchLinux Based BlackArch Template
|
|||||||
|
|
||||||
1. Create ArchlLinux Template
|
1. Create ArchlLinux Template
|
||||||
|
|
||||||
- Follow the [Archlinux Template instructions](/doc/building-archlinux-template/)
|
- Follow the [Archlinux Template instructions](https://www.qubes-os.org/doc/building-archlinux-template/)
|
||||||
|
|
||||||
|
|
||||||
2. Update Template
|
2. Update Template
|
||||||
@ -91,6 +91,6 @@ Create ArchLinux Based BlackArch Template
|
|||||||
Alternative Options to BlackArch
|
Alternative Options to BlackArch
|
||||||
--------------------------------
|
--------------------------------
|
||||||
|
|
||||||
- [Kali](/doc/pentesting/kali/)
|
- [Kali](https://www.qubes-os.org/doc/pentesting/kali/)
|
||||||
- [PenTester Framework (PTF)](/doc/pentesting/ptf/)
|
- [PenTester Framework (PTF)](https://www.qubes-os.org/doc/pentesting/ptf/)
|
||||||
- [Pentesting](/doc/pentesting/)
|
- [Pentesting](https://www.qubes-os.org/doc/pentesting/)
|
||||||
|
@ -32,7 +32,7 @@ From a Debian template <a name="templatevm-from-debian4_0"/>
|
|||||||
This is the recommended method.
|
This is the recommended method.
|
||||||
Easier to maintain and less demanding on resources, but you won’t have the full Kali GUI.
|
Easier to maintain and less demanding on resources, but you won’t have the full Kali GUI.
|
||||||
|
|
||||||
If you need to install custom kernel modules (wifi drivers, …) you need to use the kernel provided by Kali instead of the kernel provided by Qubes, see [Managing VM Kernel.](/doc/managing-vm-kernel/)
|
If you need to install custom kernel modules (wifi drivers, …) you need to use the kernel provided by Kali instead of the kernel provided by Qubes, see [Managing VM Kernel.](https://www.qubes-os.org/doc/managing-vm-kernel/)
|
||||||
|
|
||||||
The steps can be summarized as:
|
The steps can be summarized as:
|
||||||
|
|
||||||
@ -162,13 +162,13 @@ Notes
|
|||||||
=============
|
=============
|
||||||
Thanks to the people in [the discussion thread](https://github.com/QubesOS/qubes-issues/issues/1981).
|
Thanks to the people in [the discussion thread](https://github.com/QubesOS/qubes-issues/issues/1981).
|
||||||
|
|
||||||
[qubes-verifying-signatures]: /security/verifying-signatures/
|
[qubes-verifying-signatures]: https://www.qubes-os.org/security/verifying-signatures/
|
||||||
[qubes-pentesting]: /doc/pentesting/
|
[qubes-pentesting]: https://www.qubes-os.org/doc/pentesting/
|
||||||
[qubes-blackarch]: /doc/pentesting/blackarch/
|
[qubes-blackarch]: https://www.qubes-os.org/doc/pentesting/blackarch/
|
||||||
[qubes-ptf]: /doc/pentesting/ptf/
|
[qubes-ptf]: https://www.qubes-os.org/doc/pentesting/ptf/
|
||||||
[qubes-template-debian-install]: /doc/templates/debian/#install
|
[qubes-template-debian-install]: https://www.qubes-os.org/doc/templates/debian/#install
|
||||||
[qubes-resize-disk-image]: /doc/resize-disk-image/
|
[qubes-resize-disk-image]: https://www.qubes-os.org/doc/resize-disk-image/
|
||||||
[qubes-new-hvm]: /doc/standalone-and-hvm/
|
[qubes-new-hvm]: https://www.qubes-os.org/doc/standalone-and-hvm/
|
||||||
|
|
||||||
[kali]: https://www.kali.org/
|
[kali]: https://www.kali.org/
|
||||||
[kali-vbox]: https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/
|
[kali-vbox]: https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/
|
||||||
|
@ -28,7 +28,7 @@ Create Debian Based Penetration Testers Framework (PTF) Template
|
|||||||
|
|
||||||
1. Create PTF template
|
1. Create PTF template
|
||||||
|
|
||||||
1. Follow [Create Debian Based Kali Template](/doc/pentesting/kali/) till step 7.
|
1. Follow [Create Debian Based Kali Template](https://www.qubes-os.org/doc/pentesting/kali/) till step 7.
|
||||||
|
|
||||||
2. (Optional) Rename the cloned template to `ptf`
|
2. (Optional) Rename the cloned template to `ptf`
|
||||||
|
|
||||||
@ -68,7 +68,7 @@ possible to do sudo ptf/ptf
|
|||||||
|
|
||||||
sudo ptf
|
sudo ptf
|
||||||
|
|
||||||
![PTF start banner](/attachment/wiki/PTF/ptf-banner.png)
|
![PTF start banner](https://www.qubes-os.org/attachment/wiki/PTF/ptf-banner.png)
|
||||||
|
|
||||||
2. Show available modules (tools)
|
2. Show available modules (tools)
|
||||||
|
|
||||||
@ -116,6 +116,6 @@ possible to do sudo ptf/ptf
|
|||||||
Alternative Options to PTF
|
Alternative Options to PTF
|
||||||
--------------------------
|
--------------------------
|
||||||
|
|
||||||
- [BlackArch](/doc/pentesting/blackarch/)
|
- [BlackArch](https://www.qubes-os.org/doc/pentesting/blackarch/)
|
||||||
- [Kali](/doc/pentesting/kali/)
|
- [Kali](https://www.qubes-os.org/doc/pentesting/kali/)
|
||||||
- [Pentesting](/doc/pentesting/)
|
- [Pentesting](https://www.qubes-os.org/doc/pentesting/)
|
||||||
|
@ -58,5 +58,5 @@ If you want to help in improving the template, feel free to [contribute][contrib
|
|||||||
|
|
||||||
[IP]: https://www.ubuntu.com/legal/terms-and-policies/intellectual-property-policy
|
[IP]: https://www.ubuntu.com/legal/terms-and-policies/intellectual-property-policy
|
||||||
[repo]: https://github.com/QubesOS/qubes-builder/blob/master/README.md
|
[repo]: https://github.com/QubesOS/qubes-builder/blob/master/README.md
|
||||||
[builder]: /doc/qubes-builder/
|
[builder]: https://www.qubes-os.org/doc/qubes-builder/
|
||||||
[contrib]: /doc/contributing/
|
[contrib]: https://www.qubes-os.org/doc/contributing/
|
||||||
|
@ -20,8 +20,8 @@ Qubes Windows Tools
|
|||||||
Qubes Windows Tools are a set of programs and drivers that provide integration of Windows AppVMs with the rest of the Qubes system. Currently the following features are available for Windows VMs after installation of those tools:
|
Qubes Windows Tools are a set of programs and drivers that provide integration of Windows AppVMs with the rest of the Qubes system. Currently the following features are available for Windows VMs after installation of those tools:
|
||||||
|
|
||||||
- **Qubes Video Driver** - provides for the Seamless GUI mode that integrates apps windows onto the common Qubes trusted desktop
|
- **Qubes Video Driver** - provides for the Seamless GUI mode that integrates apps windows onto the common Qubes trusted desktop
|
||||||
- **File sender/receiver** - Support for [secure clipboard copy/paste](/doc/copy-paste/) between the Windows VM and other AppVMs
|
- **File sender/receiver** - Support for [secure clipboard copy/paste](https://www.qubes-os.org/doc/copy-paste/) between the Windows VM and other AppVMs
|
||||||
- ***File sender/receiver** - Support for [secure file exchange](/doc/copying-files/) between the Windows VM and other AppVMs
|
- ***File sender/receiver** - Support for [secure file exchange](https://www.qubes-os.org/doc/copying-files/) between the Windows VM and other AppVMs
|
||||||
- **Copy/Edit in Disposable VM** - Support for editing files in DisposableVMs as well as for qvm-run and generic qrexec for the Windows VM (e.g. ability to run custom service within/from the Windows VM)
|
- **Copy/Edit in Disposable VM** - Support for editing files in DisposableVMs as well as for qvm-run and generic qrexec for the Windows VM (e.g. ability to run custom service within/from the Windows VM)
|
||||||
- **Xen PV drivers** for Windows that increase performance compared to qemu emulated devices
|
- **Xen PV drivers** for Windows that increase performance compared to qemu emulated devices
|
||||||
|
|
||||||
@ -50,7 +50,7 @@ NOTES:
|
|||||||
Installing Windows OS in a Qubes VM
|
Installing Windows OS in a Qubes VM
|
||||||
-----------------------------------
|
-----------------------------------
|
||||||
|
|
||||||
Please refer to [this page](/doc/windows-vm/) for instructions on how to install Windows in a Qubes VM.
|
Please refer to [this page](https://www.qubes-os.org/doc/windows-vm/) for instructions on how to install Windows in a Qubes VM.
|
||||||
|
|
||||||
NOTE: It is strongly suggested to enable autologon for any Windows HVMs that will have Qubes Tools installed. To do so, run `netplwiz` command from the `Win+R`/Start menu and uncheck the *Users must enter a user name and password to use this computer* option.
|
NOTE: It is strongly suggested to enable autologon for any Windows HVMs that will have Qubes Tools installed. To do so, run `netplwiz` command from the `Win+R`/Start menu and uncheck the *Users must enter a user name and password to use this computer* option.
|
||||||
|
|
||||||
@ -184,7 +184,7 @@ Once you start a Windows-based AppVM with Qubes Tools installed, you can easily
|
|||||||
qvm-run -a my-win7-appvm explorer.exe
|
qvm-run -a my-win7-appvm explorer.exe
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
![windows-seamless-4.png](/attachment/wiki/WindowsAppVms/windows-seamless-4.png) ![windows-seamless-1.png](/attachment/wiki/WindowsAppVms/windows-seamless-1.png)
|
![windows-seamless-4.png](https://www.qubes-os.org/attachment/wiki/WindowsAppVms/windows-seamless-4.png) ![windows-seamless-1.png](https://www.qubes-os.org/attachment/wiki/WindowsAppVms/windows-seamless-1.png)
|
||||||
|
|
||||||
Also, the inter-VM services work as usual -- e.g. to request opening a document or URL in the Windows AppVM from another VM:
|
Also, the inter-VM services work as usual -- e.g. to request opening a document or URL in the Windows AppVM from another VM:
|
||||||
|
|
||||||
@ -202,7 +202,7 @@ Inter-VM file copy and clipboard works for Windows AppVMs the same way as for Li
|
|||||||
|
|
||||||
To simulate CTRL-ALT-DELETE in the HVM (SAS, Secure Attention Sequence), press Ctrl-Alt-Home while having any window of this VM in the foreground.
|
To simulate CTRL-ALT-DELETE in the HVM (SAS, Secure Attention Sequence), press Ctrl-Alt-Home while having any window of this VM in the foreground.
|
||||||
|
|
||||||
![windows-seamless-7.png](/attachment/wiki/WindowsAppVms/windows-seamless-7.png)
|
![windows-seamless-7.png](https://www.qubes-os.org/attachment/wiki/WindowsAppVms/windows-seamless-7.png)
|
||||||
|
|
||||||
Changing between seamless and full desktop mode
|
Changing between seamless and full desktop mode
|
||||||
-----------------------------------------------
|
-----------------------------------------------
|
||||||
@ -220,7 +220,7 @@ In order to create a HVM TemplateVM one can use the following command, suitably
|
|||||||
qvm-create --class TemplateVM win-template --property virt_mode=HVM --property kernel='' -l green
|
qvm-create --class TemplateVM win-template --property virt_mode=HVM --property kernel='' -l green
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
... , set memory as appropriate, and install Windows OS (or other OS) into this template the same way as you would install it into a normal HVM -- please see instructions on [this page](/doc/hvm-create/).
|
... , set memory as appropriate, and install Windows OS (or other OS) into this template the same way as you would install it into a normal HVM -- please see instructions on [this page](https://www.qubes-os.org/doc/hvm-create/).
|
||||||
|
|
||||||
If you use this Template as it is, then any HVMs that use it will effectively be DisposableVMs - the User directory will be wiped when the HVN is closed down.
|
If you use this Template as it is, then any HVMs that use it will effectively be DisposableVMs - the User directory will be wiped when the HVN is closed down.
|
||||||
|
|
||||||
@ -303,7 +303,7 @@ Debug and Verbose levels can generate large volume of logs and are intended for
|
|||||||
|
|
||||||
To override global settings for a specific component, create a new key under the root key mentioned above and name it as the executable name, without `.exe` extension. For example, to change qrexec-agent's log level to Debug, set it like this:
|
To override global settings for a specific component, create a new key under the root key mentioned above and name it as the executable name, without `.exe` extension. For example, to change qrexec-agent's log level to Debug, set it like this:
|
||||||
|
|
||||||
![qtw-log-level.png](/attachment/wiki/WindowsTools/qtw-log-level.png)
|
![qtw-log-level.png](https://www.qubes-os.org/attachment/wiki/WindowsTools/qtw-log-level.png)
|
||||||
|
|
||||||
Component-specific settings currently available:
|
Component-specific settings currently available:
|
||||||
|
|
||||||
|
@ -111,7 +111,7 @@ qvm-prefs win7new qrexec_timeout 300
|
|||||||
qvm-prefs win7new debug false
|
qvm-prefs win7new debug false
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
To install Qubes Windows Tools, follow instructions in [Qubes Windows Tools](/doc/windows-tools/).
|
To install Qubes Windows Tools, follow instructions in [Qubes Windows Tools](https://www.qubes-os.org/doc/windows-tools/).
|
||||||
|
|
||||||
### Detailed instructions ###
|
### Detailed instructions ###
|
||||||
|
|
||||||
@ -119,9 +119,9 @@ MS Windows versions considerations:
|
|||||||
|
|
||||||
- The instructions *may* work on other versions than Windows 7 x64 but haven't been tested.
|
- The instructions *may* work on other versions than Windows 7 x64 but haven't been tested.
|
||||||
- Qubes Windows Tools (QWT) only supports Windows 7 x64. Note that there are [known issues](https://github.com/QubesOS/qubes-issues/issues/3585) with QWT on Qubes 4.x
|
- Qubes Windows Tools (QWT) only supports Windows 7 x64. Note that there are [known issues](https://github.com/QubesOS/qubes-issues/issues/3585) with QWT on Qubes 4.x
|
||||||
- For Windows 10 under Qubes 4.0, a way to install QWT 4.0.1.3, which has worked in several instances, is described in [Qubes Windows Tools](/doc/windows-tools/).
|
- For Windows 10 under Qubes 4.0, a way to install QWT 4.0.1.3, which has worked in several instances, is described in [Qubes Windows Tools](https://www.qubes-os.org/doc/windows-tools/).
|
||||||
|
|
||||||
Create a VM named win7new in [HVM](/doc/hvm/) mode (Xen's current PVH limitations precludes from using PVH):
|
Create a VM named win7new in [HVM](https://www.qubes-os.org/doc/hvm/) mode (Xen's current PVH limitations precludes from using PVH):
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
qvm-create --class StandaloneVM --label red --property virt_mode=hvm win7new
|
qvm-create --class StandaloneVM --label red --property virt_mode=hvm win7new
|
||||||
@ -170,7 +170,7 @@ To avoid that error we temporarily have to switch the video adapter to 'cirrus':
|
|||||||
qvm-features win7new video-model cirrus
|
qvm-features win7new video-model cirrus
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
The VM is now ready to be started; the best practice is to use an installation ISO [located in a VM](/doc/standalone-and-hvm/#installing-an-os-in-an-hvm):
|
The VM is now ready to be started; the best practice is to use an installation ISO [located in a VM](https://www.qubes-os.org/doc/standalone-and-hvm/#installing-an-os-in-an-hvm):
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
qvm-start --cdrom=untrusted:/home/user/windows_install.iso win7new
|
qvm-start --cdrom=untrusted:/home/user/windows_install.iso win7new
|
||||||
@ -209,7 +209,7 @@ Finally, increase the VM's `qrexec_timeout`: in case you happen to get a BSOD or
|
|||||||
qvm-prefs win7new qrexec_timeout 300
|
qvm-prefs win7new qrexec_timeout 300
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
At that point you should have a functional and stable Windows VM, although without updates, Xen's PV drivers nor Qubes integration (see sections [Windows Update](#windows-update) and [Xen PV drivers and Qubes Windows Tools](/doc/windows-tools/#xen-pv-drivers-and-qubes-windows-tools)). It is a good time to clone the VM again.
|
At that point you should have a functional and stable Windows VM, although without updates, Xen's PV drivers nor Qubes integration (see sections [Windows Update](#windows-update) and [Xen PV drivers and Qubes Windows Tools](https://www.qubes-os.org/doc/windows-tools/#xen-pv-drivers-and-qubes-windows-tools)). It is a good time to clone the VM again.
|
||||||
|
|
||||||
|
|
||||||
Windows as TemplateVM
|
Windows as TemplateVM
|
||||||
@ -254,5 +254,5 @@ To avoid guessing the VM's state enable debugging (`qvm-prefs -s win7new debug t
|
|||||||
Further customization
|
Further customization
|
||||||
---------------------
|
---------------------
|
||||||
|
|
||||||
Please see the [Customizing Windows 7 templates](/doc/windows-template-customization/) page (despite the focus on preparing the VM for use as a template, most of the instructions are independent from how the VM will be used - ie. TemplateVM or StandaloneVM).
|
Please see the [Customizing Windows 7 templates](https://www.qubes-os.org/doc/windows-template-customization/) page (despite the focus on preparing the VM for use as a template, most of the instructions are independent from how the VM will be used - ie. TemplateVM or StandaloneVM).
|
||||||
|
|
||||||
|
@ -39,7 +39,7 @@ Select the connection to randomize and click Edit.
|
|||||||
|
|
||||||
Select the Cloned MAC Address drop down and set to Random or Stable.
|
Select the Cloned MAC Address drop down and set to Random or Stable.
|
||||||
Stable will generate a random address that persists until reboot, while Random will generate an address each time a link goes up.
|
Stable will generate a random address that persists until reboot, while Random will generate an address each time a link goes up.
|
||||||
![Edit Connection](/attachment/wiki/RandomizeMAC/networkmanager-mac-random.png)
|
![Edit Connection](https://www.qubes-os.org/attachment/wiki/RandomizeMAC/networkmanager-mac-random.png)
|
||||||
|
|
||||||
Save the change and reconnect the connection (click on Network Manager tray icon and click disconnect under the connection, it should automatically reconnect).
|
Save the change and reconnect the connection (click on Network Manager tray icon and click disconnect under the connection, it should automatically reconnect).
|
||||||
|
|
||||||
@ -114,4 +114,4 @@ exit 0
|
|||||||
```
|
```
|
||||||
Assuming that you're using `sys-net` as your network VM, your `sys-net` hostname should now be `PC-[number]` with a different `[number]` each time your `sys-net` is started.
|
Assuming that you're using `sys-net` as your network VM, your `sys-net` hostname should now be `PC-[number]` with a different `[number]` each time your `sys-net` is started.
|
||||||
|
|
||||||
Please note that the above script should _not_ be added to [/rw/config/rc.local](/doc/config-files/)) as that is executed only _after_ the network fully started.
|
Please note that the above script should _not_ be added to [/rw/config/rc.local](https://www.qubes-os.org/doc/config-files/)) as that is executed only _after_ the network fully started.
|
||||||
|
@ -56,10 +56,10 @@ Always obtain a trusted key fingerprint via other channels, and always check any
|
|||||||
|
|
||||||
-----
|
-----
|
||||||
|
|
||||||
[qubes-verifying-signatures]: /security/verifying-signatures/
|
[qubes-verifying-signatures]: https://www.qubes-os.org/security/verifying-signatures/
|
||||||
[Signal]: https://whispersystems.org/
|
[Signal]: https://whispersystems.org/
|
||||||
[signal-wikipedia]: https://en.wikipedia.org/wiki/Signal_(software)
|
[signal-wikipedia]: https://en.wikipedia.org/wiki/Signal_(software)
|
||||||
[shortcut]: https://support.whispersystems.org/hc/en-us/articles/216839277-Where-is-Signal-Desktop-on-my-computer-
|
[shortcut]: https://support.whispersystems.org/hc/en-us/articles/216839277-Where-is-Signal-Desktop-on-my-computer-
|
||||||
[shortcut-desktop]: /doc/managing-appvm-shortcuts/#tocAnchor-1-1-1
|
[shortcut-desktop]: https://www.qubes-os.org/doc/managing-appvm-shortcuts/#tocAnchor-1-1-1
|
||||||
[message]: https://groups.google.com/d/msg/qubes-users/rMMgeR-KLbU/XXOFri26BAAJ
|
[message]: https://groups.google.com/d/msg/qubes-users/rMMgeR-KLbU/XXOFri26BAAJ
|
||||||
[mailing list]: /support/
|
[mailing list]: https://www.qubes-os.org/support/
|
||||||
|
@ -16,7 +16,7 @@ Despite this, in case that method becomes cumbersome, Tails can be used inside v
|
|||||||
|
|
||||||
To run Tails under Qubes:
|
To run Tails under Qubes:
|
||||||
|
|
||||||
1. Read about [creating and using HVM qubes](/doc/hvm/)
|
1. Read about [creating and using HVM qubes](https://www.qubes-os.org/doc/hvm/)
|
||||||
|
|
||||||
2. Download and verify Tails from [https://tails.boum.org](https://tails.boum.org) in a qube, (saved as `/home/user/Downloads/tails.iso` on qube "isoVM" for purposes of this guide).
|
2. Download and verify Tails from [https://tails.boum.org](https://tails.boum.org) in a qube, (saved as `/home/user/Downloads/tails.iso` on qube "isoVM" for purposes of this guide).
|
||||||
|
|
||||||
@ -48,7 +48,7 @@ To run Tails under Qubes:
|
|||||||
7. Use Tails as normal.
|
7. Use Tails as normal.
|
||||||
|
|
||||||
## Security
|
## Security
|
||||||
You will probably want to implement [MAC spoofing](/doc/anonymizing-your-mac-address/).
|
You will probably want to implement [MAC spoofing](https://www.qubes-os.org/doc/anonymizing-your-mac-address/).
|
||||||
|
|
||||||
There are added security concerns for Tails users when running it in a virtual machine.
|
There are added security concerns for Tails users when running it in a virtual machine.
|
||||||
If you intend to do this, you should read [the warnings](https://tails.boum.org/doc/advanced_topics/virtualization/) from the Tails team about it.
|
If you intend to do this, you should read [the warnings](https://tails.boum.org/doc/advanced_topics/virtualization/) from the Tails team about it.
|
||||||
@ -58,5 +58,5 @@ Depending on your threat model, this might induce too much risk.
|
|||||||
|
|
||||||
## Troubleshooting
|
## Troubleshooting
|
||||||
|
|
||||||
See the [Tails Troubleshooting guide](/doc/tails-troubleshooting/).
|
See the [Tails Troubleshooting guide](https://www.qubes-os.org/doc/tails-troubleshooting/).
|
||||||
|
|
||||||
|
@ -20,7 +20,7 @@ Qubes TorVM (qubes-tor)
|
|||||||
|
|
||||||
Qubes TorVM is a deprecated ProxyVM service that provides torified networking to
|
Qubes TorVM is a deprecated ProxyVM service that provides torified networking to
|
||||||
all its clients. **If you are interested in TorVM, you will find the
|
all its clients. **If you are interested in TorVM, you will find the
|
||||||
[Whonix implementation in Qubes](/doc/privacy/whonix/) a
|
[Whonix implementation in Qubes](https://www.qubes-os.org/doc/privacy/whonix/) a
|
||||||
more usable and robust solution for creating a torifying traffic proxy.**
|
more usable and robust solution for creating a torifying traffic proxy.**
|
||||||
|
|
||||||
By default, any AppVM using the TorVM as its NetVM will be fully torified, so
|
By default, any AppVM using the TorVM as its NetVM will be fully torified, so
|
||||||
@ -273,9 +273,9 @@ transparent torified solutions. Notably the following:
|
|||||||
[stream-isolation]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/171-separate-streams.txt
|
[stream-isolation]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/171-separate-streams.txt
|
||||||
[stream-isolation-explained]: https://lists.torproject.org/pipermail/tor-talk/2012-May/024403.html
|
[stream-isolation-explained]: https://lists.torproject.org/pipermail/tor-talk/2012-May/024403.html
|
||||||
[tor-threats]: https://www.torproject.org/projects/torbrowser/design/#adversary
|
[tor-threats]: https://www.torproject.org/projects/torbrowser/design/#adversary
|
||||||
[qubes-net]: /doc/QubesNet/
|
[qubes-net]: https://www.qubes-os.org/doc/QubesNet/
|
||||||
[dns]: https://tails.boum.org/todo/support_arbitrary_dns_queries/
|
[dns]: https://tails.boum.org/todo/support_arbitrary_dns_queries/
|
||||||
[tor-browser]: https://www.torproject.org/download/download-easy.html
|
[tor-browser]: https://www.torproject.org/download/download-easy.html
|
||||||
[tor-verify-sig]: https://www.torproject.org/docs/verifying-signatures.html
|
[tor-verify-sig]: https://www.torproject.org/docs/verifying-signatures.html
|
||||||
[dispvm]: /doc/DisposableVms/
|
[dispvm]: https://www.qubes-os.org/doc/DisposableVms/
|
||||||
[dispvm-customization]: /doc/UserDoc/DispVMCustomization/
|
[dispvm-customization]: https://www.qubes-os.org/doc/UserDoc/DispVMCustomization/
|
||||||
|
@ -30,14 +30,14 @@ a **"workstation"**. Qubes security architecture makes use of Whonix's isolation
|
|||||||
by using the gateway as a ProxyVM to route all network traffic through Tor,
|
by using the gateway as a ProxyVM to route all network traffic through Tor,
|
||||||
while the workstation is used for making AppVMs.
|
while the workstation is used for making AppVMs.
|
||||||
|
|
||||||
Whonix in Qubes replaces the deprecated [TorVM](/doc/torvm) service used in earlier
|
Whonix in Qubes replaces the deprecated [TorVM](https://www.qubes-os.org/doc/torvm) service used in earlier
|
||||||
versions of Qubes.
|
versions of Qubes.
|
||||||
|
|
||||||
*The following pages are written by the Whonix developers and are located on their website.*
|
*The following pages are written by the Whonix developers and are located on their website.*
|
||||||
|
|
||||||
## Getting Started with Whonix
|
## Getting Started with Whonix
|
||||||
|
|
||||||
Note: To install Whonix in Qubes, you must [install Qubes](/doc/installation-guide/) first.
|
Note: To install Whonix in Qubes, you must [install Qubes](https://www.qubes-os.org/doc/installation-guide/) first.
|
||||||
|
|
||||||
* [Installing Whonix in Qubes](https://www.whonix.org/wiki/Qubes/Install)
|
* [Installing Whonix in Qubes](https://www.whonix.org/wiki/Qubes/Install)
|
||||||
* [Updating Whonix in Qubes](https://www.whonix.org/wiki/Qubes/Update)
|
* [Updating Whonix in Qubes](https://www.whonix.org/wiki/Qubes/Update)
|
||||||
|
@ -105,15 +105,15 @@ is largely the same.
|
|||||||
If you are prompted to scan a QR code, instead select the option (if
|
If you are prompted to scan a QR code, instead select the option (if
|
||||||
available) to view the secret key as text:
|
available) to view the secret key as text:
|
||||||
|
|
||||||
![Secret Key Example 0](/attachment/wiki/Multi-factorAuthentication/secret-key-example-0.png)
|
![Secret Key Example 0](https://www.qubes-os.org/attachment/wiki/Multi-factorAuthentication/secret-key-example-0.png)
|
||||||
|
|
||||||
You should then see the secret key as text:
|
You should then see the secret key as text:
|
||||||
|
|
||||||
![Secret Key Example 1](/attachment/wiki/Multi-factorAuthentication/secret-key-example-1.png)
|
![Secret Key Example 1](https://www.qubes-os.org/attachment/wiki/Multi-factorAuthentication/secret-key-example-1.png)
|
||||||
|
|
||||||
Note that the length and format of the secret key may vary by service:
|
Note that the length and format of the secret key may vary by service:
|
||||||
|
|
||||||
![Secret Key Example 2](/attachment/wiki/Multi-factorAuthentication/secret-key-example-2.png)
|
![Secret Key Example 2](https://www.qubes-os.org/attachment/wiki/Multi-factorAuthentication/secret-key-example-2.png)
|
||||||
|
|
||||||
2. In your MFA AppVM, you can now use `oathtool` to generate base32 TOTP
|
2. In your MFA AppVM, you can now use `oathtool` to generate base32 TOTP
|
||||||
authentication tokens just like Google Authenticator would. In this example,
|
authentication tokens just like Google Authenticator would. In this example,
|
||||||
@ -180,11 +180,11 @@ is largely the same.
|
|||||||
For a more complete list of compatible services, see [here][usage].
|
For a more complete list of compatible services, see [here][usage].
|
||||||
|
|
||||||
|
|
||||||
[YubiKey]: /doc/YubiKey/
|
[YubiKey]: https://www.qubes-os.org/doc/YubiKey/
|
||||||
[MFA]: https://en.wikipedia.org/wiki/Multi-factor_authentication
|
[MFA]: https://en.wikipedia.org/wiki/Multi-factor_authentication
|
||||||
[oathtool]: http://www.nongnu.org/oath-toolkit/man-oathtool.html
|
[oathtool]: http://www.nongnu.org/oath-toolkit/man-oathtool.html
|
||||||
[TOTP]: https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm
|
[TOTP]: https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm
|
||||||
[Google Authenticator]: https://en.wikipedia.org/wiki/Google_Authenticator
|
[Google Authenticator]: https://en.wikipedia.org/wiki/Google_Authenticator
|
||||||
[FedoraMinimal]: /doc/Templates/FedoraMinimal/
|
[FedoraMinimal]: https://www.qubes-os.org/doc/Templates/FedoraMinimal/
|
||||||
[usage]: https://en.wikipedia.org/wiki/Google_Authenticator#Usage
|
[usage]: https://en.wikipedia.org/wiki/Google_Authenticator#Usage
|
||||||
[Passwordless Root]: /doc/templates/minimal/#passwordless-root
|
[Passwordless Root]: https://www.qubes-os.org/doc/templates/minimal/#passwordless-root
|
||||||
|
@ -14,20 +14,20 @@ Security Guidelines
|
|||||||
Without some active and responsible participation of the user, no real security is possible. Running Firefox inside of an AppVM does not automagically make it (or any other app) more secure.
|
Without some active and responsible participation of the user, no real security is possible. Running Firefox inside of an AppVM does not automagically make it (or any other app) more secure.
|
||||||
Programs themselves remain just as secure [(or insecure)](https://en.wikipedia.org/wiki/Computer_insecurity) on Qubes as on a normal Linux or Windows OS.
|
Programs themselves remain just as secure [(or insecure)](https://en.wikipedia.org/wiki/Computer_insecurity) on Qubes as on a normal Linux or Windows OS.
|
||||||
What drastically changes is the context in which your applications are used.
|
What drastically changes is the context in which your applications are used.
|
||||||
[This context](/doc/qubes-architecture/) is a [responsibility of the user](/security/goals/).
|
[This context](https://www.qubes-os.org/doc/qubes-architecture/) is a [responsibility of the user](https://www.qubes-os.org/security/goals/).
|
||||||
But managing security in this context well requires knowledge of some new concepts and procedures. So it is worth stressing some basic items:
|
But managing security in this context well requires knowledge of some new concepts and procedures. So it is worth stressing some basic items:
|
||||||
|
|
||||||
Download Verification
|
Download Verification
|
||||||
---------------------
|
---------------------
|
||||||
|
|
||||||
**Verify the authenticity and integrity of your downloads, [particularly the Qubes iso](/security/verifying-signatures/).**
|
**Verify the authenticity and integrity of your downloads, [particularly the Qubes iso](https://www.qubes-os.org/security/verifying-signatures/).**
|
||||||
|
|
||||||
The internet is always a dangerous place.
|
The internet is always a dangerous place.
|
||||||
While your connection to the Qubes website and download mirrors is encrypted, meaning that your downloads from here can't be modified by a third party en route, there is always the chance that these websites themselves have been compromised.
|
While your connection to the Qubes website and download mirrors is encrypted, meaning that your downloads from here can't be modified by a third party en route, there is always the chance that these websites themselves have been compromised.
|
||||||
Signature verification allows us to validate for ourselves that these files were the ones authored and signed by their creators (in this case the Qubes development team).
|
Signature verification allows us to validate for ourselves that these files were the ones authored and signed by their creators (in this case the Qubes development team).
|
||||||
|
|
||||||
Because it's so easy for a hacker who manages to tamper with the downloaded iso files this way to patch in malware, it is of the utmost importance that you **verify the signature of the Qubes iso** you use to install Qubes.
|
Because it's so easy for a hacker who manages to tamper with the downloaded iso files this way to patch in malware, it is of the utmost importance that you **verify the signature of the Qubes iso** you use to install Qubes.
|
||||||
See the page on [Verifying Signatures](/security/verifying-signatures/) for more information and a tutorial on how to accomplish this.
|
See the page on [Verifying Signatures](https://www.qubes-os.org/security/verifying-signatures/) for more information and a tutorial on how to accomplish this.
|
||||||
|
|
||||||
Once you have Qubes installed, the standard program installation command for Fedora and Qubes repositories
|
Once you have Qubes installed, the standard program installation command for Fedora and Qubes repositories
|
||||||
|
|
||||||
@ -79,7 +79,7 @@ qubes-hcl-report <userVM>
|
|||||||
|
|
||||||
where \<userVM\> is the name of the VM within which the report will be written (but the report will also be displayed in the Dom0 terminal). If it displays that VT-d is active, you should be able to assign **PCIe devices to an HVM** and **enjoy DMA protection** for your driver domains, so you successfully passed this step.
|
where \<userVM\> is the name of the VM within which the report will be written (but the report will also be displayed in the Dom0 terminal). If it displays that VT-d is active, you should be able to assign **PCIe devices to an HVM** and **enjoy DMA protection** for your driver domains, so you successfully passed this step.
|
||||||
|
|
||||||
If VT-d is not active, attempt to activate it by selecting the **VT-d flag** within the BIOS settings. If your processor/BIOS does not allow VT-d activation you still enjoy much better security than alternative systems, but you may be vulnerable to **DMA attacks**. Next time you buy a computer consult our **[HCL (Hardware Compatibility List)](/hcl/)** and possibly contribute to it.
|
If VT-d is not active, attempt to activate it by selecting the **VT-d flag** within the BIOS settings. If your processor/BIOS does not allow VT-d activation you still enjoy much better security than alternative systems, but you may be vulnerable to **DMA attacks**. Next time you buy a computer consult our **[HCL (Hardware Compatibility List)](https://www.qubes-os.org/hcl/)** and possibly contribute to it.
|
||||||
|
|
||||||
Updating Software
|
Updating Software
|
||||||
-----------------
|
-----------------
|
||||||
@ -101,21 +101,21 @@ or use the equivalent items in Qubes Manager, which displays an icon when an upd
|
|||||||
Handling Untrusted Files
|
Handling Untrusted Files
|
||||||
------------------------
|
------------------------
|
||||||
|
|
||||||
When you receive or download any file from an **untrusted source**, do not browse to it with a file manager which has preview enabled. Enabling previews in your file manager gives malware another attack vector. **To disable preview in Nautilus**: Gear (up-right-icon) -\> Preferences -\> Preview (tab) -\> Show thumbnails: Never. Note that this change can be made in a TemplateVM (including the [DispVM template](/doc/dispvm-customization/)) so that future AppVMs created from this TemplateVM will inherit this feature.
|
When you receive or download any file from an **untrusted source**, do not browse to it with a file manager which has preview enabled. Enabling previews in your file manager gives malware another attack vector. **To disable preview in Nautilus**: Gear (up-right-icon) -\> Preferences -\> Preview (tab) -\> Show thumbnails: Never. Note that this change can be made in a TemplateVM (including the [DispVM template](https://www.qubes-os.org/doc/dispvm-customization/)) so that future AppVMs created from this TemplateVM will inherit this feature.
|
||||||
|
|
||||||
Also, **do not open it in trusted VMs**. Rather, open it in a **disposable VM** right-clicking on it. You may even modify it within the disposable VM and then [copy it to other VM](/doc/copying-files/).
|
Also, **do not open it in trusted VMs**. Rather, open it in a **disposable VM** right-clicking on it. You may even modify it within the disposable VM and then [copy it to other VM](https://www.qubes-os.org/doc/copying-files/).
|
||||||
|
|
||||||
Alternatively PDFs may be converted to **trusted PDFs** by right clicking on them. This converts the PDF's text to graphic form, so the disk size these documents take up will increase.
|
Alternatively PDFs may be converted to **trusted PDFs** by right clicking on them. This converts the PDF's text to graphic form, so the disk size these documents take up will increase.
|
||||||
|
|
||||||
Anti Evil Maid
|
Anti Evil Maid
|
||||||
--------------
|
--------------
|
||||||
|
|
||||||
If there is a risk that somebody may gain **physical access** to your computer when you leave it powered down, or if you use Qubes in **dual boot mode**, then you may want to [install AEM](/doc/anti-evil-maid/) (Anti Evil Maid). AEM will inform you of any unauthorized modifications to your BIOS or boot partition. If AEM alerts you of an attack, it is really bad news because **there is no true fix**. If you are really serious about security, you will have to buy a new laptop and install Qubes from a trusted ISO. Buying a used laptop runs a higher risk of tampering and is not an option for a security focused environment.
|
If there is a risk that somebody may gain **physical access** to your computer when you leave it powered down, or if you use Qubes in **dual boot mode**, then you may want to [install AEM](https://www.qubes-os.org/doc/anti-evil-maid/) (Anti Evil Maid). AEM will inform you of any unauthorized modifications to your BIOS or boot partition. If AEM alerts you of an attack, it is really bad news because **there is no true fix**. If you are really serious about security, you will have to buy a new laptop and install Qubes from a trusted ISO. Buying a used laptop runs a higher risk of tampering and is not an option for a security focused environment.
|
||||||
|
|
||||||
Reassigning USB Controllers
|
Reassigning USB Controllers
|
||||||
---------------------------
|
---------------------------
|
||||||
|
|
||||||
Before you [assign a USB controller to a VM](/doc/assigning-devices/), check if any **input devices** are included in that controller.
|
Before you [assign a USB controller to a VM](https://www.qubes-os.org/doc/assigning-devices/), check if any **input devices** are included in that controller.
|
||||||
|
|
||||||
Assigning a USB keyboard will **deprive Dom0 VM of a keyboard**. Since a USB controller assignment survives reboot, you may find yourself **unable to access your system**. Most non-Apple laptops have a PS/2 input for keyboard and mouse, so this problem does not exist.
|
Assigning a USB keyboard will **deprive Dom0 VM of a keyboard**. Since a USB controller assignment survives reboot, you may find yourself **unable to access your system**. Most non-Apple laptops have a PS/2 input for keyboard and mouse, so this problem does not exist.
|
||||||
|
|
||||||
@ -129,19 +129,19 @@ It is preferable to avoid using **Bluetooth** if you travel or do not trust your
|
|||||||
|
|
||||||
Many laptops allow one to disable various hardware (Camera, BT, Mic, etc) **in BIOS**. This might or might not be a dependable way of getting rid of those devices, depending on how much you trust your BIOS vendor.
|
Many laptops allow one to disable various hardware (Camera, BT, Mic, etc) **in BIOS**. This might or might not be a dependable way of getting rid of those devices, depending on how much you trust your BIOS vendor.
|
||||||
|
|
||||||
If the VM will not start after you have assigned a USB controller, look at [this FAQ](/faq/#i-created-a-usbvm-and-assigned-usb-controllers-to-it-now-the-usbvm-wont-boot).
|
If the VM will not start after you have assigned a USB controller, look at [this FAQ](https://www.qubes-os.org/faq/#i-created-a-usbvm-and-assigned-usb-controllers-to-it-now-the-usbvm-wont-boot).
|
||||||
|
|
||||||
|
|
||||||
Creating and Using a USBVM
|
Creating and Using a USBVM
|
||||||
--------------------------
|
--------------------------
|
||||||
|
|
||||||
See [here](/doc/usb/).
|
See [here](https://www.qubes-os.org/doc/usb/).
|
||||||
|
|
||||||
|
|
||||||
Dom0 Precautions
|
Dom0 Precautions
|
||||||
----------------
|
----------------
|
||||||
|
|
||||||
As explained [here](/getting-started/), dom0 should not be used for any user operations. There are several reasons for this:
|
As explained [here](https://www.qubes-os.org/getting-started/), dom0 should not be used for any user operations. There are several reasons for this:
|
||||||
|
|
||||||
1. Secure isolation among domUs (i.e., AppVMs, StandaloneVMs, HVMs, etc.) is the *raison d'être* of Qubes. This is the primary reason that we recommend the delegation of all user activities to some number of AppVMs. In the event that any given VM is compromised, only that particular VM is compromised. (TemplateVMs are the exception to this. If a TemplateVM were compromised, then every AppVM based on it might also be compromised. Even in this case, however, the entire system would not necessarily have been compromised, since StandaloneVM(s), HVM(s), and/or multiple TemplateVMs might be in use.) By contrast, if dom0 were ever compromised, the entire system would thereby be compromised.
|
1. Secure isolation among domUs (i.e., AppVMs, StandaloneVMs, HVMs, etc.) is the *raison d'être* of Qubes. This is the primary reason that we recommend the delegation of all user activities to some number of AppVMs. In the event that any given VM is compromised, only that particular VM is compromised. (TemplateVMs are the exception to this. If a TemplateVM were compromised, then every AppVM based on it might also be compromised. Even in this case, however, the entire system would not necessarily have been compromised, since StandaloneVM(s), HVM(s), and/or multiple TemplateVMs might be in use.) By contrast, if dom0 were ever compromised, the entire system would thereby be compromised.
|
||||||
2. Due to the absence of convenience mechanisms in dom0 such as the inter-VM clipboard and inter-VM file copying, it is significantly less convenient to attempt to use dom0 for user operations (e.g., password management) in conjunction with AppVMs than it is to use another dedicated AppVM (e.g., a "vault" VM).
|
2. Due to the absence of convenience mechanisms in dom0 such as the inter-VM clipboard and inter-VM file copying, it is significantly less convenient to attempt to use dom0 for user operations (e.g., password management) in conjunction with AppVMs than it is to use another dedicated AppVM (e.g., a "vault" VM).
|
||||||
@ -162,5 +162,5 @@ TemplateBasedVM Directories
|
|||||||
in other directories which *do* persist in this manner, you must make those
|
in other directories which *do* persist in this manner, you must make those
|
||||||
changes in the parent TemplateVM.
|
changes in the parent TemplateVM.
|
||||||
|
|
||||||
* See [here](/doc/templates) for more detail and version specific information.
|
* See [here](https://www.qubes-os.org/doc/templates) for more detail and version specific information.
|
||||||
|
|
||||||
|
@ -47,6 +47,6 @@ Important Notes
|
|||||||
traditional physically air-gapped machines, these tools make it very easy to
|
traditional physically air-gapped machines, these tools make it very easy to
|
||||||
copy out public keys.
|
copy out public keys.
|
||||||
|
|
||||||
[inter-VM clipboard]: /doc/copy-paste/
|
[inter-VM clipboard]: https://www.qubes-os.org/doc/copy-paste/
|
||||||
[inter-VM file copy]: /doc/copying-files/
|
[inter-VM file copy]: https://www.qubes-os.org/doc/copying-files/
|
||||||
|
|
||||||
|
@ -58,7 +58,7 @@ After following the above steps, you should be able to launch sys-net with Wi-Fi
|
|||||||
|
|
||||||
### Qubes 4.0
|
### Qubes 4.0
|
||||||
|
|
||||||
For Qubes 4.0, you may have to remove the wireless card from sys-net or replace it, as described in the [PCI Troubleshooting](/doc/pci-troubleshooting/#broadcom-bcm43602-wi-fi-card-causes-system-freeze) guide.
|
For Qubes 4.0, you may have to remove the wireless card from sys-net or replace it, as described in the [PCI Troubleshooting](https://www.qubes-os.org/doc/pci-troubleshooting/#broadcom-bcm43602-wi-fi-card-causes-system-freeze) guide.
|
||||||
|
|
||||||
It is a bit tricky to execute, but you may be able to successfully attach a Broadcom BCM43602 to sys-net by executing the `attach` command immediately after starting sys-net. Follow these steps:
|
It is a bit tricky to execute, but you may be able to successfully attach a Broadcom BCM43602 to sys-net by executing the `attach` command immediately after starting sys-net. Follow these steps:
|
||||||
|
|
||||||
@ -161,12 +161,12 @@ You can install Qubes 3.2 on a MacBook Pro Retina, 15 inch, Mid-2015 (MacBookPro
|
|||||||
|
|
||||||
## Can't boot using GRUB2
|
## Can't boot using GRUB2
|
||||||
|
|
||||||
After installing Qubes 3.2 on a MacBook Mid-2015, you may be unable to boot using `EFI/qubes/xen.efi` because the [XEN bootloader configuration is broken](/doc/macbook-troubleshooting/#cant-boot-using-xen-bootloader).
|
After installing Qubes 3.2 on a MacBook Mid-2015, you may be unable to boot using `EFI/qubes/xen.efi` because the [XEN bootloader configuration is broken](https://www.qubes-os.org/doc/macbook-troubleshooting/#cant-boot-using-xen-bootloader).
|
||||||
You can't also boot using GRUB2 without XEN support because the GRUB configuration is broken as well.
|
You can't also boot using GRUB2 without XEN support because the GRUB configuration is broken as well.
|
||||||
|
|
||||||
To start fixing this issue manually, switch to the console by pressing Fn+CTRL+ALT+F2.
|
To start fixing this issue manually, switch to the console by pressing Fn+CTRL+ALT+F2.
|
||||||
|
|
||||||
It can be very useful – during troubleshooting – to have a rescue system at hand. It could help you boot Qubes, even without XEN support. This troubleshoot assumes you are performing a [UEFI boot, using rEFInd](/doc/macbook-troubleshooting/#cant-boot-the-installer).
|
It can be very useful – during troubleshooting – to have a rescue system at hand. It could help you boot Qubes, even without XEN support. This troubleshoot assumes you are performing a [UEFI boot, using rEFInd](https://www.qubes-os.org/doc/macbook-troubleshooting/#cant-boot-the-installer).
|
||||||
|
|
||||||
At this point, the GRUB configuration file is using some wrong commands, which are not compatible with grub2-efi
|
At this point, the GRUB configuration file is using some wrong commands, which are not compatible with grub2-efi
|
||||||
|
|
||||||
@ -192,7 +192,7 @@ Then press "e", edit `grub.cfg` and boot by pressing Fn+F10.
|
|||||||
|
|
||||||
## Can't boot using XEN bootloader
|
## Can't boot using XEN bootloader
|
||||||
|
|
||||||
You may be unable to boot Qubes 3.2 using `EFI/qubes/xen.efi` on a MacBook Mid-2015 because the XEN bootloader configuration is broken. This issue is accompanied by the GRUB2 configuration being broken as well. After [fixing the GRUB configuration](/doc/macbook-troubleshooting/#cant-boot-using-grub2), follow the following steps to fix the bootloader. This troubleshoot assumes you are performing a [UEFI boot, using rEFInd](/doc/macbook-troubleshooting/#cant-boot-the-installer).
|
You may be unable to boot Qubes 3.2 using `EFI/qubes/xen.efi` on a MacBook Mid-2015 because the XEN bootloader configuration is broken. This issue is accompanied by the GRUB2 configuration being broken as well. After [fixing the GRUB configuration](https://www.qubes-os.org/doc/macbook-troubleshooting/#cant-boot-using-grub2), follow the following steps to fix the bootloader. This troubleshoot assumes you are performing a [UEFI boot, using rEFInd](https://www.qubes-os.org/doc/macbook-troubleshooting/#cant-boot-the-installer).
|
||||||
|
|
||||||
* Fix grub2 configuration, which uses wrong command for EFI boot
|
* Fix grub2 configuration, which uses wrong command for EFI boot
|
||||||
* Analyzing `/mnt/sysimage/var/log/anaconda/program.log`, you may find the faulty commands issued by the Anaconda installer.
|
* Analyzing `/mnt/sysimage/var/log/anaconda/program.log`, you may find the faulty commands issued by the Anaconda installer.
|
||||||
|
Loading…
Reference in New Issue
Block a user