From 52ea037da0f2c2a7e9475a7e877ee309806393ba Mon Sep 17 00:00:00 2001 From: PROTechThor Date: Fri, 30 Oct 2020 15:07:40 +0100 Subject: [PATCH 1/4] Add VPN Troubleshooting --- configuration-guides/vpn.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/configuration-guides/vpn.md b/configuration-guides/vpn.md index 1f84321..002a28f 100644 --- a/configuration-guides/vpn.md +++ b/configuration-guides/vpn.md @@ -318,6 +318,4 @@ If you want to update your TemplateVMs through the VPN, you can enable the `qube Troubleshooting --------------- -* Always test your basic VPN connection before adding scripts. -* Test DNS: Ping a familiar domain name from an appVM. It should print the IP address for the domain. -* Use `iptables -L -v` and `iptables -L -v -t nat` to check firewall rules. The latter shows the critical PR-QBS chain that enables DNS forwarding. +See the [VPN Troubleshooting](/doc/vpn-troubleshooting/) guide for tips on how to fix common VPN issues. From b8977f4c7bf900a36889941eff8f50a3c7e44394 Mon Sep 17 00:00:00 2001 From: PROTechThor Date: Tue, 3 Nov 2020 18:08:12 +0100 Subject: [PATCH 2/4] Edit Thinkpad Troubleshooting --- troubleshooting/thinkpad-troubleshooting.md | 94 +++++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 troubleshooting/thinkpad-troubleshooting.md diff --git a/troubleshooting/thinkpad-troubleshooting.md b/troubleshooting/thinkpad-troubleshooting.md new file mode 100644 index 0000000..fe58324 --- /dev/null +++ b/troubleshooting/thinkpad-troubleshooting.md @@ -0,0 +1,94 @@ +--- +layout: doc +title: Lenovo ThinkPad Troubleshooting +permalink: /doc/thinkpad-troubleshooting/ +redirect_from: +- /doc/thinkpad_x201/ +- /en/doc/thinkpad_x201/ +- /doc/Thinkpad_X201/ +- /wiki/Thinkpad_X201/ +- /doc/lenovo450-tinkering/ +- /en/doc/lenovo450-tinkering/ +- /doc/Lenovo450Tinkering/ +- /wiki/Lenovo450Tinkering/ +--- + +# Lenovo ThinkPad Troubleshooting # + +## Installation from USB stick fails for newer (UEFI-only) ThinkPads ## +Some newer ThinkPads (e.g. T470, T470p, [P51](https://www.svensemmler.org/blog/2017/12/17/qubes-on-thinkpad-p51.html), ThinkPad 25, but not the [P53](https://github.com/QubesOS/qubes-issues/issues/5851)) are likely to fail installation attempts made from a USB stick that was created with dd or Rufus, and even from a DVD burned using official ISO images - if the ThinkPad is configured for UEFI boot. If you don't want to use Legacy Mode as a workaround, the following instructions should help you create a Qubes Installation USB stick that works in UEFI-only mode. + +In a nutshell, you need to use the Fedora livecd-tools to make a Qubes Installation USB Stick from the Qubes ISO image, then update the label on the partition of that USB stick to "BOOT", and then update the BOOT/EFI/BOOTX64.cfg file on the USB stick so that all labels point to BOOT. In more detail: + +1. On your ThinkPad, enter the UEFI setup (press F1 at startup) and make sure to set at least the following options: + - *USB UEFI BIOS Support: Enabled* + - *UEFI/Legacy Boot: UEFI Only* + - *Secure Boot: Disabled* +2. On a different computer, create a "Fedora Live USB Stick": Download a current Fedora Live CD image, and put it onto a USB stick (e.g. using dd or Rufus). Start your ThinkPad from the Fedora Live USB Stick on your ThinkPad (Press F12 at startup to select boot device). Of course, you can alternatively start a different machine from the Fedora Live USB Stick, or use an existing Fedora installation. The next steps all occur within Fedora: +3. Install livecd-tools: `# dnf install livecd-tools` +4. Download the desired Qubes ISO image (or attach a storage device containing it), and verify the signatures as described in the Qubes installation guide. For these instructions, I assume the ISO image is at */run/media/liveuser/qsrc/Qubes-R4.0-rc3-x86_64.iso* (so whenever you see that path going forward in these instructions, replace it with whatever your own path is) +5. Within Fedora, attach the USB stick that you would like to turn into your Qubes Installation USB Stick. Use `dmesg` to figure out what the device name of that stick is. For these instructions, I assume it's */dev/sdd* (so whenever you see */dev/sdd* going forward in these instructions, replace it with whatever your actual device name is) +6. Make sure your target USB stick (presumed to be /dev/sdd) has no mounted partitions: ``# umount /dev/sdd*`` (the asterisk at the end makes sure to unmount all partitions if more than one exists). If none are mounted you'll get an error that you can ignore. +7. Use livecd-tools to copy the image: ``# livecd-iso-to-disk --format --efi /run/media/liveuser/qsrc/Qubes-R4.0-rc3-x86_64.iso /dev/sdd``. **This will erase everything on the drive. Make sure you specify the correct destination.** Then press ENTER when prompted to proceed. This process will take quite a while, be patient. +8. When imaging is complete, change the partition label to BOOT: ``# dosfslabel /dev/sdd1 BOOT`` +9. Now create a mount point and mount the partition: + + ``# mkdir /mnt/qinst`` + + ``# mount /dev/sdd1 /mnt/qinst/`` + +10. Use your favorite editor to edit the file */mnt/qinst/EFI/BOOT/BOOTX64.cfg*: Replace all instances of ``LABEL=Qubes-R4.0-rc3-x86_64`` with ``LABEL=BOOT``. There is typically no space in front of ``LABEL``, but there is a space at the end of the portion you replace. +11. Unmount the Qubes Installation USB stick: ``# umount /dev/sdd*`` and disconnect it. + +That's it! You can now reboot the machine with the Qubes USB Installation stick attached, and press F12 to select it as the boot device at startup. Proceed to install Qubes OS normally. Enjoy! + +## Random reboots on ThinkPads with Intel HD 3000 graphics ## + +Several ThinkPad models have Intel HD 3000 graphics, including the T420s and the +T520. Some users with these laptops have experienced random reboots, which were +solved by adding `i915.enable_rc6=0` as a kernel parameter to +`GRUB_CMDLINE_LINUX` in the file `/etc/default/grub` in dom0. + + +## Can't boot the installer from a USB on Thinkpad X201 & X200 ## + +For being able to boot the installer from USB, you have to disable VT-d in the BIOS. +Enter the BIOS by hitting F1, go to Config - CPU and then disable VT-d there. + +After the installation, you have to set a startup-parameter for Xen, to be able to activate VT-d again: + +1. Open a terminal in dom0 +2. Edit `/etc/default/grub` +3. Add to the line `GRUB_CMDLINE_XEN_DEFAULT` the setting `iommu=no-igfx`, save and quit +4. sudo `grub2-mkconfig --output /boot/grub2/grub.cfg` + +Then reboot, enter BIOS and re-enable VT-d. + +### Getting scrolling with the Trackpoint and the Middle Button to work ### + +1. Create a script with the following content: + + ~~~ + #!/bin/sh + xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 1 + xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 2 + xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 200 + xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5 + ~~~ + +2. Add the script to the startup-items of your desktop environment. + + +## Can’t boot from USB stick on Lenovo 450 ## + +Lenovo 450 uses UEFI, so some settings are needed to get Qubes (or Fedora) to boot, otherwise Qubes install USB stick will reboot right after boot selector screen and not continue install. + +### Setting UEFI options to get Qubes install to boot ### + +1. Enable Legacy USB mode +2. Disable all Secure Boot and UEFI options, but leave this enabled: Config / USB / USB UEFI BIOS SUPPORT +3. Save settings and reboot +5. Install Qubes + +... and now enjoy :) These settings may be needed also in other UEFI computers. + From 105eb3c29dcec6ae73d272ac2882617ae3def3f6 Mon Sep 17 00:00:00 2001 From: PROTechThor Date: Sat, 14 Nov 2020 06:26:22 +0100 Subject: [PATCH 3/4] Edit Sony Vaio Tinkering --- troubleshooting/sony-vaio-tinkering.md | 58 ++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 troubleshooting/sony-vaio-tinkering.md diff --git a/troubleshooting/sony-vaio-tinkering.md b/troubleshooting/sony-vaio-tinkering.md new file mode 100644 index 0000000..64e3df2 --- /dev/null +++ b/troubleshooting/sony-vaio-tinkering.md @@ -0,0 +1,58 @@ +--- +layout: doc +title: Sony Vaio Tinkering +permalink: /doc/sony-vaio-tinkering/ +redirect_from: +- /en/doc/sony-vaio-tinkering/ +- /doc/SonyVaioTinkering/ +- /wiki/SonyVaioTinkering/ +--- + +Instructions for getting your Sony Vaio Z laptop working with Qubes/Linux +========================================================================= + +The following issues were reported on Qubes 3.2 and may not be prevalent on Qubes 4.0. + +Graphics card does not work +--------------------------- + +Newer models of Sony Vaio Z come with an "intelligent" GPU switch, that automatically chooses either Intel Integrated GPU (IGD) or the discrete NVIDIA GPU. This confuses the Linux graphics so much, that in most cases, it won't even be able to install a regular Linux on such a machine. Unfortunately, moving the switch into the "Stamina" position apparently doesn't work, and the automatic GPU switching is still active. + +One solution that actually worked for me was to reflash the BIOS (I know, I know, this is scary) and to enable the so called "Advanced Menu" in the BIOS. This Advanced Menu allows you to choose the desired behaviour of the GPU switch, which in our case would be to set it to "Static" and then move the mechanical switch to the "Stamina" position, that enabled the Intel IGD (which is much better supported on Linux). + +If you think you are ready to reflash you BIOS, you can follow [these instructions](http://forum.notebookreview.com/sony/473226-insyde-hacking-new-vaio-z-advanced-menu-bios.html). + +**WARNING**: We take absolutely no responsibility that the BIOS reflashing instructions given at the referenced forum are 1) valid, 2) non-malicious, and 3) work at all. Do this step at your own risk. Keep in mind that reflashing your BIOS might yield your system unusable. If you don't feel like taking this risk (which is a reasonable state of mind), look for a different notebook, or ask Sony Support to enable this option for you. + +In practice I have downloaded the BIOS-patching tools, run them in a VM on a BIOS image I extracted from my laptop, diffed the two versions, and concluded that it doesn't *seem* malicious, and then bravely applied that patched image. If you don't know what are you doing, just get a different laptop, really! + +On a side note, we should note that allowing anybody to reflash the BIOS is really a bad idea from a security point of view (Hello Evil Maids!). Shame on you, Sony! + +Touchpad does not work during installation +------------------------------------------ + +In order to get the touchpad working during installation you should pass the `i8042.nopnp=1` option to the kernel before the installer starts: + +~~~ +sudo nano /etc/default/grub +GRUB_CMDLINE_LINUX_DEFAULT="i8042.nopnp=1" +~~~ + +Applying other fixes +-------------------- + +There are a few more fixes needed for Sony Vaio Z, and we have prepared a special package that you can install in dom0 that applies them all. After the installation is complete, open a console in dom0 and do the following: + +~~~ +$ sudo bash +# qvm-dom0-networking up +# yum install qubes-core-dom0-vaio-fixes +# reboot +~~~ + +This script takes care about the following: + +- Setting i8042.nopnp for your installed system +- Adding special option for the sound module (so you can get sound) +- Adding pm-suspend scripts that take care about restoring your screen after resume + From 37b58f7388e9ec100d1cd55c355966e4fa98345a Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Sat, 14 Nov 2020 06:32:10 +0100 Subject: [PATCH 4/4] Change word --- troubleshooting/sony-vaio-tinkering.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/troubleshooting/sony-vaio-tinkering.md b/troubleshooting/sony-vaio-tinkering.md index 64e3df2..34e4552 100644 --- a/troubleshooting/sony-vaio-tinkering.md +++ b/troubleshooting/sony-vaio-tinkering.md @@ -24,7 +24,7 @@ If you think you are ready to reflash you BIOS, you can follow [these instructio **WARNING**: We take absolutely no responsibility that the BIOS reflashing instructions given at the referenced forum are 1) valid, 2) non-malicious, and 3) work at all. Do this step at your own risk. Keep in mind that reflashing your BIOS might yield your system unusable. If you don't feel like taking this risk (which is a reasonable state of mind), look for a different notebook, or ask Sony Support to enable this option for you. -In practice I have downloaded the BIOS-patching tools, run them in a VM on a BIOS image I extracted from my laptop, diffed the two versions, and concluded that it doesn't *seem* malicious, and then bravely applied that patched image. If you don't know what are you doing, just get a different laptop, really! +In practice I have downloaded the BIOS-patching tools, run them in a VM on a BIOS image I extracted from my laptop, diffed the two versions, and concluded that it doesn't *seem* malicious, and then bravely applied the patched image. If you don't know what are you doing, just get a different laptop, really! On a side note, we should note that allowing anybody to reflash the BIOS is really a bad idea from a security point of view (Hello Evil Maids!). Shame on you, Sony!