From 954afe5905c15910d33fcaf35a182a63132fbf92 Mon Sep 17 00:00:00 2001 From: Sven Semmler Date: Wed, 6 Nov 2019 11:20:11 -0600 Subject: [PATCH 01/49] Append /var/spool/mail to binds variable ... ... to make received email persist through reboots. --- configuration-guides/fetchmail.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/configuration-guides/fetchmail.md b/configuration-guides/fetchmail.md index 25bd4ab..c3e11ae 100644 --- a/configuration-guides/fetchmail.md +++ b/configuration-guides/fetchmail.md @@ -90,4 +90,18 @@ for rc in /usr/local/etc/fetchmail/*.rc; do done ~~~ +Make sure the folder '/rw/config/qubes-bind-dirs.d' exists. + +~~~ +sudo mkdir -p /rw/config/qubes-bind-dirs.d +~~~ + +Create the file '/rw/config/qubes-bind-dirs.d/50_user.conf' with root rights. + +Now edit it to append the '/var/spool/mail/' directory to the binds variable. + +~~~ +binds+=( '/var/spool/mail' ) +~~~ + Now reboot your AppVM and you are done. From d6d43fc5028c8c8179472b3d057b9b4edf3a7731 Mon Sep 17 00:00:00 2001 From: scrouthtv Date: Mon, 13 Apr 2020 00:59:47 +0100 Subject: [PATCH 02/49] Updated "Building archlinux template" When we make the individual components the doc was missing `make app-linux-split-gpg-vm` which would, if chosen this way, not be built and thus resulting in an error. --- building-guides/building-archlinux-template.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/building-guides/building-archlinux-template.md b/building-guides/building-archlinux-template.md index 0f99622..9fe8ac8 100644 --- a/building-guides/building-archlinux-template.md +++ b/building-guides/building-archlinux-template.md @@ -163,6 +163,7 @@ $ make linux-utils-vm $ make core-agent-linux-vm $ make gui-common-vm $ make gui-agent-linux-vm +$ make app-linux-split-gpg-vm $ make vmm-xen-vm $ make core-vchan-xen-vm $ make core-qubesdb-vm @@ -170,6 +171,7 @@ $ make linux-utils-vm $ make core-agent-linux-vm $ make gui-common-vm $ make gui-agent-linux-vm +$ make app-linux-split-gpg-vm ``` 8: Make the actual Archlinux template From b26f7b9d9af0f41c8c2d90b32627bc9aa1fcb0ef Mon Sep 17 00:00:00 2001 From: Sarvottam Kumar Date: Sat, 30 May 2020 23:05:55 +0530 Subject: [PATCH 03/49] Fix wrong numbering --- troubleshooting/out-of-memory.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/troubleshooting/out-of-memory.md b/troubleshooting/out-of-memory.md index 195e645..58f8fe7 100644 --- a/troubleshooting/out-of-memory.md +++ b/troubleshooting/out-of-memory.md @@ -19,17 +19,17 @@ qvm-console-dispvm If this does not work, check the size of /var/lib/qubes/qubes.xml. If it is zero, you'll need to use one of the file backup (stored in /var/lib/qubes/backup), hopefully you have the current data there. Find the most recent one and place in /var/lib/qubes/qubes.xml instead of the empty file. -In any case you'll need some disk space to start the VM. Check `df -h` output if you have some. If not, some hints how to free some disk space: +In any case you'll need some disk space to start the VM. Check `df -h` output if you have some. If not, here are some hints how to free some disk space: -1. Clean yum cache: +1. Clean yum cache ~~~ sudo yum clean all ~~~ -1. Delete .img files of a less important VM, that can be found in +2. Delete .img files of a less important VM, that can be found in /var/lib/qubes/appvms/ -/var/lib/qubes/appvms/. Then, when the system is working again, cleanup the rest with: +Then, when the system is working again, cleanup the rest with: ~~~ qvm-remove @@ -37,11 +37,11 @@ qvm-remove With this method you lose the data of one VM, but it'll work more reliably. -1. Decrease filesystem safety margin (5% by default): +3. Decrease filesystem safety margin (5% by default) ~~~ sudo tune2fs -m 4 /dev/mapper/vg_dom0-lv_root ~~~ -1. Remove some unneeded files in dom0 home (if you have any, most likely not). +4. Remove some unneeded files in dom0 home (if you have any, most likely not) From dc9b3e2ab76b18bafa54f8ae7293712646f73961 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Thu, 4 Jun 2020 08:11:25 -0500 Subject: [PATCH 04/49] Minor text cleanup --- troubleshooting/out-of-memory.md | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/troubleshooting/out-of-memory.md b/troubleshooting/out-of-memory.md index 58f8fe7..6af4840 100644 --- a/troubleshooting/out-of-memory.md +++ b/troubleshooting/out-of-memory.md @@ -21,27 +21,26 @@ If this does not work, check the size of /var/lib/qubes/qubes.xml. If it is zero In any case you'll need some disk space to start the VM. Check `df -h` output if you have some. If not, here are some hints how to free some disk space: -1. Clean yum cache +1. Clean yum cache. ~~~ sudo yum clean all ~~~ -2. Delete .img files of a less important VM, that can be found in /var/lib/qubes/appvms/ - -Then, when the system is working again, cleanup the rest with: +2. Delete `.img` files of a less important VM, which can be found in `/var/lib/qubes/appvms/`. + Then, when the system is working again, clean up the rest. ~~~ qvm-remove ~~~ -With this method you lose the data of one VM, but it'll work more reliably. +With this method, you lose the data of one VM, but it'll work more reliably. -3. Decrease filesystem safety margin (5% by default) +3. Decrease the filesystem safety margin (5% by default). ~~~ sudo tune2fs -m 4 /dev/mapper/vg_dom0-lv_root ~~~ -4. Remove some unneeded files in dom0 home (if you have any, most likely not) +4. Remove some unneeded files in dom0 home (if you have any, most likely not). From 93216903dfed9caa6169ab5cb17090130930e656 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Thu, 4 Jun 2020 08:12:55 -0500 Subject: [PATCH 05/49] Fix indentation --- troubleshooting/out-of-memory.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/troubleshooting/out-of-memory.md b/troubleshooting/out-of-memory.md index 6af4840..869da99 100644 --- a/troubleshooting/out-of-memory.md +++ b/troubleshooting/out-of-memory.md @@ -23,24 +23,24 @@ In any case you'll need some disk space to start the VM. Check `df -h` output if 1. Clean yum cache. -~~~ -sudo yum clean all -~~~ + ~~~ + sudo yum clean all + ~~~ 2. Delete `.img` files of a less important VM, which can be found in `/var/lib/qubes/appvms/`. Then, when the system is working again, clean up the rest. -~~~ -qvm-remove -~~~ + ~~~ + qvm-remove + ~~~ -With this method, you lose the data of one VM, but it'll work more reliably. + With this method, you lose the data of one VM, but it'll work more reliably. 3. Decrease the filesystem safety margin (5% by default). -~~~ -sudo tune2fs -m 4 /dev/mapper/vg_dom0-lv_root -~~~ + ~~~ + sudo tune2fs -m 4 /dev/mapper/vg_dom0-lv_root + ~~~ 4. Remove some unneeded files in dom0 home (if you have any, most likely not). From 9c638e293b1edeb6b48b75945d4a0ba27d80ddfe Mon Sep 17 00:00:00 2001 From: Lemlay Date: Fri, 5 Jun 2020 02:12:32 -0400 Subject: [PATCH 06/49] modified: signal.md --- privacy-guides/signal.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/privacy-guides/signal.md b/privacy-guides/signal.md index 5e205c8..de7b122 100644 --- a/privacy-guides/signal.md +++ b/privacy-guides/signal.md @@ -30,27 +30,27 @@ How to install Signal in Qubes This website cannot guarantee that any PGP key you download from the Internet is authentic. Always obtain a trusted key fingerprint via other channels, and always check any key you download against your trusted copy of the fingerprint. -1. (Optional)Create a TemplateVM (Debian 9) +1. (Optional)Create a TemplateVM (Debian, 9 is used as an examle but feel free to use any more updated by changing the 9 to a 10, etc.) [user@dom0 ~]$ sudo qubes-dom0-update qubes-template-debian-9 -2. Open a terminal in Debian 9 +2. Open a terminal in Debian 9 (Or your previously chosen template) [user@dom0 ~]$ qvm-run -a debian-9 gnome-terminal -3. Use these commands in your terminal +3. Use these commands in your terminal (If you chose a different distribution, such as buster, substitute that for xenial in the 3rd command) (Optional)[user@debian-8 ~]$ sudo apt-get install curl - [user@debian-8 ~]$ curl -s https://updates.signal.org/desktop/apt/keys.asc | sudo apt-key add - + [user@debian-8 ~]$ curl -s -x 127.0.0.1:8082 https://updates.signal.org/desktop/apt/keys.asc | sudo apt-key add - [user@debian-8 ~]$ echo "deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main" | sudo tee -a /etc/apt/sources.list.d/signal-xenial.list [user@debian-8 ~]$ sudo apt update && sudo apt install signal-desktop -5. Shutdown the TemplateVM : +5. Shutdown the TemplateVM (substitute your template name if needed) : [user@dom0 ~]$ qvm-shutdown debian-9 6. Create an AppVM based on this TemplateVM -7. With your mouse select the `Q` menu -> `Domain: "AppVM Name"` -> `"AppVM Name": Add more shortcuts` +7. With your mouse select the `Q` menu -> `Create Qubes VM` -> `tick 'launch settings after creation' and set name` -> OK -> 'Applications' (or `"AppVM Name": VM Settings` -> `Applications`). Select `Signal` from the left `Available` column, move it to the right `Selected` column by clicking the `>` button and then `OK` to apply the changes and close the window. From a48e65cf365cc64ae11c3042be124650a7bfd384 Mon Sep 17 00:00:00 2001 From: Lemlay <66223105+Lemlay@users.noreply.github.com> Date: Fri, 5 Jun 2020 02:46:55 -0400 Subject: [PATCH 07/49] Update signal.md --- privacy-guides/signal.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privacy-guides/signal.md b/privacy-guides/signal.md index de7b122..95f376e 100644 --- a/privacy-guides/signal.md +++ b/privacy-guides/signal.md @@ -30,7 +30,7 @@ How to install Signal in Qubes This website cannot guarantee that any PGP key you download from the Internet is authentic. Always obtain a trusted key fingerprint via other channels, and always check any key you download against your trusted copy of the fingerprint. -1. (Optional)Create a TemplateVM (Debian, 9 is used as an examle but feel free to use any more updated by changing the 9 to a 10, etc.) +1. (Optional)Create a TemplateVM (Debian, 9 is used as an example but feel free to use any more updated by changing the 9 to a 10, etc.) [user@dom0 ~]$ sudo qubes-dom0-update qubes-template-debian-9 From 82ae2d8ac425a3897c3e03881683fed5bff4311d Mon Sep 17 00:00:00 2001 From: Lemlay <66223105+Lemlay@users.noreply.github.com> Date: Fri, 5 Jun 2020 02:53:26 -0400 Subject: [PATCH 08/49] Update signal.md --- privacy-guides/signal.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privacy-guides/signal.md b/privacy-guides/signal.md index 95f376e..9c51079 100644 --- a/privacy-guides/signal.md +++ b/privacy-guides/signal.md @@ -50,7 +50,7 @@ Always obtain a trusted key fingerprint via other channels, and always check any [user@dom0 ~]$ qvm-shutdown debian-9 6. Create an AppVM based on this TemplateVM -7. With your mouse select the `Q` menu -> `Create Qubes VM` -> `tick 'launch settings after creation' and set name` -> OK -> 'Applications' +7. With your mouse select the `Q` menu -> `Create Qubes VM` -> `Domain: "AppVM Name"` -> OK -> 'Applications' (or `"AppVM Name": VM Settings` -> `Applications`). Select `Signal` from the left `Available` column, move it to the right `Selected` column by clicking the `>` button and then `OK` to apply the changes and close the window. From f17d7f71d1a583d4feef040907fb0e70305a9600 Mon Sep 17 00:00:00 2001 From: Lemlay <66223105+Lemlay@users.noreply.github.com> Date: Fri, 5 Jun 2020 02:56:33 -0400 Subject: [PATCH 09/49] Update signal.md --- privacy-guides/signal.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privacy-guides/signal.md b/privacy-guides/signal.md index 9c51079..b67dc1d 100644 --- a/privacy-guides/signal.md +++ b/privacy-guides/signal.md @@ -50,7 +50,7 @@ Always obtain a trusted key fingerprint via other channels, and always check any [user@dom0 ~]$ qvm-shutdown debian-9 6. Create an AppVM based on this TemplateVM -7. With your mouse select the `Q` menu -> `Create Qubes VM` -> `Domain: "AppVM Name"` -> OK -> 'Applications' +7. With your mouse select the `Q` menu -> `Domain: "AppVM Name"` -> 'Qube Settings' -> OK -> 'Applications' (or `"AppVM Name": VM Settings` -> `Applications`). Select `Signal` from the left `Available` column, move it to the right `Selected` column by clicking the `>` button and then `OK` to apply the changes and close the window. From 692c7dfdebb292cdbba311a06fd82042b7437b0e Mon Sep 17 00:00:00 2001 From: Lemlay <66223105+Lemlay@users.noreply.github.com> Date: Fri, 5 Jun 2020 03:05:57 -0400 Subject: [PATCH 10/49] Update signal.md --- privacy-guides/signal.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privacy-guides/signal.md b/privacy-guides/signal.md index b67dc1d..b637885 100644 --- a/privacy-guides/signal.md +++ b/privacy-guides/signal.md @@ -50,7 +50,7 @@ Always obtain a trusted key fingerprint via other channels, and always check any [user@dom0 ~]$ qvm-shutdown debian-9 6. Create an AppVM based on this TemplateVM -7. With your mouse select the `Q` menu -> `Domain: "AppVM Name"` -> 'Qube Settings' -> OK -> 'Applications' +7. With your mouse select the `Q` menu -> `Domain: "AppVM Name"` -> 'AppVM name: Qube Settings' -> OK -> 'Applications' (or `"AppVM Name": VM Settings` -> `Applications`). Select `Signal` from the left `Available` column, move it to the right `Selected` column by clicking the `>` button and then `OK` to apply the changes and close the window. From 11c93b114166b2162b2fc2e88df0d16f96365149 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Thu, 18 Jun 2020 14:29:27 -0500 Subject: [PATCH 11/49] Abstract version number --- os-guides/centos.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/os-guides/centos.md b/os-guides/centos.md index 3f4ab8e..5b1c9d6 100644 --- a/os-guides/centos.md +++ b/os-guides/centos.md @@ -13,9 +13,9 @@ For the minimal version, please see [Minimal TemplateVMs](/doc/templates/minimal ## Installation -CentOS-7 can be installed with the following command: +The standard CentOS TemplateVM can be installed with the following command in dom0, where `X` is the desired version number: - [user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-community qubes-template-centos-7 + [user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-community qubes-template-centos-X To switch, reinstall and uninstall a CentOS TemplateVM that is already installed in your system, see *How to [switch], [reinstall] and [uninstall]*. From a892e92ed4da72c336a1e5fcc978e8bbd9eb2d81 Mon Sep 17 00:00:00 2001 From: Daniel Moerner Date: Fri, 3 Jul 2020 12:32:49 -0400 Subject: [PATCH 12/49] Update thinkpad-troubleshooting.md Two changes: 1. Correct the file to be edited on the flash drive (s/xen.cfg/BOOTX64.cfg/), closing qubesos/qubes-issues#5851 2. Improve the list of affected Thinkpads, with citations when available. --- troubleshooting/thinkpad-troubleshooting.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/troubleshooting/thinkpad-troubleshooting.md b/troubleshooting/thinkpad-troubleshooting.md index c4e94a5..8615920 100644 --- a/troubleshooting/thinkpad-troubleshooting.md +++ b/troubleshooting/thinkpad-troubleshooting.md @@ -16,9 +16,9 @@ redirect_from: # Lenovo ThinkPad Troubleshooting # ## Instructions to create USB installation medium for newer (UEFI-only) ThinkPads ## -Newer ThinkPads (e.g. T470, T470p, ThinkPad 25) are likely to fail installation attempts made from a USB stick that was created with dd or Rufus, and even from a DVD burned using official ISO images - if the ThinkPad is configured for UEFI boot. If you don't want to use Legacy Mode as a workaround, the following instructions should help you create a Qubes Installation USB stick that works in UEFI-only mode. +Some newer ThinkPads (e.g. T470, T470p, [P51](https://www.svensemmler.org/blog/2017/12/17/qubes-on-thinkpad-p51.html), ThinkPad 25, but not the [P53](https://github.com/QubesOS/qubes-issues/issues/5851)) are likely to fail installation attempts made from a USB stick that was created with dd or Rufus, and even from a DVD burned using official ISO images - if the ThinkPad is configured for UEFI boot. If you don't want to use Legacy Mode as a workaround, the following instructions should help you create a Qubes Installation USB stick that works in UEFI-only mode. -In a nutshell, you need to use the Fedora livecd-tools to make a Qubes Installation USB Stick from the Qubes ISO image, then update the label on the partition of that USB stick to "BOOT", and then update the BOOT/EFI/xen.cfg file on the USB stick so that all labels point to BOOT. In more detail: +In a nutshell, you need to use the Fedora livecd-tools to make a Qubes Installation USB Stick from the Qubes ISO image, then update the label on the partition of that USB stick to "BOOT", and then update the BOOT/EFI/BOOTX64.cfg file on the USB stick so that all labels point to BOOT. In more detail: 1. On your ThinkPad, enter the UEFI setup (press F1 at startup) and make sure to set at least the following options: - *USB UEFI BIOS Support: Enabled* @@ -37,7 +37,7 @@ In a nutshell, you need to use the Fedora livecd-tools to make a Qubes Installat ``# mount /dev/sdd1 /mnt/qinst/`` -10. Use your favorite editor to edit the file */mnt/qinst/EFI/BOOT/xen.cfg*: Replace all instances of ``LABEL=Qubes-R4.0-rc3-x86_64`` with ``LABEL=BOOT``. There is typically no space in front of ``LABEL``, but there is a space at the end of the portion you replace. +10. Use your favorite editor to edit the file */mnt/qinst/EFI/BOOT/BOOTX64.cfg*: Replace all instances of ``LABEL=Qubes-R4.0-rc3-x86_64`` with ``LABEL=BOOT``. There is typically no space in front of ``LABEL``, but there is a space at the end of the portion you replace. 11. Unmount the Qubes Installation USB stick: ``# umount /dev/sdd*`` and disconnect it. That's it! You can now reboot the machine with the Qubes USB Installation stick attached, and press F12 to select it as the boot device at startup. Proceed to install Qubes OS normally. Enjoy! From ff168b99720503756a58689e3570c4ccbb6826e9 Mon Sep 17 00:00:00 2001 From: Michael Carbone Date: Tue, 7 Jul 2020 09:53:43 -0400 Subject: [PATCH 13/49] Update language-localization.md added mention and cross-link to utf8 in title bars --- customization-guides/language-localization.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/customization-guides/language-localization.md b/customization-guides/language-localization.md index 79c2255..50ab8cc 100644 --- a/customization-guides/language-localization.md +++ b/customization-guides/language-localization.md @@ -11,6 +11,11 @@ redirect_from: Language Localization ===================== +Enable UTF-8 in dom0 title bars +------------------------- + +You can enable UTF-8 characters in the title bar for all qubes or on a per-qube basis. Follow the instructions [here](https://www.qubes-os.org/doc/config-files/#gui-and-audio-configuration-in-dom0) for further information. + How to set up pinyin input in Qubes ----------------------------------- From 302bd6bcc128291183ca74b5d9853cbbf03530aa Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 22 Aug 2020 23:18:08 -0500 Subject: [PATCH 14/49] Update qubes-users references to /support/ Now that we have a user forum in addition to qubes-users, it makes more sense to link to /support/ than to link directly to qubes-users (or to the forum, for that matter). This layer of redirection means allows us to update just one thing (namely, the /support/ page) instead of having to hunt through all the documentation every time support information changes. --- os-guides/windows/windows-tools.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-guides/windows/windows-tools.md b/os-guides/windows/windows-tools.md index 50678ac..345c1fd 100644 --- a/os-guides/windows/windows-tools.md +++ b/os-guides/windows/windows-tools.md @@ -251,7 +251,7 @@ If a specific component is malfunctioning, you can increase its log verbosity as Updates ------- -When we publish new QWT version (which is announced on `qubes-users` Google Group) it's usually pushed to the `current-testing` or `unstable` repository first. To use versions from current-testing, run this in dom0: +When we publish new QWT version, it's usually pushed to the `current-testing` or `unstable` repository first. To use versions from current-testing, run this in dom0: `qubes-dom0-update --enablerepo=qubes-dom0-current-testing qubes-windows-tools` From effcbcd7865f102a3c2f8e923745ec2c6cf2fd81 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Thu, 3 Sep 2020 18:13:22 -0500 Subject: [PATCH 15/49] Add note about Whonix and potential VPN risks --- configuration-guides/vpn.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/configuration-guides/vpn.md b/configuration-guides/vpn.md index 45227fd..1f84321 100644 --- a/configuration-guides/vpn.md +++ b/configuration-guides/vpn.md @@ -12,6 +12,12 @@ redirect_from: How To make a VPN Gateway in Qubes ================================== + + Although setting up a VPN connection is not by itself Qubes specific, Qubes includes a number of tools that can make the client-side setup of your VPN more versatile and secure. This document is a Qubes-specific outline for choosing the type of VM to use, and shows how to prepare a ProxyVM for either NetworkManager or a set of fail-safe VPN scripts. Please refer to your guest OS and VPN service documentation when considering the specific steps and parameters for your connection(s); The relevant documentation for the Qubes default guest OS (Fedora) is [Establishing a VPN Connection.](https://docs.fedoraproject.org/en-US/Fedora/23/html/Networking_Guide/sec-Establishing_a_VPN_Connection.html) From 8edc047a5e6e67979962424124f75d3cbc5b6ede Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sun, 13 Sep 2020 07:14:57 -0500 Subject: [PATCH 16/49] Merge branch 'patch-6' of https://github.com/gasull/qubes-doc into gasull-patch-6 --- configuration-guides/mutt.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/configuration-guides/mutt.md b/configuration-guides/mutt.md index 6118a3d..c857258 100644 --- a/configuration-guides/mutt.md +++ b/configuration-guides/mutt.md @@ -206,21 +206,21 @@ In `.mailcap`: ### also would be convenient to use mailcap's TEST feature to ### show some html in mutt pager (e.g. with w3m, links or html2text), ### else open others in dispvm - + # MS Word documents application/msword; qvm-open-in-dvm %s - application/vnd.oasis.opendocument.spreadsheet; qvm-open-in-dvm %s application/vnd.oasis.opendocument.text; qvm-open-in-dvm %s - + # Images image/jpg; qvm-open-in-dvm %s image/jpeg; qvm-open-in-dvm %s image/png; qvm-open-in-dvm %s image/gif; qvm-open-in-dvm %s - + # PDFs application/pdf; qvm-open-in-dvm %s - + # HTML + text/html; w3m -T text/html '%s' | cat --squeeze-blank; nametemplate=%s.html; copiousoutput text/html; qvm-open-in-dvm %s From aa76d355f7548e364d481620cf40436a03f9a8ed Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sun, 13 Sep 2020 08:19:29 -0500 Subject: [PATCH 17/49] Update links --- security-guides/security-guidelines.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security-guides/security-guidelines.md b/security-guides/security-guidelines.md index 4a85d55..a9beaf2 100644 --- a/security-guides/security-guidelines.md +++ b/security-guides/security-guidelines.md @@ -141,7 +141,7 @@ See [here](/doc/usb/). Dom0 Precautions ---------------- -As explained [here](/getting-started/#appvms-qubes-and-templatevms), dom0 should not be used for any user operations. There are several reasons for this: +As explained [here](/getting-started/), dom0 should not be used for any user operations. There are several reasons for this: 1. Secure isolation among domUs (i.e., AppVMs, StandaloneVMs, HVMs, etc.) is the *raison d'être* of Qubes. This is the primary reason that we recommend the delegation of all user activities to some number of AppVMs. In the event that any given VM is compromised, only that particular VM is compromised. (TemplateVMs are the exception to this. If a TemplateVM were compromised, then every AppVM based on it might also be compromised. Even in this case, however, the entire system would not necessarily have been compromised, since StandaloneVM(s), HVM(s), and/or multiple TemplateVMs might be in use.) By contrast, if dom0 were ever compromised, the entire system would thereby be compromised. 2. Due to the absence of convenience mechanisms in dom0 such as the inter-VM clipboard and inter-VM file copying, it is significantly less convenient to attempt to use dom0 for user operations (e.g., password management) in conjunction with AppVMs than it is to use another dedicated AppVM (e.g., a "vault" VM). From dbc447da5be240f6b0845765adeefd612865ef45 Mon Sep 17 00:00:00 2001 From: "Dr. Gerhard Weck" Date: Mon, 21 Sep 2020 14:38:17 +0200 Subject: [PATCH 18/49] Update windows-vm.md Added instructions for installing QWT on Windows 10, using the Xen version 9.0.0 drivers and added instructions on creating Windows 7 and 10 as TemplateVMs and AppVMs instead of StandaloneVMs. --- os-guides/windows/windows-vm.md | 60 +++++++++++++++++++++++++++++++-- 1 file changed, 58 insertions(+), 2 deletions(-) diff --git a/os-guides/windows/windows-vm.md b/os-guides/windows/windows-vm.md index 74ea761..4c3c6af 100644 --- a/os-guides/windows/windows-vm.md +++ b/os-guides/windows/windows-vm.md @@ -117,8 +117,9 @@ To install Qubes Windows Tools, follow instructions [below](#xen-pv-drivers-and- MS Windows versions considerations: -- The instructions *may* work on other versions than Windows 7 x64 but haven't been tested. +- The instructions *may* work on other versions than Windows 7 x64 but haven't been tested. - Qubes Windows Tools (QWT) only supports Windows 7 x64. Note that there are [known issues](https://github.com/QubesOS/qubes-issues/issues/3585) with QWT on Qubes 4.x +- For Windows 10 under Qubes 4.0, a way to install QWT 4.0.1.3, which has worked in serverel instances, is described below. Create a VM named win7new in [HVM](/doc/hvm/) mode (Xen's current PVH limitations precludes from using PVH): @@ -210,6 +211,57 @@ qvm-prefs win7new qrexec_timeout 300 At that point you should have a functional and stable Windows VM, although without updates, Xen's PV drivers nor Qubes integration (see sections [Windows Update](#windows-update) and [Xen PV drivers and Qubes Windows Tools](#xen-pv-drivers-and-qubes-windows-tools) below). It is a good time to clone the VM again. +### Installing Qubes Windows Tools on Windows 10 + +If the Xen bus and storage drivers version 9.0.0 are installed in a Windows 10 system without Qubes Windows Tools, and QWT 4.0.1.3 are installed after the Xen installation has finished, the Qubes interface works correctly. Files can be exchanged with other VMs, and the common clipboard works in both directions. So to get a working Windows 10 system (Standalone or Template VM) under Qubes R4.0, the following steps should be performed: + +- Copy the installation kits of `xenvbd` and `xenbus` Version 9.0.0 from the Xen web site and Qubes Windows Tools 4.0.1.3 to the Windows system drive (normally `C:\`.) +- Extract `qubes-tools-4.0.1.3.exe` from the QWT installation media, and store it on the Windows system disk. +- Install `xenvbd` and `xenbus` version 9.0.0. +- After installation, reboot. without the installation disk. +- Install Qubes Windows Tools 4.0.1.3 by starting `qubes-tools-4.0.1.3.exe`, unselecting the Xen storage driver and the `Move of user data to Drive D` (which would probably lead to problems in Windows, anyhow). +- Shut down Windows. +- Set `qvm-features win10new gui 1` +- Reboot Windows. The VM starts, but does not show any window. +- Shutdown Windows from the Qube manager. +- Reboot Windows once more. Now the system is up, with QWT running correctly. + +For me, this sequence worked for Windows 10 as template VM, and a correspondig AppVM worked too. + +File copy operations to a Windows 10 VM are possible, if the Qubes OS `default_user` property is set to the user name used for access to that VM, which can be done via the command +~~~ +qvm-prefs default_user +~~~ +If this property is not set or set to a wrong value, files copied to this VM are stored in the folder +~~~ +C:\Windows\System32\config\systemprofile\Documents\QubesIncoming\ +~~~ +If the target VM is an AppVM, this has the consequence that the files are stored in the corresponding TemplateVM and so are lost on AppVM shutdown. + +Windows as TemplateVM +--------------------- + +Windows 7 and 10 can be installed as TemplateVM by selecting +~~~ +qvm-create --class TemplateVM --property virt_mode=HVM --property kernel='' --label black Windows-7 +qvm-create --class TemplateVM --property virt_mode=HVM --property kernel='' --label black Windows-10 +~~~ +when creating the VM. To have the user data stored in AppVMs depending on this template, Windows 7 and 10 have to be treated differently: + +- For Windows 7, the option to move the user directories from drive `C` to drive `D` works and causes any user data to be stored in the AppVMs based on this template, and not in the template itself. + +- After installation of Windows 10 as a TemplateVM, the Windows disk manager may be used to add the private volume as disk `D:`, and you may, using the doumented Windows operations, move the user directories `C:\users\\Documents` to this new disk, allowing depending AppVMs to have their own private volumes. Moving the hidden application directories `AppData`, however, is likely to invite trouble - the same trouble that occurs if, during QWT installation, the option `Move of user data to drive D` is selected. + +For Windows 10, configuration data like those stored in directories like `AppData` still remain in the TemplateVM, such that their changes are lost each time the AppVM shuts down. In order to make permanent changes to these configuration data, they have to be changed in the TemplateVM, meaning that applications have to be started there, which violates and perhaps even endangers the security of the TemplateVM. Such changes should be done only if absolutely necessary and with great care. It is a good idea to test them first in a cloned TemplateVM before applying them in the production VM. + +AppVMs based on these templates can be created the normal way by using the Qube Manager or by specifying +~~~ +qvm-create --class=AppVM --template= +~~~ + +On starting the AppVM, sometimes a message is displayed that the Xen PV Network Class needs to restart the system. This message can be safely ignored and closed by selecting "No". + +**Caution:** These AppVMs must not be started while the corresponding TemplateVM is running, because they share the TemplateVM's license data. Even if this could work sometimes, it would be a violation of the license terms. Windows update -------------- @@ -229,10 +281,14 @@ Installing Xen's PV drivers in the VM will lower its resources usage when using 2. installing Qubes Windows Tools (QWT), which bundles Xen's PV drivers. Notes about using Xen's VBD (storage) PV driver: -- Windows 7: installing the driver requires a fully updated VM or else you'll likely get a BSOD and a VM in a difficult to fix state. Updating Windows takes *hours* and for casual usage there isn't much of a performance between the disk PV driver and the default one; so there is likely no need to go through the lengthy Windows Update process if your VM doesn't have access to untrusted networks and if you don't use I/O intensive apps. If you plan to update your newly installed Windows VM it is recommended that you do so *before* installing Qubes Windows Tools (QWT). If QWT are installed, you should temporarily re-enable the standard VGA adapter in Windows and disable Qubes' (see the section above). +- **Windows 7:** installing the driver requires a fully updated VM or else you'll likely get a BSOD and a VM in a difficult to fix state. Updating Windows takes *hours* and for casual usage there isn't much of a performance between the disk PV driver and the default one; so there is likely no need to go through the lengthy Windows Update process if your VM doesn't have access to untrusted networks and if you don't use I/O intensive apps. If you plan to update your newly installed Windows VM it is recommended that you do so *before* installing Qubes Windows Tools (QWT). If QWT are installed, you should temporarily re-enable the standard VGA adapter in Windows and disable Qubes' (see the section above). - the option to install the storage PV driver is disabled by default in Qubes Windows Tools - in case you already had QWT installed without the storage PV driver and you then updated the VM, you may then install the driver from Xen's site (xenvbd.tar). +**Caution:** Installing the version 9.0.0 Xen drivers on Windows 7 (a system without QWT - QWT uninstalled) leads to an unbootable system. The drivers install without error, but after reboot, the system aborts the reboot saying ´Missing driver xenbus.sys´. + +- **Windows 10:** The version 9.0.0 Xen drivers have to be installed before installing Qubes Windows Tools. Installing them on a system with QWT installed is likely to produce a system which crashes or has the tools in a non-functional state. Even if the tools were installed and then removed before installing the Xen drivers, they probably will not work as expected. + Installing Qubes Windows Tools: - on R3.2: see [this page](/doc/windows-tools/) From 92b4cdd840861a3166d462f3638912926e90eaa2 Mon Sep 17 00:00:00 2001 From: "Dr. Gerhard Weck" Date: Mon, 21 Sep 2020 16:50:27 +0200 Subject: [PATCH 19/49] Update windows-vm.md --- os-guides/windows/windows-vm.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/os-guides/windows/windows-vm.md b/os-guides/windows/windows-vm.md index 4c3c6af..5db5318 100644 --- a/os-guides/windows/windows-vm.md +++ b/os-guides/windows/windows-vm.md @@ -119,7 +119,7 @@ MS Windows versions considerations: - The instructions *may* work on other versions than Windows 7 x64 but haven't been tested. - Qubes Windows Tools (QWT) only supports Windows 7 x64. Note that there are [known issues](https://github.com/QubesOS/qubes-issues/issues/3585) with QWT on Qubes 4.x -- For Windows 10 under Qubes 4.0, a way to install QWT 4.0.1.3, which has worked in serverel instances, is described below. +- For Windows 10 under Qubes 4.0, a way to install QWT 4.0.1.3, which has worked in serveral instances, is described below. Create a VM named win7new in [HVM](/doc/hvm/) mode (Xen's current PVH limitations precludes from using PVH): @@ -219,14 +219,14 @@ If the Xen bus and storage drivers version 9.0.0 are installed in a Windows 10 s - Extract `qubes-tools-4.0.1.3.exe` from the QWT installation media, and store it on the Windows system disk. - Install `xenvbd` and `xenbus` version 9.0.0. - After installation, reboot. without the installation disk. -- Install Qubes Windows Tools 4.0.1.3 by starting `qubes-tools-4.0.1.3.exe`, unselecting the Xen storage driver and the `Move of user data to Drive D` (which would probably lead to problems in Windows, anyhow). +- Install Qubes Windows Tools 4.0.1.3 by starting `qubes-tools-4.0.1.3.exe`, not selecting the Xen storage driver and the `Move of user data to Drive D` (which would probably lead to problems in Windows, anyhow). - Shut down Windows. - Set `qvm-features win10new gui 1` - Reboot Windows. The VM starts, but does not show any window. - Shutdown Windows from the Qube manager. - Reboot Windows once more. Now the system is up, with QWT running correctly. -For me, this sequence worked for Windows 10 as template VM, and a correspondig AppVM worked too. +For me, this sequence worked for Windows 10 as template VM, and a corresponding AppVM worked too. File copy operations to a Windows 10 VM are possible, if the Qubes OS `default_user` property is set to the user name used for access to that VM, which can be done via the command ~~~ @@ -250,7 +250,7 @@ when creating the VM. To have the user data stored in AppVMs depending on this t - For Windows 7, the option to move the user directories from drive `C` to drive `D` works and causes any user data to be stored in the AppVMs based on this template, and not in the template itself. -- After installation of Windows 10 as a TemplateVM, the Windows disk manager may be used to add the private volume as disk `D:`, and you may, using the doumented Windows operations, move the user directories `C:\users\\Documents` to this new disk, allowing depending AppVMs to have their own private volumes. Moving the hidden application directories `AppData`, however, is likely to invite trouble - the same trouble that occurs if, during QWT installation, the option `Move of user data to drive D` is selected. +- After installation of Windows 10 as a TemplateVM, the Windows disk manager may be used to add the private volume as disk `D:`, and you may, using the documented Windows operations, move the user directories `C:\users\\Documents` to this new disk, allowing depending AppVMs to have their own private volumes. Moving the hidden application directories `AppData`, however, is likely to invite trouble - the same trouble that occurs if, during QWT installation, the option `Move of user data to drive D` is selected. For Windows 10, configuration data like those stored in directories like `AppData` still remain in the TemplateVM, such that their changes are lost each time the AppVM shuts down. In order to make permanent changes to these configuration data, they have to be changed in the TemplateVM, meaning that applications have to be started there, which violates and perhaps even endangers the security of the TemplateVM. Such changes should be done only if absolutely necessary and with great care. It is a good idea to test them first in a cloned TemplateVM before applying them in the production VM. From a13ea731b3408bac40e8b6b08d016043997d7f17 Mon Sep 17 00:00:00 2001 From: "Dr. Gerhard Weck" Date: Mon, 21 Sep 2020 17:06:20 +0200 Subject: [PATCH 20/49] Update windows-vm.md --- os-guides/windows/windows-vm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-guides/windows/windows-vm.md b/os-guides/windows/windows-vm.md index 5db5318..15ffba1 100644 --- a/os-guides/windows/windows-vm.md +++ b/os-guides/windows/windows-vm.md @@ -119,7 +119,7 @@ MS Windows versions considerations: - The instructions *may* work on other versions than Windows 7 x64 but haven't been tested. - Qubes Windows Tools (QWT) only supports Windows 7 x64. Note that there are [known issues](https://github.com/QubesOS/qubes-issues/issues/3585) with QWT on Qubes 4.x -- For Windows 10 under Qubes 4.0, a way to install QWT 4.0.1.3, which has worked in serveral instances, is described below. +- For Windows 10 under Qubes 4.0, a way to install QWT 4.0.1.3, which has worked in several instances, is described below. Create a VM named win7new in [HVM](/doc/hvm/) mode (Xen's current PVH limitations precludes from using PVH): From 834e3a98cd140d39de5c7e366f6ed82aa18b0cd3 Mon Sep 17 00:00:00 2001 From: "Dr. Gerhard Weck" Date: Tue, 22 Sep 2020 10:38:39 +0200 Subject: [PATCH 21/49] Update windows-vm.md --- os-guides/windows/windows-vm.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/os-guides/windows/windows-vm.md b/os-guides/windows/windows-vm.md index 15ffba1..c5d265b 100644 --- a/os-guides/windows/windows-vm.md +++ b/os-guides/windows/windows-vm.md @@ -263,6 +263,12 @@ On starting the AppVM, sometimes a message is displayed that the Xen PV Network **Caution:** These AppVMs must not be started while the corresponding TemplateVM is running, because they share the TemplateVM's license data. Even if this could work sometimes, it would be a violation of the license terms. +### Windows 10 Usage According to GDPR + +If Windows 10 is used in the EU to process personal data, according to GDPR no automatic data transfer to countries outside the EU is allowed without explicit consent of the person(s) concerned, or other legal consent, as applicable. Since no reliable way is found to completely control the sending of telemetry from Windows 10, the system containing personal data must be completely shielded from the internet. + +This can be achieved by installing Windows 10 on a TemplateVM with the user data directory moved to a separate drive (usually `D:`). Personal data must not be stored within the TemplateVM, but only in AppVMs depending on this TemplateVM. Network access by these AppVMs must be restricted to the local network and perhaps additional selected servers within the EU. Any data exchange of the AppVMs must be restricted to file and clipboard operations to and from other VMs in the same Qubes system. + Windows update -------------- From 4b6c9dd9a94f86876d9d2cbec9e1404ec28fd4ab Mon Sep 17 00:00:00 2001 From: "Dr. Gerhard Weck" Date: Thu, 24 Sep 2020 18:52:28 +0200 Subject: [PATCH 22/49] Update windows-vm.md --- os-guides/windows/windows-vm.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/os-guides/windows/windows-vm.md b/os-guides/windows/windows-vm.md index c5d265b..1c7314b 100644 --- a/os-guides/windows/windows-vm.md +++ b/os-guides/windows/windows-vm.md @@ -215,10 +215,12 @@ At that point you should have a functional and stable Windows VM, although witho If the Xen bus and storage drivers version 9.0.0 are installed in a Windows 10 system without Qubes Windows Tools, and QWT 4.0.1.3 are installed after the Xen installation has finished, the Qubes interface works correctly. Files can be exchanged with other VMs, and the common clipboard works in both directions. So to get a working Windows 10 system (Standalone or Template VM) under Qubes R4.0, the following steps should be performed: -- Copy the installation kits of `xenvbd` and `xenbus` Version 9.0.0 from the Xen web site and Qubes Windows Tools 4.0.1.3 to the Windows system drive (normally `C:\`.) -- Extract `qubes-tools-4.0.1.3.exe` from the QWT installation media, and store it on the Windows system disk. -- Install `xenvbd` and `xenbus` version 9.0.0. -- After installation, reboot. without the installation disk. +- Install Qubes Windows Tools in dom0: `sudo qubes-dom0-update qubes-windows-tools`. The iso will be the file `/usr/lib/qubes/qubes-windows-tools-4.0.1.3.iso`. +- Copy this file to some AppVM: `qvm-copy-to-vm VMname /usr/lib/qubes/qubes-windows-tools-4.0.1.3.iso`. +- In this VM, extract the file `qubes-tools-4.0.1.3.exe` from the iso, using the archive manager. +- Copy the installation kits of `xenvbd` and `xenbus` Version 9.0.0 (two Zip-files) from the Xen web site and the file `qubes-tools-4.0.1.3.exe` to the Windows system drive (normally `C:\`.) +- Install `xenvbd` and `xenbus` version 9.0.0 by starting the file `dpinst.exe` from the `x64` directories of the Zip-file. +- After installation, reboot. - Install Qubes Windows Tools 4.0.1.3 by starting `qubes-tools-4.0.1.3.exe`, not selecting the Xen storage driver and the `Move of user data to Drive D` (which would probably lead to problems in Windows, anyhow). - Shut down Windows. - Set `qvm-features win10new gui 1` From ce8e446dfc6b47329505f3f83f6a1cd51181cc90 Mon Sep 17 00:00:00 2001 From: "Dr. Gerhard Weck" Date: Fri, 25 Sep 2020 11:12:07 +0200 Subject: [PATCH 23/49] Update windows-vm.md --- os-guides/windows/windows-vm.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/os-guides/windows/windows-vm.md b/os-guides/windows/windows-vm.md index 1c7314b..d05cad7 100644 --- a/os-guides/windows/windows-vm.md +++ b/os-guides/windows/windows-vm.md @@ -213,7 +213,11 @@ At that point you should have a functional and stable Windows VM, although witho ### Installing Qubes Windows Tools on Windows 10 -If the Xen bus and storage drivers version 9.0.0 are installed in a Windows 10 system without Qubes Windows Tools, and QWT 4.0.1.3 are installed after the Xen installation has finished, the Qubes interface works correctly. Files can be exchanged with other VMs, and the common clipboard works in both directions. So to get a working Windows 10 system (Standalone or Template VM) under Qubes R4.0, the following steps should be performed: +If the Xen bus and storage drivers version 9.0.0 are installed in a Windows 10 system without Qubes Windows Tools, and QWT 4.0.1.3 are installed after the Xen installation has finished, the Qubes interface works correctly. Files can be exchanged with other VMs, and the common clipboard works in both directions. + +The installation of Qubes Windows Tools should **not** be done by using the parameter `--install-windows-tools`or by directly specifying `--cdrom=...`when starting the Windows VM, as this is bound to crash the VM on booting, showing the error `INACCESSIBLE BOOT DEVICE`- which makes no sense, but does happen. + +So to get a working Windows 10 system (Standalone or Template VM) under Qubes R4.0, the following steps should be performed: - Install Qubes Windows Tools in dom0: `sudo qubes-dom0-update qubes-windows-tools`. The iso will be the file `/usr/lib/qubes/qubes-windows-tools-4.0.1.3.iso`. - Copy this file to some AppVM: `qvm-copy-to-vm VMname /usr/lib/qubes/qubes-windows-tools-4.0.1.3.iso`. From a9c17846e34eb4a88f4084f1006bc14713043eda Mon Sep 17 00:00:00 2001 From: "Dr. Gerhard Weck" Date: Sat, 26 Sep 2020 10:39:12 +0200 Subject: [PATCH 24/49] Update windows-vm.md --- os-guides/windows/windows-vm.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/os-guides/windows/windows-vm.md b/os-guides/windows/windows-vm.md index d05cad7..6a73b2c 100644 --- a/os-guides/windows/windows-vm.md +++ b/os-guides/windows/windows-vm.md @@ -219,10 +219,23 @@ The installation of Qubes Windows Tools should **not** be done by using the para So to get a working Windows 10 system (Standalone or Template VM) under Qubes R4.0, the following steps should be performed: +**to be replaced** - Install Qubes Windows Tools in dom0: `sudo qubes-dom0-update qubes-windows-tools`. The iso will be the file `/usr/lib/qubes/qubes-windows-tools-4.0.1.3.iso`. - Copy this file to some AppVM: `qvm-copy-to-vm VMname /usr/lib/qubes/qubes-windows-tools-4.0.1.3.iso`. - In this VM, extract the file `qubes-tools-4.0.1.3.exe` from the iso, using the archive manager. - Copy the installation kits of `xenvbd` and `xenbus` Version 9.0.0 (two Zip-files) from the Xen web site and the file `qubes-tools-4.0.1.3.exe` to the Windows system drive (normally `C:\`.) +**end of replaced text** + +**new text** +- In the Windows 10 VM, download the installation kits of `xenvbd` and `xenbus` Version 9.0.0 (two files`xenvbd.zip`and `xenbus.zip`) from the Xen web site and the file `qubes-tools-4.0.1.3.exe` from https://www.qubes-os.org/doc/windows-tools/ **enter the final url** and store them on the Windows system drive (normally `C:\`.) +**end of new text** + +- Check the integrity of the file `qubes-tools-4.0.1.3.exe`by comparing its hash checksum. This can be done using the Windows command `certutil` specifying an appropriate hash algorithm like: +~~~ +certutil --hashfile qubes-tools-4.0.1.3.exe SHA256 +~~~ +This utility supports the algorithms MD5, SHA1, SHA256 and SHA512 (to be entered in uppercase!). The correct hash values can be retrieved from the Qubes website: https://www.qubes-os.org/doc/windows-tools/ **enter the final url** + - Install `xenvbd` and `xenbus` version 9.0.0 by starting the file `dpinst.exe` from the `x64` directories of the Zip-file. - After installation, reboot. - Install Qubes Windows Tools 4.0.1.3 by starting `qubes-tools-4.0.1.3.exe`, not selecting the Xen storage driver and the `Move of user data to Drive D` (which would probably lead to problems in Windows, anyhow). From 6aeacff183e4c5e02f1658bbdf869d05dc6c56c5 Mon Sep 17 00:00:00 2001 From: "Dr. Gerhard Weck" Date: Sat, 26 Sep 2020 13:02:41 +0200 Subject: [PATCH 25/49] Update windows-vm.md --- os-guides/windows/windows-vm.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/os-guides/windows/windows-vm.md b/os-guides/windows/windows-vm.md index 6a73b2c..59de22f 100644 --- a/os-guides/windows/windows-vm.md +++ b/os-guides/windows/windows-vm.md @@ -117,7 +117,7 @@ To install Qubes Windows Tools, follow instructions [below](#xen-pv-drivers-and- MS Windows versions considerations: -- The instructions *may* work on other versions than Windows 7 x64 but haven't been tested. +- The instructions *may* work on other versions than Windows 7 x64 but haven't been tested. - Qubes Windows Tools (QWT) only supports Windows 7 x64. Note that there are [known issues](https://github.com/QubesOS/qubes-issues/issues/3585) with QWT on Qubes 4.x - For Windows 10 under Qubes 4.0, a way to install QWT 4.0.1.3, which has worked in several instances, is described below. @@ -227,7 +227,7 @@ So to get a working Windows 10 system (Standalone or Template VM) under Qubes R4 **end of replaced text** **new text** -- In the Windows 10 VM, download the installation kits of `xenvbd` and `xenbus` Version 9.0.0 (two files`xenvbd.zip`and `xenbus.zip`) from the Xen web site and the file `qubes-tools-4.0.1.3.exe` from https://www.qubes-os.org/doc/windows-tools/ **enter the final url** and store them on the Windows system drive (normally `C:\`.) +- In the Windows 10 VM, download the installation kits of `xenvbd` and `xenbus` Version 9.0.0 (two files`xenvbd.tar`and `xenbus.tar`) from the Xen web site and the file `qubes-tools-4.0.1.3.exe` from https://www.qubes-os.org/doc/windows-tools/ **enter the final url** and store them on the Windows system drive (normally `C:\`.) In order to extract the contents from the tar-archives, you will need an external utility like 7zip. **end of new text** - Check the integrity of the file `qubes-tools-4.0.1.3.exe`by comparing its hash checksum. This can be done using the Windows command `certutil` specifying an appropriate hash algorithm like: @@ -236,9 +236,9 @@ certutil --hashfile qubes-tools-4.0.1.3.exe SHA256 ~~~ This utility supports the algorithms MD5, SHA1, SHA256 and SHA512 (to be entered in uppercase!). The correct hash values can be retrieved from the Qubes website: https://www.qubes-os.org/doc/windows-tools/ **enter the final url** -- Install `xenvbd` and `xenbus` version 9.0.0 by starting the file `dpinst.exe` from the `x64` directories of the Zip-file. +- Install `xenvbd` and `xenbus` version 9.0.0 by starting the file `dpinst.exe` from the `x64` directories of the extracted tar-files. If during installation, the Xen driver requests a reboot, select "No" and let the installation continue. - After installation, reboot. -- Install Qubes Windows Tools 4.0.1.3 by starting `qubes-tools-4.0.1.3.exe`, not selecting the Xen storage driver and the `Move of user data to Drive D` (which would probably lead to problems in Windows, anyhow). +- Install Qubes Windows Tools 4.0.1.3 by starting `qubes-tools-4.0.1.3.exe`, not selecting the `Xen PV disk drivers` and the `Move user profiles` (which would probably lead to problems in Windows, anyhow). If during installation, the Xen driver requests a reboot, select "No" and let the installation continue - the system will be rebooted later. - Shut down Windows. - Set `qvm-features win10new gui 1` - Reboot Windows. The VM starts, but does not show any window. @@ -269,7 +269,7 @@ when creating the VM. To have the user data stored in AppVMs depending on this t - For Windows 7, the option to move the user directories from drive `C` to drive `D` works and causes any user data to be stored in the AppVMs based on this template, and not in the template itself. -- After installation of Windows 10 as a TemplateVM, the Windows disk manager may be used to add the private volume as disk `D:`, and you may, using the documented Windows operations, move the user directories `C:\users\\Documents` to this new disk, allowing depending AppVMs to have their own private volumes. Moving the hidden application directories `AppData`, however, is likely to invite trouble - the same trouble that occurs if, during QWT installation, the option `Move of user data to drive D` is selected. +- After installation of Windows 10 as a TemplateVM, the Windows disk manager may be used to add the private volume as disk `D:`, and you may, using the documented Windows operations, move the user directories `C:\users\\Documents` to this new disk, allowing depending AppVMs to have their own private volumes. Moving the hidden application directories `AppData`, however, is likely to invite trouble - the same trouble that occurs if, during QWT installation, the option `Move user profiles` is selected. For Windows 10, configuration data like those stored in directories like `AppData` still remain in the TemplateVM, such that their changes are lost each time the AppVM shuts down. In order to make permanent changes to these configuration data, they have to be changed in the TemplateVM, meaning that applications have to be started there, which violates and perhaps even endangers the security of the TemplateVM. Such changes should be done only if absolutely necessary and with great care. It is a good idea to test them first in a cloned TemplateVM before applying them in the production VM. From c357d266a5d517af1faba58485bdf4942ea4df4d Mon Sep 17 00:00:00 2001 From: deeplow Date: Sat, 26 Sep 2020 15:47:17 -0400 Subject: [PATCH 26/49] move QWT instructions and make them step-by-step --- os-guides/windows/windows-tools.md | 75 ++++++++++++++++++++++++++---- os-guides/windows/windows-vm.md | 45 ------------------ 2 files changed, 67 insertions(+), 53 deletions(-) diff --git a/os-guides/windows/windows-tools.md b/os-guides/windows/windows-tools.md index 345c1fd..d313175 100644 --- a/os-guides/windows/windows-tools.md +++ b/os-guides/windows/windows-tools.md @@ -19,22 +19,34 @@ Qubes Windows Tools Qubes Windows Tools are a set of programs and drivers that provide integration of Windows AppVMs with the rest of the Qubes system. Currently the following features are available for Windows VMs after installation of those tools: -- Seamless GUI mode that integrates apps windows onto the common Qubes trusted desktop -- Support for [secure clipboard copy/paste](/doc/copy-paste/) between the Windows VM and other AppVMs -- Support for [secure file exchange](/doc/copying-files/) between the Windows VM and other AppVMs -- Support for qvm-run and generic qrexec for the Windows VM (e.g. ability to run custom service within/from the Windows VM) -- Xen PV drivers for Windows that increase performance compared to qemu emulated devices +- **Qubes Video Driver** - provides for the Seamless GUI mode that integrates apps windows onto the common Qubes trusted desktop +- **File sender/receiver** - Support for [secure clipboard copy/paste](/doc/copy-paste/) between the Windows VM and other AppVMs +- ***File sender/receiver** - Support for [secure file exchange](/doc/copying-files/) between the Windows VM and other AppVMs +- **Copy/Edit in Dipostable VM** - Support for editing files in DisposableVMs as well as for qvm-run and generic qrexec for the Windows VM (e.g. ability to run custom service within/from the Windows VM) +- **Xen PV drivers** for Windows that increase performance compared to qemu emulated devices + +Bellow is a breakdown of the feature availablility depending on the windows version: + +| Feature | Windows 7 x64 | Windows 10 x64 | +| ------------------------------------ | :------------: | :------------: | +| Qubes Video Driver | + | - | +| Qubes Network Setup | + | + | +| Private Volume Setup (move profiles) | + | + | +| File sender/receiver | + | + | +| Clipboard Copy/Paste | + | + | +| Application shortcuts | + | + | +| Copy/Edit in Disposible VM | + | + | +| Block device | + | + | +| USB device | - | - | +| Audio | - | - | Qubes Windows Tools are open source and are distributed under a GPL license. NOTES: - Qubes Windows Tools are currently unmaintained - Currently only 64-bit versions of Windows 7 are supported by Qubes Windows Tools. Only emulated SVGA GPU is supported (although [there has been reports](https://groups.google.com/forum/#!topic/qubes-users/cmPRMOkxkdA) on working GPU passthrough). -- There is currently no audio support for Windows HVMs. -- There is currently no USB pass-through support for Windows HVMs. - __This page documents the process of installing Qubes Windows Tools on versions up to R3.2.__. Installation on Qubes R4.0 is possible but is a work in progress and there are limitations/bugs (see [issue #3585](https://github.com/QubesOS/qubes-issues/issues/3585)). - Installing Windows OS in a Qubes VM ----------------------------------- @@ -42,6 +54,51 @@ Please refer to [this page](/doc/windows-vm/) for instructions on how to install NOTE: It is strongly suggested to enable autologon for any Windows HVMs that will have Qubes Tools installed. To do so, run `netplwiz` command from the `Win+R`/Start menu and uncheck the *Users must enter a user name and password to use this computer* option. +Installing Qubes guest tools in Windows 10 VMs +---------------------------------------------- + +This will allow you to installs the Qubes Windows Tools on Windows 10 both as a StandaloneVM as well as a template VM and a corresponding AppVM. But some features are not available: + +TODO available features + + 1. In the Windows 10 VM, download from the [XEN website](https://xenproject.org/downloads/windows-pv-drivers/windows-pv-drivers-9-series/windows-pv-drivers-9-0-0/) the installation kits for Xen bus (`xenbus`) and storage drivers (`xenvbd`) Version 9.0.0 (two files`xenvbd.tar`and `xenbus.tar`). + + 2. Use an archive extractor like [7-zip](https://www.7-zip.org/) to extract the contents of the `.tar` files. + + 3. - Install `xenvbd` and `xenbus` by starting the file `dpinst.exe` from the `x64` directories of the extracted tar-files. If during installation, the Xen driver requests a reboot, select "No" and let the installation continue. + + 4. After installation, reboot. + + 5. Download the Qubes Windows Tools (`qubes-tools-4.0.1.3.exe`) from [the qubes FTP server](TODO add ftp link) and move it to `C:\`. + + 6. Check the integrity of the file `qubes-tools-4.0.1.3.exe`by comparing its hash checksum. This can be done using the Windows command `certutil` on the windows command prompt (`cmd.exe`) and specifying an appropriate hash algorithm like: + + certutil --hashfile C:\qubes-tools-4.0.1.3.exe SHA256 + + And compare it the value to `148A2A993F0C746B48FA6C5C9A5D1B504E09A7CFBA3FB931A4DCF86FDA4EC9B1` (**it has to exactly match for security reasons**). If it matches, feel free to continue the installation. If not, repeat the download to make sure it was not corrupted due to a network problem. If keeps on not matching it might be an attacker attempting to do something nasty to your system -- Ask for support. + + > **Note**: this is a workaround for installing the qubes windows tools on windows 10 since the standard way is broken. + + 7. Install Qubes Windows Tools 4.0.1.3 by starting `qubes-tools-4.0.1.3.exe`, not selecting the `Xen PV disk drivers` and the `Move user profiles` (which would probably lead to problems in Windows, anyhow). If during installation, the Xen driver requests a reboot, select "No" and let the installation continue - the system will be rebooted later. + + 8. Shut down Windows. + + 9. On a `dom0` terminal write: *(where `` is the name of your Windows 10 VM)* + + `qvm-features gui 1` + + 10. Reboot Windows. If the VM starts, but does not show any window then shutdown Windows from the Qube manager and reboot Windows once more. + + 11. Now the system should be up, with QWT running correctly. + + 12. Lastly to enable file copy operations to a Windows 10 VM the `default_user` property should be set the `` that you use to login to the Windows VM. This can be done via the following command on a `dom0` terminal: *(where `` is the name of your Windows 10 VM)* + + qvm-prefs win10 default_user + + > **Note:** If this property is not set or set to a wrong value, files copied to this VM are stored in the folder `C:\Windows\System32\config\systemprofile\Documents\QubesIncoming\`. + > If the target VM is an AppVM, this has the consequence that the files are stored in the corresponding TemplateVM and so are lost on AppVM shutdown. + + Installing Qubes guest tools in Windows 7 VMs --------------------------------------------- @@ -94,6 +151,8 @@ qvm-prefs -s qrexec_timeout 300 Using Windows AppVMs in seamless mode ------------------------------------- +> **Note:** This feature is only available for Windows 7 + Once you start a Windows-based AppVM with Qubes Tools installed, you can easily start individual applications from the VM (note the `-a` switch used here, which will auto-start the VM if it is not running): ~~~ diff --git a/os-guides/windows/windows-vm.md b/os-guides/windows/windows-vm.md index 59de22f..59b6e28 100644 --- a/os-guides/windows/windows-vm.md +++ b/os-guides/windows/windows-vm.md @@ -211,51 +211,6 @@ qvm-prefs win7new qrexec_timeout 300 At that point you should have a functional and stable Windows VM, although without updates, Xen's PV drivers nor Qubes integration (see sections [Windows Update](#windows-update) and [Xen PV drivers and Qubes Windows Tools](#xen-pv-drivers-and-qubes-windows-tools) below). It is a good time to clone the VM again. -### Installing Qubes Windows Tools on Windows 10 - -If the Xen bus and storage drivers version 9.0.0 are installed in a Windows 10 system without Qubes Windows Tools, and QWT 4.0.1.3 are installed after the Xen installation has finished, the Qubes interface works correctly. Files can be exchanged with other VMs, and the common clipboard works in both directions. - -The installation of Qubes Windows Tools should **not** be done by using the parameter `--install-windows-tools`or by directly specifying `--cdrom=...`when starting the Windows VM, as this is bound to crash the VM on booting, showing the error `INACCESSIBLE BOOT DEVICE`- which makes no sense, but does happen. - -So to get a working Windows 10 system (Standalone or Template VM) under Qubes R4.0, the following steps should be performed: - -**to be replaced** -- Install Qubes Windows Tools in dom0: `sudo qubes-dom0-update qubes-windows-tools`. The iso will be the file `/usr/lib/qubes/qubes-windows-tools-4.0.1.3.iso`. -- Copy this file to some AppVM: `qvm-copy-to-vm VMname /usr/lib/qubes/qubes-windows-tools-4.0.1.3.iso`. -- In this VM, extract the file `qubes-tools-4.0.1.3.exe` from the iso, using the archive manager. -- Copy the installation kits of `xenvbd` and `xenbus` Version 9.0.0 (two Zip-files) from the Xen web site and the file `qubes-tools-4.0.1.3.exe` to the Windows system drive (normally `C:\`.) -**end of replaced text** - -**new text** -- In the Windows 10 VM, download the installation kits of `xenvbd` and `xenbus` Version 9.0.0 (two files`xenvbd.tar`and `xenbus.tar`) from the Xen web site and the file `qubes-tools-4.0.1.3.exe` from https://www.qubes-os.org/doc/windows-tools/ **enter the final url** and store them on the Windows system drive (normally `C:\`.) In order to extract the contents from the tar-archives, you will need an external utility like 7zip. -**end of new text** - -- Check the integrity of the file `qubes-tools-4.0.1.3.exe`by comparing its hash checksum. This can be done using the Windows command `certutil` specifying an appropriate hash algorithm like: -~~~ -certutil --hashfile qubes-tools-4.0.1.3.exe SHA256 -~~~ -This utility supports the algorithms MD5, SHA1, SHA256 and SHA512 (to be entered in uppercase!). The correct hash values can be retrieved from the Qubes website: https://www.qubes-os.org/doc/windows-tools/ **enter the final url** - -- Install `xenvbd` and `xenbus` version 9.0.0 by starting the file `dpinst.exe` from the `x64` directories of the extracted tar-files. If during installation, the Xen driver requests a reboot, select "No" and let the installation continue. -- After installation, reboot. -- Install Qubes Windows Tools 4.0.1.3 by starting `qubes-tools-4.0.1.3.exe`, not selecting the `Xen PV disk drivers` and the `Move user profiles` (which would probably lead to problems in Windows, anyhow). If during installation, the Xen driver requests a reboot, select "No" and let the installation continue - the system will be rebooted later. -- Shut down Windows. -- Set `qvm-features win10new gui 1` -- Reboot Windows. The VM starts, but does not show any window. -- Shutdown Windows from the Qube manager. -- Reboot Windows once more. Now the system is up, with QWT running correctly. - -For me, this sequence worked for Windows 10 as template VM, and a corresponding AppVM worked too. - -File copy operations to a Windows 10 VM are possible, if the Qubes OS `default_user` property is set to the user name used for access to that VM, which can be done via the command -~~~ -qvm-prefs default_user -~~~ -If this property is not set or set to a wrong value, files copied to this VM are stored in the folder -~~~ -C:\Windows\System32\config\systemprofile\Documents\QubesIncoming\ -~~~ -If the target VM is an AppVM, this has the consequence that the files are stored in the corresponding TemplateVM and so are lost on AppVM shutdown. Windows as TemplateVM --------------------- From 4fc518c3792d176d5d8c1d107a5acb5a21c45536 Mon Sep 17 00:00:00 2001 From: deeplow Date: Sat, 26 Sep 2020 15:54:46 -0400 Subject: [PATCH 27/49] moved xen drivers and QWT info to windows-tools.md --- os-guides/windows/windows-tools.md | 30 ++++++++++++++++++++++++++++++ os-guides/windows/windows-vm.md | 30 ------------------------------ 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/os-guides/windows/windows-tools.md b/os-guides/windows/windows-tools.md index d313175..58cbba6 100644 --- a/os-guides/windows/windows-tools.md +++ b/os-guides/windows/windows-tools.md @@ -148,6 +148,36 @@ NOTE: it is recommended to increase the default value of Windows VM's `qrexec_ti qvm-prefs -s qrexec_timeout 300 ~~~ +Xen PV drivers and Qubes Windows Tools +-------------------------------------- + +Installing Xen's PV drivers in the VM will lower its resources usage when using network and/or I/O intensive applications, but *may* come at the price of system stability (although Xen's PV drivers on a Win7 VM are usually very stable). There are two ways of installing the drivers: + +1. installing the drivers independently, from Xen's [official site](https://www.xenproject.org/developers/teams/windows-pv-drivers.html) +2. installing Qubes Windows Tools (QWT), which bundles Xen's PV drivers. + +Notes about using Xen's VBD (storage) PV driver: +- **Windows 7:** installing the driver requires a fully updated VM or else you'll likely get a BSOD and a VM in a difficult to fix state. Updating Windows takes *hours* and for casual usage there isn't much of a performance between the disk PV driver and the default one; so there is likely no need to go through the lengthy Windows Update process if your VM doesn't have access to untrusted networks and if you don't use I/O intensive apps. If you plan to update your newly installed Windows VM it is recommended that you do so *before* installing Qubes Windows Tools (QWT). If QWT are installed, you should temporarily re-enable the standard VGA adapter in Windows and disable Qubes' (see the section above). +- the option to install the storage PV driver is disabled by default in Qubes Windows Tools +- in case you already had QWT installed without the storage PV driver and you then updated the VM, you may then install the driver from Xen's site (xenvbd.tar). + +**Caution:** Installing the version 9.0.0 Xen drivers on Windows 7 (a system without QWT - QWT uninstalled) leads to an unbootable system. The drivers install without error, but after reboot, the system aborts the reboot saying ´Missing driver xenbus.sys´. + +- **Windows 10:** The version 9.0.0 Xen drivers have to be installed before installing Qubes Windows Tools. Installing them on a system with QWT installed is likely to produce a system which crashes or has the tools in a non-functional state. Even if the tools were installed and then removed before installing the Xen drivers, they probably will not work as expected. + + +Installing Qubes Windows Tools: +- on R3.2: see [this page](/doc/windows-tools/) +- R4.0: you'll have to install QWT for Qubes R3.2. Be warned that QWT on R4.0 is a work in progress though (see [issue #3585](https://github.com/QubesOS/qubes-issues/issues/3585) for instructions and known issues). + + +With Qubes Windows Tools installed the early graphical console provided in debugging mode isn't needed anymore since Qubes' display driver will be used instead of the default VGA driver: + +~~~ +qvm-prefs -s win7new debug false +~~~ + + Using Windows AppVMs in seamless mode ------------------------------------- diff --git a/os-guides/windows/windows-vm.md b/os-guides/windows/windows-vm.md index 59b6e28..1ac220b 100644 --- a/os-guides/windows/windows-vm.md +++ b/os-guides/windows/windows-vm.md @@ -252,36 +252,6 @@ Note: if you already have Qubes Windows Tools installed the video adapter in Win To avoid guessing the VM's state enable debugging (`qvm-prefs -s win7new debug true`) and in Windows' device manager (My computer -> Manage / Device manager / Display adapters) temporarily re-enable the standard VGA adapter and disable "Qubes video driver". You can disable debugging and revert to Qubes' display once the VM is updated. -Xen PV drivers and Qubes Windows Tools ------------------------------------- - -Installing Xen's PV drivers in the VM will lower its resources usage when using network and/or I/O intensive applications, but *may* come at the price of system stability (although Xen's PV drivers on a Win7 VM are usually very stable). There are two ways of installing the drivers: - -1. installing the drivers independently, from Xen's [official site](https://www.xenproject.org/developers/teams/windows-pv-drivers.html) -2. installing Qubes Windows Tools (QWT), which bundles Xen's PV drivers. - -Notes about using Xen's VBD (storage) PV driver: -- **Windows 7:** installing the driver requires a fully updated VM or else you'll likely get a BSOD and a VM in a difficult to fix state. Updating Windows takes *hours* and for casual usage there isn't much of a performance between the disk PV driver and the default one; so there is likely no need to go through the lengthy Windows Update process if your VM doesn't have access to untrusted networks and if you don't use I/O intensive apps. If you plan to update your newly installed Windows VM it is recommended that you do so *before* installing Qubes Windows Tools (QWT). If QWT are installed, you should temporarily re-enable the standard VGA adapter in Windows and disable Qubes' (see the section above). -- the option to install the storage PV driver is disabled by default in Qubes Windows Tools -- in case you already had QWT installed without the storage PV driver and you then updated the VM, you may then install the driver from Xen's site (xenvbd.tar). - -**Caution:** Installing the version 9.0.0 Xen drivers on Windows 7 (a system without QWT - QWT uninstalled) leads to an unbootable system. The drivers install without error, but after reboot, the system aborts the reboot saying ´Missing driver xenbus.sys´. - -- **Windows 10:** The version 9.0.0 Xen drivers have to be installed before installing Qubes Windows Tools. Installing them on a system with QWT installed is likely to produce a system which crashes or has the tools in a non-functional state. Even if the tools were installed and then removed before installing the Xen drivers, they probably will not work as expected. - - -Installing Qubes Windows Tools: -- on R3.2: see [this page](/doc/windows-tools/) -- R4.0: you'll have to install QWT for Qubes R3.2. Be warned that QWT on R4.0 is a work in progress though (see [issue #3585](https://github.com/QubesOS/qubes-issues/issues/3585) for instructions and known issues). - - -With Qubes Windows Tools installed the early graphical console provided in debugging mode isn't needed anymore since Qubes' display driver will be used instead of the default VGA driver: - -~~~ -qvm-prefs -s win7new debug false -~~~ - - Further customization --------------------- From dc2ed98225a1ecdeeabeba9f90fdbe76761a9217 Mon Sep 17 00:00:00 2001 From: deeplow Date: Sat, 26 Sep 2020 15:56:56 -0400 Subject: [PATCH 28/49] remove self-referencing note --- os-guides/windows/windows-tools.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/os-guides/windows/windows-tools.md b/os-guides/windows/windows-tools.md index 58cbba6..86fff9c 100644 --- a/os-guides/windows/windows-tools.md +++ b/os-guides/windows/windows-tools.md @@ -166,11 +166,6 @@ Notes about using Xen's VBD (storage) PV driver: - **Windows 10:** The version 9.0.0 Xen drivers have to be installed before installing Qubes Windows Tools. Installing them on a system with QWT installed is likely to produce a system which crashes or has the tools in a non-functional state. Even if the tools were installed and then removed before installing the Xen drivers, they probably will not work as expected. -Installing Qubes Windows Tools: -- on R3.2: see [this page](/doc/windows-tools/) -- R4.0: you'll have to install QWT for Qubes R3.2. Be warned that QWT on R4.0 is a work in progress though (see [issue #3585](https://github.com/QubesOS/qubes-issues/issues/3585) for instructions and known issues). - - With Qubes Windows Tools installed the early graphical console provided in debugging mode isn't needed anymore since Qubes' display driver will be used instead of the default VGA driver: ~~~ From 4caf193d7f7e5f2c59328a6d2a3e41fd92c5b594 Mon Sep 17 00:00:00 2001 From: deeplow <47065258+deeplow@users.noreply.github.com> Date: Sat, 26 Sep 2020 21:09:18 +0000 Subject: [PATCH 29/49] formatting typo --- os-guides/windows/windows-tools.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-guides/windows/windows-tools.md b/os-guides/windows/windows-tools.md index 86fff9c..47cbf11 100644 --- a/os-guides/windows/windows-tools.md +++ b/os-guides/windows/windows-tools.md @@ -65,7 +65,7 @@ TODO available features 2. Use an archive extractor like [7-zip](https://www.7-zip.org/) to extract the contents of the `.tar` files. - 3. - Install `xenvbd` and `xenbus` by starting the file `dpinst.exe` from the `x64` directories of the extracted tar-files. If during installation, the Xen driver requests a reboot, select "No" and let the installation continue. + 3. Install `xenvbd` and `xenbus` by starting the file `dpinst.exe` from the `x64` directories of the extracted tar-files. If during installation, the Xen driver requests a reboot, select "No" and let the installation continue. 4. After installation, reboot. From c9537f4ed41bf81303aa1adfd3380d019256300e Mon Sep 17 00:00:00 2001 From: deeplow <47065258+deeplow@users.noreply.github.com> Date: Sat, 26 Sep 2020 21:10:08 +0000 Subject: [PATCH 30/49] formatting typo --- os-guides/windows/windows-tools.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-guides/windows/windows-tools.md b/os-guides/windows/windows-tools.md index 47cbf11..027270b 100644 --- a/os-guides/windows/windows-tools.md +++ b/os-guides/windows/windows-tools.md @@ -85,7 +85,7 @@ TODO available features 9. On a `dom0` terminal write: *(where `` is the name of your Windows 10 VM)* - `qvm-features gui 1` + qvm-features gui 1 10. Reboot Windows. If the VM starts, but does not show any window then shutdown Windows from the Qube manager and reboot Windows once more. From 9031f98a3964ee70ce032b86a08b87d85e34ce52 Mon Sep 17 00:00:00 2001 From: "Dr. Gerhard Weck" Date: Sun, 27 Sep 2020 13:27:13 +0200 Subject: [PATCH 31/49] Update windows-vm.md --- os-guides/windows/windows-vm.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/os-guides/windows/windows-vm.md b/os-guides/windows/windows-vm.md index 1ac220b..865676d 100644 --- a/os-guides/windows/windows-vm.md +++ b/os-guides/windows/windows-vm.md @@ -119,7 +119,7 @@ MS Windows versions considerations: - The instructions *may* work on other versions than Windows 7 x64 but haven't been tested. - Qubes Windows Tools (QWT) only supports Windows 7 x64. Note that there are [known issues](https://github.com/QubesOS/qubes-issues/issues/3585) with QWT on Qubes 4.x -- For Windows 10 under Qubes 4.0, a way to install QWT 4.0.1.3, which has worked in several instances, is described below. +- For Windows 10 under Qubes 4.0, a way to install QWT 4.0.1.3, which has worked in several instances, is described in [https://www.qubes-os.org/doc/windows-tools/](https://www.qubes-os.org/doc/windows-tools/). Create a VM named win7new in [HVM](/doc/hvm/) mode (Xen's current PVH limitations precludes from using PVH): @@ -217,8 +217,7 @@ Windows as TemplateVM Windows 7 and 10 can be installed as TemplateVM by selecting ~~~ -qvm-create --class TemplateVM --property virt_mode=HVM --property kernel='' --label black Windows-7 -qvm-create --class TemplateVM --property virt_mode=HVM --property kernel='' --label black Windows-10 +qvm-create --class TemplateVM --property virt_mode=HVM --property kernel='' --label black Windows-template ~~~ when creating the VM. To have the user data stored in AppVMs depending on this template, Windows 7 and 10 have to be treated differently: From c84cc303f83e7d377af8362de061c4f1446d8cd6 Mon Sep 17 00:00:00 2001 From: "Dr. Gerhard Weck" Date: Sun, 27 Sep 2020 13:27:38 +0200 Subject: [PATCH 32/49] Update windows-tools.md --- os-guides/windows/windows-tools.md | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/os-guides/windows/windows-tools.md b/os-guides/windows/windows-tools.md index 027270b..5d01c4e 100644 --- a/os-guides/windows/windows-tools.md +++ b/os-guides/windows/windows-tools.md @@ -44,7 +44,7 @@ Qubes Windows Tools are open source and are distributed under a GPL license. NOTES: - Qubes Windows Tools are currently unmaintained -- Currently only 64-bit versions of Windows 7 are supported by Qubes Windows Tools. Only emulated SVGA GPU is supported (although [there has been reports](https://groups.google.com/forum/#!topic/qubes-users/cmPRMOkxkdA) on working GPU passthrough). +- Currently only 64-bit versions of Windows 7 and Windows 10 are supported by Qubes Windows Tools. Only emulated SVGA GPU is supported (although [there has been reports](https://groups.google.com/forum/#!topic/qubes-users/cmPRMOkxkdA) on working GPU passthrough). - __This page documents the process of installing Qubes Windows Tools on versions up to R3.2.__. Installation on Qubes R4.0 is possible but is a work in progress and there are limitations/bugs (see [issue #3585](https://github.com/QubesOS/qubes-issues/issues/3585)). Installing Windows OS in a Qubes VM @@ -57,9 +57,9 @@ NOTE: It is strongly suggested to enable autologon for any Windows HVMs that wil Installing Qubes guest tools in Windows 10 VMs ---------------------------------------------- -This will allow you to installs the Qubes Windows Tools on Windows 10 both as a StandaloneVM as well as a template VM and a corresponding AppVM. But some features are not available: +This will allow you to install the Qubes Windows Tools on Windows 10 both as a StandaloneVM as well as a Template VM and a corresponding AppVM. But some features are not available: -TODO available features +TODO available features - **not available: seamless mode - others?** 1. In the Windows 10 VM, download from the [XEN website](https://xenproject.org/downloads/windows-pv-drivers/windows-pv-drivers-9-series/windows-pv-drivers-9-0-0/) the installation kits for Xen bus (`xenbus`) and storage drivers (`xenvbd`) Version 9.0.0 (two files`xenvbd.tar`and `xenbus.tar`). @@ -92,8 +92,8 @@ TODO available features 11. Now the system should be up, with QWT running correctly. 12. Lastly to enable file copy operations to a Windows 10 VM the `default_user` property should be set the `` that you use to login to the Windows VM. This can be done via the following command on a `dom0` terminal: *(where `` is the name of your Windows 10 VM)* - - qvm-prefs win10 default_user + + `qvm-prefs default_user ` > **Note:** If this property is not set or set to a wrong value, files copied to this VM are stored in the folder `C:\Windows\System32\config\systemprofile\Documents\QubesIncoming\`. > If the target VM is an AppVM, this has the consequence that the files are stored in the corresponding TemplateVM and so are lost on AppVM shutdown. @@ -161,7 +161,7 @@ Notes about using Xen's VBD (storage) PV driver: - the option to install the storage PV driver is disabled by default in Qubes Windows Tools - in case you already had QWT installed without the storage PV driver and you then updated the VM, you may then install the driver from Xen's site (xenvbd.tar). -**Caution:** Installing the version 9.0.0 Xen drivers on Windows 7 (a system without QWT - QWT uninstalled) leads to an unbootable system. The drivers install without error, but after reboot, the system aborts the reboot saying ´Missing driver xenbus.sys´. +**Caution:** Installing the version 9.0.0 Xen drivers on Windows 7 (a system without QWT - QWT uninstalled) leads to an unbootable system. The drivers install without error, but after reboot, the system aborts the reboot saying `Missing driver xenbus.sys`. - **Windows 10:** The version 9.0.0 Xen drivers have to be installed before installing Qubes Windows Tools. Installing them on a system with QWT installed is likely to produce a system which crashes or has the tools in a non-functional state. Even if the tools were installed and then removed before installing the Xen drivers, they probably will not work as expected. @@ -217,7 +217,7 @@ Qubes allows HVM VMs to share a common root filesystem from a select Template VM In order to create a HVM TemplateVM one can use the following command, suitably adapted: ~~~ -qvm-create --class TemplateVM win7-x64-template --property virt_mode=HVM --property kernel='' -l green +qvm-create --class TemplateVM win-template --property virt_mode=HVM --property kernel='' -l green ~~~ ... , set memory as appropriate, and install Windows OS (or other OS) into this template the same way as you would install it into a normal HVM -- please see instructions on [this page](/doc/hvm-create/). @@ -227,7 +227,7 @@ If you use this Template as it is, then any HVMs that use it will effectively be If you want to retain the User directory between reboots, then it would make sense to store the `C:\Users` directory on the 2nd disk which is automatically exposed by Qubes to all HVMs. This 2nd disk is backed by the `private.img` file in the AppVMs' and is not reset upon AppVMs reboot, so the user's directories and profiles would survive the AppVMs reboot, unlike the "root" filesystem which will be reverted to the "golden image" from the Template VM automatically. To facilitate such separation of user profiles, Qubes Windows Tools provide an option to automatically move `C:\Users` directory to the 2nd disk backed by `private.img`. -It's a selectable feature of the installer, enabled by default. +It's a selectable feature of the installer, enabled by default, but working only for Windows 7. If that feature is selected during installation, completion of the process requires two reboots: - The private disk is initialized and formatted on the first reboot after tools installation. It can't be done **during** the installation because Xen mass storage drivers are not yet active. @@ -236,8 +236,13 @@ Reboot is required because the "mover utility" runs very early in the boot proce This can take some time depending on the profiles' size and because the GUI agent is not yet active dom0/Qubes Manager may complain that the AppVM failed to boot. That's a false alarm (you can increase AppVM's default boot timeout using `qvm-prefs`), the VM should appear "green" in Qubes Manager shortly after. -It also makes sense to disable Automatic Updates for all the template-based AppVMs -- of course this should be done in the Template VM, not in individual AppVMs, because the system-wide settings are stored in the root filesystem (which holds the system-wide registry hives). -Then, periodically check for updates in the Template VM and the changes will be carried over to any child AppVMs. +For Windows 10, the user directories have to be moved manually, because the automatic transfer during QWT installation is bound to crash due to undocumented new features of NTFS, and a system having the directory `users`on another disk than `C:` will break on Windows update. So the following steps should be taken: + +- The Windows disk manager may be used to add the private volume as disk `D:`, and you may, using the documented Windows operations, move the user directories `C:\users\\Documents` to this new disk, allowing depending AppVMs to have their own private volumes. Moving the hidden application directories `AppData`, however, is likely to invite trouble - the same trouble that occurs if, during QWT installation, the option `Move user profiles` is selected. + +- Configuration data like those stored in directories like `AppData` still remain in the TemplateVM, such that their changes are lost each time the AppVM shuts down. In order to make permanent changes to these configuration data, they have to be changed in the TemplateVM, meaning that applications have to be started there, which violates and perhaps even endangers the security of the TemplateVM. Such changes should be done only if absolutely necessary and with great care. It is a good idea to test them first in a cloned TemplateVM before applying them in the production VM. + +It also makes sense to disable Automatic Updates for all the template-based AppVMs -- of course this should be done in the Template VM, not in individual AppVMs, because the system-wide settings are stored in the root filesystem (which holds the system-wide registry hives). Then, periodically check for updates in the Template VM and the changes will be carried over to any child AppVMs. Once the template has been created and installed it is easy to create AppVMs based on it: From b47bf5f325eb4adb7460639cae39459d530a7fc2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Pierret=20=28fepitre=29?= Date: Sun, 27 Sep 2020 14:19:02 +0200 Subject: [PATCH 33/49] Add Gentoo template related - Specific release note will follow later QubesOS/qubes-issues#4412 --- os-guides/gentoo.md | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 os-guides/gentoo.md diff --git a/os-guides/gentoo.md b/os-guides/gentoo.md new file mode 100644 index 0000000..18f0e46 --- /dev/null +++ b/os-guides/gentoo.md @@ -0,0 +1,36 @@ +--- +layout: doc +title: Gentoo Template +permalink: /doc/templates/gentoo/ +--- + +# Gentoo Template + +If you would like to use a stable, predictable, manageable and reproducible distribution in your AppVMs, you can install the Gentoo template, provided by Qubes in ready to use binary package. + +For the minimal version, please see [Minimal TemplateVMs](/doc/templates/minimal/) + + +## Installation + +The standard Gentoo TemplateVM can be installed with the following command in dom0: + + [user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-community qubes-template-gentoo + +To switch, reinstall and uninstall a Gentoo TemplateVM that is already installed in your system, see *How to [switch], [reinstall] and [uninstall]*. + +#### After Installing + +After a fresh install, we recommend to [Update the TemplateVM](/doc/software-update-vm/). + +## Want to contribute? + +* [How can I contribute to the Qubes Project?](/doc/contributing/) + +* [Guidelines for Documentation Contributors](/doc/doc-guidelines/) + +[switch]: /doc/templates/#switching +[reinstall]: /doc/reinstall-template/ +[uninstall]: /doc/templates/#uninstalling + + From 9bc676cfeb325dc7ec41554ea7b290a813776eb5 Mon Sep 17 00:00:00 2001 From: deeplow Date: Sun, 27 Sep 2020 15:26:45 -0400 Subject: [PATCH 34/49] remove TODO on feature availability --- os-guides/windows/windows-tools.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-guides/windows/windows-tools.md b/os-guides/windows/windows-tools.md index 5d01c4e..72640ba 100644 --- a/os-guides/windows/windows-tools.md +++ b/os-guides/windows/windows-tools.md @@ -59,7 +59,7 @@ Installing Qubes guest tools in Windows 10 VMs This will allow you to install the Qubes Windows Tools on Windows 10 both as a StandaloneVM as well as a Template VM and a corresponding AppVM. But some features are not available: -TODO available features - **not available: seamless mode - others?** +> **Note:** seamless mode is currently not available for windows. Please check the top of this document for the full feature availability breakdown. 1. In the Windows 10 VM, download from the [XEN website](https://xenproject.org/downloads/windows-pv-drivers/windows-pv-drivers-9-series/windows-pv-drivers-9-0-0/) the installation kits for Xen bus (`xenbus`) and storage drivers (`xenvbd`) Version 9.0.0 (two files`xenvbd.tar`and `xenbus.tar`). From e8926c03faa4227241caf8bd8827209eaf0d35c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Pierret=20=28fepitre=29?= Date: Mon, 28 Sep 2020 00:18:16 +0200 Subject: [PATCH 35/49] Update XFCE related templates --- os-guides/centos.md | 8 +++----- os-guides/gentoo.md | 8 +++----- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/os-guides/centos.md b/os-guides/centos.md index 5b1c9d6..6159590 100644 --- a/os-guides/centos.md +++ b/os-guides/centos.md @@ -6,9 +6,7 @@ permalink: /doc/templates/centos/ # CentOS Template -If you would like to use a stable, predictable, manageable and reproducible distribution in your AppVMs, you can install the CentOS template, provided by Qubes in ready to use binary package. - -For the minimal version, please see [Minimal TemplateVMs](/doc/templates/minimal/) +If you would like to use a stable, predictable, manageable and reproducible distribution in your AppVMs, you can install the CentOS template, provided by Qubes in ready to use binary package. For the minimal and Xfce versions, please see the [Minimal TemplateVMs] and [Xfce TemplateVMs] pages. ## Installation @@ -32,5 +30,5 @@ After a fresh install, we recommend to [Update the TemplateVM](/doc/software-upd [switch]: /doc/templates/#switching [reinstall]: /doc/reinstall-template/ [uninstall]: /doc/templates/#uninstalling - - +[Minimal TemplateVMs]: /doc/templates/minimal/ +[Xfce TemplateVMs]: /doc/templates/xfce/ diff --git a/os-guides/gentoo.md b/os-guides/gentoo.md index 18f0e46..abed83c 100644 --- a/os-guides/gentoo.md +++ b/os-guides/gentoo.md @@ -6,9 +6,7 @@ permalink: /doc/templates/gentoo/ # Gentoo Template -If you would like to use a stable, predictable, manageable and reproducible distribution in your AppVMs, you can install the Gentoo template, provided by Qubes in ready to use binary package. - -For the minimal version, please see [Minimal TemplateVMs](/doc/templates/minimal/) +If you would like to use a stable, predictable, manageable and reproducible distribution in your AppVMs, you can install the Gentoo template, provided by Qubes in ready to use binary package. For the minimal and Xfce versions, please see the [Minimal TemplateVMs] and [Xfce TemplateVMs] pages. ## Installation @@ -32,5 +30,5 @@ After a fresh install, we recommend to [Update the TemplateVM](/doc/software-upd [switch]: /doc/templates/#switching [reinstall]: /doc/reinstall-template/ [uninstall]: /doc/templates/#uninstalling - - +[Minimal TemplateVMs]: /doc/templates/minimal/ +[Xfce TemplateVMs]: /doc/templates/xfce/ From ab0344af6e6d7a48dfe0db28355809576d533d02 Mon Sep 17 00:00:00 2001 From: "Dr. Gerhard Weck" Date: Mon, 28 Sep 2020 12:42:09 +0200 Subject: [PATCH 36/49] Update windows-vm.md --- os-guides/windows/windows-vm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-guides/windows/windows-vm.md b/os-guides/windows/windows-vm.md index 865676d..f488d78 100644 --- a/os-guides/windows/windows-vm.md +++ b/os-guides/windows/windows-vm.md @@ -119,7 +119,7 @@ MS Windows versions considerations: - The instructions *may* work on other versions than Windows 7 x64 but haven't been tested. - Qubes Windows Tools (QWT) only supports Windows 7 x64. Note that there are [known issues](https://github.com/QubesOS/qubes-issues/issues/3585) with QWT on Qubes 4.x -- For Windows 10 under Qubes 4.0, a way to install QWT 4.0.1.3, which has worked in several instances, is described in [https://www.qubes-os.org/doc/windows-tools/](https://www.qubes-os.org/doc/windows-tools/). +- For Windows 10 under Qubes 4.0, a way to install QWT 4.0.1.3, which has worked in several instances, is described in [Qubes Wndows Tools](/doc/windows-tools/). Create a VM named win7new in [HVM](/doc/hvm/) mode (Xen's current PVH limitations precludes from using PVH): From e5c021063fce9723052e49acc945e6ce0fd77b68 Mon Sep 17 00:00:00 2001 From: "Dr. Gerhard Weck" Date: Mon, 28 Sep 2020 12:42:22 +0200 Subject: [PATCH 37/49] Update windows-tools.md --- os-guides/windows/windows-tools.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/os-guides/windows/windows-tools.md b/os-guides/windows/windows-tools.md index 72640ba..9063269 100644 --- a/os-guides/windows/windows-tools.md +++ b/os-guides/windows/windows-tools.md @@ -25,7 +25,7 @@ Qubes Windows Tools are a set of programs and drivers that provide integration o - **Copy/Edit in Dipostable VM** - Support for editing files in DisposableVMs as well as for qvm-run and generic qrexec for the Windows VM (e.g. ability to run custom service within/from the Windows VM) - **Xen PV drivers** for Windows that increase performance compared to qemu emulated devices -Bellow is a breakdown of the feature availablility depending on the windows version: +Below is a breakdown of the feature availablility depending on the windows version: | Feature | Windows 7 x64 | Windows 10 x64 | | ------------------------------------ | :------------: | :------------: | @@ -69,7 +69,7 @@ This will allow you to install the Qubes Windows Tools on Windows 10 both as a S 4. After installation, reboot. - 5. Download the Qubes Windows Tools (`qubes-tools-4.0.1.3.exe`) from [the qubes FTP server](TODO add ftp link) and move it to `C:\`. + 5. Download the Qubes Windows Tools (`qubes-tools-4.0.1.3.exe`) from [the qubes FTP server](https://ftp.qubes-os.org/qubes-windows-tools/) and move it to `C:\`. 6. Check the integrity of the file `qubes-tools-4.0.1.3.exe`by comparing its hash checksum. This can be done using the Windows command `certutil` on the windows command prompt (`cmd.exe`) and specifying an appropriate hash algorithm like: From f10412956b85bdc315f02cbcdab66e7e842e49a5 Mon Sep 17 00:00:00 2001 From: PROTechThor Date: Fri, 2 Oct 2020 04:06:07 +0100 Subject: [PATCH 38/49] Add Installation Troubleshooting, move files --- troubleshooting/install-nvidia-driver.md | 177 ---------- troubleshooting/intel-igfx-troubleshooting.md | 65 ---- troubleshooting/macbook-troubleshooting.md | 328 ------------------ troubleshooting/nvidia-troubleshooting.md | 159 --------- troubleshooting/out-of-memory.md | 46 --- troubleshooting/remove-vm-manually.md | 36 -- troubleshooting/sony-vaio-tinkering.md | 58 ---- troubleshooting/thinkpad-troubleshooting.md | 94 ----- troubleshooting/updating-debian-and-whonix.md | 138 -------- troubleshooting/wireless-troubleshooting.md | 121 ------- 10 files changed, 1222 deletions(-) delete mode 100644 troubleshooting/install-nvidia-driver.md delete mode 100644 troubleshooting/intel-igfx-troubleshooting.md delete mode 100644 troubleshooting/macbook-troubleshooting.md delete mode 100644 troubleshooting/nvidia-troubleshooting.md delete mode 100644 troubleshooting/out-of-memory.md delete mode 100644 troubleshooting/remove-vm-manually.md delete mode 100644 troubleshooting/sony-vaio-tinkering.md delete mode 100644 troubleshooting/thinkpad-troubleshooting.md delete mode 100644 troubleshooting/updating-debian-and-whonix.md delete mode 100644 troubleshooting/wireless-troubleshooting.md diff --git a/troubleshooting/install-nvidia-driver.md b/troubleshooting/install-nvidia-driver.md deleted file mode 100644 index 97b8826..0000000 --- a/troubleshooting/install-nvidia-driver.md +++ /dev/null @@ -1,177 +0,0 @@ ---- -layout: doc -title: How to Install an Nvidia Driver -permalink: /doc/install-nvidia-driver/ -redirect_from: -- /en/doc/install-nvidia-driver/ -- /doc/InstallNvidiaDriver/ -- /wiki/InstallNvidiaDriver/ ---- - -# Nvidia proprietary driver installation - -You can use rpm packages from rpmfusion, or you can build the driver yourself. - -## Word of Caution - -Proprietary (NVIDIA/AMD) drivers are known to be sometimes highly problematic, or completely unsupported. -Radeon driver support is prebaked in the Qubes kernel (v4.4.14-11) but only versions 4000-9000 give or take. -Support for newer cards is limited until AMDGPU support in the 4.5+ kernel, which isn't released yet for Qubes. - -Built in Intel graphics, Radeon graphics (between that 4000-9000 range), and perhaps some prebaked NVIDIA card support that I don't know about. Those are your best bet for great Qubes support. - -If you do happen to get proprietary drivers working on your Qubes system (via installing them), please take the time to go to the -[Hardware Compatibility List (HCL)](/doc/hcl/#generating-and-submitting-new-reports ) -Add your computer, graphics card, and installation steps you did to get everything working. - -Before continuing, you may wish to try the `kernel-latest` package from the `current` repository. This kernel may better support your card and if so, you would not have to rely on proprietary drivers. This can be installed from dom0 with: -~~~ -sudo qubes-dom0-update kernel-latest -~~~ - -## RpmFusion packages - -There are rpm packages with all necessary software on rpmfusion. The only package you have to compile is the kernel module (but there is a ready built src.rpm package). - -### Download packages - -You will need any Fedora 18 system to download and build packages. You can use Qubes AppVM for it, but it isn't necessary. To download packages from rpmfusion - add this repository to your yum configuration (instructions are on their website). Then download packages using yumdownloader: - -~~~ -yumdownloader --resolve xorg-x11-drv-nvidia -yumdownloader --source nvidia-kmod -~~~ - -### Build kernel package - -You will need at least kernel-devel (matching your Qubes dom0 kernel), rpmbuild tool and kmodtool, and then you can use it to build the package: - -~~~ -yum install kernel-devel rpm-build kmodtool -rpmbuild --nodeps -D "kernels `uname -r`" --rebuild nvidia-kmod-260.19.36-1.fc13.3.src.rpm -~~~ - -In the above command, replace `uname -r` with kernel version from your Qubes dom0. If everything went right, you have now complete packages with nvidia drivers for the Qubes system. Transfer them to dom0 (e.g. using a USB stick) and install (using standard "yum install /path/to/file"). - -Then you need to disable nouveau (normally it is done by install scripts from nvidia package, but unfortunately it isn't compatible with Qubes...): - -Edit /etc/default/grub: - -~~~ -GRUB_CMDLINE_LINUX="quiet rhgb nouveau.modeset=0 rd.driver.blacklist=nouveau video=vesa:off" -~~~ - -Regenerate grub configuration: - -~~~ -grub2-mkconfig -o /boot/grub2/grub.cfg -~~~ - -Reboot. - - - -## Manual installation - -This process is quite complicated: First - download the source from nvidia.com site. Here "NVIDIA-Linux-x86\_64-260.19.44.run" is used. Copy it to dom0. Every next step is done in dom0. - -See [this page](/doc/copy-to-dom0/) for instructions on how to transfer files to Dom0 (where there is normally no networking). - -**WARNING**: Nvidia doesn't sign their files. To make it worse, you are forced to download them over a plaintext connection. This means there are virtually dozens of possibilities for somebody to modify this file and provide you with a malicious/backdoored file. You should realize that installing untrusted files into your Dom0 is a bad idea. Perhaps it might be a better idea to just get a new laptop with integrated Intel GPU? You have been warned. - - - -### Userspace components - -Install libraries, Xorg driver, configuration utilities. This can by done by nvidia-installer: - -~~~ -./NVIDIA-Linux-x86_64-260.19.44.run --ui=none --no-x-check --keep --no-nouveau-check --no-kernel-module -~~~ - -### Kernel module - -You will need: - -- nvidia kernel module sources (left from previous step) -- kernel-devel package installed -- gcc, make, etc - -This installation must be done manually, because nvidia-installer refused to install it on Xen kernel. Firstly ensure that kernel-devel package installed all needed files. This should consist of: - -- */usr/src/kernels/2.6.34.1-12.xenlinux.qubes.x86\_64* -- */lib/modules/2.6.34.1-12.xenlinux.qubes.x86\_64/build* symlinked to the above directory -- */usr/src/kernels/2.6.34.1-12.xenlinux.qubes.x86\_64/arch/x64/include/mach-xen* should be present (if not - take it from kernel sources) - -If all the files are not there correct the errors manually. To build the kernel module, enter *NVIDIA-Linux-x86\_64-260.19.44/kernel* directory and execute: - -~~~ -make -IGNORE_XEN_PRESENCE=1 CC="gcc -DNV_VMAP_4_PRESENT -DNV_SIGNAL_STRUCT_RLIM" make -f Makefile.kbuild -mv /lib/modules/2.6.34.1-12.xenlinux.qubes.x86_64/kernel/drivers/video/nvidia.ko /lib/modules/2.6.34.1-12.xenlinux.qubes.x86_64/extra/ -~~~ - -Ignore any errors while inserting nvidia.ko (at the end of make phase). - -### Disable nouveau: - -~~~ -cat /etc/modprobe.d/nouveau-disable.conf -# blacklist isn't enough... -install nouveau /bin/true -~~~ - -Add *rdblacklist=nouveau* option to /boot/grub/menu.lst (at the end of line containing *vmlinuz*). - -### Configure Xorg - -Finally, you should configure Xorg to use nvidia driver. You can use *nvidia-xconfig* or do it manually: - -~~~ -X -configure -mv /root/xorg.conf.new /etc/X11/xorg.conf -# replace Driver in Device section by "nvidia" -~~~ - -Reboot to verify all this works. - -# Troubleshooting lack of video output during installation - -Specifically, the notes below are aimed to help when the GRUB menu shows up fine, the installation environment starts loading, and then the display(s) go into standby mode. This is, typically, related to some sort of an issue with the kernel's KMS/video card modules. - -## Initial setup. -*Note*: The steps below do *not* produce a fully-functional Qubes OS install. Rather, only a dom0 instance is functional, and there is no networking there. However, they can be used to gather data in order to troubleshoot video card issues and/or possible other basic kernel module issues. - -1. Append `nomodeset ip=dhcp inst.nokill inst.vnc` to the kernel command line. Remove `rhgb` and `quiet` to see the kernel messages scroll by, which may help in further diagnostics. - * If DHCP is not available on the installation network, the syntax becomes a bit more involved. The full list of variants is documented in the [Dracut Command-line parameters] (http://man7.org/linux/man-pages/man7/dracut.cmdline.7.html) -2. The VGA console should switch into the installer's multi-virtual-terminal display. VNC may take a number of minutes to start, please be patient. - * Using the anaconda installer interface, switch to the "shell" TTY (ALT-F2), and use `ip a` command to display the IP addresses. -3. Using the Connect to the IP (remember the :1) using a VNC viewer. -4. Follow the installation UI. - * Since this won't be a usable install, skipping LUKS encryption is an option which will simplify this troubleshooting process. - * Do *not* reboot at the end of the installation. -5. Once the installation completes, use the local VGA console switch to TTY2 via ALT-F2 - * Switch to the chroot of the newly-installed system via `chroot /mnt/sysinstall` - * Set the root password (this will also enable the root account login) - * Double-check that `/boot/grub2/grub.cfg` contains a `nomodeset` kernel parameter. - * Exit out of the chroot environment (`exit` or CTRL-D) -6. Reboot - -*Note* If the kernel parameters do *not* include `quiet` and `rhgb`, the kernel messages can easily obscure the LUKS passphrase prompt. Additionally, each character entered will cause the LUKS passphrase prompt to repeat onto next line. Both of these are cosmetic. The trade-off between kernel messages and the easy-to-spot LUKS passphrase prompt is left as an exercise to the user. - -## Gather initial `dmesg` output -If all is well, the newly-installed Qubes OS instance should allow for user root to log in. -Run `dmesg > dmesg.nomodeset.out` to gather an initial dmesg output. - -## Gather the 'video no worky' `dmesg` output -1. Reboot and interrupt the Grub2's process, modifying the kernel parameters to no longer contain `nomodeset`. - * If the LUKS passphrase was set, blindly enter it. -2. Wait for the system to finish booting (about 5 minutes, typically). -3. Blindly switch to a TTY via CTRL-ALT-F2. -4. Blindly log in as user root -5. Blindly run `dmesg > dmesg.out` -6. Blindly run `reboot` (this will also serve to confirm that logging in as root, and running commands blindly is possible rather than, say, the kernel having hung or some such). - * Should this step fail, perhaps by the time step #3 was undertaken, the OS hasn't finished coming up yet. Please retry, possibly with a different TTY (say, 3 or 4 - so CTRL-ALT-F3?) - -## Exfiltrate the dmesg outputs -Allow the system to boot normally, log in as user root, and sneakernet the files off the system for analysis, review, bug logging, et cetera. diff --git a/troubleshooting/intel-igfx-troubleshooting.md b/troubleshooting/intel-igfx-troubleshooting.md deleted file mode 100644 index 03014eb..0000000 --- a/troubleshooting/intel-igfx-troubleshooting.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -layout: doc -title: Intel Integrated Graphics Troubleshooting -permalink: /doc/intel-igfx-troubleshooting/ ---- -# Intel Integrated Graphics Troubleshooting # - -## Software Rendering or Video Lags - -If you are experiencing this issue, you will see extremely slow graphics updates. -You will be able to watch the screen and elements paint slowly from top to bottom. -You can confirm this is the issue by looking for a line similar to the following in your `/var/log/Xorg.0.log` file: - - [ 131.769] (EE) AIGLX: reverting to software rendering - -Newer versions of the Linux kernel have renamed the `i915.preliminary_hw_support=1` option to `i915.alpha_support=1`, so if you needed this kernel option in the past you will have to rename it or add it to your configuration files (follow either GRUB2 or EFI, not both): - - * GRUB2: `/etc/default/grub`, `GRUB_CMDLINE_LINUX` line and - Rebuild grub config (`grub2-mkconfig -o /boot/grub2/grub.cfg`) - * EFI: `/boot/efi/EFI/qubes/xen.cfg`, `kernel=` line(s) - - -## IOMMU ## - -Dom0 Kernels currently included in Qubes have issues related to VT-d (IOMMU) and some versions of the integrated Intel Graphics Chip. -Depending on the specific hardware / software combination the issues are quite wide ranging, from apparently harmless log errors, to VM window refresh issues, to complete screen corruption and crashes rendering the machine unusable with Qubes. - -Such issues have been reported on at least the following machines: - -* HP Elitebook 2540p -* Lenovo x201 -* Lenovo x220 -* Thinkpad T410 -* Thinkpad T450s - -Log errors only on : -* Librem 13v1 -* Librem 15v2 - -The installer for Qubes 4.0 final has been updated to disable IOMMU for the integrated intel graphics by default. -However, users of 3.2 may experience issues on install or on kernel upgrades to versions higher than 3.18.x. - -Disabling IOMMU for the integrated graphics chip is not a security issue, as the device currently lives in dom0 and is not passed to a VM. -This behaviour is planned to be changed as of Qubes 4.1, when passthrough capabilities will be required for the GUI domain [1](#f1). - - -## Workaround for existing systems with VT-d enabled (grub / legacy mode) ## - -Edit the startup parameters for Xen: - -1. Open a terminal in dom0 -2. Edit `/etc/default/grub` (e.g. `sudo nano /etc/default/grub`) -3. Add to the line `GRUB_CMDLINE_XEN_DEFAULT` the setting `iommu=no-igfx`, save and quit -4. Commit the change with`sudo grub2-mkconfig --output /boot/grub2/grub.cfg` - -## Workaround for existing systems with VT-d enabled (UEFI) ## - -Edit the startup parameters for Xen: - -1. Open a terminal in dom0 -2. Edit `/boot/efi/EFI/qubes/xen.cfg` (e.g. `sudo nano /boot/efi/EFI/qubes/xen.cfg`) -3. Add to the line `options` the setting `iommu=no-igfx`, save and quit - -1 [↩](#a1-1) - diff --git a/troubleshooting/macbook-troubleshooting.md b/troubleshooting/macbook-troubleshooting.md deleted file mode 100644 index 5743a67..0000000 --- a/troubleshooting/macbook-troubleshooting.md +++ /dev/null @@ -1,328 +0,0 @@ ---- -layout: doc -title: Apple MacBook Troubleshooting -permalink: /doc/macbook-troubleshooting/ ---- - -Apple MacBook Troubleshooting -============================= - -MacBook Air 13" mid 2011 (MacBookAir 4,2) ------------------------------------------ - -In this section, I explain how to install Qubes on a MacBook Air 13" mid 2011 -(MacBookAir 4,2). - -This model has the following features: - -* Dual Intel i7-2677M 1.80 Ghz CPU (2 dual cores) -* Intel HD Graphics 3000 -* 4Gb RAM -* 256Gb SDD -* Broadcom BCM43224 802.11 a/b/g/n wifi and Bluetooth adapter -* Intel DSL2310 Thunderbolt controller -* It has 1 DVI/Thunderbolt display port, 2 USB2.0 ports, a Magsafe power - adapter, a standard 3.5mm audio jack and SD reader. - -I first tried to install Qubes using the UEFI boot, but it failed. Not wanting -to waste too much time, I quickly opted for the legacy BIOS install. - -### 1. Boot from Mac OS X (or Internet Recovery Image with `CMD`+`R` during bootup) - -Run in a terminal [[1]]: - -~~~ -# diskutil list -(find your usb device) -# bless –device /dev/diskX –legacy –setBoot –nextonly # bless the disk not the partition -# reboot -~~~ - -Insert your Qubes 3.2 USB flash drive. The ISOLINUX boot screen should come up. -Install Qubes normally. - -If you try to boot Qubes now, it will freeze while "setting up networking." You -need to put the Broadcom wireless device into PCI passtrough [[2],[3]]. Or, as -an alternative [remove it from your Mac][bluetooth-replacement] and Qubes will -boot up smoothly. If you choose to remove the card, jump to step 3. - -### 2. Boot from Mac OS X again - -Run in a terminal: - -~~~ -# diskutil list -(find your usb device) -# bless –device /dev/diskX –legacy –setBoot –nextonly # bless the disk not the partition -# reboot -~~~ - -Insert your Qubes 3.2 USB flash drive. The ISOLINUX boot screen should come up. -Select Troubleshooting and Boot the Rescue image. Enter your disk password when -prompted. Select continue and after mounting the HD filesystem and launching a -shell, `chroot` as instructed. - -Then find your Bluetooth card: - -~~~ -# lspci -.. -02:00.0 Network controller: Broadcom Corporation BCM43224 802.11a/b/g/n (rev 01) -… -# qvm-pci -a sys-net 02:00.0 # this assigns the device to sys-net VM -~~~ - -Then create `/etc/systemd/system/qubes-pre-netvm.service` with: - -~~~ -[Unit] -Description=Netvm fix for Broadcom -Before=qubes-netvm.service - -[Service] -ExecStart=/bin/sh -c 'echo 02:00.0 > /sys/bus/pci/drivers/pciback/permissive' -Type=oneshot -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target -~~~ - -Run: - -~~~ -systemctl enable qubes-pre-netvm.service -~~~ - -And that's it. - -### 3. After reboot, boot Mac OS X again - -Run in a terminal: - -~~~ -# diskutil list -(find the HD device where you installed Qubes) -# bless –device /dev/diskX –legacy –setBoot # bless the disk not the partition -# reboot -~~~ - -Results: - -* System booted and running smoothly -* Youtube video: OK (including full screen after configuration) -* Trackpad: OK -* Audio control: OK -* Brightness control: OK -* Keyboard light control:OK -* SD card access: OK (tested at dom0) -* Lid-close suspend: OK -* Wifi: +10%-20% ICMP packet loss when comparing with OSX (have similar rates - with Tails Linux, more tests are required) - -### References - -1. -2. -3. - - -MacBook Air 2012 (MacBookAir 5,1) ---------------------------------- - -Please see [this thread o the qubes-devel mailing list][macbook-air-2012-5-1]. - - -[1]: https://github.com/QubesOS/qubes-issues/issues/794 -[2]: https://github.com/QubesOS/qubes-issues/issues/1261 -[3]: /doc/assigning-devices/ -[bluetooth-replacement]: https://www.ifixit.com/Guide/MacBook+Air+13-Inch+Mid+2011+AirPort-Bluetooth+Card+Replacement/6360 -[macbook-air-2012-5-1]: https://groups.google.com/d/topic/qubes-devel/uLDYGdKk_Dk/discussion - - - -MacBook Pro Retina, 15 inch, Mid-2015 (MacBookPro 11,5) -------------------------------------------------------- - -In this section, I explain how I installed Qubes 3.2 on a MacBook Pro Retina 2015 (MacBookPro 11,5). -Good news: the relevant stuff works. -Bad news: still some minor issue to investigate. - -For the time being, my setup is just for testing purposes and help to bypass some blocking issues: do not use it in production or on machine where security is a concern! -I hope to improve it as soon as possible. - -During my nights trying to get Qubes OS working, I faced two main and blocking issues: -* no boot, due to empty xen.cfg file -* system freeze, due to Broadcom BCM43602 wifi card - -I am already using Qubes for my daily job on Intel NUC. For the time being, I installed Qubes on Macbook for test purposes. Later on I will review the security implications. - -This model has the following features: - -* 2,5 GHz Intel Core i7-4870HQ (2 quad cores) -* Dual Graphic Card - * Intel Iris Pro - * AMD Radeon R9 M370X -* 16Gb RAM -* 512Gb SDD -* Broadcom BCM43602 802.11ac wifi adapter - -### 1. Reclaim space to be able to multiboot OSX - -For security reasons, you should install Qubes using the whole disk. I preferred to keep OSX, so I shrunk OS partition: -* reboot in recovery mode -* run disk utility and shrink OSX partition, eg 150GB for OSX and the remaining space for Qubes OS -* reboot - - -### 2. Boot installer - -Download and prepare a USB with Qubes 3.2 - -You can install Qubes using BIOS or UEFI: -* BIOS/CSM/Legacy: I have not been able to install using legacy, but I did not spend a lot of time on it. -* UEFI plain: grub menu appears, but any gave me a quick flash and returned the main menu. I can boot it manually fixing the grub.cfg file, adding commands linuexefi and initrdefi, pointing proper files in /efi/boot. After boot, I end up with no root file system. -* UEFI, using rEFInd: I have been successful, despite some issues to be fixed manually, after installation completion - * download [rEFInd] refind-bin-0.10.4.zip: this file is not signed, so decide if you trust it or not. SHA1 sum is 3d69c23b7d338419e5559a93cd6ae3ec66323b1e - * unzip it and run installer, which installs rEFIind on the internal SSD - * if installation fails due to SIP, reboot in recovery mode, open a terminal and issue command - ~~~ - csrutil disable - ~~~ - * reboot and you will see some icons - * choose Boot EFI\BOOT\xen.efi from ANACONDA - * after a while the graphical installer is up (keyboard and touchpad working) - -### 3. Installation - -* As a general rule, keep the default values proposed during installation: you can change them later on -* Keep English, as language, locale -* My Macbook has a US keyboard, so I cannot say what happens if you change keyboard layout -* DO NOT CHANGE the timezone, because it will trigger the wifi card, leading to a system freeze -* Choose the "installation destination": do not change anything and press DONE button -* Insert your password for Full Disk Encryption -* If you do not already have free space on internal SSD disk, you will be prompted to reclaim some space: -* If you shrunk OSX partition, disk utility left an empty partition: delete useless partition (e.g.: if you shrunk OSX partition, diskutil created an empty partition) -* Press on "reclaim space" -* Press on "begin installation" -* create your user and password -* after a while, installation completes -* DO NOT press "Reboot button" - -Qubes OS is now installed, but you cannot boot it due to some issues, with bootloader configuration and wifi card. -You cannot Qubes boot using EFI/qubes/xen.efi because XEN bootloader configuration is broken. -You cannot even Qubes without XEN support, using GRUB2, because its configuration is broken too. - -Let's fix it manually, switch to console, pressing Fn+CTRL+ALT+F2 - -### 4. Fix GRUB configuration - -You can skip this section, but I found it very useful - during troubleshooting - to have a rescue system at hand. I could boot Qubes, without XEN support - -Grub configuration file is using some wrong commands, which are not compatible with grub2-efi -~~~ -chroot /mnt/sysimage -sed -i.bak -e "s/multiboot/chainloader/" -e "s/module.*--nounzip/initrdefi/" -e "s/module/linuxefi/" /etc/grub.d/20_linux_efi -exit -~~~ - -Now, despite XEN configuration is still broken, you have a rescue system booting vmlinux from rEFInd screen. -TBV1: chainloading XEN does not work, unless you specify the right disk prefix, eg: (hd1,gpt4) -TBV2: grub.cfg set the wrong disk in "set root" command -TBV3: in case you reach grub shell, you can -~~~ -ls -~~~ -and also reload config file and change it manualy before booting -~~~ -configfile /EFI/qubes/grub.cfg -~~~ -then press "e", edit grub cfg and boot pressing Fn+F10 - - -### 5. Fix bootloader - -* Fix grub2 configuration, which uses wrong command for EFI boot -* analyzing /mnt/sysimage/var/log/anaconda/program.log I found the faulty commands issues by Anaconda installer - -~~~ -chrooot /mnt/sysimage -~~~ -* edit /boot/efi/EFI/qubes/xen.cfg file putting the following content - -~~~ -[global] -default=4.4.14-11.pvops.qubes.x868_64 - -[4.4.14-11.pvops.qubes.x868_64] -options=loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M -kernel=vmlinuz-4.4.14-11.pvops.qubes.x86_64 -ramdisk=initramfs-4.4.14-11.pvops.qubes.x86_64.img -~~~ - -* The main mistake is the efibootmgr, that needs the right commands. Just in case, re-apply all the commands, adapting to your own disk layout (-d /dev/sdxxx -p partition_number) - -~~~ -grep Running /mnt/sysimage/var/log/anaconda/program.log | tail -n 20 -efibootmgr -b 0000 -B -efibootmgr -c -w -L Qubes -d /dev/sda -p 4 -l \\EFI\\qubes\\xen-4.6.1.efi -/usr/libexec/mactel-boot-setup -kernel-install add 4.4.14-11.pvops.qubes.x86_64 /boot/vmlinuz-4.4.14-11.pvops.qubes.x86_64 -systemctl disable qubes-netvm -reboot -~~~ - -At rEFInd screen, choose Boot EFI/qubes/xen-4.6.1.efi -Everything should now be ok, Qubes OS boots using EFI and you will get the last setup screen -* select "Qubes OS", do not change anything and click on "Done" -* VMs are created, including NetVM - -### 6. Fix pulseaudio, which locks CPU freezing the system often for 20 seconds - -My Macbook has frequent freezes. Looking at journalctl output I saw that pulseaudio locks CPU for 20 seconds, very often. - -You can fix this issue, killing audio support with this quick workaround: -* open a dom0 terminal, as root and edit /etc/pulse/client.conf -* add "autospawn = no" -* Then, as normal user, issue command "pulseaudio --kill" - -### 7. Fix system freezes due to Broadcom BCM43602 - -* If you experience a system freeze, during VM setup, force a reboot and press OPTION key. - * You will reach grub shell - ~~~ - configfile /EFI/qubes/grub.cfg - ~~~ - press Fn+F10 to boot without XEN support - * Once booted, press Fn+CTRL+ALT+F4 to open a shell - * Log into system - ~~~ - sudo su - - systemctl disable qubes-netvm - ~~~ - Press Fn+F2 and complete setup -* reboot and you finally have your Qubes OS -* DO NOT launch sys-net machine -* Open its setting and remove wifi adapter from the Selected devices, using Qubes Manager or use the following command line. Get the BFD of the adapter and remove it. On my Macbook BFD is 04:00.0 and you will use it later on, also -~~~ -qvm-pci -l sys-net -qvm-pci -d sys-net 04:00.0 -~~~ - -Ok, setup is complete and we are almost done. -* Open a dom0 terminal -~~~ -sudo su - -xl pci-assignable-list -echo 04:00.0 > /sys/bus/pci/drivers/pciback/permissive -qvm-start sys-net -xl pci-attach sys-net 04:00.0 -~~~ - -These latest steps are required to launch sys-net with wifi access. They can be automated in a custom systemd service. - - - - - -[rEFInd]: http://www.rodsbooks.com/refind/getting.html diff --git a/troubleshooting/nvidia-troubleshooting.md b/troubleshooting/nvidia-troubleshooting.md deleted file mode 100644 index af54891..0000000 --- a/troubleshooting/nvidia-troubleshooting.md +++ /dev/null @@ -1,159 +0,0 @@ ---- -layout: doc -title: Nvidia Troubleshooting -permalink: /doc/nvidia-troubleshooting/ -redirect_from: -- /en/doc/nvidia-troubleshooting/ -- /doc/NvidiaTroubleshooting/ -- /wiki/NvidiaTroubleshooting/ ---- - -NVidia Troubleshooting Guide -============================ - -If you have an NVidia graphics card it will probably not work under Xen out of the box. If your system freezes during boot and you don't see the graphical login manager after you installed Xen, then this problem most likely affects you. The following steps should provide a work around so that you should be able to use your NVidia with X under Xen, however without any fancy "desktop effects". - -Boot in failsafe ---------------------- - -Boot your system using the "failsafe" boot menu, that should have been automatically added to your `grub.conf` when you installed the Dom0 kernel. - -If the X Window System doesn't start now, this is probably a non-Xen related issue and this guide will probably not help you. - - -Configure X with nouveau ---------------------- - -Assuming your X Window System works fine now when you booted from the "failsafe" configuration, do the next steps... - - 1. Do not log into X, but instead switch to a text console (press Ctrl-Alt-F2) - - 2. Log in as root - - 3. Switch to runlevel 3 (this should kill your X server): - - ~~~ - init 3 - ~~~ - - 4. Run X-autoconfiguration: - - ~~~ - Xorg -configure - ~~~ - - This should generate a file `xorg.conf.new` in the `/root` directory. - - In most cases you can ignore any warning or error messages displayed by the X server, assuming it generated the xorg.conf.new file. - - 5. Edit this newly generated `xorg.conf.new` file and introduce the following two modifications: - - First, uncomment the ShadowFB option, so that you should now have something like this: - - ~~~ - Option "ShadowFB" # [] - ~~~ - - Second, change the driver name to `nouveau` (you will probably have `nv` written there): - - ~~~ - Driver "nouveau" - ~~~ - - Save the modification, exit the editor. - - 6. Move the file to `/etc/X11` and rename it as `xorg.conf`: - - ~~~ - mv /root/xorg.conf.new /etc/X11/xorg.conf - ~~~ - - 7. Verify that X will work with those new settings: - - ~~~ - xinit - ~~~ - - If you see a terminal window in the top left corner, it means you most likely succeeded, even if your keyboard or mouse do not work now (don't worry about them). - - 8. Reboot and let the system boot from the normal boot configuration. You should be able to use X under Xen now. - - -Disabling Nouveau ---------------------- -If Qubes fails to properly boot after the GRUB Boot menu and you are stuck on a black screen that displays messages starting with `nouveau` then it means that the nouveau driver failed to launch properly. - -One way to get rid of this for now is to disable nouveau. - -Example error - -~~~ -nouveau E[ PGRAPH][0000:01:00.0] grctx template channel unload timeout -nouveau E[ PGRAPH][0000:01:00.0] failed to construct context -nouveau E[ PGRAPH][0000:01:00.0] init failed, -16 -~~~ - -Tip: In case you only have an external monitor it is advised to attach it directly to a connector of the motherboard if it is present, this should ensure that you're using the integrated graphics card instead of the nvidia graphics card. - -If you're seeing this error then that means another graphics card (most likely an integrated one) acted as failsafe. Disabling nouveau has the consequences of disabling nvidia support altogether. - - 1. Verify that that GRUB Boot Menu is displaying, you should be presented with two options and a progressbar/timer than goes rather fast. - - ~~~ - Qubes - Qubes with advanced Xen options - ~~~ - - 2. Quickly press the "E" key before the time is up. - - 3. An editor will open up that allows you to temporarily change the grub options for the next boot. - - 4. Press the down arrow key and move the cursor to the line after the line with the kernel options. The line with the kernel options will look like this: - - ~~~ - module /vmlinux-4.1.13-9.pvops.qubes.x86_64 placeholder root=/dev/mapper/qubes_dom0-root ro ... rhgb quiet - ~~~ - - It is not an exact copy as it may differ from system to system. - - Please note: choose the module that starts with `vmlinux`! - - 5. Press the left/right arrow keys to position the cursor at the end of kernel options line, after `rhgb quiet` in this case. - - 6. Add the following: - - ~~~ - nouveau.modeset=0 rd.driver.blacklist=nouveau video=vesa:off - ~~~ - - This will temporarily disable nouveau until next boot. - - 7. Press either the F10 key or Ctrl+X to start the boot process. - - Qubes should now boot properly, if that's the case then we should make this change permanent such that the GRUB config knows to not run nouveau. - -You'll have to do the following to make this change persistent, so that it will work properly on every boot : - - 1. Open a terminal (do this by clicking on Q > 'run command' > type 'terminal' and hit enter) - - 2. type following commands: - - ~~~ - cd /etc/default/ - sudo nano grub - ~~~ - - 3. Edit `GRUB_CMDLINE_LINUX`, add the following to it at the end: - - ~~~ - nouveau.modeset=0 rd.driver.blacklist=nouveau video=vesa:off - ~~~ - - 4. ctrl + X and then y to save the file. - - 5. The final step is to compile the configuration file to something the bootloader can read. - - ~~~ - sudo grub2-mkconfig -o /boot/grub2/grub.cfg - ~~~ - diff --git a/troubleshooting/out-of-memory.md b/troubleshooting/out-of-memory.md deleted file mode 100644 index 869da99..0000000 --- a/troubleshooting/out-of-memory.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -layout: doc -title: Out of Memory -permalink: /doc/out-of-memory/ -redirect_from: -- /en/doc/out-of-memory/ -- /doc/OutOfmemory/ -- /wiki/OutOfmemory/ ---- - -VMs (especially templates) use pre-allocated space. The default private storage max size is 2 GB, but it's very easy to increase as needed. If the disk is completely full, you will get an `Out of disk space` error that may crash your system because Dom0 does not have enough disk space to work. So it's good practice to regularly check disk space usage with the command `df -h` in dom0 terminal. - -A system that's out of space should be able to boot, but may be unable to load a desktop manager. In this case it is possible to login to dom0 terminal with Alt + Ctrl + F2. To recover disk space it may be possible to delete files in a userVM by connecting to the userVM terminal: - -~~~ -qvm-start -qvm-console-dispvm -~~~ - -If this does not work, check the size of /var/lib/qubes/qubes.xml. If it is zero, you'll need to use one of the file backup (stored in /var/lib/qubes/backup), hopefully you have the current data there. Find the most recent one and place in /var/lib/qubes/qubes.xml instead of the empty file. - -In any case you'll need some disk space to start the VM. Check `df -h` output if you have some. If not, here are some hints how to free some disk space: - -1. Clean yum cache. - - ~~~ - sudo yum clean all - ~~~ - -2. Delete `.img` files of a less important VM, which can be found in `/var/lib/qubes/appvms/`. - Then, when the system is working again, clean up the rest. - - ~~~ - qvm-remove - ~~~ - - With this method, you lose the data of one VM, but it'll work more reliably. - -3. Decrease the filesystem safety margin (5% by default). - - ~~~ - sudo tune2fs -m 4 /dev/mapper/vg_dom0-lv_root - ~~~ - -4. Remove some unneeded files in dom0 home (if you have any, most likely not). - diff --git a/troubleshooting/remove-vm-manually.md b/troubleshooting/remove-vm-manually.md deleted file mode 100644 index fbc1c14..0000000 --- a/troubleshooting/remove-vm-manually.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -layout: doc -title: How to Remove VMs Manually -permalink: /doc/remove-vm-manually/ ---- - -How to Remove VMs Manually -========================== - -How to Remove a TemplateVM Manually ------------------------------------ - -Try the [normal method] before resorting to this. -All of the following commands should be executed in a dom0 terminal. - -When a template is marked as 'installed by package manager', but cannot be uninstalled there, trying to uninstall manually will result in the error "ERROR: VM installed by package manager: template-vm-name". Do as follows to be able to uninstall the template: - -1. Check the state of `installed_by_rpm` - - $ qvm-prefs template-vm-name - -2. If `installed_by_rpm - True]`, mark the template as not installed by package manager - - $ qvm-prefs template-vm-name installed_by_rpm false - -3. Re-check the state of `installed_by_rpm` - -- If `installed_by_rpm - False`, remove the template like you would a regular qube: - - $ qvm-remove template-vm-name - -- If `installed_by_rpm` remains `True`, reboot your computer to bring qubes.xml in sync with qubesd, and try again to remove the template. - - -[normal method]: /doc/templates/#uninstalling - diff --git a/troubleshooting/sony-vaio-tinkering.md b/troubleshooting/sony-vaio-tinkering.md deleted file mode 100644 index 022e8bf..0000000 --- a/troubleshooting/sony-vaio-tinkering.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -layout: doc -title: Sony Vaio Tinkering -permalink: /doc/sony-vaio-tinkering/ -redirect_from: -- /en/doc/sony-vaio-tinkering/ -- /doc/SonyVaioTinkering/ -- /wiki/SonyVaioTinkering/ ---- - -Instructions for getting your Sony Vaio Z laptop working with Qubes/Linux -========================================================================= - -Sony Vaio Z are great laptops -- they are very powerful, yet compact. The newer models, starting from Z12 are, however, not very well supported by Linux kernels (at least 2.6.34 that we currently use in Dom0) and thus some tinkering is needed to get Qubes working on those machines. - -Getting the graphics card working under Linux/Qubes OS ------------------------------------------------------- - -Newer models of Sony Vaio Z come with an "intelligent" GPU switch, that automatically chooses either Intel Integrated GPU (IGD) or the discrete NVIDIA GPU. This confuses the Linux graphics so much, that in most cases won't even be able to install a regular Linux on such a machine. Unfortunately, moving the switch into the "Stamina" position apparently doesn't work, and the automatic GPU switching is still active. - -One solution that actually worked for me was to reflash the BIOS (I know, I know, this is scary) and to enable the so called "Advanced Menu" in the BIOS. This Advanced Menu allows you to choose the desired behaviour of the GPU switch, which in our case would be to set it to "Static" and then move the mechanical switch to the "Stamina" position, that enabled the Intel IGD (which is much better supported on Linux). - -If you think you are ready to reflash you BIOS, here are the instructions that worked for me: - -[http://forum.notebookreview.com/sony/473226-insyde-hacking-new-vaio-z-advanced-menu-bios.html](http://forum.notebookreview.com/sony/473226-insyde-hacking-new-vaio-z-advanced-menu-bios.html) - -**WARNING**: We take absolutely no responsibility that the BIOS reflashing instructions given at the referenced forum are 1) valid, 2) non-malicious, and 3) work at all. Do this step at your own risk. Keep in mind that reflashing your BIOS might yield your system unusable. If you don't feel like taking this risk (which is a reasonable state of mind), look for a different notebook, or ask Sony Support to enable this option for you. - -In practice I have downloaded the BIOS-patching tools, run them in a VM on a BIOS image I extracted from my laptop, diffed the two versions, and concluded that it doesn't *seem* malicious, and then bravely applied tha patched image. If you don't know what are you doing, just get a different laptop, really! - -On a side note, we should note that allowing anybody to reflash the BIOS is really a bad idea from a security point of view (Hello Evil Maids!). Shame on you, Sony! - -Getting the touchpad working during installation ------------------------------------------------- - -In order to get the touchpad working during installation you should pass the **~~~i8042.nopnp=1~~~** option to the kernel before the installer starts. - -\ - -Applying other fixes --------------------- - -There are a few more fixes needed for Sony Vaio Z, and we have prepared a special package that you can install in Dom0 that applies them all. After the installation is complete, open console in Dom0 and do the following: - -~~~ -$ sudo bash -# qvm-dom0-networking up -# yum install qubes-core-dom0-vaio-fixes -# reboot -~~~ - -This script takes care about the following: - -- Setting i8042.nopnp for your installed system -- Adding special option for the sound module (so you can get sound) -- Adding pm-suspend scripts that take care about restoring your screen after resume - -... now, having done this all, you will surely feel unprecedented satisfaction and you will love your Vaio very much! ;) diff --git a/troubleshooting/thinkpad-troubleshooting.md b/troubleshooting/thinkpad-troubleshooting.md deleted file mode 100644 index 8615920..0000000 --- a/troubleshooting/thinkpad-troubleshooting.md +++ /dev/null @@ -1,94 +0,0 @@ ---- -layout: doc -title: Lenovo ThinkPad Troubleshooting -permalink: /doc/thinkpad-troubleshooting/ -redirect_from: -- /doc/thinkpad_x201/ -- /en/doc/thinkpad_x201/ -- /doc/Thinkpad_X201/ -- /wiki/Thinkpad_X201/ -- /doc/lenovo450-tinkering/ -- /en/doc/lenovo450-tinkering/ -- /doc/Lenovo450Tinkering/ -- /wiki/Lenovo450Tinkering/ ---- - -# Lenovo ThinkPad Troubleshooting # - -## Instructions to create USB installation medium for newer (UEFI-only) ThinkPads ## -Some newer ThinkPads (e.g. T470, T470p, [P51](https://www.svensemmler.org/blog/2017/12/17/qubes-on-thinkpad-p51.html), ThinkPad 25, but not the [P53](https://github.com/QubesOS/qubes-issues/issues/5851)) are likely to fail installation attempts made from a USB stick that was created with dd or Rufus, and even from a DVD burned using official ISO images - if the ThinkPad is configured for UEFI boot. If you don't want to use Legacy Mode as a workaround, the following instructions should help you create a Qubes Installation USB stick that works in UEFI-only mode. - -In a nutshell, you need to use the Fedora livecd-tools to make a Qubes Installation USB Stick from the Qubes ISO image, then update the label on the partition of that USB stick to "BOOT", and then update the BOOT/EFI/BOOTX64.cfg file on the USB stick so that all labels point to BOOT. In more detail: - -1. On your ThinkPad, enter the UEFI setup (press F1 at startup) and make sure to set at least the following options: - - *USB UEFI BIOS Support: Enabled* - - *UEFI/Legacy Boot: UEFI Only* - - *Secure Boot: Disabled* -2. On a different computer, create a "Fedora Live USB Stick": Download a current Fedora Live CD image, and put it onto a USB stick (e.g. using dd or Rufus). Start your ThinkPad from the Fedora Live USB Stick on your ThinkPad (Press F12 at startup to select boot device). Of course, you can alternatively start a different machine from the Fedora Live USB Stick, or use an existing Fedora installation. The next steps all occur within Fedora: -3. Install livecd-tools: `# dnf install livecd-tools` -4. Download the desired Qubes ISO image (or attach a storage device containing it), and verify the signatures as described in the Qubes installation guide. For these instructions, I assume the ISO image is at */run/media/liveuser/qsrc/Qubes-R4.0-rc3-x86_64.iso* (so whenever you see that path going forward in these instructions, replace it with whatever your own path is) -5. Within Fedora, attach the USB stick that you would like to turn into your Qubes Installation USB Stick. Use `dmesg` to figure out what the device name of that stick is. For these instructions, I assume it's */dev/sdd* (so whenever you see */dev/sdd* going forward in these instructions, replace it with whatever your actual device name is) -6. Make sure your target USB stick (presumed to be /dev/sdd) has no mounted partitions: ``# umount /dev/sdd*`` (the asterisk at the end makes sure to unmount all partitions if more than one exists). If none are mounted you'll get an error that you can ignore. -7. Use livecd-tools to copy the image: ``# livecd-iso-to-disk --format --efi /run/media/liveuser/qsrc/Qubes-R4.0-rc3-x86_64.iso /dev/sdd``. **This will erase everything on the drive. Make sure you specify the correct destination.** Then press ENTER when prompted to proceed. This process will take quite a while, be patient. -8. When imaging is complete, change the partition label to BOOT: ``# dosfslabel /dev/sdd1 BOOT`` -9. Now create a mount point and mount the partition: - - ``# mkdir /mnt/qinst`` - - ``# mount /dev/sdd1 /mnt/qinst/`` - -10. Use your favorite editor to edit the file */mnt/qinst/EFI/BOOT/BOOTX64.cfg*: Replace all instances of ``LABEL=Qubes-R4.0-rc3-x86_64`` with ``LABEL=BOOT``. There is typically no space in front of ``LABEL``, but there is a space at the end of the portion you replace. -11. Unmount the Qubes Installation USB stick: ``# umount /dev/sdd*`` and disconnect it. - -That's it! You can now reboot the machine with the Qubes USB Installation stick attached, and press F12 to select it as the boot device at startup. Proceed to install Qubes OS normally. Enjoy! - -## ThinkPads with Intel HD 3000 graphics ## - -Several ThinkPad models have Intel HD 3000 graphics, including the T420s and the -T520. Some users with these laptops have experienced random reboots, which were -solved by adding `i915.enable_rc6=0` as a kernel parameter to -`GRUB_CMDLINE_LINUX` in the file `/etc/default/grub` in dom0. - - -## Instructions for getting your Lenovo Thinkpad X201 & X200 laptop working with Qubes/Linux ## - -For being able to boot the installer from USB, you have to disable VT-d in the BIOS. -Enter the BIOS by hitting F1, go to Config - CPU and then disable VT-d there. - -After the installation, you have to set a startup-parameter for Xen, to be able to activate VT-d again: - -1. Open a terminal in dom0 -2. Edit `/etc/default/grub` -3. Add to the line `GRUB_CMDLINE_XEN_DEFAULT` the setting `iommu=no-igfx`, save and quit -4. sudo `grub2-mkconfig --output /boot/grub2/grub.cfg` - -Then reboot, enter BIOS and re-enable VT-d. - -### Getting scrolling with the Trackpoint and the Middle Button to work ### - -1. Create a script with the following content: - - ~~~ - #!/bin/sh - xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 1 - xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 2 - xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 200 - xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5 - ~~~ - -2. Add the script to the startup-items of your desktop environment. - - -## Instructions for getting your Lenovo 450 laptop working with Qubes/Linux ## - -Lenovo 450 uses UEFI, so some settings are needed to get Qubes (or Fedora) to boot, otherwise Qubes install USB stick will reboot right after boot selector screen and not continue install. - -### Setting UEFI options to get Qubes install to boot ### - -1. Enable Legacy USB mode -2. Disable all Secure Boot and UEFI options, but leave this enabled: Config / USB / USB UEFI BIOS SUPPORT -3. Save settings and reboot -5. Install Qubes - -... and now enjoy :) These settings may be needed also in other UEFI computers. - diff --git a/troubleshooting/updating-debian-and-whonix.md b/troubleshooting/updating-debian-and-whonix.md deleted file mode 100644 index 39091d1..0000000 --- a/troubleshooting/updating-debian-and-whonix.md +++ /dev/null @@ -1,138 +0,0 @@ ---- -layout: doc -title: Updating Debian and Whonix -permalink: /doc/troubleshooting/updating-debian-and-whonix/ ---- - -Updating Debian and Whonix -========================== - -Despite Qubes shipping with [Debian Templates](/doc/templates/debian/), most of Qubes core components run on Fedora and thus our documentation has better coverage for Fedora. However, Qubes has been working closely with the [Whonix](https://whonix.org) project which is based on Debian. - -This troubleshooting guide is collection of tips about updating Whonix that also pertain to updating the normal Debian package manager. If you plan to use Debian heavily, **we highly recommend you install the Whonix templates and use them to update your normal Debian TemplateVM.** - -*Note: some of the links on this page go to documentation on Whonix's website* - -### Updating Error Messages - -After running the commands to update Debian or Whonix, hopefully everything will complete perfectly. - -~~~ -sudo apt-get update && sudo apt-get dist-upgrade -~~~ - -However, if you see something like the following, then something went wrong. - -~~~ -W: Failed to fetch http://ftp.us.debian.org/debian/dist/jessie/contrib/binary-i386/Packages 404 Not Found - -W: Failed to fetch http://ftp.us.debian.org/debian/dist/jessie/non-free/binary-i386/Packages 404 Not Found - -E: Some index files failed to download. They have been ignored, or old ones used instead. - -Err http://ftp.us.debian.org jessie Release.gpg - Could not resolve 'ftp.us.debian.org' -Err http://deb.torproject.org jessie Release.gpg - Could not resolve 'deb.torproject.org' -Err http://security.debian.org jessie/updates Release.gpg - Could not resolve 'security.debian.org' -Reading package lists... Done -W: Failed to fetch http://security.debian.org/dists/jessie/updates/Release.gpg Could not resolve 'security.debian.org' - -W: Failed to fetch http://ftp.us.debian.org/debian/dists/jessie/Release.gpg Could not resolve 'ftp.us.debian.org' - -W: Failed to fetch http://deb.torproject.org/torproject.org/dists/jessie/Release.gpg Could not resolve 'deb.torproject.org' - -W: Some index files failed to download. They have been ignored, or old ones used instead. -~~~ - -This could be a temporary Tor exit relay or server failure that should fix itself. Here are some simple things to try: - -- Check if your network connection is functional -- Try to [change your Tor circuit](https://www.whonix.org/wiki/Arm), then try again -- Running [whonixcheck](https://www.whonix.org/wiki/Whonixcheck) might also help diagnose the problem - -Sometimes if you see a message such as: - -~~~ -Could not resolve 'security.debian.org' -~~~ - -It helps to run the following command: - -~~~ -nslookup security.debian.org -~~~ - -And then trying running the `update` and `upgrade` commands again. - -~~~ -sudo apt-get update && sudo apt-get dist-upgrade -~~~ - -*Please note: if you [disabled the Whonix APT Repository](https://www.whonix.org/wiki/Whonix-APT-Repository#Disable_Whonix_APT_Repository) you'll have to manually check for new Whonix releases and [manually install them from source code](https://www.whonix.org/wiki/Dev/Build_Documentation).* - -### Never Install Unsigned Packages - -If you see something like this: - -~~~ -WARNING: The following packages cannot be authenticated! - icedove -Install these packages without verification [y/N]? -~~~ - -Don't proceed! Press `N` and ``. Running `apt-get update` again should fix it. If not, something is broken or it's a [Man in the middle attack](https://www.whonix.org/wiki/Warning#Man-in-the-middle_attacks), which isn't that unlikely, since we are updating over Tor exit relays and some of them are malicious. Try to [change your Tor circuit](https://www.whonix.org/wiki/Arm#Arm). - - -### Signature Verification Warnings - -There should be none at the moment. If there was such a warning, it would look like this: - -~~~ -W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.torproject.org stable Release: The following signatures were invalid: KEYEXPIRED 1409325681 KEYEXPIRED 1409325681 KEYEXPIRED 1409325681 KEYEXPIRED 1409325681 -~~~ - -Even though, `apt-get` will automatically ignore repositories with expired keys or signatures, you will not receive upgrades from that repository. Unless the issue is already known/documented, it should be reported so it can be further investigated. - -There are two possible reasons why this could happen, either there is an issue with the repository that the maintainers have to fix, or you are victim of a [Man-in-the-middle_attacks](https://www.whonix.org/wiki/Warning#Man-in-the-middle_attacks). The latter would not be a big issue and might go away after a while automatically or try to [change your Tor circuit](https://www.whonix.org/wiki/Arm#Arm) - -In past various apt repositories were signed with expired key. If you want to see how the documentation looked at that point, please click on expand on the right. - -[The Tor Project's apt repository key was expired](https://trac.torproject.org/projects/tor/ticket/12994). You saw the following warning. - -~~~ -W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.torproject.org stable Release: The following signatures were invalid: KEYEXPIRED 1409325681 KEYEXPIRED 1409325681 KEYEXPIRED 1409325681 KEYEXPIRED 1409325681 - -W: Failed to fetch http://deb.torproject.org/torproject.org/dists/stable/Release -W: Some index files failed to download. They have been ignored, or old ones used instead. -~~~ - -It had already been [reported](https://trac.torproject.org/projects/tor/ticket/12994). There was no immediate danger. You could have just ignored it. Just make sure, you never install unsigned packages as explained above. - -If you were to see other signature verification errors, those should be reported, but it shouldn't happen at this time. - -### Changed Configuration Files - -If you see something like the following. - -~~~ -Setting up ifupdown ... -Configuration file /etc/network/interfaces - ==> Modified (by you or by a script) since installation. - ==> Package distributor has shipped an updated version. - What would you like to do about it ? Your options are: - Y or I : install the package maintainer's version - N or O : keep your currently-installed version - D : show the differences between the versions - Z : background this process to examine the situation - The default action is to keep your current version. -*** interfaces (Y/I/N/O/D/Z) [default=N] ? N -~~~ - -Be careful. If the updated file isn't coming from Whonix specific package (some are called `whonix-...`), then press `n`. Otherwise anonymity/privacy/security settings deployed with Whonix might get lost. If you are an advanced user and know better, you can of course manually check the difference and merge them. - -How could you find out if the file is coming from a Whonix specific package or not? - -* Whonix specific packages are sometimes called `whonix-...`. In the example above it's saying `Setting up ifupdown ...`, so the file isn't coming from a Whonix specific package. In this case, you should press `n` as advised in the paragraph above. -* If the package name does include `whonix-...`, it's a Whonix specific package. In that case, your safest bet should be pressing `y`, but then you would lose your customized settings. You can re-add them afterwards. Such conflicts will hopefully rarely happen, if you use [Whonix modular flexible .d style configuration folders](https://www.whonix.org/wiki/Whonix_Configuration_Files). diff --git a/troubleshooting/wireless-troubleshooting.md b/troubleshooting/wireless-troubleshooting.md deleted file mode 100644 index 9c8ea33..0000000 --- a/troubleshooting/wireless-troubleshooting.md +++ /dev/null @@ -1,121 +0,0 @@ ---- -layout: doc -title: Wireless Troubleshooting -permalink: /doc/wireless-troubleshooting/ -redirect_from: -- /en/doc/wireless-troubleshooting/ ---- - -Wireless Troubleshooting Guide -============================== - -These instructions may help with suspend/resume issues for more devices than just wireless cards, that is just the (unfortunately not uncommon) example used here. - -Resetting wireless cards by reloading drivers ---------------------------------------------- - -If your wireless card works, but after suspending and resuming your computer, the Network-Manager applet just says "Device not ready", then try un-loading and re-loading the driver. - -### Determining your wireless card driver ### - -First, determine which kernel module corresponds to your wireless card. There are several ways to do this. - -The easiest is via the output of `lspci -k` in your sys-net VM: - -~~~ -[user@sys-net ~]$ lspci -k -00:00.0 Network controller: Intel Corporation Wireless 8260 (rev 3a) - Subsystem: Intel Corporation Device 0130 - Kernel driver in use: iwlwifi - Kernel modules: iwlwifi -~~~ - -Here we see that the machine in question has an Intel wireless card, being used by the `iwlwifi` kernel module. - - -### Checking logs for relevant messages ### - -View the output of `dmesg` in sys-net, and check if you see a bunch of wireless related errors. Depending on your hardware, they may look like the following (or not): - -~~~ -iwlwifi 0000:00:00.0: loaded firmware version 16.242414.0 op_mode iwlmvm -iwlwifi 0000:00:00.0: Detected Intel(R) Dual Band Wireless AC 8260, REV=0x208 -... -IPv6: ADDRCONF(NETDEV_UP): wlp0s0: link is not ready -iwlwifi 0000:00:00.0: L1 Enabled - LTR Enabled -iwlwifi 0000:00:00.0: L1 Enabled - LTR Enabled -iwlwifi 0000:00:00.0: Failed to load firmware chunk! -iwlwifi 0000:00:00.0: Could not load the [0] uCode section -iwlwifi 0000:00:00.0: Failed to start INIT ucode: -110 -iwlwifi 0000:00:00.0: Failed to run INIT ucode: -110 -... -iwlwifi 0000:00:00.0: Direct firmware load for iwlwifi-8000C-18.ucode failed with error -2 -~~~ - -### Seeing what modules you have loaded ### - -You can check which drivers are currently loaded with `lsmod`, and view details about a module with `modinfo `. - -For example, we list what modules we have loaded: - -~~~ -[user@sys-net ~]$ lsmod -Module Size Used by -iwlmvm 315392 0 -iwlwifi 155648 1 iwlmvm -mac80211 708608 1 iwlmvm -cfg80211 557056 3 iwlwifi,mac80211,iwlmvm -... -~~~ - -and check one: - -~~~ -[user@sys-net ~]$ modinfo iwlmvm | grep -E '^(description|author|depends):' -author: Copyright(c) 2003- 2015 Intel Corporation -description: The new Intel(R) wireless AGN driver for Linux -depends: iwlwifi,mac80211,cfg80211 -~~~ - -Hey, it's our wireless driver! - -Now, check if reloading the module makes wireless work again: - -~~~ -[user@sys-net ~]$ sudo rmmod iwlmvm -[user@sys-net ~]$ sudo modprobe iwlmvm -~~~ - -and try reconnecting to a network that is known to work. - -If that is successful, see below about having Qubes automatically reload the driver for you. If not, try also reloading some dependent modules, in our example we must also reload iwlwifi: - -~~~ -[user@sys-net ~]$ modinfo iwlwifi | grep -E '^(description|author|depends):' -author: Copyright(c) 2003- 2015 Intel Corporation -description: Intel(R) Wireless WiFi driver for Linux -depends: cfg80211 -~~~ - -~~~ -[user@sys-net ~]$ sudo rmmod iwlmvm -[user@sys-net ~]$ sudo rmmod iwlwifi -[user@sys-net ~]$ sudo modprobe iwlwifi # note the reverse order of loading/unloading -[user@sys-net ~]$ sudo modprobe iwlmvm -~~~ - -Automatically reloading drivers on suspend/resume -------------------------------------------------- - -If reloading the driver (which resets the hardware into a known-state) resolves your issue when done manually, you can have Qubes automatically un/reload them on suspend & resume by listing the relevant modules in `/rw/config/suspend-module-blacklist`. - -In the above example, it would look like this: - -~~~ -[user@sys-net config]$ cat /rw/config/suspend-module-blacklist -# You can list here modules you want to be unloaded before going to sleep. This -# file is used only if the VM has any PCI device assigned. Modules will be -# automatically loaded after resume. -iwlmvm -iwlwifi -~~~ From 465d59cce86a31b0d56b9c7de0f70e60ad6d12d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Pierret=20=28fepitre=29?= Date: Sun, 4 Oct 2020 11:36:59 +0200 Subject: [PATCH 39/49] gentoo: add notes about post-install --- os-guides/gentoo.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/os-guides/gentoo.md b/os-guides/gentoo.md index abed83c..219c205 100644 --- a/os-guides/gentoo.md +++ b/os-guides/gentoo.md @@ -19,7 +19,7 @@ To switch, reinstall and uninstall a Gentoo TemplateVM that is already installed #### After Installing -After a fresh install, we recommend to [Update the TemplateVM](/doc/software-update-vm/). +After a fresh install, we recommend to [Update the TemplateVM](/doc/software-update-vm/). We highlight that the template memory/CPU allocation certainly need to be adjusted in some cases. As Gentoo is a *linux source distribution*, the template needs resources to perform updates or installing any packages. By default, each TemplateVM has *2 VCPUs* for *4000 MB Max memory* allocated. If needed, double those values, *4 VCPUs* for *8000 MB Max memory*. For example, it has been observed failing updates or builds with *4 VCPUs* for *4000 MB Max memory* due to out of memory issue. For more general considerations, we refer to the official [Gentoo Handbook]. ## Want to contribute? @@ -32,3 +32,4 @@ After a fresh install, we recommend to [Update the TemplateVM](/doc/software-upd [uninstall]: /doc/templates/#uninstalling [Minimal TemplateVMs]: /doc/templates/minimal/ [Xfce TemplateVMs]: /doc/templates/xfce/ +[Gentoo Handbook]: https://wiki.gentoo.org/wiki/Handbook:AMD64 \ No newline at end of file From 859949cf05954ad2eaf7e5ecaa59ffe6cd134fa0 Mon Sep 17 00:00:00 2001 From: PROTechThor Date: Sat, 10 Oct 2020 09:50:00 +0100 Subject: [PATCH 40/49] Replace wireless troubleshooting with resume/suspend troubleshooting --- troubleshooting/wireless-troubleshooting.md | 121 -------------------- 1 file changed, 121 deletions(-) delete mode 100644 troubleshooting/wireless-troubleshooting.md diff --git a/troubleshooting/wireless-troubleshooting.md b/troubleshooting/wireless-troubleshooting.md deleted file mode 100644 index 9c8ea33..0000000 --- a/troubleshooting/wireless-troubleshooting.md +++ /dev/null @@ -1,121 +0,0 @@ ---- -layout: doc -title: Wireless Troubleshooting -permalink: /doc/wireless-troubleshooting/ -redirect_from: -- /en/doc/wireless-troubleshooting/ ---- - -Wireless Troubleshooting Guide -============================== - -These instructions may help with suspend/resume issues for more devices than just wireless cards, that is just the (unfortunately not uncommon) example used here. - -Resetting wireless cards by reloading drivers ---------------------------------------------- - -If your wireless card works, but after suspending and resuming your computer, the Network-Manager applet just says "Device not ready", then try un-loading and re-loading the driver. - -### Determining your wireless card driver ### - -First, determine which kernel module corresponds to your wireless card. There are several ways to do this. - -The easiest is via the output of `lspci -k` in your sys-net VM: - -~~~ -[user@sys-net ~]$ lspci -k -00:00.0 Network controller: Intel Corporation Wireless 8260 (rev 3a) - Subsystem: Intel Corporation Device 0130 - Kernel driver in use: iwlwifi - Kernel modules: iwlwifi -~~~ - -Here we see that the machine in question has an Intel wireless card, being used by the `iwlwifi` kernel module. - - -### Checking logs for relevant messages ### - -View the output of `dmesg` in sys-net, and check if you see a bunch of wireless related errors. Depending on your hardware, they may look like the following (or not): - -~~~ -iwlwifi 0000:00:00.0: loaded firmware version 16.242414.0 op_mode iwlmvm -iwlwifi 0000:00:00.0: Detected Intel(R) Dual Band Wireless AC 8260, REV=0x208 -... -IPv6: ADDRCONF(NETDEV_UP): wlp0s0: link is not ready -iwlwifi 0000:00:00.0: L1 Enabled - LTR Enabled -iwlwifi 0000:00:00.0: L1 Enabled - LTR Enabled -iwlwifi 0000:00:00.0: Failed to load firmware chunk! -iwlwifi 0000:00:00.0: Could not load the [0] uCode section -iwlwifi 0000:00:00.0: Failed to start INIT ucode: -110 -iwlwifi 0000:00:00.0: Failed to run INIT ucode: -110 -... -iwlwifi 0000:00:00.0: Direct firmware load for iwlwifi-8000C-18.ucode failed with error -2 -~~~ - -### Seeing what modules you have loaded ### - -You can check which drivers are currently loaded with `lsmod`, and view details about a module with `modinfo `. - -For example, we list what modules we have loaded: - -~~~ -[user@sys-net ~]$ lsmod -Module Size Used by -iwlmvm 315392 0 -iwlwifi 155648 1 iwlmvm -mac80211 708608 1 iwlmvm -cfg80211 557056 3 iwlwifi,mac80211,iwlmvm -... -~~~ - -and check one: - -~~~ -[user@sys-net ~]$ modinfo iwlmvm | grep -E '^(description|author|depends):' -author: Copyright(c) 2003- 2015 Intel Corporation -description: The new Intel(R) wireless AGN driver for Linux -depends: iwlwifi,mac80211,cfg80211 -~~~ - -Hey, it's our wireless driver! - -Now, check if reloading the module makes wireless work again: - -~~~ -[user@sys-net ~]$ sudo rmmod iwlmvm -[user@sys-net ~]$ sudo modprobe iwlmvm -~~~ - -and try reconnecting to a network that is known to work. - -If that is successful, see below about having Qubes automatically reload the driver for you. If not, try also reloading some dependent modules, in our example we must also reload iwlwifi: - -~~~ -[user@sys-net ~]$ modinfo iwlwifi | grep -E '^(description|author|depends):' -author: Copyright(c) 2003- 2015 Intel Corporation -description: Intel(R) Wireless WiFi driver for Linux -depends: cfg80211 -~~~ - -~~~ -[user@sys-net ~]$ sudo rmmod iwlmvm -[user@sys-net ~]$ sudo rmmod iwlwifi -[user@sys-net ~]$ sudo modprobe iwlwifi # note the reverse order of loading/unloading -[user@sys-net ~]$ sudo modprobe iwlmvm -~~~ - -Automatically reloading drivers on suspend/resume -------------------------------------------------- - -If reloading the driver (which resets the hardware into a known-state) resolves your issue when done manually, you can have Qubes automatically un/reload them on suspend & resume by listing the relevant modules in `/rw/config/suspend-module-blacklist`. - -In the above example, it would look like this: - -~~~ -[user@sys-net config]$ cat /rw/config/suspend-module-blacklist -# You can list here modules you want to be unloaded before going to sleep. This -# file is used only if the VM has any PCI device assigned. Modules will be -# automatically loaded after resume. -iwlmvm -iwlwifi -~~~ From 6272d4b3aef0f46d960e4272cb43d5484dc515f7 Mon Sep 17 00:00:00 2001 From: "Dr. Gerhard Weck" Date: Sat, 10 Oct 2020 11:50:11 +0200 Subject: [PATCH 41/49] Update windows-vm.md fixed typo --- os-guides/windows/windows-vm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-guides/windows/windows-vm.md b/os-guides/windows/windows-vm.md index f488d78..bcc023c 100644 --- a/os-guides/windows/windows-vm.md +++ b/os-guides/windows/windows-vm.md @@ -119,7 +119,7 @@ MS Windows versions considerations: - The instructions *may* work on other versions than Windows 7 x64 but haven't been tested. - Qubes Windows Tools (QWT) only supports Windows 7 x64. Note that there are [known issues](https://github.com/QubesOS/qubes-issues/issues/3585) with QWT on Qubes 4.x -- For Windows 10 under Qubes 4.0, a way to install QWT 4.0.1.3, which has worked in several instances, is described in [Qubes Wndows Tools](/doc/windows-tools/). +- For Windows 10 under Qubes 4.0, a way to install QWT 4.0.1.3, which has worked in several instances, is described in [Qubes Windows Tools](/doc/windows-tools/). Create a VM named win7new in [HVM](/doc/hvm/) mode (Xen's current PVH limitations precludes from using PVH): From c04f55183fd88c6329e17865a061b3c6ae363592 Mon Sep 17 00:00:00 2001 From: "Dr. Gerhard Weck" Date: Sat, 10 Oct 2020 13:57:01 +0200 Subject: [PATCH 42/49] Update windows-tools.md --- os-guides/windows/windows-tools.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/os-guides/windows/windows-tools.md b/os-guides/windows/windows-tools.md index 9063269..b65350b 100644 --- a/os-guides/windows/windows-tools.md +++ b/os-guides/windows/windows-tools.md @@ -22,10 +22,10 @@ Qubes Windows Tools are a set of programs and drivers that provide integration o - **Qubes Video Driver** - provides for the Seamless GUI mode that integrates apps windows onto the common Qubes trusted desktop - **File sender/receiver** - Support for [secure clipboard copy/paste](/doc/copy-paste/) between the Windows VM and other AppVMs - ***File sender/receiver** - Support for [secure file exchange](/doc/copying-files/) between the Windows VM and other AppVMs -- **Copy/Edit in Dipostable VM** - Support for editing files in DisposableVMs as well as for qvm-run and generic qrexec for the Windows VM (e.g. ability to run custom service within/from the Windows VM) +- **Copy/Edit in Diposable VM** - Support for editing files in DisposableVMs as well as for qvm-run and generic qrexec for the Windows VM (e.g. ability to run custom service within/from the Windows VM) - **Xen PV drivers** for Windows that increase performance compared to qemu emulated devices -Below is a breakdown of the feature availablility depending on the windows version: +Below is a breakdown of the feature availability depending on the windows version: | Feature | Windows 7 x64 | Windows 10 x64 | | ------------------------------------ | :------------: | :------------: | @@ -35,7 +35,7 @@ Below is a breakdown of the feature availablility depending on the windows versi | File sender/receiver | + | + | | Clipboard Copy/Paste | + | + | | Application shortcuts | + | + | -| Copy/Edit in Disposible VM | + | + | +| Copy/Edit in Disposable VM | + | + | | Block device | + | + | | USB device | - | - | | Audio | - | - | From ea0681188707cbe003e978046110c86928be5c11 Mon Sep 17 00:00:00 2001 From: "Dr. Gerhard Weck" Date: Sat, 10 Oct 2020 14:23:29 +0200 Subject: [PATCH 43/49] Update windows-tools.md --- os-guides/windows/windows-tools.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-guides/windows/windows-tools.md b/os-guides/windows/windows-tools.md index b65350b..4a5ff7d 100644 --- a/os-guides/windows/windows-tools.md +++ b/os-guides/windows/windows-tools.md @@ -22,7 +22,7 @@ Qubes Windows Tools are a set of programs and drivers that provide integration o - **Qubes Video Driver** - provides for the Seamless GUI mode that integrates apps windows onto the common Qubes trusted desktop - **File sender/receiver** - Support for [secure clipboard copy/paste](/doc/copy-paste/) between the Windows VM and other AppVMs - ***File sender/receiver** - Support for [secure file exchange](/doc/copying-files/) between the Windows VM and other AppVMs -- **Copy/Edit in Diposable VM** - Support for editing files in DisposableVMs as well as for qvm-run and generic qrexec for the Windows VM (e.g. ability to run custom service within/from the Windows VM) +- **Copy/Edit in Disposable VM** - Support for editing files in DisposableVMs as well as for qvm-run and generic qrexec for the Windows VM (e.g. ability to run custom service within/from the Windows VM) - **Xen PV drivers** for Windows that increase performance compared to qemu emulated devices Below is a breakdown of the feature availability depending on the windows version: From 118470eea2c282513e057f4045c659b88f4d267f Mon Sep 17 00:00:00 2001 From: "Dr. Gerhard Weck" Date: Sun, 11 Oct 2020 11:26:25 +0200 Subject: [PATCH 44/49] Update windows-vm.md --- os-guides/windows/windows-vm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-guides/windows/windows-vm.md b/os-guides/windows/windows-vm.md index bcc023c..328a3f8 100644 --- a/os-guides/windows/windows-vm.md +++ b/os-guides/windows/windows-vm.md @@ -209,7 +209,7 @@ Finally, increase the VM's `qrexec_timeout`: in case you happen to get a BSOD or qvm-prefs win7new qrexec_timeout 300 ~~~ -At that point you should have a functional and stable Windows VM, although without updates, Xen's PV drivers nor Qubes integration (see sections [Windows Update](#windows-update) and [Xen PV drivers and Qubes Windows Tools](#xen-pv-drivers-and-qubes-windows-tools) below). It is a good time to clone the VM again. +At that point you should have a functional and stable Windows VM, although without updates, Xen's PV drivers nor Qubes integration (see sections [Windows Update](#windows-update) and [Xen PV drivers and Qubes Windows Tools](./windows-tools#xen-pv-drivers-and-qubes-windows-tools) below). It is a good time to clone the VM again. Windows as TemplateVM From c63494f1adb4ad39cf841929f1fb0135a16561e4 Mon Sep 17 00:00:00 2001 From: "Dr. Gerhard Weck" Date: Sun, 11 Oct 2020 11:28:03 +0200 Subject: [PATCH 45/49] Update windows-vm.md --- os-guides/windows/windows-vm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-guides/windows/windows-vm.md b/os-guides/windows/windows-vm.md index 328a3f8..c7258d4 100644 --- a/os-guides/windows/windows-vm.md +++ b/os-guides/windows/windows-vm.md @@ -209,7 +209,7 @@ Finally, increase the VM's `qrexec_timeout`: in case you happen to get a BSOD or qvm-prefs win7new qrexec_timeout 300 ~~~ -At that point you should have a functional and stable Windows VM, although without updates, Xen's PV drivers nor Qubes integration (see sections [Windows Update](#windows-update) and [Xen PV drivers and Qubes Windows Tools](./windows-tools#xen-pv-drivers-and-qubes-windows-tools) below). It is a good time to clone the VM again. +At that point you should have a functional and stable Windows VM, although without updates, Xen's PV drivers nor Qubes integration (see sections [Windows Update](#windows-update) and [Xen PV drivers and Qubes Windows Tools](./windows-tools.md#xen-pv-drivers-and-qubes-windows-tools) below). It is a good time to clone the VM again. Windows as TemplateVM From 07e26ac2ee8ec3360aeb1ae902d36f6fac1aaf14 Mon Sep 17 00:00:00 2001 From: "Dr. Gerhard Weck" Date: Sun, 11 Oct 2020 11:57:55 +0200 Subject: [PATCH 46/49] Correct links to ther file --- os-guides/windows/windows-vm.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/os-guides/windows/windows-vm.md b/os-guides/windows/windows-vm.md index c7258d4..8a4611a 100644 --- a/os-guides/windows/windows-vm.md +++ b/os-guides/windows/windows-vm.md @@ -119,7 +119,7 @@ MS Windows versions considerations: - The instructions *may* work on other versions than Windows 7 x64 but haven't been tested. - Qubes Windows Tools (QWT) only supports Windows 7 x64. Note that there are [known issues](https://github.com/QubesOS/qubes-issues/issues/3585) with QWT on Qubes 4.x -- For Windows 10 under Qubes 4.0, a way to install QWT 4.0.1.3, which has worked in several instances, is described in [Qubes Windows Tools](/doc/windows-tools/). +- For Windows 10 under Qubes 4.0, a way to install QWT 4.0.1.3, which has worked in several instances, is described in [Qubes Windows Tools](/external/os-guides/windows/windows-tools.md). Create a VM named win7new in [HVM](/doc/hvm/) mode (Xen's current PVH limitations precludes from using PVH): @@ -209,7 +209,7 @@ Finally, increase the VM's `qrexec_timeout`: in case you happen to get a BSOD or qvm-prefs win7new qrexec_timeout 300 ~~~ -At that point you should have a functional and stable Windows VM, although without updates, Xen's PV drivers nor Qubes integration (see sections [Windows Update](#windows-update) and [Xen PV drivers and Qubes Windows Tools](./windows-tools.md#xen-pv-drivers-and-qubes-windows-tools) below). It is a good time to clone the VM again. +At that point you should have a functional and stable Windows VM, although without updates, Xen's PV drivers nor Qubes integration (see sections [Windows Update](#windows-update) and [Xen PV drivers and Qubes Windows Tools](/external/os-guides/windows/windows-tools.md#xen-pv-drivers-and-qubes-windows-tools)). It is a good time to clone the VM again. Windows as TemplateVM From e0fafae68d64dd32a081b6ad0a489a0b0721f618 Mon Sep 17 00:00:00 2001 From: "Dr. Gerhard Weck" Date: Sun, 11 Oct 2020 12:20:51 +0200 Subject: [PATCH 47/49] Correct links to other file --- os-guides/windows/windows-vm.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/os-guides/windows/windows-vm.md b/os-guides/windows/windows-vm.md index 8a4611a..ca79f84 100644 --- a/os-guides/windows/windows-vm.md +++ b/os-guides/windows/windows-vm.md @@ -119,7 +119,7 @@ MS Windows versions considerations: - The instructions *may* work on other versions than Windows 7 x64 but haven't been tested. - Qubes Windows Tools (QWT) only supports Windows 7 x64. Note that there are [known issues](https://github.com/QubesOS/qubes-issues/issues/3585) with QWT on Qubes 4.x -- For Windows 10 under Qubes 4.0, a way to install QWT 4.0.1.3, which has worked in several instances, is described in [Qubes Windows Tools](/external/os-guides/windows/windows-tools.md). +- For Windows 10 under Qubes 4.0, a way to install QWT 4.0.1.3, which has worked in several instances, is described in [Qubes Windows Tools](./windows-tools.md). Create a VM named win7new in [HVM](/doc/hvm/) mode (Xen's current PVH limitations precludes from using PVH): @@ -209,7 +209,7 @@ Finally, increase the VM's `qrexec_timeout`: in case you happen to get a BSOD or qvm-prefs win7new qrexec_timeout 300 ~~~ -At that point you should have a functional and stable Windows VM, although without updates, Xen's PV drivers nor Qubes integration (see sections [Windows Update](#windows-update) and [Xen PV drivers and Qubes Windows Tools](/external/os-guides/windows/windows-tools.md#xen-pv-drivers-and-qubes-windows-tools)). It is a good time to clone the VM again. +At that point you should have a functional and stable Windows VM, although without updates, Xen's PV drivers nor Qubes integration (see sections [Windows Update](#windows-update) and [Xen PV drivers and Qubes Windows Tools](./windows-tools.md#xen-pv-drivers-and-qubes-windows-tools)). It is a good time to clone the VM again. Windows as TemplateVM From 3ac6d417b26e842b4ecd57cac8c3b25d6fc43dbd Mon Sep 17 00:00:00 2001 From: "Dr. Gerhard Weck" Date: Sun, 11 Oct 2020 12:52:06 +0200 Subject: [PATCH 48/49] Update windows-vm.md --- os-guides/windows/windows-vm.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/os-guides/windows/windows-vm.md b/os-guides/windows/windows-vm.md index ca79f84..7ea153e 100644 --- a/os-guides/windows/windows-vm.md +++ b/os-guides/windows/windows-vm.md @@ -119,7 +119,7 @@ MS Windows versions considerations: - The instructions *may* work on other versions than Windows 7 x64 but haven't been tested. - Qubes Windows Tools (QWT) only supports Windows 7 x64. Note that there are [known issues](https://github.com/QubesOS/qubes-issues/issues/3585) with QWT on Qubes 4.x -- For Windows 10 under Qubes 4.0, a way to install QWT 4.0.1.3, which has worked in several instances, is described in [Qubes Windows Tools](./windows-tools.md). +- For Windows 10 under Qubes 4.0, a way to install QWT 4.0.1.3, which has worked in several instances, is described in [Qubes Windows Tools](/doc/windows-tools/). Create a VM named win7new in [HVM](/doc/hvm/) mode (Xen's current PVH limitations precludes from using PVH): @@ -209,7 +209,7 @@ Finally, increase the VM's `qrexec_timeout`: in case you happen to get a BSOD or qvm-prefs win7new qrexec_timeout 300 ~~~ -At that point you should have a functional and stable Windows VM, although without updates, Xen's PV drivers nor Qubes integration (see sections [Windows Update](#windows-update) and [Xen PV drivers and Qubes Windows Tools](./windows-tools.md#xen-pv-drivers-and-qubes-windows-tools)). It is a good time to clone the VM again. +At that point you should have a functional and stable Windows VM, although without updates, Xen's PV drivers nor Qubes integration (see sections [Windows Update](#windows-update) and [Xen PV drivers and Qubes Windows Tools](/doc/windows-tools/#xen-pv-drivers-and-qubes-windows-tools)). It is a good time to clone the VM again. Windows as TemplateVM From 82f36650f855912d8a49730fd3738155f4060253 Mon Sep 17 00:00:00 2001 From: "Dr. Gerhard Weck" Date: Sun, 11 Oct 2020 13:38:15 +0200 Subject: [PATCH 49/49] Hopefully last try to get the syntax right --- os-guides/windows/windows-vm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-guides/windows/windows-vm.md b/os-guides/windows/windows-vm.md index 7ea153e..5eeb7f6 100644 --- a/os-guides/windows/windows-vm.md +++ b/os-guides/windows/windows-vm.md @@ -111,7 +111,7 @@ qvm-prefs win7new qrexec_timeout 300 qvm-prefs win7new debug false ~~~ -To install Qubes Windows Tools, follow instructions [below](#xen-pv-drivers-and-qubes-windows-tools). +To install Qubes Windows Tools, follow instructions in [Qubes Windows Tools](/doc/windows-tools/). ### Detailed instructions ###