From e73ae9a342f0359723ac6b929dbc88f824156a34 Mon Sep 17 00:00:00 2001 From: PROTechThor Date: Sat, 10 Oct 2020 09:50:00 +0100 Subject: [PATCH 01/45] Replace wireless troubleshooting with resume/suspend troubleshooting --- doc.md | 8 +++++-- .../resume-suspend-troubleshooting.md | 22 +++++++++++-------- 2 files changed, 19 insertions(+), 11 deletions(-) rename external/troubleshooting/wireless-troubleshooting.md => user/troubleshooting/resume-suspend-troubleshooting.md (83%) diff --git a/doc.md b/doc.md index df16c6ed..ce3d6589 100644 --- a/doc.md +++ b/doc.md @@ -135,13 +135,18 @@ Core documentation for Qubes users. * [Making Any File Persistent Using `bind-dirs`](/doc/bind-dirs/) * [GUI Configuration](/doc/gui-configuration/) * [Resizing Disk Images](/doc/resize-disk-image/) - * [Troubleshooting UEFI](/doc/uefi-troubleshooting/) * [Troubleshooting Newer Hardware](/doc/newer-hardware-troubleshooting/) * [Mounting and Decrypting Qubes Partitions from Outside Qubes](/doc/mount-from-other-os/) * [KDE](/doc/kde/) * [i3 Window Manager](/doc/i3/) * [awesome Window Manager](/doc/awesome/) +### Troubleshooting + + * [Installation Troubleshooting](/doc/installation-troubleshooting/) + * [UEFI Troubleshooting](/doc/uefi-troubleshooting/) + * [Suspend/Resume Troubleshooting](/doc/suspend-resume-troubleshooting/) + ### Reference Pages * [Command-line Tools](/doc/tools/) @@ -294,7 +299,6 @@ Unofficial, third-party documentation from the Qubes community and others. * [Lenovo ThinkPad Troubleshooting](/doc/thinkpad-troubleshooting/) * [Apple MacBook Troubleshooting](/doc/macbook-troubleshooting/) * [Getting Sony Vaio Z laptop to work with Qubes](/doc/sony-vaio-tinkering/) - * [Fixing wireless on suspend & resume](/doc/wireless-troubleshooting/) * [How to remove VMs manually](/doc/remove-vm-manually/) * [Intel Integrated Graphics Troubleshooting](/doc/intel-igfx-troubleshooting/) diff --git a/external/troubleshooting/wireless-troubleshooting.md b/user/troubleshooting/resume-suspend-troubleshooting.md similarity index 83% rename from external/troubleshooting/wireless-troubleshooting.md rename to user/troubleshooting/resume-suspend-troubleshooting.md index 9c8ea33d..124465d3 100644 --- a/external/troubleshooting/wireless-troubleshooting.md +++ b/user/troubleshooting/resume-suspend-troubleshooting.md @@ -1,19 +1,18 @@ --- layout: doc -title: Wireless Troubleshooting -permalink: /doc/wireless-troubleshooting/ +title: Suspend/Resume Troubleshooting +permalink: /doc/suspend-resume-troubleshooting/ redirect_from: - /en/doc/wireless-troubleshooting/ +- /doc/wireless-troubleshooting/ --- -Wireless Troubleshooting Guide -============================== +# Troubleshooting problems relating to suspend/resume # + +## Network-Manager says “Device not ready” after suspend/resume ## These instructions may help with suspend/resume issues for more devices than just wireless cards, that is just the (unfortunately not uncommon) example used here. -Resetting wireless cards by reloading drivers ---------------------------------------------- - If your wireless card works, but after suspending and resuming your computer, the Network-Manager applet just says "Device not ready", then try un-loading and re-loading the driver. ### Determining your wireless card driver ### @@ -104,8 +103,7 @@ depends: cfg80211 [user@sys-net ~]$ sudo modprobe iwlmvm ~~~ -Automatically reloading drivers on suspend/resume -------------------------------------------------- +## Drivers do not reload automatically on suspend/resume ## If reloading the driver (which resets the hardware into a known-state) resolves your issue when done manually, you can have Qubes automatically un/reload them on suspend & resume by listing the relevant modules in `/rw/config/suspend-module-blacklist`. @@ -119,3 +117,9 @@ In the above example, it would look like this: iwlmvm iwlwifi ~~~ + +## Power consumption increases after suspend/resume ## + +This problem is related to the software method used to disable sibling threads and how it interacts with suspend/resume. +To solve the problem, disable hyperthreading in the BIOS. This [external guide](https://www.pcmag.com/news/how-to-disable-hyperthreading) explains how to disable hyperthreading. +Since Qubes does disable hyperthreading by default (by not using secondary threads), you won't pay any performance cost. From 49963f6e5598e4fc819eba84b7fbe7f5ee6b8c98 Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Sat, 10 Oct 2020 09:55:22 +0100 Subject: [PATCH 02/45] Minor word change --- user/troubleshooting/resume-suspend-troubleshooting.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user/troubleshooting/resume-suspend-troubleshooting.md b/user/troubleshooting/resume-suspend-troubleshooting.md index 124465d3..4844ccae 100644 --- a/user/troubleshooting/resume-suspend-troubleshooting.md +++ b/user/troubleshooting/resume-suspend-troubleshooting.md @@ -9,7 +9,7 @@ redirect_from: # Troubleshooting problems relating to suspend/resume # -## Network-Manager says “Device not ready” after suspend/resume ## +## Network-Manager says “Device not ready” on suspend/resume ## These instructions may help with suspend/resume issues for more devices than just wireless cards, that is just the (unfortunately not uncommon) example used here. @@ -118,7 +118,7 @@ iwlmvm iwlwifi ~~~ -## Power consumption increases after suspend/resume ## +## Power consumption increases on suspend/resume ## This problem is related to the software method used to disable sibling threads and how it interacts with suspend/resume. To solve the problem, disable hyperthreading in the BIOS. This [external guide](https://www.pcmag.com/news/how-to-disable-hyperthreading) explains how to disable hyperthreading. From 24c86d459c1bbc29dc34267a226522e0f2bf6a1c Mon Sep 17 00:00:00 2001 From: PROTechThor Date: Sat, 10 Oct 2020 11:02:41 +0100 Subject: [PATCH 03/45] Add VM Troubleshooting --- doc.md | 10 ++- .../troubleshooting/remove-vm-manually.md | 36 ---------- .../managing-vm-kernel.md | 7 +- user/managing-os/debian/debian.md | 12 +--- user/troubleshooting/vm-troubleshooting.md | 70 +++++++++++++++++++ 5 files changed, 79 insertions(+), 56 deletions(-) delete mode 100644 external/troubleshooting/remove-vm-manually.md create mode 100644 user/troubleshooting/vm-troubleshooting.md diff --git a/doc.md b/doc.md index df16c6ed..9e3600e5 100644 --- a/doc.md +++ b/doc.md @@ -135,13 +135,19 @@ Core documentation for Qubes users. * [Making Any File Persistent Using `bind-dirs`](/doc/bind-dirs/) * [GUI Configuration](/doc/gui-configuration/) * [Resizing Disk Images](/doc/resize-disk-image/) - * [Troubleshooting UEFI](/doc/uefi-troubleshooting/) * [Troubleshooting Newer Hardware](/doc/newer-hardware-troubleshooting/) * [Mounting and Decrypting Qubes Partitions from Outside Qubes](/doc/mount-from-other-os/) * [KDE](/doc/kde/) * [i3 Window Manager](/doc/i3/) * [awesome Window Manager](/doc/awesome/) +### Troubleshooting + + * [Installation Troubleshooting](/doc/installation-troubleshooting/) + * [UEFI Troubleshooting](/doc/uefi-troubleshooting/) + * [Suspend/Resume Troubleshooting](/doc/suspend-resume-troubleshooting/) + * [VM Troubleshooting](/doc/vm-troubleshooting/) + ### Reference Pages * [Command-line Tools](/doc/tools/) @@ -294,8 +300,6 @@ Unofficial, third-party documentation from the Qubes community and others. * [Lenovo ThinkPad Troubleshooting](/doc/thinkpad-troubleshooting/) * [Apple MacBook Troubleshooting](/doc/macbook-troubleshooting/) * [Getting Sony Vaio Z laptop to work with Qubes](/doc/sony-vaio-tinkering/) - * [Fixing wireless on suspend & resume](/doc/wireless-troubleshooting/) - * [How to remove VMs manually](/doc/remove-vm-manually/) * [Intel Integrated Graphics Troubleshooting](/doc/intel-igfx-troubleshooting/) ### Building Guides diff --git a/external/troubleshooting/remove-vm-manually.md b/external/troubleshooting/remove-vm-manually.md deleted file mode 100644 index fbc1c145..00000000 --- a/external/troubleshooting/remove-vm-manually.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -layout: doc -title: How to Remove VMs Manually -permalink: /doc/remove-vm-manually/ ---- - -How to Remove VMs Manually -========================== - -How to Remove a TemplateVM Manually ------------------------------------ - -Try the [normal method] before resorting to this. -All of the following commands should be executed in a dom0 terminal. - -When a template is marked as 'installed by package manager', but cannot be uninstalled there, trying to uninstall manually will result in the error "ERROR: VM installed by package manager: template-vm-name". Do as follows to be able to uninstall the template: - -1. Check the state of `installed_by_rpm` - - $ qvm-prefs template-vm-name - -2. If `installed_by_rpm - True]`, mark the template as not installed by package manager - - $ qvm-prefs template-vm-name installed_by_rpm false - -3. Re-check the state of `installed_by_rpm` - -- If `installed_by_rpm - False`, remove the template like you would a regular qube: - - $ qvm-remove template-vm-name - -- If `installed_by_rpm` remains `True`, reboot your computer to bring qubes.xml in sync with qubesd, and try again to remove the template. - - -[normal method]: /doc/templates/#uninstalling - diff --git a/user/advanced-configuration/managing-vm-kernel.md b/user/advanced-configuration/managing-vm-kernel.md index 42dbd75d..c8948b37 100644 --- a/user/advanced-configuration/managing-vm-kernel.md +++ b/user/advanced-configuration/managing-vm-kernel.md @@ -355,12 +355,7 @@ The output should look like this: #### Troubleshooting -In case of problems, you can access the VM console using `qvm-console-dispvm VMNAME` in dom0, then access the GRUB menu. -You need to call it just after starting the VM (until `GRUB_TIMEOUT` expires); for example, in a separate dom0 terminal window. - -In any case you can later access the VM's logs (especially the VM console log `/var/log/xen/console/guest-VMNAME.log`). - -You can always set the kernel back to some dom0-provided value to fix a VM kernel installation. +In case of problems, visit the [VM Troubleshooting guide](/doc/vm-troubleshooting/#vm-kernel-troubleshooting) to learn how to access the VM console, view logs and fix a VM kernel installation. [dom0-kernel-upgrade]: /doc/software-update-dom0/#kernel-upgrade diff --git a/user/managing-os/debian/debian.md b/user/managing-os/debian/debian.md index 236c2d8e..a688e87e 100644 --- a/user/managing-os/debian/debian.md +++ b/user/managing-os/debian/debian.md @@ -99,17 +99,7 @@ The lesson is that you should carefully look at what is being installed to your ### Package installation errors in Qubes 4.0 -By default, templates in 4.0 only have a loopback interface. - -Some packages will throw an error on installation in this situation. -For example, Samba expects to be configured using a network interface post installation. - -One solution is to add a dummy interface to allow the package to install correctly: - - ip link add d0 type dummy - ip addr add 192.168.0.1/24 dev d0 - ip link set d0 up - +If some packages throw installation errors, see [this guide.](/doc/vm-troubleshooting/#fixing-package-installation-errors) [TemplateVM]: /doc/templates/ [Minimal TemplateVMs]: /doc/templates/minimal/ diff --git a/user/troubleshooting/vm-troubleshooting.md b/user/troubleshooting/vm-troubleshooting.md new file mode 100644 index 00000000..ece7b968 --- /dev/null +++ b/user/troubleshooting/vm-troubleshooting.md @@ -0,0 +1,70 @@ +--- +layout: doc +title: Suspend/Resume Troubleshooting +permalink: /doc/vm-troubleshooting/ +redirect_from: +- /doc/remove-vm-manually/ +--- + +# VM troubleshooting # + +## VM Kernel troubleshooting ## + +In case of problems, you can access the VM console using `qvm-console-dispvm VMNAME` in dom0, then access the GRUB menu. +You need to call it just after starting the VM (until `GRUB_TIMEOUT` expires); for example, in a separate dom0 terminal window. + +In any case you can later access the VM's logs (especially the VM console log `/var/log/xen/console/guest-VMNAME.log`). + +You can always set the kernel back to some dom0-provided value to fix a VM kernel installation. + +## Qubes starts, but no VMs load ## + +This issue may occur if a dom0 update is interrupted halfway through and/or a hard power off is done without shutting down Qubes, which results in files getting corrupted. +In this case, the best fix is to reinstall Qubes and restore your files from a backup. +Even if you have not backed up data in a while, you should be able to mount the volumes to pull data from them. + +## Can not uninstall a VM / “ERROR: VM installed by package manager: template-vm-name” + +Try the [normal method] before resorting to this method to remove a VM manually. +All of the following commands should be executed in a dom0 terminal. + +When a template is marked as 'installed by package manager', but cannot be uninstalled there, trying to uninstall manually will result in the error "ERROR: VM installed by package manager: template-vm-name". Do as follows to be able to uninstall the template: + +1. Check the state of `installed_by_rpm` + + $ qvm-prefs template-vm-name + +2. If `installed_by_rpm - True]`, mark the template as not installed by package manager + + $ qvm-prefs template-vm-name installed_by_rpm false + +3. Re-check the state of `installed_by_rpm` + +- If `installed_by_rpm - False`, remove the template like you would a regular qube: + + $ qvm-remove template-vm-name + +- If `installed_by_rpm` remains `True`, reboot your computer to bring qubes.xml in sync with qubesd, and try again to remove the template. + + +[normal method]: /doc/templates/#uninstalling + + +## Fixing package installation errors ## + +By default, templates in 4.0 only have a loopback interface. + +Some packages will throw an error on installation in this situation. +For example, Samba expects to be configured using a network interface post installation. + +One solution is to add a dummy interface to allow the package to install correctly: + + ip link add d0 type dummy + ip addr add 192.168.0.1/24 dev d0 + ip link set d0 up + +## "Cannot connect to qrexec agent" error ## + +If you face this error when starting a VM, it may be due to too little initial memory. +A solution is to increase the initial memory from 200MB to 400MB by navigating to VM settings » Advanced » Initial memory. + From 2ca7c01b74ba38e469bfa0411af66a1e3ed4d9be Mon Sep 17 00:00:00 2001 From: PROTechThor Date: Sat, 10 Oct 2020 11:50:35 +0100 Subject: [PATCH 04/45] Add HVM Troubleshooting --- doc.md | 11 +++- external/os-guides/linux-hvm-tips.md | 36 +----------- user/troubleshooting/hvm-troubleshooting.md | 64 +++++++++++++++++++++ 3 files changed, 73 insertions(+), 38 deletions(-) create mode 100644 user/troubleshooting/hvm-troubleshooting.md diff --git a/doc.md b/doc.md index df16c6ed..9a65323f 100644 --- a/doc.md +++ b/doc.md @@ -135,13 +135,20 @@ Core documentation for Qubes users. * [Making Any File Persistent Using `bind-dirs`](/doc/bind-dirs/) * [GUI Configuration](/doc/gui-configuration/) * [Resizing Disk Images](/doc/resize-disk-image/) - * [Troubleshooting UEFI](/doc/uefi-troubleshooting/) * [Troubleshooting Newer Hardware](/doc/newer-hardware-troubleshooting/) * [Mounting and Decrypting Qubes Partitions from Outside Qubes](/doc/mount-from-other-os/) * [KDE](/doc/kde/) * [i3 Window Manager](/doc/i3/) * [awesome Window Manager](/doc/awesome/) +### Troubleshooting + + * [Installation Troubleshooting](/doc/installation-troubleshooting/) + * [UEFI Troubleshooting](/doc/uefi-troubleshooting/) + * [Suspend/Resume Troubleshooting](/doc/suspend-resume-troubleshooting/) + * [VM Troubleshooting](/doc/vm-troubleshooting/) + * [HVM Troubleshooting](/doc/hvm-troubleshooting/) + ### Reference Pages * [Command-line Tools](/doc/tools/) @@ -294,8 +301,6 @@ Unofficial, third-party documentation from the Qubes community and others. * [Lenovo ThinkPad Troubleshooting](/doc/thinkpad-troubleshooting/) * [Apple MacBook Troubleshooting](/doc/macbook-troubleshooting/) * [Getting Sony Vaio Z laptop to work with Qubes](/doc/sony-vaio-tinkering/) - * [Fixing wireless on suspend & resume](/doc/wireless-troubleshooting/) - * [How to remove VMs manually](/doc/remove-vm-manually/) * [Intel Integrated Graphics Troubleshooting](/doc/intel-igfx-troubleshooting/) ### Building Guides diff --git a/external/os-guides/linux-hvm-tips.md b/external/os-guides/linux-hvm-tips.md index c1c99fa3..4bf5dde3 100644 --- a/external/os-guides/linux-hvm-tips.md +++ b/external/os-guides/linux-hvm-tips.md @@ -14,41 +14,7 @@ Tips for Linux in HVM domain How to fix bootup kernel error ------------------------------- -The HVM may pause on boot, showing a fixed cursor. -After a while a series of warnings may be shown similar to this: - - BUG: soft lockup - CPU#0 stuck for 23s! [systemd-udevd:244] - -To fix this: - -1. Kill the HVM. -1. Start the HVM -1. Press "e" at the grub screen to edit the boot parameters -1. Find the /vmlinuz line, and edit it to replace "rhgb" with "modprobe.blacklist=bochs_drm" -1. Press "Ctrl-x" to start the HVM - -If this solves the problem then you will want to make the change permanent: - -1. Edit the file `/etc/default/grub`. -1. Find the line which starts: - ~~~ - GRUB_CMDLINE_LINUX= - ~~~ -1. Remove this text from that line: - ~~~ - rhgb - ~~~ -1. Add this text to that line: - ~~~ - modprobe.blacklist=bochs_drm - ~~~ -1. Run this command: - ~~~ - grub2-mkconfig --output=/boot/grub2/grub.cfg - ~~~ - -The HVM should now start normally. - +If the HVM pauses on boot and shows a series of warnings, visit [HVM Troubleshooting](/doc/hvm-troubleshooting/#hvm-pauses-on-boot-followed-by-kernel-error) for a fix. Screen resolution ----------------- diff --git a/user/troubleshooting/hvm-troubleshooting.md b/user/troubleshooting/hvm-troubleshooting.md new file mode 100644 index 00000000..2287ffb3 --- /dev/null +++ b/user/troubleshooting/hvm-troubleshooting.md @@ -0,0 +1,64 @@ +--- +layout: doc +title: HVM Troubleshooting +permalink: /doc/hvm-troubleshooting/ +redirect_from: +- /en/doc/wireless-troubleshooting/ +- /doc/wireless-troubleshooting/ +--- + +# HVM Troubleshooting # + +## HVM pauses on boot, followed by kernel error ## + +The HVM may pause on boot, showing a fixed cursor. +After a while a series of warnings may be shown similar to this: + + BUG: soft lockup - CPU#0 stuck for 23s! [systemd-udevd:244] + +To fix this: + +1. Kill the HVM. +1. Start the HVM +1. Press "e" at the grub screen to edit the boot parameters +1. Find the /vmlinuz line, and edit it to replace "rhgb" with "modprobe.blacklist=bochs_drm" +1. Press "Ctrl-x" to start the HVM + +If this solves the problem then you will want to make the change permanent: + +1. Edit the file `/etc/default/grub`. +1. Find the line which starts: + ~~~ + GRUB_CMDLINE_LINUX= + ~~~ +1. Remove this text from that line: + ~~~ + rhgb + ~~~ +1. Add this text to that line: + ~~~ + modprobe.blacklist=bochs_drm + ~~~ +1. Run this command: + ~~~ + grub2-mkconfig --output=/boot/grub2/grub.cfg + ~~~ + +The HVM should now start normally. + +## Can't start an OS in an HVM / "Probing EDD (edd=off to disable!... ok" message ## + +If you see a screen popup with SeaBios and 4 lines, last one being `Probing EDD (edd=off to disable!... ok`, then enter the following command from a `dom0` prompt: + + qvm-prefs kernel "" + +## HVM crashes when booting from ISO ## +If your HVM crashes when trying to boot an ISO, first ensure that ` qvm-prefs ` is empty, as shown above. +If this doesn't help, then disable memory balancing and set the minimum memory to 2GB. + +You can disable memory-balancing in the settings, under the “Advanced” tab. + +To give the VM a RAM of 2GB, open a terminal in `dom0` and enter: + + qvm-prefs memory 2000 + From 4f36d2534baea93fb29a9bbe53c1965cef2fbbfd Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Sat, 10 Oct 2020 12:25:36 +0100 Subject: [PATCH 05/45] Remove redirects --- user/troubleshooting/hvm-troubleshooting.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/user/troubleshooting/hvm-troubleshooting.md b/user/troubleshooting/hvm-troubleshooting.md index 2287ffb3..7dddd235 100644 --- a/user/troubleshooting/hvm-troubleshooting.md +++ b/user/troubleshooting/hvm-troubleshooting.md @@ -2,9 +2,7 @@ layout: doc title: HVM Troubleshooting permalink: /doc/hvm-troubleshooting/ -redirect_from: -- /en/doc/wireless-troubleshooting/ -- /doc/wireless-troubleshooting/ + --- # HVM Troubleshooting # From 747055c29436a0fc1028414028e89d9c10ac875e Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Sat, 10 Oct 2020 18:10:19 +0100 Subject: [PATCH 06/45] Minor changes --- user/troubleshooting/vm-troubleshooting.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/user/troubleshooting/vm-troubleshooting.md b/user/troubleshooting/vm-troubleshooting.md index ece7b968..5fbbf2a4 100644 --- a/user/troubleshooting/vm-troubleshooting.md +++ b/user/troubleshooting/vm-troubleshooting.md @@ -1,6 +1,6 @@ --- layout: doc -title: Suspend/Resume Troubleshooting +title: VM Troubleshooting permalink: /doc/vm-troubleshooting/ redirect_from: - /doc/remove-vm-manually/ @@ -10,6 +10,8 @@ redirect_from: ## VM Kernel troubleshooting ## +This troubleshoot applies to the non-default kernel choice described in the [Managing VM docs](https://www.qubes-os.org/doc/managing-vm-kernel/#using-kernel-installed-in-the-vm). + In case of problems, you can access the VM console using `qvm-console-dispvm VMNAME` in dom0, then access the GRUB menu. You need to call it just after starting the VM (until `GRUB_TIMEOUT` expires); for example, in a separate dom0 terminal window. @@ -19,9 +21,9 @@ You can always set the kernel back to some dom0-provided value to fix a VM kerne ## Qubes starts, but no VMs load ## -This issue may occur if a dom0 update is interrupted halfway through and/or a hard power off is done without shutting down Qubes, which results in files getting corrupted. -In this case, the best fix is to reinstall Qubes and restore your files from a backup. -Even if you have not backed up data in a while, you should be able to mount the volumes to pull data from them. +First, try to start a particular VM, check any failure message and direct further steps based on that. + +This issue has been seen to occur if a dom0 update is interrupted halfway through and/or a hard power off is done without shutting down Qubes, which results in files getting corrupted. ## Can not uninstall a VM / “ERROR: VM installed by package manager: template-vm-name” @@ -65,6 +67,7 @@ One solution is to add a dummy interface to allow the package to install correct ## "Cannot connect to qrexec agent" error ## -If you face this error when starting a VM, it may be due to too little initial memory. -A solution is to increase the initial memory from 200MB to 400MB by navigating to VM settings » Advanced » Initial memory. +If you face this error when starting a VM, look into the VM logs at `/var/log/xen/console/guest-VMNAME.log`. +Common reasons that may be revealed are: too low memory, corrupted files or a VM crash on startup. +If the error occurs as a result of too little initial memory, increase the initial memory from 200MB to 400MB by navigating to VM settings » Advanced » Initial memory. From ad67bdef1921fa1bca4b8f13e6e407b58008a214 Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Sat, 10 Oct 2020 18:25:17 +0100 Subject: [PATCH 07/45] Rearrange section links --- doc.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/doc.md b/doc.md index 9e3600e5..787379cc 100644 --- a/doc.md +++ b/doc.md @@ -135,6 +135,7 @@ Core documentation for Qubes users. * [Making Any File Persistent Using `bind-dirs`](/doc/bind-dirs/) * [GUI Configuration](/doc/gui-configuration/) * [Resizing Disk Images](/doc/resize-disk-image/) + * [Troubleshooting UEFI](/doc/uefi-troubleshooting/) * [Troubleshooting Newer Hardware](/doc/newer-hardware-troubleshooting/) * [Mounting and Decrypting Qubes Partitions from Outside Qubes](/doc/mount-from-other-os/) * [KDE](/doc/kde/) @@ -143,9 +144,6 @@ Core documentation for Qubes users. ### Troubleshooting - * [Installation Troubleshooting](/doc/installation-troubleshooting/) - * [UEFI Troubleshooting](/doc/uefi-troubleshooting/) - * [Suspend/Resume Troubleshooting](/doc/suspend-resume-troubleshooting/) * [VM Troubleshooting](/doc/vm-troubleshooting/) ### Reference Pages @@ -300,6 +298,7 @@ Unofficial, third-party documentation from the Qubes community and others. * [Lenovo ThinkPad Troubleshooting](/doc/thinkpad-troubleshooting/) * [Apple MacBook Troubleshooting](/doc/macbook-troubleshooting/) * [Getting Sony Vaio Z laptop to work with Qubes](/doc/sony-vaio-tinkering/) + * [Fixing wireless on suspend & resume](/doc/wireless-troubleshooting/) * [Intel Integrated Graphics Troubleshooting](/doc/intel-igfx-troubleshooting/) ### Building Guides From dee255455555dba8a73ea2ebdf493a8b8f6710b6 Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Sat, 10 Oct 2020 18:32:18 +0100 Subject: [PATCH 08/45] Add "kernel" word --- user/troubleshooting/hvm-troubleshooting.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/troubleshooting/hvm-troubleshooting.md b/user/troubleshooting/hvm-troubleshooting.md index 7dddd235..63ef9870 100644 --- a/user/troubleshooting/hvm-troubleshooting.md +++ b/user/troubleshooting/hvm-troubleshooting.md @@ -51,7 +51,7 @@ If you see a screen popup with SeaBios and 4 lines, last one being `Probing EDD qvm-prefs kernel "" ## HVM crashes when booting from ISO ## -If your HVM crashes when trying to boot an ISO, first ensure that ` qvm-prefs ` is empty, as shown above. +If your HVM crashes when trying to boot an ISO, first ensure that ` qvm-prefs kernel` is empty, as shown above. If this doesn't help, then disable memory balancing and set the minimum memory to 2GB. You can disable memory-balancing in the settings, under the “Advanced” tab. From 3b8e054d8179d40cdfc8a128c18fb2bdd1f472e6 Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Sat, 10 Oct 2020 18:35:05 +0100 Subject: [PATCH 09/45] Rearrange index links --- doc.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/doc.md b/doc.md index 9a65323f..c4e9c80a 100644 --- a/doc.md +++ b/doc.md @@ -135,6 +135,7 @@ Core documentation for Qubes users. * [Making Any File Persistent Using `bind-dirs`](/doc/bind-dirs/) * [GUI Configuration](/doc/gui-configuration/) * [Resizing Disk Images](/doc/resize-disk-image/) + * [Troubleshooting UEFI](/doc/uefi-troubleshooting/) * [Troubleshooting Newer Hardware](/doc/newer-hardware-troubleshooting/) * [Mounting and Decrypting Qubes Partitions from Outside Qubes](/doc/mount-from-other-os/) * [KDE](/doc/kde/) @@ -143,10 +144,6 @@ Core documentation for Qubes users. ### Troubleshooting - * [Installation Troubleshooting](/doc/installation-troubleshooting/) - * [UEFI Troubleshooting](/doc/uefi-troubleshooting/) - * [Suspend/Resume Troubleshooting](/doc/suspend-resume-troubleshooting/) - * [VM Troubleshooting](/doc/vm-troubleshooting/) * [HVM Troubleshooting](/doc/hvm-troubleshooting/) ### Reference Pages @@ -301,6 +298,8 @@ Unofficial, third-party documentation from the Qubes community and others. * [Lenovo ThinkPad Troubleshooting](/doc/thinkpad-troubleshooting/) * [Apple MacBook Troubleshooting](/doc/macbook-troubleshooting/) * [Getting Sony Vaio Z laptop to work with Qubes](/doc/sony-vaio-tinkering/) + * [Fixing wireless on suspend & resume](/doc/wireless-troubleshooting/) + * [How to remove VMs manually](/doc/remove-vm-manually/) * [Intel Integrated Graphics Troubleshooting](/doc/intel-igfx-troubleshooting/) ### Building Guides From 7d71d0c86917370faf8f998e4a8b4b2b4b4361a6 Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Sun, 11 Oct 2020 04:42:43 +0100 Subject: [PATCH 10/45] Remove non-existent link --- doc.md | 1 - 1 file changed, 1 deletion(-) diff --git a/doc.md b/doc.md index ce3d6589..18a0e0a8 100644 --- a/doc.md +++ b/doc.md @@ -143,7 +143,6 @@ Core documentation for Qubes users. ### Troubleshooting - * [Installation Troubleshooting](/doc/installation-troubleshooting/) * [UEFI Troubleshooting](/doc/uefi-troubleshooting/) * [Suspend/Resume Troubleshooting](/doc/suspend-resume-troubleshooting/) From afd71051d3c85c2b7f90f85e3cfff9bea77d8e1e Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Sun, 11 Oct 2020 04:43:58 +0100 Subject: [PATCH 11/45] Add hyphen to "hyperthreading" --- user/troubleshooting/resume-suspend-troubleshooting.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/troubleshooting/resume-suspend-troubleshooting.md b/user/troubleshooting/resume-suspend-troubleshooting.md index 4844ccae..fec66d85 100644 --- a/user/troubleshooting/resume-suspend-troubleshooting.md +++ b/user/troubleshooting/resume-suspend-troubleshooting.md @@ -121,5 +121,5 @@ iwlwifi ## Power consumption increases on suspend/resume ## This problem is related to the software method used to disable sibling threads and how it interacts with suspend/resume. -To solve the problem, disable hyperthreading in the BIOS. This [external guide](https://www.pcmag.com/news/how-to-disable-hyperthreading) explains how to disable hyperthreading. +To solve the problem, disable hyper-threading in the BIOS. This [external guide](https://www.pcmag.com/news/how-to-disable-hyperthreading) explains how to disable hyper-threading. Since Qubes does disable hyperthreading by default (by not using secondary threads), you won't pay any performance cost. From e5c73616f9b55aad73aa146e60704938d9fc90c5 Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Mon, 12 Oct 2020 05:25:34 +0100 Subject: [PATCH 12/45] Remove space --- doc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc.md b/doc.md index 787379cc..cfab61f9 100644 --- a/doc.md +++ b/doc.md @@ -135,7 +135,7 @@ Core documentation for Qubes users. * [Making Any File Persistent Using `bind-dirs`](/doc/bind-dirs/) * [GUI Configuration](/doc/gui-configuration/) * [Resizing Disk Images](/doc/resize-disk-image/) - * [Troubleshooting UEFI](/doc/uefi-troubleshooting/) + * [Troubleshooting UEFI](/doc/uefi-troubleshooting/) * [Troubleshooting Newer Hardware](/doc/newer-hardware-troubleshooting/) * [Mounting and Decrypting Qubes Partitions from Outside Qubes](/doc/mount-from-other-os/) * [KDE](/doc/kde/) From 01ba1a27d7f93872c7871a01e99007979a4a9904 Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Thu, 15 Oct 2020 08:44:39 +0100 Subject: [PATCH 13/45] Add new section about PCI devices --- user/troubleshooting/resume-suspend-troubleshooting.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/user/troubleshooting/resume-suspend-troubleshooting.md b/user/troubleshooting/resume-suspend-troubleshooting.md index fec66d85..5acacc81 100644 --- a/user/troubleshooting/resume-suspend-troubleshooting.md +++ b/user/troubleshooting/resume-suspend-troubleshooting.md @@ -123,3 +123,12 @@ iwlwifi This problem is related to the software method used to disable sibling threads and how it interacts with suspend/resume. To solve the problem, disable hyper-threading in the BIOS. This [external guide](https://www.pcmag.com/news/how-to-disable-hyperthreading) explains how to disable hyper-threading. Since Qubes does disable hyperthreading by default (by not using secondary threads), you won't pay any performance cost. + +## Attached devices in HVM stop working on suspend/resume ## + +After the whole system gets suspended into S3 sleep and subsequently resumed, some attached devices may stop working. To make the devices work, they should be restarted within the VM. +This can be achieved under a Windows HVM by opening the Device Manager, selecting the actual device (such as a USB controller), 'Disabling' the device, and then 'Enabling' the device again. +This is illustrated on the screenshot below: + +![r2b1-win7-usb-disable.png](/attachment/wiki/HvmCreate/r2b1-win7-usb-disable.png) + From e34f84618600cf737bff8c72ee7d2055164c358c Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Sun, 18 Oct 2020 04:32:16 +0100 Subject: [PATCH 14/45] Add "Windows" word --- user/troubleshooting/resume-suspend-troubleshooting.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/troubleshooting/resume-suspend-troubleshooting.md b/user/troubleshooting/resume-suspend-troubleshooting.md index 5acacc81..e16871c6 100644 --- a/user/troubleshooting/resume-suspend-troubleshooting.md +++ b/user/troubleshooting/resume-suspend-troubleshooting.md @@ -124,7 +124,7 @@ This problem is related to the software method used to disable sibling threads a To solve the problem, disable hyper-threading in the BIOS. This [external guide](https://www.pcmag.com/news/how-to-disable-hyperthreading) explains how to disable hyper-threading. Since Qubes does disable hyperthreading by default (by not using secondary threads), you won't pay any performance cost. -## Attached devices in HVM stop working on suspend/resume ## +## Attached devices in Windows HVM stop working on suspend/resume ## After the whole system gets suspended into S3 sleep and subsequently resumed, some attached devices may stop working. To make the devices work, they should be restarted within the VM. This can be achieved under a Windows HVM by opening the Device Manager, selecting the actual device (such as a USB controller), 'Disabling' the device, and then 'Enabling' the device again. From 062e7489a6066e62a4dd3756e2f98d4cfe578c57 Mon Sep 17 00:00:00 2001 From: PROTechThor Date: Sun, 18 Oct 2020 07:16:20 +0100 Subject: [PATCH 15/45] Add Disk Troubleshooting --- doc.md | 2 +- user/troubleshooting/disk-troubleshooting.md | 96 ++++++++++++++++++++ user/troubleshooting/out-of-memory.md | 46 ---------- 3 files changed, 97 insertions(+), 47 deletions(-) create mode 100644 user/troubleshooting/disk-troubleshooting.md delete mode 100644 user/troubleshooting/out-of-memory.md diff --git a/doc.md b/doc.md index f782dfe9..37364941 100644 --- a/doc.md +++ b/doc.md @@ -122,7 +122,7 @@ Core documentation for Qubes users. * [Installation Troubleshooting](/doc/installation-troubleshooting) * [UEFI Troubleshooting](/doc/uefi-troubleshooting/) - * [Home directory is out of disk space error](/doc/out-of-memory/) + * [Disk Troubleshooting](/doc/disk-troubleshooting/) * [Installing on system with new AMD GPU (missing firmware problem)](https://groups.google.com/group/qubes-devel/browse_thread/thread/e27a57b0eda62f76) * [How to install an Nvidia driver in dom0](/doc/install-nvidia-driver/) * [Nvidia troubleshooting guide](/doc/nvidia-troubleshooting/) diff --git a/user/troubleshooting/disk-troubleshooting.md b/user/troubleshooting/disk-troubleshooting.md new file mode 100644 index 00000000..d281bdf1 --- /dev/null +++ b/user/troubleshooting/disk-troubleshooting.md @@ -0,0 +1,96 @@ +--- +layout: doc +title: Disk Troubleshooting +permalink: /doc/disk-troubleshooting/ +redirect_from: +- /en/doc/out-of-memory/ +- /doc/OutOfmemory/ +- /wiki/OutOfmemory/ +- /doc/out-of-memory/ +--- + +# Disk Troubleshooting Guide # + +## "Out of disk space" error ## + +VMs (especially templates) use pre-allocated space. +The default private storage max size is 2 GB, but it's very easy to increase as needed. +If the disk is completely full, you will get an `Out of disk space` error that may crash your system because Dom0 does not have enough disk space to work. +So it's good practice to regularly check disk space usage with the command `df -h` in dom0 terminal. + +A system that's out of space should be able to boot, but may be unable to load a desktop manager. +In this case it is possible to login to dom0 terminal with Alt + Ctrl + F2. +To recover disk space it may be possible to delete files in a userVM by connecting to the userVM terminal: + +~~~ +qvm-start +qvm-console-dispvm +~~~ + +If this does not work, check the size of /var/lib/qubes/qubes.xml. +If it is zero, you'll need to use one of the file backup (stored in /var/lib/qubes/backup), hopefully you have the current data there. +Find the most recent one and place in /var/lib/qubes/qubes.xml instead of the empty file. + +In any case you'll need some disk space to start the VM. Check `df -h` output if you have some. +If not, here are some hints how to free some disk space: + +1. Clean yum cache. + + ~~~ + sudo yum clean all + ~~~ + +2. Delete `.img` files of a less important VM, which can be found in `/var/lib/qubes/appvms/`. + Then, when the system is working again, clean up the rest. + + ~~~ + qvm-remove + ~~~ + + With this method, you lose the data of one VM, but it'll work more reliably. + +3. Decrease the filesystem safety margin (5% by default). + + ~~~ + sudo tune2fs -m 4 /dev/mapper/vg_dom0-lv_root + ~~~ + +4. Remove some unneeded files in dom0 home (if you have any, most likely not). + +## Can't resize VM storage / "resize2fs: Permission denied" error ## + +[Resizing a volume](/doc/resize-disk-image/) in the Qubes interface should be a straightforward process. +But sometimes, an attempt to resize will look like it worked, when it in fact fails silently. +If you then try the same operation in the dom0 console using the `qvm-volume extend` command, it fails with the error message: `resize2fs: Permission denied to resize filesystem`. +This error indicates that a `resize2fs` will not work, unless `fsck` is run first. +Qubes OS utilities cannot yet handle this case. + +To fix this issue: + +1. In the dom0 terminal get a root console on the vm (eg. sys-usb) with: + + ~~~ + sudo xl console -t pv sys-usb + ~~~ + +2. Unmount everything mounted on the private volume `/dev/xvdb partition`. +There are typically several mounts listed in `/etc/mtab`. + +3. When you attempt to unmount the `/home` directory using the `umount /home` command, you will encounter an error because there are processes using the `/home` directory. You can view a list of these processes with the `fuser` command: + + ~~~ + fuser -m /home + ~~~ + +Kill these process until they are all gone using `kill `. + +4. Finally, run: + + ~~~ + umount /home + fsck /dev/xvdb + resize2fs /dev/xvdb + ~~~ + +After restarting your VM, everything should now work as expected. +The private volume size shown externally in the VM's settings interface is the same as that seen within the VM. diff --git a/user/troubleshooting/out-of-memory.md b/user/troubleshooting/out-of-memory.md deleted file mode 100644 index 869da993..00000000 --- a/user/troubleshooting/out-of-memory.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -layout: doc -title: Out of Memory -permalink: /doc/out-of-memory/ -redirect_from: -- /en/doc/out-of-memory/ -- /doc/OutOfmemory/ -- /wiki/OutOfmemory/ ---- - -VMs (especially templates) use pre-allocated space. The default private storage max size is 2 GB, but it's very easy to increase as needed. If the disk is completely full, you will get an `Out of disk space` error that may crash your system because Dom0 does not have enough disk space to work. So it's good practice to regularly check disk space usage with the command `df -h` in dom0 terminal. - -A system that's out of space should be able to boot, but may be unable to load a desktop manager. In this case it is possible to login to dom0 terminal with Alt + Ctrl + F2. To recover disk space it may be possible to delete files in a userVM by connecting to the userVM terminal: - -~~~ -qvm-start -qvm-console-dispvm -~~~ - -If this does not work, check the size of /var/lib/qubes/qubes.xml. If it is zero, you'll need to use one of the file backup (stored in /var/lib/qubes/backup), hopefully you have the current data there. Find the most recent one and place in /var/lib/qubes/qubes.xml instead of the empty file. - -In any case you'll need some disk space to start the VM. Check `df -h` output if you have some. If not, here are some hints how to free some disk space: - -1. Clean yum cache. - - ~~~ - sudo yum clean all - ~~~ - -2. Delete `.img` files of a less important VM, which can be found in `/var/lib/qubes/appvms/`. - Then, when the system is working again, clean up the rest. - - ~~~ - qvm-remove - ~~~ - - With this method, you lose the data of one VM, but it'll work more reliably. - -3. Decrease the filesystem safety margin (5% by default). - - ~~~ - sudo tune2fs -m 4 /dev/mapper/vg_dom0-lv_root - ~~~ - -4. Remove some unneeded files in dom0 home (if you have any, most likely not). - From f1e6afeb14383fa5a898251ea3b0f5693aea5340 Mon Sep 17 00:00:00 2001 From: PROTechThor Date: Sun, 18 Oct 2020 07:20:05 +0100 Subject: [PATCH 16/45] Revert "Add Disk Troubleshooting" This reverts commit 062e7489a6066e62a4dd3756e2f98d4cfe578c57. --- doc.md | 2 +- user/troubleshooting/disk-troubleshooting.md | 96 -------------------- user/troubleshooting/out-of-memory.md | 46 ++++++++++ 3 files changed, 47 insertions(+), 97 deletions(-) delete mode 100644 user/troubleshooting/disk-troubleshooting.md create mode 100644 user/troubleshooting/out-of-memory.md diff --git a/doc.md b/doc.md index 37364941..f782dfe9 100644 --- a/doc.md +++ b/doc.md @@ -122,7 +122,7 @@ Core documentation for Qubes users. * [Installation Troubleshooting](/doc/installation-troubleshooting) * [UEFI Troubleshooting](/doc/uefi-troubleshooting/) - * [Disk Troubleshooting](/doc/disk-troubleshooting/) + * [Home directory is out of disk space error](/doc/out-of-memory/) * [Installing on system with new AMD GPU (missing firmware problem)](https://groups.google.com/group/qubes-devel/browse_thread/thread/e27a57b0eda62f76) * [How to install an Nvidia driver in dom0](/doc/install-nvidia-driver/) * [Nvidia troubleshooting guide](/doc/nvidia-troubleshooting/) diff --git a/user/troubleshooting/disk-troubleshooting.md b/user/troubleshooting/disk-troubleshooting.md deleted file mode 100644 index d281bdf1..00000000 --- a/user/troubleshooting/disk-troubleshooting.md +++ /dev/null @@ -1,96 +0,0 @@ ---- -layout: doc -title: Disk Troubleshooting -permalink: /doc/disk-troubleshooting/ -redirect_from: -- /en/doc/out-of-memory/ -- /doc/OutOfmemory/ -- /wiki/OutOfmemory/ -- /doc/out-of-memory/ ---- - -# Disk Troubleshooting Guide # - -## "Out of disk space" error ## - -VMs (especially templates) use pre-allocated space. -The default private storage max size is 2 GB, but it's very easy to increase as needed. -If the disk is completely full, you will get an `Out of disk space` error that may crash your system because Dom0 does not have enough disk space to work. -So it's good practice to regularly check disk space usage with the command `df -h` in dom0 terminal. - -A system that's out of space should be able to boot, but may be unable to load a desktop manager. -In this case it is possible to login to dom0 terminal with Alt + Ctrl + F2. -To recover disk space it may be possible to delete files in a userVM by connecting to the userVM terminal: - -~~~ -qvm-start -qvm-console-dispvm -~~~ - -If this does not work, check the size of /var/lib/qubes/qubes.xml. -If it is zero, you'll need to use one of the file backup (stored in /var/lib/qubes/backup), hopefully you have the current data there. -Find the most recent one and place in /var/lib/qubes/qubes.xml instead of the empty file. - -In any case you'll need some disk space to start the VM. Check `df -h` output if you have some. -If not, here are some hints how to free some disk space: - -1. Clean yum cache. - - ~~~ - sudo yum clean all - ~~~ - -2. Delete `.img` files of a less important VM, which can be found in `/var/lib/qubes/appvms/`. - Then, when the system is working again, clean up the rest. - - ~~~ - qvm-remove - ~~~ - - With this method, you lose the data of one VM, but it'll work more reliably. - -3. Decrease the filesystem safety margin (5% by default). - - ~~~ - sudo tune2fs -m 4 /dev/mapper/vg_dom0-lv_root - ~~~ - -4. Remove some unneeded files in dom0 home (if you have any, most likely not). - -## Can't resize VM storage / "resize2fs: Permission denied" error ## - -[Resizing a volume](/doc/resize-disk-image/) in the Qubes interface should be a straightforward process. -But sometimes, an attempt to resize will look like it worked, when it in fact fails silently. -If you then try the same operation in the dom0 console using the `qvm-volume extend` command, it fails with the error message: `resize2fs: Permission denied to resize filesystem`. -This error indicates that a `resize2fs` will not work, unless `fsck` is run first. -Qubes OS utilities cannot yet handle this case. - -To fix this issue: - -1. In the dom0 terminal get a root console on the vm (eg. sys-usb) with: - - ~~~ - sudo xl console -t pv sys-usb - ~~~ - -2. Unmount everything mounted on the private volume `/dev/xvdb partition`. -There are typically several mounts listed in `/etc/mtab`. - -3. When you attempt to unmount the `/home` directory using the `umount /home` command, you will encounter an error because there are processes using the `/home` directory. You can view a list of these processes with the `fuser` command: - - ~~~ - fuser -m /home - ~~~ - -Kill these process until they are all gone using `kill `. - -4. Finally, run: - - ~~~ - umount /home - fsck /dev/xvdb - resize2fs /dev/xvdb - ~~~ - -After restarting your VM, everything should now work as expected. -The private volume size shown externally in the VM's settings interface is the same as that seen within the VM. diff --git a/user/troubleshooting/out-of-memory.md b/user/troubleshooting/out-of-memory.md new file mode 100644 index 00000000..869da993 --- /dev/null +++ b/user/troubleshooting/out-of-memory.md @@ -0,0 +1,46 @@ +--- +layout: doc +title: Out of Memory +permalink: /doc/out-of-memory/ +redirect_from: +- /en/doc/out-of-memory/ +- /doc/OutOfmemory/ +- /wiki/OutOfmemory/ +--- + +VMs (especially templates) use pre-allocated space. The default private storage max size is 2 GB, but it's very easy to increase as needed. If the disk is completely full, you will get an `Out of disk space` error that may crash your system because Dom0 does not have enough disk space to work. So it's good practice to regularly check disk space usage with the command `df -h` in dom0 terminal. + +A system that's out of space should be able to boot, but may be unable to load a desktop manager. In this case it is possible to login to dom0 terminal with Alt + Ctrl + F2. To recover disk space it may be possible to delete files in a userVM by connecting to the userVM terminal: + +~~~ +qvm-start +qvm-console-dispvm +~~~ + +If this does not work, check the size of /var/lib/qubes/qubes.xml. If it is zero, you'll need to use one of the file backup (stored in /var/lib/qubes/backup), hopefully you have the current data there. Find the most recent one and place in /var/lib/qubes/qubes.xml instead of the empty file. + +In any case you'll need some disk space to start the VM. Check `df -h` output if you have some. If not, here are some hints how to free some disk space: + +1. Clean yum cache. + + ~~~ + sudo yum clean all + ~~~ + +2. Delete `.img` files of a less important VM, which can be found in `/var/lib/qubes/appvms/`. + Then, when the system is working again, clean up the rest. + + ~~~ + qvm-remove + ~~~ + + With this method, you lose the data of one VM, but it'll work more reliably. + +3. Decrease the filesystem safety margin (5% by default). + + ~~~ + sudo tune2fs -m 4 /dev/mapper/vg_dom0-lv_root + ~~~ + +4. Remove some unneeded files in dom0 home (if you have any, most likely not). + From 5138bcaf199096af0a43d39536f071950825f489 Mon Sep 17 00:00:00 2001 From: PROTechThor Date: Sun, 18 Oct 2020 07:24:25 +0100 Subject: [PATCH 17/45] Add Disk Troubleshooting --- doc.md | 4 +- user/troubleshooting/disk-troubleshooting.md | 96 ++++++++++++++++++++ user/troubleshooting/out-of-memory.md | 46 ---------- 3 files changed, 98 insertions(+), 48 deletions(-) create mode 100644 user/troubleshooting/disk-troubleshooting.md delete mode 100644 user/troubleshooting/out-of-memory.md diff --git a/doc.md b/doc.md index 743c6477..37364941 100644 --- a/doc.md +++ b/doc.md @@ -112,7 +112,6 @@ Core documentation for Qubes users. * [Making Any File Persistent Using `bind-dirs`](/doc/bind-dirs/) * [GUI Configuration](/doc/gui-configuration/) * [Resizing Disk Images](/doc/resize-disk-image/) - * [Troubleshooting UEFI](/doc/uefi-troubleshooting/) * [Troubleshooting Newer Hardware](/doc/newer-hardware-troubleshooting/) * [Mounting and Decrypting Qubes Partitions from Outside Qubes](/doc/mount-from-other-os/) * [KDE](/doc/kde/) @@ -122,7 +121,8 @@ Core documentation for Qubes users. ### Troubleshooting * [Installation Troubleshooting](/doc/installation-troubleshooting) - * [Home directory is out of disk space error](/doc/out-of-memory/) + * [UEFI Troubleshooting](/doc/uefi-troubleshooting/) + * [Disk Troubleshooting](/doc/disk-troubleshooting/) * [Installing on system with new AMD GPU (missing firmware problem)](https://groups.google.com/group/qubes-devel/browse_thread/thread/e27a57b0eda62f76) * [How to install an Nvidia driver in dom0](/doc/install-nvidia-driver/) * [Nvidia troubleshooting guide](/doc/nvidia-troubleshooting/) diff --git a/user/troubleshooting/disk-troubleshooting.md b/user/troubleshooting/disk-troubleshooting.md new file mode 100644 index 00000000..d281bdf1 --- /dev/null +++ b/user/troubleshooting/disk-troubleshooting.md @@ -0,0 +1,96 @@ +--- +layout: doc +title: Disk Troubleshooting +permalink: /doc/disk-troubleshooting/ +redirect_from: +- /en/doc/out-of-memory/ +- /doc/OutOfmemory/ +- /wiki/OutOfmemory/ +- /doc/out-of-memory/ +--- + +# Disk Troubleshooting Guide # + +## "Out of disk space" error ## + +VMs (especially templates) use pre-allocated space. +The default private storage max size is 2 GB, but it's very easy to increase as needed. +If the disk is completely full, you will get an `Out of disk space` error that may crash your system because Dom0 does not have enough disk space to work. +So it's good practice to regularly check disk space usage with the command `df -h` in dom0 terminal. + +A system that's out of space should be able to boot, but may be unable to load a desktop manager. +In this case it is possible to login to dom0 terminal with Alt + Ctrl + F2. +To recover disk space it may be possible to delete files in a userVM by connecting to the userVM terminal: + +~~~ +qvm-start +qvm-console-dispvm +~~~ + +If this does not work, check the size of /var/lib/qubes/qubes.xml. +If it is zero, you'll need to use one of the file backup (stored in /var/lib/qubes/backup), hopefully you have the current data there. +Find the most recent one and place in /var/lib/qubes/qubes.xml instead of the empty file. + +In any case you'll need some disk space to start the VM. Check `df -h` output if you have some. +If not, here are some hints how to free some disk space: + +1. Clean yum cache. + + ~~~ + sudo yum clean all + ~~~ + +2. Delete `.img` files of a less important VM, which can be found in `/var/lib/qubes/appvms/`. + Then, when the system is working again, clean up the rest. + + ~~~ + qvm-remove + ~~~ + + With this method, you lose the data of one VM, but it'll work more reliably. + +3. Decrease the filesystem safety margin (5% by default). + + ~~~ + sudo tune2fs -m 4 /dev/mapper/vg_dom0-lv_root + ~~~ + +4. Remove some unneeded files in dom0 home (if you have any, most likely not). + +## Can't resize VM storage / "resize2fs: Permission denied" error ## + +[Resizing a volume](/doc/resize-disk-image/) in the Qubes interface should be a straightforward process. +But sometimes, an attempt to resize will look like it worked, when it in fact fails silently. +If you then try the same operation in the dom0 console using the `qvm-volume extend` command, it fails with the error message: `resize2fs: Permission denied to resize filesystem`. +This error indicates that a `resize2fs` will not work, unless `fsck` is run first. +Qubes OS utilities cannot yet handle this case. + +To fix this issue: + +1. In the dom0 terminal get a root console on the vm (eg. sys-usb) with: + + ~~~ + sudo xl console -t pv sys-usb + ~~~ + +2. Unmount everything mounted on the private volume `/dev/xvdb partition`. +There are typically several mounts listed in `/etc/mtab`. + +3. When you attempt to unmount the `/home` directory using the `umount /home` command, you will encounter an error because there are processes using the `/home` directory. You can view a list of these processes with the `fuser` command: + + ~~~ + fuser -m /home + ~~~ + +Kill these process until they are all gone using `kill `. + +4. Finally, run: + + ~~~ + umount /home + fsck /dev/xvdb + resize2fs /dev/xvdb + ~~~ + +After restarting your VM, everything should now work as expected. +The private volume size shown externally in the VM's settings interface is the same as that seen within the VM. diff --git a/user/troubleshooting/out-of-memory.md b/user/troubleshooting/out-of-memory.md deleted file mode 100644 index 869da993..00000000 --- a/user/troubleshooting/out-of-memory.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -layout: doc -title: Out of Memory -permalink: /doc/out-of-memory/ -redirect_from: -- /en/doc/out-of-memory/ -- /doc/OutOfmemory/ -- /wiki/OutOfmemory/ ---- - -VMs (especially templates) use pre-allocated space. The default private storage max size is 2 GB, but it's very easy to increase as needed. If the disk is completely full, you will get an `Out of disk space` error that may crash your system because Dom0 does not have enough disk space to work. So it's good practice to regularly check disk space usage with the command `df -h` in dom0 terminal. - -A system that's out of space should be able to boot, but may be unable to load a desktop manager. In this case it is possible to login to dom0 terminal with Alt + Ctrl + F2. To recover disk space it may be possible to delete files in a userVM by connecting to the userVM terminal: - -~~~ -qvm-start -qvm-console-dispvm -~~~ - -If this does not work, check the size of /var/lib/qubes/qubes.xml. If it is zero, you'll need to use one of the file backup (stored in /var/lib/qubes/backup), hopefully you have the current data there. Find the most recent one and place in /var/lib/qubes/qubes.xml instead of the empty file. - -In any case you'll need some disk space to start the VM. Check `df -h` output if you have some. If not, here are some hints how to free some disk space: - -1. Clean yum cache. - - ~~~ - sudo yum clean all - ~~~ - -2. Delete `.img` files of a less important VM, which can be found in `/var/lib/qubes/appvms/`. - Then, when the system is working again, clean up the rest. - - ~~~ - qvm-remove - ~~~ - - With this method, you lose the data of one VM, but it'll work more reliably. - -3. Decrease the filesystem safety margin (5% by default). - - ~~~ - sudo tune2fs -m 4 /dev/mapper/vg_dom0-lv_root - ~~~ - -4. Remove some unneeded files in dom0 home (if you have any, most likely not). - From 57d66a7146f5c9c8241317cd0384bb05c182d1df Mon Sep 17 00:00:00 2001 From: PROTechThor Date: Sun, 18 Oct 2020 10:08:03 +0100 Subject: [PATCH 18/45] Add PCI Troubleshooting --- doc.md | 1 + user/common-tasks/pci-devices.md | 29 +--- user/troubleshooting/pci-troubleshooting.md | 140 ++++++++++++++++++++ 3 files changed, 143 insertions(+), 27 deletions(-) create mode 100644 user/troubleshooting/pci-troubleshooting.md diff --git a/doc.md b/doc.md index f782dfe9..d839f890 100644 --- a/doc.md +++ b/doc.md @@ -122,6 +122,7 @@ Core documentation for Qubes users. * [Installation Troubleshooting](/doc/installation-troubleshooting) * [UEFI Troubleshooting](/doc/uefi-troubleshooting/) + * [PCI Troubleshooting](/doc/pci-troubleshooting/) * [Home directory is out of disk space error](/doc/out-of-memory/) * [Installing on system with new AMD GPU (missing firmware problem)](https://groups.google.com/group/qubes-devel/browse_thread/thread/e27a57b0eda62f76) * [How to install an Nvidia driver in dom0](/doc/install-nvidia-driver/) diff --git a/user/common-tasks/pci-devices.md b/user/common-tasks/pci-devices.md index e84b0ea7..e1228dd6 100644 --- a/user/common-tasks/pci-devices.md +++ b/user/common-tasks/pci-devices.md @@ -81,30 +81,7 @@ For example, if `00_1a.0` is the BDF of the device you want to attach to the "wo ## Possible Issues ## - -### DMA Buffer Size ### - -VMs with attached PCI devices in Qubes have allocated a small buffer for DMA operations (called swiotlb). -By default it is 2MB, but some devices need a larger buffer. -To change this allocation, edit VM's kernel parameters (this is expressed in 512B chunks): - - # qvm-prefs netvm |grep kernelopts - kernelopts : iommu=soft swiotlb=2048 (default) - # qvm-prefs -s netvm kernelopts "iommu=soft swiotlb=8192" - - -This is [known to be needed][ml1] for the Realtek RTL8111DL Gigabit Ethernet Controller. - - -### PCI Passthrough Issues ### - -Sometimes the PCI arbitrator is too strict. -There is a way to enable permissive mode for it. -See also: [this thread][ml2] and the Xen wiki's [PCI passthrough] page. -At other times, you may instead need to disable the FLR requirement on a device. - -Both can be achieved during attachment with `qvm-pci` as described below. - +Visit the [PCI Troubleshooting guide](pci-troubleshoot) to see issues that may arise due to PCI devices and how to troubleshoot them. ## Additional Attach Options ## @@ -166,9 +143,7 @@ or [USB]:/doc/usb-devices/ [appmenu]: /attachment/wiki/Devices/qubes-appmenu-select.png [domain manager icon]: /attachment/wiki/Devices/qubes-logo-icon.png +[pci-troubleshoot]:/doc/pci-troubleshooting [qvm-device]: /doc/device-handling/#general-qubes-device-widget-behavior-and-handling [side channel attacks]: https://en.wikipedia.org/wiki/Side-channel_attack -[ml1]: https://groups.google.com/group/qubes-devel/browse_thread/thread/631c4a3a9d1186e3 -[ml2]: https://groups.google.com/forum/#!topic/qubes-users/Fs94QAc3vQI -[PCI passthrough]: https://wiki.xen.org/wiki/Xen_PCI_Passthrough diff --git a/user/troubleshooting/pci-troubleshooting.md b/user/troubleshooting/pci-troubleshooting.md new file mode 100644 index 00000000..c7d4905b --- /dev/null +++ b/user/troubleshooting/pci-troubleshooting.md @@ -0,0 +1,140 @@ +--- +layout: doc +title: PCI Troubleshooting +permalink: /doc/pci-troubleshooting/ +--- + +# PCI troubleshooting # + +## DMA errors ## + +VMs with attached PCI devices in Qubes have allocated a small buffer for DMA operations (called swiotlb). +By default, it is 2MB, but some devices (such as the [Realtek RTL8111DL Gigabit Ethernet Controller](https://groups.google.com/group/qubes-devel/browse_thread/thread/631c4a3a9d1186e3)) need a larger DMA buffer size. +Without a larger buffer, you will face DMA errors such as `Failed to map TX DMA`. + +To change this allocation, edit VM's kernel parameters (this is expressed in 512B chunks) by running the following in a dom0 terminal: + + # qvm-prefs netvm |grep kernelopts + kernelopts : iommu=soft swiotlb=2048 (default) + # qvm-prefs -s netvm kernelopts "iommu=soft swiotlb=8192" + +## PCI Passthrough Issues ## + +Sometimes the PCI arbitrator is too strict, which may cause errors such as `Unable to reset PCI device` and other PCI-related errors. +There is a way to enable permissive mode for it. +See also: [this thread](https://groups.google.com/forum/#!topic/qubes-users/Fs94QAc3vQI) and the Xen wiki's [PCI passthrough](https://wiki.xen.org/wiki/Xen_PCI_Passthrough) page. +Other times, you may instead need to disable the FLR requirement on a device. + +Both can be achieved during attachment with `qvm-pci` as described [PCI Devices documentaton](/doc/pci-devices/#additional-attach-options). + +## "Unable to reset PCI device" errors ## + +### libvirt.libvirtError: internal error: Unable to reset PCI device [...]: internal error: Active [...] devices on bus with [...], not doing bus reset ### + +After running `qvm-start sys-net`, you may encounter an error message which begins with `libvirt.libvirtError: internal error: Unable to reset PCI device`. + +This issue is likely to occur if you have the same device assigned to more than one +VM. +When you try to start sys-net with the `qvm-start sys-net` command, there is already a VM running (e.g., autostarting) with one or more of the same devices as those assigned to sys-net. + +To fix the error, remove the offending PCI device. + +#### Using the Qubes interface #### + +From the "Selected" panel in sys-net, navigate to VM Settings, then Devices. There, you can remove the offending PCI device(s) and keep the desired PCI device. + +#### Using the command line #### + +1. To see all the PCI available devices, enter the `lspci` command into the dom0 terminal. Each device will be listed on a line, for example: + + ~~~ + 0000:03:00.0 Audio device: Intel Corporation Haswell-ULT HD Audio Controller (rev 0b) + ~~~ +In the above output, the BDF (Bus Device Function) of the device is `0000:03:00.0` + +2. Now that you can see all the PCI devices and their BDFs, you can decide which to remove and which to keep. +Imagine we faced the following error message: + + ~~~ + libvirt.libvirtError: internal error: Unable to reset PCI device 0000:03:00.1: internal error: Active 0000:03:00.0 devices on bus with 0000:03:00.1, not doing bus reset + ~~~ +In the above case, the device `0000:03:00.1` is the device which we want to use. But we are facing the `Unable to reset PCI device` error because another device, `0000:03:00.0`, is active. +To fix this error and get device `0000:03:00.1` to work, we must first remove the offending device `0000:03:00.0` + + ~~~ + sudo su + echo -n "1" > /sys/bus/pci/devices/0000:03:00.0/remove + ~~~ + +3. In order to make this change persistent, create a file `/etc/systemd/system/qubes-pre-netvm.service` and add the following: + + ~~~ + [Unit] + Description=Netvm fixup + Before=qubes-netvm.service + + [Service] + ExecStart=/bin/sh -c 'echo -n "1" > /sys/bus/pci/devices/0000:03:00.0/remove' + Type=oneshot + RemainAfterExit=yes + + [Install] + WantedBy=multi-user.target + ~~~ +Finally, run `systemctl enable qubes-pre-netvm.service` and it will now persist between reboots. + +### Domain [...] has failed to start: internal error: Unable to reset PCI device [...]: no FLR, PM reset or bus reset available ### + +This is a [PCI passthrough issue](/doc/pci-troubleshooting/#pci-passthrough-issues), which occurs when PCI arbitrator is too strict. +There is a way to enable permissive mode for it. +Sometimes, you may instead need to disable the FLR requirement on a device. +Both can be achieved during attachment with `qvm-pci` as described below. + +NOTE: The `permissive` flag increases attack surface and possibility of [side channel attacks](https://en.wikipedia.org/wiki/Side-channel_attack). +While using the `no-strict-reset` flag, do not require PCI device to be reset before attaching it to another VM. This may leak usage data even without malicious intent. Both `permissive` and `no-strict-reset` options may not be necessary and you should try one first, then the other, before using both. + +~~~ +qvm-pci attach --persistent --option permissive=true --option no-strict-reset=true sys-usb dom0: +~~~ + +Be sure to replace `` with the BDF of your PCI device, which can be be obtained from running `qvm-pci`. + +You can also configure strict reset directly from the Qubes interface by following these steps: + +1. Go to the sys-net VM settings + +2. Go to Devices + +3. Make sure the device is in the right field + +4. Click "Configure strict reset for PCI devices" + +5. Select the device, click OK and apply + +## Broadcom BCM43602 Wi-Fi card causes system freeze ## + +You may face the problem where the BCM43602 Wi-Fi chip causes a system freeze whenever it is attached to a VM. To fix this problem on a Macbook, follow the steps in [Macbook Troubleshooting](/doc/macbook-troubleshooting/#7-fix-system-freezes-due-to-broadcom-bcm43602). + +For other non-Macbook machines, it is advisable to replace the Broadcom BCM43602 with one known to work on Qubes, such as the Atheros AR9462. + +Note that your computer manufacturer may have added a Wi-Fi card whitelist in your BIOS, which will prevent booting your computer if you have a non-listed wireless card. +It is possible bypass this limitation by removing the whitelist, disabling a check for it or modifying the whitelist to replace device ID of a whitelisted WiFi card with device ID of your new WiFi card. + +## Wireless card stops working after dom0 update ## + +There have been many instances where a Wi-Fi card stops working after a dom0 update. +If you run `sudo dmesg` in sys-net, you may see errors beginning with `iwlwifi`. +You can fix the problem by going to the sys-net VM's settings and changing the VM kernel to the previous version. + +## Attached devices in Windows HVM stop working on suspend/resume ## + +After the whole system gets suspended into S3 sleep and subsequently resumed, some attached devices may stop working. +Refer to [Suspend/Resume Troubleshooting](/doc/suspend-resume-troubleshooting/#attached-devices-in-Windows-HVM-stop-working-on-suspendresume) for a solution. + +## PCI device not available in dom0 after unassigning from a qube ## + +After assigning a PCI device to a qube, then unassigning it/shutting down the qube, the device is not available in dom0. +This is an intended feature. +A device which was previously assigned to a less trusted qube could attack dom0 if it were automatically reassigned there. +Look at the [FAQs](/faq/#i-assigned-a-pci-device-to-a-qube-then-unassigned-itshut-down-the-qube-why-isnt-the-device-available-in-dom0) to learn how to re-enable the device in dom0. + From a02fbd381fcc6b4f8d29ed152d211e0d9e30105b Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Sun, 18 Oct 2020 10:50:36 +0100 Subject: [PATCH 19/45] Fix spelling errors --- user/troubleshooting/pci-troubleshooting.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user/troubleshooting/pci-troubleshooting.md b/user/troubleshooting/pci-troubleshooting.md index c7d4905b..dbc735cd 100644 --- a/user/troubleshooting/pci-troubleshooting.md +++ b/user/troubleshooting/pci-troubleshooting.md @@ -25,7 +25,7 @@ There is a way to enable permissive mode for it. See also: [this thread](https://groups.google.com/forum/#!topic/qubes-users/Fs94QAc3vQI) and the Xen wiki's [PCI passthrough](https://wiki.xen.org/wiki/Xen_PCI_Passthrough) page. Other times, you may instead need to disable the FLR requirement on a device. -Both can be achieved during attachment with `qvm-pci` as described [PCI Devices documentaton](/doc/pci-devices/#additional-attach-options). +Both can be achieved during attachment with `qvm-pci` as described [PCI Devices documentation](/doc/pci-devices/#additional-attach-options). ## "Unable to reset PCI device" errors ## @@ -35,7 +35,7 @@ After running `qvm-start sys-net`, you may encounter an error message which begi This issue is likely to occur if you have the same device assigned to more than one VM. -When you try to start sys-net with the `qvm-start sys-net` command, there is already a VM running (e.g., autostarting) with one or more of the same devices as those assigned to sys-net. +When you try to start sys-net with the `qvm-start sys-net` command, there is already a VM running (e.g., auto-starting) with one or more of the same devices as those assigned to sys-net. To fix the error, remove the offending PCI device. @@ -131,9 +131,9 @@ You can fix the problem by going to the sys-net VM's settings and changing the V After the whole system gets suspended into S3 sleep and subsequently resumed, some attached devices may stop working. Refer to [Suspend/Resume Troubleshooting](/doc/suspend-resume-troubleshooting/#attached-devices-in-Windows-HVM-stop-working-on-suspendresume) for a solution. -## PCI device not available in dom0 after unassigning from a qube ## +## PCI device not available in dom0 after being unassigned from a qube ## -After assigning a PCI device to a qube, then unassigning it/shutting down the qube, the device is not available in dom0. +After you assign a PCI device to a qube, then unassign it/shut down the qube, the device is not available in dom0. This is an intended feature. A device which was previously assigned to a less trusted qube could attack dom0 if it were automatically reassigned there. Look at the [FAQs](/faq/#i-assigned-a-pci-device-to-a-qube-then-unassigned-itshut-down-the-qube-why-isnt-the-device-available-in-dom0) to learn how to re-enable the device in dom0. From 21ffea448c6f96e527c12bf1fff3d83448adfc6c Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Sun, 18 Oct 2020 11:16:48 +0100 Subject: [PATCH 20/45] Add new section about network adapter --- user/troubleshooting/pci-troubleshooting.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/user/troubleshooting/pci-troubleshooting.md b/user/troubleshooting/pci-troubleshooting.md index dbc735cd..38cfd153 100644 --- a/user/troubleshooting/pci-troubleshooting.md +++ b/user/troubleshooting/pci-troubleshooting.md @@ -138,3 +138,10 @@ This is an intended feature. A device which was previously assigned to a less trusted qube could attack dom0 if it were automatically reassigned there. Look at the [FAQs](/faq/#i-assigned-a-pci-device-to-a-qube-then-unassigned-itshut-down-the-qube-why-isnt-the-device-available-in-dom0) to learn how to re-enable the device in dom0. +## Network adapter does not work ## + +You may have an adapter (wired, wireless), that is not compatible with open-source drivers shipped by Qubes. +You may need to install a binary blob, which provides drivers, from the linux-firmware package. + +Open a terminal and run `sudo dnf install linux-firmware` in the TemplateVM upon which your NetVM is based. +You have to restart the NetVM after the TemplateVM has been shut down. From f93cc80f364db0e7a51bab27328f7dad1020c458 Mon Sep 17 00:00:00 2001 From: PROTechThor Date: Sun, 18 Oct 2020 11:44:45 +0100 Subject: [PATCH 21/45] Add USB Troubleshooting --- doc.md | 1 + introduction/faq.md | 57 +-------------- user/troubleshooting/usb-troubleshooting.md | 79 +++++++++++++++++++++ 3 files changed, 81 insertions(+), 56 deletions(-) create mode 100644 user/troubleshooting/usb-troubleshooting.md diff --git a/doc.md b/doc.md index f782dfe9..731e2a29 100644 --- a/doc.md +++ b/doc.md @@ -122,6 +122,7 @@ Core documentation for Qubes users. * [Installation Troubleshooting](/doc/installation-troubleshooting) * [UEFI Troubleshooting](/doc/uefi-troubleshooting/) + * [USB Troubleshooting](/doc/usb-troubleshooting/) * [Home directory is out of disk space error](/doc/out-of-memory/) * [Installing on system with new AMD GPU (missing firmware problem)](https://groups.google.com/group/qubes-devel/browse_thread/thread/e27a57b0eda62f76) * [How to install an Nvidia driver in dom0](/doc/install-nvidia-driver/) diff --git a/introduction/faq.md b/introduction/faq.md index 516491a7..39185c69 100644 --- a/introduction/faq.md +++ b/introduction/faq.md @@ -487,62 +487,7 @@ Enable "debug mode" in the qube's settings, either by checking the box labeled " ### I created a usbVM and assigned usb controllers to it. Now the usbVM wont boot. This is probably because one of the controllers does not support reset. -In Qubes R2 any such errors were ignored. In Qubes R3.x they are not. -In R4.x, devices that are automatically added to sys-net and sys-usb on install but do not support FLR will be attached with the no-strict-reset option, but see the related warning in the last sentence in this answer. - -A device that does not support reset is not ideal and generally should not be assigned to a VM. - -Most likely the offending controller is a USB 3.0 device. -You can remove this controller from the usbVM, and see if this allows the VM to boot. -Alternatively you may be able to disable USB 3.0 in the BIOS. -If the BIOS does not have the option to disable USB 3.0, try running the following command in dom0 to [force USB 2.0 modes for the USB ports][force_usb2]: - - lspci -nn | grep USB | cut -d '[' -f3 | cut -d ']' -f1 | xargs -I@ setpci -H1 -d @ d0.l=0 - - -Errors suggesting this issue: - - - in `xl dmesg` output: - - (XEN) [VT-D] It's disallowed to assign 0000:00:1a.0 with shared RMRR at dbe9a000 for Dom19. - (XEN) XEN_DOMCTL_assign_device: assign 0000:00:1a.0 to dom19 failed (-1) - - - during `qvm-start sys-usb`: - - internal error: Unable to reset PCI device [...] no FLR, PM reset or bus reset available. - - -Another solution would be to set the pci_strictreset option in dom0: - - - In Qubes R4.x, when attaching the PCI device to the VM (where `` can be obtained from running `qvm-pci`): - - qvm-pci attach --persistent --option no-strict-reset=true usbVM dom0: - - - In Qubes R3.x, by modifying the VM's properties: - - qvm-prefs usbVM -s pci_strictreset false - -These options allow the VM to ignore the error and the VM will start. -Please review the notes in the `qvm-prefs` man page and [here][assign_devices] and be aware of the potential risks. - -### I assigned a PCI device to a qube, then unassigned it/shut down the qube. Why isn't the device available in dom0? - -This is an intended feature. -A device which was previously assigned to a less trusted qube could attack dom0 if it were automatically reassigned there. -In order to re-enable the device in dom0, either: - - * Reboot the physical machine. - -or - - * Go to the sysfs (`/sys/bus/pci`), find the right device, detach it from the pciback driver and attach back to the original driver. Replace `` with your device, for example `00:1c.2`: - - echo 0000: > /sys/bus/pci/drivers/pciback/unbind - MODALIAS=`cat /sys/bus/pci/devices/0000:/modalias` - MOD=`modprobe -R $MODALIAS | head -n 1` - echo 0000: > /sys/bus/pci/drivers/$MOD/bind - -See also [here][assign_devices]. +See the [USB Troublshooting guide](/doc/usb-troubleshooting/usbVM-does-not-boot-after-creating-and-assigning-USB-controllers-to-it). ### How do I install Flash in a Debian qube? diff --git a/user/troubleshooting/usb-troubleshooting.md b/user/troubleshooting/usb-troubleshooting.md new file mode 100644 index 00000000..564a4cf0 --- /dev/null +++ b/user/troubleshooting/usb-troubleshooting.md @@ -0,0 +1,79 @@ +--- +layout: doc +title: USB Troubleshooting +permalink: /doc/usb-troubleshooting/ +--- + +# USB troubleshooting # + +## disp-sys-usb does not start ## +If the disp-sys-usb does not start, it could be due to a PCI passthrough problem. +For more details on this issue along with possible solutions, look at [PCI passthrough issues](/doc/pci-troubleshooting/#pci-passthrough-issues). + +## Can't attach a USB device / USB device not showing in qvm-usb ## + +Upon trying to attach a USB device using the `qvm-usb -a vm-name device-vm-name:device` command, you may face the error `Device attach failed: no device info received, connection failed, check backend side for details`. +This issue mainly arise when you do not have a sys-usb VM set up. +To successfully attach a USB device, you require a VM dedicated to handling the USB input and output. +For guidance setting up a USB qube, see the [USB documentation](/doc/usb-devices/#creating-and-using-a-usb-qube). + +Currently (until issue [1082](https://github.com/QubesOS/qubes-issues/issues/1082) gets implemented), if you remove the device before detaching it from the qube, Qubes OS (more precisely, `libvirtd`) will think that the device is still attached to the qube and will not allow attaching further devices under the same name. +The easiest way to recover from such a situation is to reboot the qube to which the device was attached. +If this isn't an option, you can manually recover from the situation by following the at the [Block Devices documentation](/doc/block-devices/#what-if-i-removed-the-device-before-detaching-it-from-the-vm) + +## usbVM does not boot after creating and assigning USB controllers to it ## + +This is probably because one of the controllers does not support reset. +In Qubes R2 any such errors were ignored. In Qubes R3.x they are not. +In R4.x, devices that are automatically added to sys-net and sys-usb on install but do not support FLR will be attached with the no-strict-reset option, but see the related warning in the last sentence in this answer. + +A device that does not support reset is not ideal and generally should not be assigned to a VM. + +Most likely the offending controller is a USB 3.0 device. +You can remove this controller from the usbVM, and see if this allows the VM to boot. +Alternatively you may be able to disable USB 3.0 in the BIOS. +If the BIOS does not have the option to disable USB 3.0, try running the following command in dom0 to [force USB 2.0 modes for the USB ports][force_usb2]: + + lspci -nn | grep USB | cut -d '[' -f3 | cut -d ']' -f1 | xargs -I@ setpci -H1 -d @ d0.l=0 + + +Errors suggesting this issue: + + - in `xl dmesg` output: + + (XEN) [VT-D] It's disallowed to assign 0000:00:1a.0 with shared RMRR at dbe9a000 for Dom19. + (XEN) XEN_DOMCTL_assign_device: assign 0000:00:1a.0 to dom19 failed (-1) + + - during `qvm-start sys-usb`: + + internal error: Unable to reset PCI device [...] no FLR, PM reset or bus reset available. + + +Another solution would be to set the pci_strictreset option in dom0: + + - In Qubes R4.x, when attaching the PCI device to the VM (where `` can be obtained from running `qvm-pci`): + + qvm-pci attach --persistent --option no-strict-reset=true usbVM dom0: + + - In Qubes R3.x, by modifying the VM's properties: + + qvm-prefs usbVM -s pci_strictreset false + +These options allow the VM to ignore the error and the VM will start. +Please review the notes in the `qvm-prefs` man page and [here][assign_devices] and be aware of the potential risks. + + +## Can't use keyboard or mouse after creating sys-usb ## + +You risk locking yourself out of your computer if you have a USB keyboard and use full disk encryption alongside sys-usb. +On boot, the keyboard may be inactive, preventing you from entering your LUKS decryption password. + +When you enable a USB qube, it hides all the USB controllers from dom0, even before it gets started. +So, if your only keyboard is on USB, you should undo this hiding. + +To solve the problem, disable the USB qube by not having it autostart, or unassigning your USB controller(s) from it. If you had created the USB qube by checking the box in the installer, then your USB controller(s) are probably hidden from dom0. To unhide them, reverse the procedure described in the [USB Qubes documentation](https://www.qubes-os.org/doc/usb-qubes/#how-to-hide-all-usb-controllers-from-dom0) (under "How to hide all USB controllers from dom0"). That is, remove `rd.qubes.hide_all_usb`, instead of adding it. + +Note that this procedure will attach your USB controllers to dom0, so do this only with USB devices you trust. + +If your computer has a PS/2 port, you may instead use a PS/2 keyboard to enter the LUKS password. + From 4fab5d1c5992fa0d8b7d6d0e9e7c3d0d1f1b3983 Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Sun, 18 Oct 2020 12:22:23 +0100 Subject: [PATCH 22/45] Fix spelling error --- introduction/faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/introduction/faq.md b/introduction/faq.md index 39185c69..8cc82b08 100644 --- a/introduction/faq.md +++ b/introduction/faq.md @@ -487,7 +487,7 @@ Enable "debug mode" in the qube's settings, either by checking the box labeled " ### I created a usbVM and assigned usb controllers to it. Now the usbVM wont boot. This is probably because one of the controllers does not support reset. -See the [USB Troublshooting guide](/doc/usb-troubleshooting/usbVM-does-not-boot-after-creating-and-assigning-USB-controllers-to-it). +See the [USB Troubleshooting guide](/doc/usb-troubleshooting/usbVM-does-not-boot-after-creating-and-assigning-USB-controllers-to-it). ### How do I install Flash in a Debian qube? From 53906680bac760c494738329f10968036bf658a0 Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Sun, 18 Oct 2020 12:24:24 +0100 Subject: [PATCH 23/45] Add more information --- user/troubleshooting/usb-troubleshooting.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user/troubleshooting/usb-troubleshooting.md b/user/troubleshooting/usb-troubleshooting.md index 564a4cf0..44509acb 100644 --- a/user/troubleshooting/usb-troubleshooting.md +++ b/user/troubleshooting/usb-troubleshooting.md @@ -17,7 +17,8 @@ This issue mainly arise when you do not have a sys-usb VM set up. To successfully attach a USB device, you require a VM dedicated to handling the USB input and output. For guidance setting up a USB qube, see the [USB documentation](/doc/usb-devices/#creating-and-using-a-usb-qube). -Currently (until issue [1082](https://github.com/QubesOS/qubes-issues/issues/1082) gets implemented), if you remove the device before detaching it from the qube, Qubes OS (more precisely, `libvirtd`) will think that the device is still attached to the qube and will not allow attaching further devices under the same name. +Currently (until issue [1082](https://github.com/QubesOS/qubes-issues/issues/1082) gets implemented), if you remove the device before detaching it from the qube, Qubes OS (more precisely, `libvirtd`) will think that the device is still attached to the qube and will not allow attaching further devices under the same name. +This may be characterized by VM manager crashes and the error message: `Houston, we have a problem`. The easiest way to recover from such a situation is to reboot the qube to which the device was attached. If this isn't an option, you can manually recover from the situation by following the at the [Block Devices documentation](/doc/block-devices/#what-if-i-removed-the-device-before-detaching-it-from-the-vm) From aaf4b691f4fecda2a9108d97f9ea2597a8359cf4 Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Mon, 19 Oct 2020 14:09:42 +0100 Subject: [PATCH 24/45] Delete wireless-troubleshooting.md All the content here is already available at Suspend-resume-troubleshooting.md. Plus, this page should redirect to /doc/suspend-resume-troubleshooting --- .../wireless-troubleshooting.md | 121 ------------------ 1 file changed, 121 deletions(-) delete mode 100644 user/troubleshooting/wireless-troubleshooting.md diff --git a/user/troubleshooting/wireless-troubleshooting.md b/user/troubleshooting/wireless-troubleshooting.md deleted file mode 100644 index 9c8ea33d..00000000 --- a/user/troubleshooting/wireless-troubleshooting.md +++ /dev/null @@ -1,121 +0,0 @@ ---- -layout: doc -title: Wireless Troubleshooting -permalink: /doc/wireless-troubleshooting/ -redirect_from: -- /en/doc/wireless-troubleshooting/ ---- - -Wireless Troubleshooting Guide -============================== - -These instructions may help with suspend/resume issues for more devices than just wireless cards, that is just the (unfortunately not uncommon) example used here. - -Resetting wireless cards by reloading drivers ---------------------------------------------- - -If your wireless card works, but after suspending and resuming your computer, the Network-Manager applet just says "Device not ready", then try un-loading and re-loading the driver. - -### Determining your wireless card driver ### - -First, determine which kernel module corresponds to your wireless card. There are several ways to do this. - -The easiest is via the output of `lspci -k` in your sys-net VM: - -~~~ -[user@sys-net ~]$ lspci -k -00:00.0 Network controller: Intel Corporation Wireless 8260 (rev 3a) - Subsystem: Intel Corporation Device 0130 - Kernel driver in use: iwlwifi - Kernel modules: iwlwifi -~~~ - -Here we see that the machine in question has an Intel wireless card, being used by the `iwlwifi` kernel module. - - -### Checking logs for relevant messages ### - -View the output of `dmesg` in sys-net, and check if you see a bunch of wireless related errors. Depending on your hardware, they may look like the following (or not): - -~~~ -iwlwifi 0000:00:00.0: loaded firmware version 16.242414.0 op_mode iwlmvm -iwlwifi 0000:00:00.0: Detected Intel(R) Dual Band Wireless AC 8260, REV=0x208 -... -IPv6: ADDRCONF(NETDEV_UP): wlp0s0: link is not ready -iwlwifi 0000:00:00.0: L1 Enabled - LTR Enabled -iwlwifi 0000:00:00.0: L1 Enabled - LTR Enabled -iwlwifi 0000:00:00.0: Failed to load firmware chunk! -iwlwifi 0000:00:00.0: Could not load the [0] uCode section -iwlwifi 0000:00:00.0: Failed to start INIT ucode: -110 -iwlwifi 0000:00:00.0: Failed to run INIT ucode: -110 -... -iwlwifi 0000:00:00.0: Direct firmware load for iwlwifi-8000C-18.ucode failed with error -2 -~~~ - -### Seeing what modules you have loaded ### - -You can check which drivers are currently loaded with `lsmod`, and view details about a module with `modinfo `. - -For example, we list what modules we have loaded: - -~~~ -[user@sys-net ~]$ lsmod -Module Size Used by -iwlmvm 315392 0 -iwlwifi 155648 1 iwlmvm -mac80211 708608 1 iwlmvm -cfg80211 557056 3 iwlwifi,mac80211,iwlmvm -... -~~~ - -and check one: - -~~~ -[user@sys-net ~]$ modinfo iwlmvm | grep -E '^(description|author|depends):' -author: Copyright(c) 2003- 2015 Intel Corporation -description: The new Intel(R) wireless AGN driver for Linux -depends: iwlwifi,mac80211,cfg80211 -~~~ - -Hey, it's our wireless driver! - -Now, check if reloading the module makes wireless work again: - -~~~ -[user@sys-net ~]$ sudo rmmod iwlmvm -[user@sys-net ~]$ sudo modprobe iwlmvm -~~~ - -and try reconnecting to a network that is known to work. - -If that is successful, see below about having Qubes automatically reload the driver for you. If not, try also reloading some dependent modules, in our example we must also reload iwlwifi: - -~~~ -[user@sys-net ~]$ modinfo iwlwifi | grep -E '^(description|author|depends):' -author: Copyright(c) 2003- 2015 Intel Corporation -description: Intel(R) Wireless WiFi driver for Linux -depends: cfg80211 -~~~ - -~~~ -[user@sys-net ~]$ sudo rmmod iwlmvm -[user@sys-net ~]$ sudo rmmod iwlwifi -[user@sys-net ~]$ sudo modprobe iwlwifi # note the reverse order of loading/unloading -[user@sys-net ~]$ sudo modprobe iwlmvm -~~~ - -Automatically reloading drivers on suspend/resume -------------------------------------------------- - -If reloading the driver (which resets the hardware into a known-state) resolves your issue when done manually, you can have Qubes automatically un/reload them on suspend & resume by listing the relevant modules in `/rw/config/suspend-module-blacklist`. - -In the above example, it would look like this: - -~~~ -[user@sys-net config]$ cat /rw/config/suspend-module-blacklist -# You can list here modules you want to be unloaded before going to sleep. This -# file is used only if the VM has any PCI device assigned. Modules will be -# automatically loaded after resume. -iwlmvm -iwlwifi -~~~ From 243a582bbb222b6985ae7c8350a41688c136f7b4 Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Mon, 19 Oct 2020 14:22:38 +0100 Subject: [PATCH 25/45] Add section about attached devices in Windows HVM --- user/troubleshooting/hvm-troubleshooting.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user/troubleshooting/hvm-troubleshooting.md b/user/troubleshooting/hvm-troubleshooting.md index 63ef9870..a8c5f039 100644 --- a/user/troubleshooting/hvm-troubleshooting.md +++ b/user/troubleshooting/hvm-troubleshooting.md @@ -60,3 +60,6 @@ To give the VM a RAM of 2GB, open a terminal in `dom0` and enter: qvm-prefs memory 2000 +## Attached devices in Windows HVM stop working on suspend/resume ## + +After the whole system gets suspended into S3 sleep and subsequently resumed, some attached devices may stop working. To know how to make the devices work, see [Suspend/resume Troubleshooting](/doc/suspend-resume-troubleshooting/). From fa5793af9f97339ab4751ed483e7e518613c95dd Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Mon, 19 Oct 2020 14:24:18 +0100 Subject: [PATCH 26/45] Edit link to Suspend/resume Troubleshooting --- user/troubleshooting/hvm-troubleshooting.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/troubleshooting/hvm-troubleshooting.md b/user/troubleshooting/hvm-troubleshooting.md index a8c5f039..904d1a16 100644 --- a/user/troubleshooting/hvm-troubleshooting.md +++ b/user/troubleshooting/hvm-troubleshooting.md @@ -62,4 +62,4 @@ To give the VM a RAM of 2GB, open a terminal in `dom0` and enter: ## Attached devices in Windows HVM stop working on suspend/resume ## -After the whole system gets suspended into S3 sleep and subsequently resumed, some attached devices may stop working. To know how to make the devices work, see [Suspend/resume Troubleshooting](/doc/suspend-resume-troubleshooting/). +After the whole system gets suspended into S3 sleep and subsequently resumed, some attached devices may stop working. To know how to make the devices work, see [Suspend/resume Troubleshooting](/doc/suspend-resume-troubleshooting/#attached-devices-in-windows-hvm-stop-working-on-suspendresume). From 773aa66af934d15dcd060e6d3cf7b5ec08232823 Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Mon, 19 Oct 2020 14:28:55 +0100 Subject: [PATCH 27/45] Add # to link --- introduction/faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/introduction/faq.md b/introduction/faq.md index 8cc82b08..139aaa23 100644 --- a/introduction/faq.md +++ b/introduction/faq.md @@ -487,7 +487,7 @@ Enable "debug mode" in the qube's settings, either by checking the box labeled " ### I created a usbVM and assigned usb controllers to it. Now the usbVM wont boot. This is probably because one of the controllers does not support reset. -See the [USB Troubleshooting guide](/doc/usb-troubleshooting/usbVM-does-not-boot-after-creating-and-assigning-USB-controllers-to-it). +See the [USB Troubleshooting guide](/doc/usb-troubleshooting/#usbVM-does-not-boot-after-creating-and-assigning-USB-controllers-to-it). ### How do I install Flash in a Debian qube? From 7ef28916c11f8cec4491731fada0d5b6b2a719bd Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Mon, 19 Oct 2020 14:54:56 +0100 Subject: [PATCH 28/45] Update usb-troubleshooting.md --- user/troubleshooting/usb-troubleshooting.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/user/troubleshooting/usb-troubleshooting.md b/user/troubleshooting/usb-troubleshooting.md index 44509acb..57d4e2a9 100644 --- a/user/troubleshooting/usb-troubleshooting.md +++ b/user/troubleshooting/usb-troubleshooting.md @@ -12,15 +12,18 @@ For more details on this issue along with possible solutions, look at [PCI passt ## Can't attach a USB device / USB device not showing in qvm-usb ## -Upon trying to attach a USB device using the `qvm-usb -a vm-name device-vm-name:device` command, you may face the error `Device attach failed: no device info received, connection failed, check backend side for details`. -This issue mainly arise when you do not have a sys-usb VM set up. To successfully attach a USB device, you require a VM dedicated to handling the USB input and output. For guidance setting up a USB qube, see the [USB documentation](/doc/usb-devices/#creating-and-using-a-usb-qube). Currently (until issue [1082](https://github.com/QubesOS/qubes-issues/issues/1082) gets implemented), if you remove the device before detaching it from the qube, Qubes OS (more precisely, `libvirtd`) will think that the device is still attached to the qube and will not allow attaching further devices under the same name. This may be characterized by VM manager crashes and the error message: `Houston, we have a problem`. The easiest way to recover from such a situation is to reboot the qube to which the device was attached. -If this isn't an option, you can manually recover from the situation by following the at the [Block Devices documentation](/doc/block-devices/#what-if-i-removed-the-device-before-detaching-it-from-the-vm) +If this isn't an option, you can manually recover from the situation by following the instructions at the [Block Devices documentation](/doc/block-devices/#what-if-i-removed-the-device-before-detaching-it-from-the-vm) + +## "Device attach failed" error + +Upon trying to attach a USB device using the `qvm-usb -a vm-name device-vm-name:device` command, you may face the error `Device attach failed: no device info received, connection failed, check backend side for details`. +This error mainly arises due to problems specific to the particular device (including things like a broken cable, but also device incompatible with qvm-usb ## usbVM does not boot after creating and assigning USB controllers to it ## From 8a06df940315d64d9857776b0e6bf22fc217aec6 Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Mon, 19 Oct 2020 14:56:52 +0100 Subject: [PATCH 29/45] Update usb-troubleshooting.md --- user/troubleshooting/usb-troubleshooting.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/troubleshooting/usb-troubleshooting.md b/user/troubleshooting/usb-troubleshooting.md index 57d4e2a9..2cf294eb 100644 --- a/user/troubleshooting/usb-troubleshooting.md +++ b/user/troubleshooting/usb-troubleshooting.md @@ -23,7 +23,7 @@ If this isn't an option, you can manually recover from the situation by followin ## "Device attach failed" error Upon trying to attach a USB device using the `qvm-usb -a vm-name device-vm-name:device` command, you may face the error `Device attach failed: no device info received, connection failed, check backend side for details`. -This error mainly arises due to problems specific to the particular device (including things like a broken cable, but also device incompatible with qvm-usb +This error mainly arises due to problems specific to the particular device, such as the device being incompatible with qvm-usb or a broken cable. ## usbVM does not boot after creating and assigning USB controllers to it ## From e7ae5f86dba7383ad951dbb4afc5f320e74e40cf Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Mon, 19 Oct 2020 15:11:38 +0100 Subject: [PATCH 30/45] Add info about larger swiotlb value --- user/troubleshooting/pci-troubleshooting.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user/troubleshooting/pci-troubleshooting.md b/user/troubleshooting/pci-troubleshooting.md index 38cfd153..7fc87a6d 100644 --- a/user/troubleshooting/pci-troubleshooting.md +++ b/user/troubleshooting/pci-troubleshooting.md @@ -18,6 +18,8 @@ To change this allocation, edit VM's kernel parameters (this is expressed in 512 kernelopts : iommu=soft swiotlb=2048 (default) # qvm-prefs -s netvm kernelopts "iommu=soft swiotlb=8192" +The `8192` value is the default value and some devices may require a larger value (like `16384`). + ## PCI Passthrough Issues ## Sometimes the PCI arbitrator is too strict, which may cause errors such as `Unable to reset PCI device` and other PCI-related errors. From 7d365f1083d016d8e4b9e957a0566047adf5366a Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Mon, 19 Oct 2020 17:42:33 +0100 Subject: [PATCH 31/45] Update disk-troubleshooting.md --- user/troubleshooting/disk-troubleshooting.md | 70 +++++++++++++++++--- 1 file changed, 60 insertions(+), 10 deletions(-) diff --git a/user/troubleshooting/disk-troubleshooting.md b/user/troubleshooting/disk-troubleshooting.md index d281bdf1..946b4397 100644 --- a/user/troubleshooting/disk-troubleshooting.md +++ b/user/troubleshooting/disk-troubleshooting.md @@ -16,17 +16,24 @@ redirect_from: VMs (especially templates) use pre-allocated space. The default private storage max size is 2 GB, but it's very easy to increase as needed. If the disk is completely full, you will get an `Out of disk space` error that may crash your system because Dom0 does not have enough disk space to work. -So it's good practice to regularly check disk space usage with the command `df -h` in dom0 terminal. - -A system that's out of space should be able to boot, but may be unable to load a desktop manager. -In this case it is possible to login to dom0 terminal with Alt + Ctrl + F2. -To recover disk space it may be possible to delete files in a userVM by connecting to the userVM terminal: +So it's good practice to regularly check disk space usage. +Running the `df -h` command in dom0 terminal will show some information, but not include all the relevant details. +The Qubes user interface provides a disk space widget. +If you are unable to access the interface, the command line version is running `sudo lvs | head` and looking at top entry for LVM pool. +For example: ~~~ -qvm-start -qvm-console-dispvm + LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert + pool00 qubes_dom0 twi-aotz-- 453.17g 89.95 69.78 + root qubes_dom0 Vwi-aotz-- 453.17g pool00 5.87 + swap qubes_dom0 -wi-ao---- 7.57g ~~~ +If you run `df -h`, it only shows the information in the `root` line (which is already included in the `pool00` line). +As you can see, the `sudo lvs | head` command includes additional important columns `Data%` and `Meta%`, shown in the above example to have the values 89% and 69% respectively. + +If your system is able to boot, but cannot load a desktop environment, it is possible to login to dom0 terminal with Alt + Ctrl + F2. + If this does not work, check the size of /var/lib/qubes/qubes.xml. If it is zero, you'll need to use one of the file backup (stored in /var/lib/qubes/backup), hopefully you have the current data there. Find the most recent one and place in /var/lib/qubes/qubes.xml instead of the empty file. @@ -37,7 +44,7 @@ If not, here are some hints how to free some disk space: 1. Clean yum cache. ~~~ - sudo yum clean all + sudo dnf clean all ~~~ 2. Delete `.img` files of a less important VM, which can be found in `/var/lib/qubes/appvms/`. @@ -55,7 +62,50 @@ If not, here are some hints how to free some disk space: sudo tune2fs -m 4 /dev/mapper/vg_dom0-lv_root ~~~ -4. Remove some unneeded files in dom0 home (if you have any, most likely not). +4. Remove some unneeded files in dom0 home (if you have any, most likely not). Also look for unneeded files in `/var/log` in dom0, and `/var/log/qubes`. + +The above steps applies to old VM disks format. These steps may work on Qubes 4.0, but are not default anymore. By default, Qubes 4.0 now uses LVM. The equivalent steps are: + +1. Get a list of VM disks using `sudo lvs`. + +2. Use `sudo lvremove qubes_dom0/` to remove backup copies of some less important VMs -- entries with `-back` in their name. + +3. If that isn't enough, remove actual disks of less important VMs. NOTE: You will lose the data of that VM, but your system will resume working. + +For example: + +~~~ +$ sudo lvs + LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert + pool00 qubes_dom0 twi-aotz-- 453.17g 89.95 69.78 + root qubes_dom0 Vwi-aotz-- 453.17g pool00 5.87 + swap qubes_dom0 -wi-ao---- 7.57g +(...) + vm-d10test-private qubes_dom0 Vwi-a-tz-- 2.00g pool00 vm-d10test-private-1600961860-back 29.27 + vm-d10test-private-1600961860-back qubes_dom0 Vwi-a-tz-- 2.00g pool00 4.87 + vm-d10test-standalone-private qubes_dom0 Vwi-a-tz-- 2.00g pool00 vm-d10test-standalone-private-1580772439-back 4.90 + vm-d10test-standalone-private-1580772439-back qubes_dom0 Vwi-a-tz-- 2.00g pool00 4.87 + vm-d10test-standalone-root qubes_dom0 Vwi-a-tz-- 10.00g pool00 vm-d10test-standalone-root-1580772439-back 43.37 + vm-d10test-standalone-root-1580772439-back qubes_dom0 Vwi-a-tz-- 10.00g pool00 42.05 + vm-debian-10-my-private qubes_dom0 Vwi-a-tz-- 2.00g pool00 4.96 + vm-debian-10-my-root qubes_dom0 Vwi-a-tz-- 10.00g pool00 vm-debian-10-my-root-1565013689-back 57.99 + vm-debian-10-my-root-1565013689-back qubes_dom0 Vwi-a-tz-- 10.00g pool00 56.55 + vm-debian-10-private qubes_dom0 Vwi-a-tz-- 2.00g pool00 4.94 + vm-debian-10-root qubes_dom0 Vwi-a-tz-- 10.00g pool00 vm-debian-10-root-1601126126-back 93.44 + vm-debian-10-root-1601126126-back qubes_dom0 Vwi-a-tz-- 10.00g pool00 88.75 +(...) +$ sudo lvremove qubes_dom0/vm-d10test-standalone-root-1580772439-back +Do you really want to remove and DISCARD active logical volume qubes_dom0/vm-d10test-standalone-root-1580772439-back? [y/n]: y + Logical volume "vm-d10test-standalone-root-1580772439-back" successfully removed +~~~ + +After freeing some intial space, it may be possible to recover more space by deleting files in a userVM after connecting to the userVM terminal: + +qvm-start +qvm-console-dispvm +~~~ + +Since `qvm-console-dispvm` requires working graphical user interface login, you must first free enough space to be able to start a VM and login to graphical UI. ## Can't resize VM storage / "resize2fs: Permission denied" error ## @@ -70,7 +120,7 @@ To fix this issue: 1. In the dom0 terminal get a root console on the vm (eg. sys-usb) with: ~~~ - sudo xl console -t pv sys-usb + qvm-console-dispvm sys-usb ~~~ 2. Unmount everything mounted on the private volume `/dev/xvdb partition`. From 6f217dccbdc8c8e4071a57ed53e741e2e8c16ac3 Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Mon, 19 Oct 2020 17:44:54 +0100 Subject: [PATCH 32/45] Add ~~~ --- user/troubleshooting/disk-troubleshooting.md | 1 + 1 file changed, 1 insertion(+) diff --git a/user/troubleshooting/disk-troubleshooting.md b/user/troubleshooting/disk-troubleshooting.md index 946b4397..8b02c5f7 100644 --- a/user/troubleshooting/disk-troubleshooting.md +++ b/user/troubleshooting/disk-troubleshooting.md @@ -101,6 +101,7 @@ Do you really want to remove and DISCARD active logical volume qubes_dom0/vm-d10 After freeing some intial space, it may be possible to recover more space by deleting files in a userVM after connecting to the userVM terminal: +~~~ qvm-start qvm-console-dispvm ~~~ From e87bb670ee6e460395388b29e1841f64002dca1b Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 19 Oct 2020 11:39:51 -0700 Subject: [PATCH 33/45] Add instructions for installing contributed packages --- developer/general/package-contributions.md | 4 +++ .../installing-contributed-packages.md | 33 +++++++++++++++++++ user/common-tasks/software-update-dom0.md | 5 +++ user/common-tasks/software-update-domu.md | 4 +++ 4 files changed, 46 insertions(+) create mode 100644 user/advanced-configuration/installing-contributed-packages.md diff --git a/developer/general/package-contributions.md b/developer/general/package-contributions.md index 1fcbd412..0c8bd9d5 100644 --- a/developer/general/package-contributions.md +++ b/developer/general/package-contributions.md @@ -7,6 +7,9 @@ permalink: /doc/package-contributions/ Package Contributions ===================== +_This page is for developers who wish to contribute packages. +If you want to install contributed packages, please see [installing contributed packages]._ + We're very grateful to the talented and hard-working community members who contribute software packages to Qubes OS. This page explains the inclusion criteria and procedures for such packages, as well as the roles and responsibilities of those involved. @@ -94,6 +97,7 @@ If you do not wish to be the maintainer of your package, please let us know. If you do not act on your maintainer duties for a given package for an extended period of time and after at least one reminder, we will assume that you no longer wish to be the maintainer for that package. +[installing contributed packages]: /doc/installing-contributed-packages/ [Inclusion Criteria]: #inclusion-criteria [Contribution Procedure]: #contribution-procedure [Update Procedure]: #update-procedure diff --git a/user/advanced-configuration/installing-contributed-packages.md b/user/advanced-configuration/installing-contributed-packages.md new file mode 100644 index 00000000..24a1905a --- /dev/null +++ b/user/advanced-configuration/installing-contributed-packages.md @@ -0,0 +1,33 @@ +--- +layout: doc +title: Installing contributed packages +permalink: /doc/installing-contributed-packages/ +--- + +# Installing contributed packages + +_This page is for users who wish to install contributed packages. +If you want to contribute a package, please see [package contributions]._ + + +Qubes OS contributed packages are available under the [QubesOS-contrib] GitHub Project. +This is a place where our community can [contribute Qubes OS related packages, additions and various customizations][package contributions]. + +If you want to install one of these packages, first you need to enable the repository in your system (dom0 and/or templates). This can be done by installing the `qubes-repo-contrib` package. This package includes the repository definition and keys necessary to download, verify, and install [QubesOS-contrib] packages. + +In dom0, use `qubes-dom0-update`: + + sudo qubes-dom0-update qubes-repo-contrib + +In a Fedora-based template, use `dnf`: + + sudo dnf install qubes-repo-contrib + +In a Debian-based template, use `apt`: + + sudo apt update && sudo apt install qubes-repo-contrib + + +[package contributions]: /doc/package-contributions/ +[QubesOS-contrib]: https://github.com/QubesOS-contrib/ + diff --git a/user/common-tasks/software-update-dom0.md b/user/common-tasks/software-update-dom0.md index 5f4aaa74..4512605a 100644 --- a/user/common-tasks/software-update-dom0.md +++ b/user/common-tasks/software-update-dom0.md @@ -122,6 +122,10 @@ sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable To enable or disable any of these repos permanently, change the corresponding `enabled` value to `1` in `/etc/yum.repos.d/qubes-dom0.repo`. +## Contributed package repository + +Please see [installing contributed packages]. + ## Kernel upgrade This section describes upgrading the kernel in dom0 and domUs. @@ -219,4 +223,5 @@ For example: sys-whonix. [testing]: /doc/testing/ [troubleshooting newer hardware]: /doc/newer-hardware-troubleshooting/ [Managing VM kernel]: /doc/managing-vm-kernel/ +[installing contributed packages]: /doc/installing-contributed-packages/ diff --git a/user/common-tasks/software-update-domu.md b/user/common-tasks/software-update-domu.md index f5bfa68e..0962819b 100644 --- a/user/common-tasks/software-update-domu.md +++ b/user/common-tasks/software-update-domu.md @@ -43,6 +43,9 @@ Advanced users can execute the standard update command for that operating system If you wish to install updates that are still in [testing], you must enable the appropriate testing repositories. +## Contributed package repository + +Please see [installing contributed packages]. ### Fedora @@ -314,4 +317,5 @@ Note that the app will autostart only when the AppVM starts. If you would like t [RPM Fusion]: http://rpmfusion.org/ [service framework]: /doc/qubes-service/ [How to Reinstall a TemplateVM]: /doc/reinstall-template/ +[installing contributed packages]: /doc/installing-contributed-packages/ From 510bbfe73a0adf5190d1a1f12f3dae8d7263b3fb Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 19 Oct 2020 11:44:15 -0700 Subject: [PATCH 34/45] Improve instructions for installing contributed packages Related issues: QubesOS/qubes-issues#953 QubesOS/qubes-issues#6124 --- .../installing-contributed-packages.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/user/advanced-configuration/installing-contributed-packages.md b/user/advanced-configuration/installing-contributed-packages.md index 24a1905a..b1af5a71 100644 --- a/user/advanced-configuration/installing-contributed-packages.md +++ b/user/advanced-configuration/installing-contributed-packages.md @@ -13,6 +13,8 @@ If you want to contribute a package, please see [package contributions]._ Qubes OS contributed packages are available under the [QubesOS-contrib] GitHub Project. This is a place where our community can [contribute Qubes OS related packages, additions and various customizations][package contributions]. +## Installing the repositories + If you want to install one of these packages, first you need to enable the repository in your system (dom0 and/or templates). This can be done by installing the `qubes-repo-contrib` package. This package includes the repository definition and keys necessary to download, verify, and install [QubesOS-contrib] packages. In dom0, use `qubes-dom0-update`: @@ -27,6 +29,12 @@ In a Debian-based template, use `apt`: sudo apt update && sudo apt install qubes-repo-contrib +## Installing packages + +After you've installed the repositories, you can install contributed packages. +For example, to install `qvm-screenshot-tool` in dom0: + + sudo qubes-dom0-update --clean qvm-screenshot-tool [package contributions]: /doc/package-contributions/ [QubesOS-contrib]: https://github.com/QubesOS-contrib/ From 50dab3b8e00f3bcfc0e2099a1a70b3cd0bea40a8 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 19 Oct 2020 12:05:34 -0700 Subject: [PATCH 35/45] Improve instructions for installing contributed packages Closes QubesOS/qubes-issues#6124 --- .../installing-contributed-packages.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/user/advanced-configuration/installing-contributed-packages.md b/user/advanced-configuration/installing-contributed-packages.md index b1af5a71..31fb395e 100644 --- a/user/advanced-configuration/installing-contributed-packages.md +++ b/user/advanced-configuration/installing-contributed-packages.md @@ -29,13 +29,23 @@ In a Debian-based template, use `apt`: sudo apt update && sudo apt install qubes-repo-contrib +The new repository definition will be in the usual location for your distro, and it will follow the naming pattern `qubes-contrib-*`, depending on your Qubes release and whether it is in dom0 or a TemplateVM. +For example, in a Fedora TemplateVM on Qubes 4.0, the new repository definition would be: + + /etc/yum.repos.d/qubes-contrib-vm-r4.0.repo + ## Installing packages After you've installed the repositories, you can install contributed packages. + +**Note:** The first time you install a contrib package in dom0, you must use the `--clean` flag. + For example, to install `qvm-screenshot-tool` in dom0: sudo qubes-dom0-update --clean qvm-screenshot-tool +Please see the package's README for specific installation and setup instructions. + [package contributions]: /doc/package-contributions/ [QubesOS-contrib]: https://github.com/QubesOS-contrib/ From f66797d2b63927946043eac025512e7be02d3efc Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Wed, 21 Oct 2020 04:51:21 +0100 Subject: [PATCH 36/45] Remove sentences --- user/troubleshooting/disk-troubleshooting.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/user/troubleshooting/disk-troubleshooting.md b/user/troubleshooting/disk-troubleshooting.md index 8b02c5f7..6b3788b8 100644 --- a/user/troubleshooting/disk-troubleshooting.md +++ b/user/troubleshooting/disk-troubleshooting.md @@ -13,8 +13,6 @@ redirect_from: ## "Out of disk space" error ## -VMs (especially templates) use pre-allocated space. -The default private storage max size is 2 GB, but it's very easy to increase as needed. If the disk is completely full, you will get an `Out of disk space` error that may crash your system because Dom0 does not have enough disk space to work. So it's good practice to regularly check disk space usage. Running the `df -h` command in dom0 terminal will show some information, but not include all the relevant details. From 9de3cd2ce4c887626be5719db2c6957515e633a0 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 24 Oct 2020 04:24:30 -0700 Subject: [PATCH 37/45] Fix typo (#1059) --- user/troubleshooting/disk-troubleshooting.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/troubleshooting/disk-troubleshooting.md b/user/troubleshooting/disk-troubleshooting.md index 6b3788b8..c7891dd3 100644 --- a/user/troubleshooting/disk-troubleshooting.md +++ b/user/troubleshooting/disk-troubleshooting.md @@ -97,7 +97,7 @@ Do you really want to remove and DISCARD active logical volume qubes_dom0/vm-d10 Logical volume "vm-d10test-standalone-root-1580772439-back" successfully removed ~~~ -After freeing some intial space, it may be possible to recover more space by deleting files in a userVM after connecting to the userVM terminal: +After freeing some initial space, it may be possible to recover more space by deleting files in a userVM after connecting to the userVM terminal: ~~~ qvm-start From 5d7daf471075e321d023100dcd5fd64044cb8c59 Mon Sep 17 00:00:00 2001 From: PROTechThor Date: Sun, 25 Oct 2020 05:59:34 +0100 Subject: [PATCH 38/45] Fix links --- user/advanced-configuration/disposablevm-customization.md | 4 ++-- user/common-tasks/pci-devices.md | 2 +- user/troubleshooting/pci-troubleshooting.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/user/advanced-configuration/disposablevm-customization.md b/user/advanced-configuration/disposablevm-customization.md index 716a1ede..1e14eddd 100644 --- a/user/advanced-configuration/disposablevm-customization.md +++ b/user/advanced-configuration/disposablevm-customization.md @@ -286,7 +286,7 @@ Using DisposableVMs in this manner is ideal for untrusted qubes which require pe ### Starting the DisposableVMs -Prior to starting the new VMs, users should ensure that no other VMs such as the old `sys-net` and `sys-usb` VMs are running. This is because no two VMs can share the same PCI device while both running. It is recommended that users detach the PCI devices from the old VMs without deleting them. This will allow users to reattach the PCI devices if the newly created DisposableVMs fail to start. +Prior to starting the new VMs, users should ensure that no other VMs such as the old `sys-net` and `sys-usb` VMs are running. This is because no two VMs can share the same PCI device while both running. It is recommended that users detach the PCI devices from the old VMs without deleting them. This will allow users to reattach the PCI devices if the newly created DisposableVMs fail to start. Detach PCI device from VM: @@ -295,7 +295,7 @@ Prior to starting the new VMs, users should ensure that no other VMs such as the ### Troubleshooting -If the `disp-sys-usb` does not start, it could be due to a PCI passthrough problem. For more details on this issue along with possible solutions, users can look [here](/doc/pci-devices/#pci-passthrough-issues). +If the `disp-sys-usb` does not start, it could be due to a PCI passthrough problem. For more details on this issue along with possible solutions, users can look [here](/doc/pci-troubleshooting/#pci-passthrough-issues). ## Deleting DisposableVMs diff --git a/user/common-tasks/pci-devices.md b/user/common-tasks/pci-devices.md index e1228dd6..750272be 100644 --- a/user/common-tasks/pci-devices.md +++ b/user/common-tasks/pci-devices.md @@ -81,7 +81,7 @@ For example, if `00_1a.0` is the BDF of the device you want to attach to the "wo ## Possible Issues ## -Visit the [PCI Troubleshooting guide](pci-troubleshoot) to see issues that may arise due to PCI devices and how to troubleshoot them. +Visit the [PCI Troubleshooting guide](/doc/pci-troubleshooting/) to see issues that may arise due to PCI devices and how to troubleshoot them. ## Additional Attach Options ## diff --git a/user/troubleshooting/pci-troubleshooting.md b/user/troubleshooting/pci-troubleshooting.md index 7fc87a6d..8dcabc7e 100644 --- a/user/troubleshooting/pci-troubleshooting.md +++ b/user/troubleshooting/pci-troubleshooting.md @@ -131,7 +131,7 @@ You can fix the problem by going to the sys-net VM's settings and changing the V ## Attached devices in Windows HVM stop working on suspend/resume ## After the whole system gets suspended into S3 sleep and subsequently resumed, some attached devices may stop working. -Refer to [Suspend/Resume Troubleshooting](/doc/suspend-resume-troubleshooting/#attached-devices-in-Windows-HVM-stop-working-on-suspendresume) for a solution. +Refer to [Suspend/Resume Troubleshooting](/doc/suspend-resume-troubleshooting/#attached-devices-in-windows-hvm-stop-working-on-suspendresume) for a solution. ## PCI device not available in dom0 after being unassigned from a qube ## From cf242bdbdf169765c9ac3009964b998507d5b5bf Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Sun, 25 Oct 2020 06:01:03 +0100 Subject: [PATCH 39/45] Update pci-devices.md --- user/common-tasks/pci-devices.md | 1 - 1 file changed, 1 deletion(-) diff --git a/user/common-tasks/pci-devices.md b/user/common-tasks/pci-devices.md index 750272be..c6fd76ff 100644 --- a/user/common-tasks/pci-devices.md +++ b/user/common-tasks/pci-devices.md @@ -143,7 +143,6 @@ or [USB]:/doc/usb-devices/ [appmenu]: /attachment/wiki/Devices/qubes-appmenu-select.png [domain manager icon]: /attachment/wiki/Devices/qubes-logo-icon.png -[pci-troubleshoot]:/doc/pci-troubleshooting [qvm-device]: /doc/device-handling/#general-qubes-device-widget-behavior-and-handling [side channel attacks]: https://en.wikipedia.org/wiki/Side-channel_attack From ef890d42532e2778806f0f28747f490596403553 Mon Sep 17 00:00:00 2001 From: hackerncoder Date: Sun, 25 Oct 2020 17:04:17 +0100 Subject: [PATCH 40/45] change applicable images to 4.1 screenshots --- introduction/intro.html | 8 ++--- introduction/screenshots.md | 30 +++++++++---------- .../resize-disk-image.md | 2 +- user/common-tasks/disposablevm.md | 4 +-- user/common-tasks/getting-started.md | 8 ++--- user/common-tasks/managing-appvm-shortcuts.md | 4 +-- user/security-in-qubes/firewall.md | 2 +- 7 files changed, 29 insertions(+), 29 deletions(-) diff --git a/introduction/intro.html b/introduction/intro.html index 94469289..25af3bcb 100644 --- a/introduction/intro.html +++ b/introduction/intro.html @@ -186,8 +186,8 @@ redirect_from:

@@ -268,8 +268,8 @@ redirect_from:

diff --git a/introduction/screenshots.md b/introduction/screenshots.md index 0f15d5f6..9a20b249 100644 --- a/introduction/screenshots.md +++ b/introduction/screenshots.md @@ -11,19 +11,19 @@ redirect_from: Select Qubes OS Screenshots =========================== -[![r32-xfce-desktop.png](/attachment/wiki/QubesScreenshots/r32-xfce-desktop.png)](/attachment/wiki/QubesScreenshots/r32-xfce-desktop.png) +[![r4.1-xfce-desktop.png](/attachment/wiki/QubesScreenshots/r4.1-xfce-desktop.png)](/attachment/wiki/QubesScreenshots/r4.1-xfce-desktop.png) The default desktop environment is Xfce4. * * * * * -[![r2b2-kde-start-menu.png](/attachment/wiki/QubesScreenshots/r2b2-kde-start-menu.png)](/attachment/wiki/QubesScreenshots/r2b2-kde-start-menu.png) +[![r4.1-xfce-start-menu.png](/attachment/wiki/QubesScreenshots/r4.1-xfce-start-menu.png)](/attachment/wiki/QubesScreenshots/r4.1-xfce-start-menu.png) Starting applications from different domains (AppVMs) is very easy. * * * * * -[![r2b2-kde-three-domains-at-work.png](/attachment/wiki/QubesScreenshots/r2b2-kde-three-domains-at-work.png)](/attachment/wiki/QubesScreenshots/r2b2-kde-three-domains-at-work.png) +[![r4.1-xfce-three-domains-at-work.png](/attachment/wiki/QubesScreenshots/r4.1-xfce-three-domains-at-work.png)](/attachment/wiki/QubesScreenshots/r4.1-xfce-three-domains-at-work.png) In this example, the word processor runs in the “work” domain, which has been assigned the “green” label. It is fully isolated from other domains, such as the “untrusted” domain (assigned the “red” label -- “Watch out!”, “Danger!”) used for random Web browsing, news reading, as well as from the "work-web" domain (assigned the "yellow" label), which is used for work-related Web browsing that is not security critical. Apps from different domains run in different AppVMs and have different X servers, filesystems, etc. Notice the different color frames (labels) and VM names in the titlebars. These are drawn by the trusted Window Manager running in Dom0, and apps running in domains cannot fake them: @@ -41,61 +41,61 @@ Windows AppVMs are fully integrated with the rest of the Qubes OS system, which * * * * * -[![r2b2-xfce4-programmers-desktop-2.png](/attachment/wiki/QubesScreenshots/r2b2-xfce4-programmers-desktop-2.png)](/attachment/wiki/QubesScreenshots/r2b2-xfce4-programmers-desktop-2.png) +[![r4.1-xfce-programmers-desktop.png](/attachment/wiki/QubesScreenshots/r4.1-xfce-programmers-desktop.png)](/attachment/wiki/QubesScreenshots/r4.1-xfce-programmers-desktop.png) Here we see Xfce4.10 Window Manager running in Dom0 (instead of KDE as on previous screens). Qubes supports customized Xfce4 in dom0 beginning with R2 Beta 2! * * * * * -[![password-prompt.png](/attachment/wiki/QubesScreenshots/password-prompt.png)](/attachment/wiki/QubesScreenshots/password-prompt.png) +[![r4.1-password-prompt.png](/attachment/wiki/QubesScreenshots/r4.1-password-prompt.png)](/attachment/wiki/QubesScreenshots/r4.1-password-prompt.png) It is always clearly visible to which domain a given window belongs. Here it’s immediately clear that the passphrase-prompting window belongs to some domain with the “green” label. When we look at the titlebar, we see “[work]”, which is the name of the actual domain. Theoretically, the untrusted application (here, the “red” Firefox) beneath the prompt window could draw a similar looking window within its contents. In practice, this would be very hard, because it doesn’t know, e.g., the exact decoration style that is in use. However, if this is a concern, the user can simply try to move the more trusted window onto some empty space on the desktop such that no other window is present beneath it. Or, better yet, use the Expose-like effect (available via a hot-key). A malicious application from an untrusted domain cannot spoof the whole desktop because the trusted Window Manager will never let any domain “own” the whole screen. Its titlebar will always be visible. * * * * * -[![r2b2-kde-tray-icons.png](/attachment/wiki/QubesScreenshots/r2b2-kde-tray-icons.png)](/attachment/wiki/QubesScreenshots/r2b2-kde-tray-icons.png) +[![r4.1-xfce-tray-icons.png](/attachment/wiki/QubesScreenshots/r4.1-xfce-tray-icons.png)](/attachment/wiki/QubesScreenshots/r4.1-xfce-tray-icons.png) Qubes is all about seamless integration from the user’s point of view. Here you can see how it virtualizes tray icons from other domains. Notice the network icon in a red frame. This icon is in fact managed by the Network Manager running in a separate NetVM. The notes icon (with the green frame around it) has been drawn by the note-taking app running in the work domain (which has the "green" label). * * * * * -[![r2b2-manager-and-netvm-network-prompt.png](/attachment/wiki/QubesScreenshots/r2b2-manager-and-netvm-network-prompt.png)](/attachment/wiki/QubesScreenshots/r2b2-manager-and-netvm-network-prompt.png) +[![r2b2-manager-and-netvm-network-prompt.png](/attachment/wiki/QubesScreenshots/r4.1-manager-and-sysnet-network-prompt.png)](/attachment/wiki/QubesScreenshots/r4.1-manager-and-sysnet-network-prompt.png) All the networking runs in a special, unprivileged NetVM. (Notice the red frame around the Network Manager dialog box on the screen above.) This means that in the event that your network card driver, Wi-Fi stack, or DHCP client is compromised, the integrity of the rest of the system will not be affected! This feature requires Intel VT-d or AMD IOMMU hardware (e.g., Core i5/i7 systems). * * * * * -[![r2b2-software-update.png](/attachment/wiki/QubesScreenshots/r2b2-software-update.png)](/attachment/wiki/QubesScreenshots/r2b2-software-update.png) +[![r4.1-software-update.png](/attachment/wiki/QubesScreenshots/r4.1-software-update.png)](/attachment/wiki/QubesScreenshots/r4.1-software-update.png) Qubes lets you update all the software in all the domains all at once, in a centralized way. This is possible thanks to Qubes' unique TemplateVM technology. Note that the user is not required to shut down any AppVMs (domains) for the update process. This can be done later, at a convenient moment, and separately for each AppVM. * * * * * -[![copy-paste-1.png](/attachment/wiki/QubesScreenshots/copy-paste-1.png)](/attachment/wiki/QubesScreenshots/copy-paste-1.png) [![copy-paste-2.png](/attachment/wiki/QubesScreenshots/copy-paste-2.png)](/attachment/wiki/QubesScreenshots/copy-paste-2.png) +[![r4.1-copy-paste.png](/attachment/wiki/QubesScreenshots/r4.1-copy-paste.png)](/attachment/wiki/QubesScreenshots/r4.1-copy-paste.png) Qubes supports secure copy-and-paste operations between AppVMs. Only the user can initiate a copy or paste operation using a special key combination (Ctrl-Shift-C/V). Other AppVMs have no access to the clipboard buffer, so they cannot steal data from the clipboard. Only the user decides which AppVM should be given access to the clipboard. (This is done by selecting the destination AppVM’s window and pressing the Ctrl-Shift-V combination.) * * * * * -[!["r2b2-copy-to-other-appvm-1.png](/attachment/wiki/QubesScreenshots/r2b2-copy-to-other-appvm-1.png)](/attachment/wiki/QubesScreenshots/r2b2-copy-to-other-appvm-1.png) [![r2b2-copy-to-other-appvm-3.png](/attachment/wiki/QubesScreenshots/r2b2-copy-to-other-appvm-3.png)](/attachment/wiki/QubesScreenshots/r2b2-copy-to-other-appvm-3.png) +[!["r4.1-copy-to-other-appvm-1.png](/attachment/wiki/QubesScreenshots/r4.1-copy-to-other-appvm-1.png)](/attachment/wiki/QubesScreenshots/r4.1-copy-to-other-appvm-1.png) [![r4.1-copy-to-other-appvm-3.png](/attachment/wiki/QubesScreenshots/r4.1-copy-to-other-appvm-2.png)](/attachment/wiki/QubesScreenshots/r4.1-copy-to-other-appvm-2.png) Qubes also supports secure file copying between AppVMs. * * * * * -[![r2b2-open-in-dispvm-1.png](/attachment/wiki/QubesScreenshots/r2b2-open-in-dispvm-1.png)](/attachment/wiki/QubesScreenshots/r2b2-open-in-dispvm-1.png) [![r2b2-open-in-dispvm-3.png](/attachment/wiki/QubesScreenshots/r2b2-open-in-dispvm-3.png)](/attachment/wiki/QubesScreenshots/r2b2-open-in-dispvm-3.png) +[![r4.1-open-in-dispvm-1.png](/attachment/wiki/QubesScreenshots/r4.1-open-in-dispvm-1.png)](/attachment/wiki/QubesScreenshots/r4.1-open-in-dispvm-1.png) [![r4.1-open-in-dispvm-2.png](/attachment/wiki/QubesScreenshots/r4.1-open-in-dispvm-2.png)](/attachment/wiki/QubesScreenshots/r4.1-open-in-dispvm-2.png) Qubes' unique DisposableVMs (DispVMs) allow the user to open any file in a disposable VM in a matter of seconds! A file can be edited in a disposable VM, and any changes are projected back onto the original file. Currently, there is no way to mark files to be automatically opened in a disposable VM (one needs to right-click on the file and choose the "Open in DisposableVM" option), but this is planned for the R2 Beta 3 release. * * * * * -[![r2b2-convert-to-trusted-pdf-3.png](/attachment/wiki/QubesScreenshots/r2b2-convert-to-trusted-pdf-3.png)](/attachment/wiki/QubesScreenshots/r2b2-convert-to-trusted-pdf-3.png) [![r2b2-converting-pdf-2.png](/attachment/wiki/QubesScreenshots/r2b2-converting-pdf-2.png)](/attachment/wiki/QubesScreenshots/r2b2-converting-pdf-2.png) +[![r4.1-convert-to-trusted-pdf.png](/attachment/wiki/QubesScreenshots/r4.1-convert-to-trusted-pdf.png)](/attachment/wiki/QubesScreenshots/r4.1-convert-to-trusted-pdf.png) [![r4.1-converting-pdf.png](/attachment/wiki/QubesScreenshots/r4.1-converting-pdf.png)](/attachment/wiki/QubesScreenshots/r4.1-converting-pdf.png) Qubes provides an advanced infrastructure for programming inter-VM services, such as a PDF converter for untrusted files (which is described in [this article](https://blog.invisiblethings.org/2013/02/21/converting-untrusted-pdfs-into-trusted.html)). * * * * * -[![r2b1-manager-firewall.png](/attachment/wiki/QubesScreenshots/r2b1-manager-firewall.png)](/attachment/wiki/QubesScreenshots/r2b1-manager-firewall.png) +[![r4.1-manager-firewall.png](/attachment/wiki/QubesScreenshots/r4.1-manager-firewall.png)](/attachment/wiki/QubesScreenshots/r4.1-manager-firewall.png) Qubes provides a dedicated firewall that itself runs in an isolated FirewallVM. @@ -103,9 +103,9 @@ Qubes provides a dedicated firewall that itself runs in an isolated FirewallVM. And some more screenshots: -[![r2b2-xfce4-start-menu-3.png](/attachment/wiki/QubesScreenshots/r2b2-xfce4-start-menu-3.png)](/attachment/wiki/QubesScreenshots/r2b2-xfce4-start-menu-3.png) +[![r4.1-xfce-start-menu.png](/attachment/wiki/QubesScreenshots/r4.1-xfce-start-menu.png)](/attachment/wiki/QubesScreenshots/r4.1-xfce-start-menu.png) -[![r2b2-kde-red-and-green-terminals.png](/attachment/wiki/QubesScreenshots/r2b2-kde-red-and-green-terminals.png)](/attachment/wiki/QubesScreenshots/r2b2-kde-red-and-green-terminals.png) +[![r4.1-xfce-red-and-green-terminals.png](/attachment/wiki/QubesScreenshots/r4.1-xfce-red-and-green-terminals.png)](/attachment/wiki/QubesScreenshots/r4.1-xfce-red-and-green-terminals.png) [![r2b3-windows-seamless-2.png](/attachment/wiki/QubesScreenshots/r2b3-windows-seamless-2.png)](/attachment/wiki/QubesScreenshots/r2b3-windows-seamless-2.png) diff --git a/user/advanced-configuration/resize-disk-image.md b/user/advanced-configuration/resize-disk-image.md index a2e438be..aa008f12 100644 --- a/user/advanced-configuration/resize-disk-image.md +++ b/user/advanced-configuration/resize-disk-image.md @@ -30,7 +30,7 @@ Increasing the size of Disk Images There are several disk images which can be easily extended, but pay attention to the overall consumed space of your sparse/thin disk images. In most cases, the GUI tool Qube Settings (available for every qube from the Start menu, and also in the Qube Manager) will allow you to easily increase maximum disk image size. -![vm-settings-disk-image.png](/attachment/wiki/DiskSize/vm-settings-disk-image.png) +![vm-settings-disk-image.png](/attachment/wiki/DiskSize/r4.1-vm-settings-disk-image.png) In case of standalone qubes and templates, just change the Disk Storage settings above. In case of template-based qubes, the private storage (the /home directory and user files) can be changed in the qube's own settings, but the system root image is [inherited from the template](/getting-started/), and so it must be changed in the template settings. diff --git a/user/common-tasks/disposablevm.md b/user/common-tasks/disposablevm.md index 3e7c452a..a0f6e205 100644 --- a/user/common-tasks/disposablevm.md +++ b/user/common-tasks/disposablevm.md @@ -95,7 +95,7 @@ This app is running in its own dedicated VM -- a DisposableVM created for the pu Once you close the viewing application the whole DisposableVM will be destroyed. If you have edited the file and saved the changes, the changed file will be saved back to the original AppVM, overwriting the original. -![r1-open-in-dispvm-1.png](/attachment/wiki/DisposableVms/r1-open-in-dispvm-1.png) ![r1-open-in-dispvm-2.png](/attachment/wiki/DisposableVms/r1-open-in-dispvm-2.png) +![r4.1-open-in-dispvm-1.png](/attachment/wiki/DisposableVms/r4.1-open-in-dispvm-1.png) ![r4.1-open-in-dispvm-2.png](/attachment/wiki/DisposableVms/r4.1-open-in-dispvm-2.png) ## Opening a fresh web browser instance in a new DisposableVM ## @@ -105,7 +105,7 @@ This can be done easily using the Start Menu: just go to **Application Menu -\> Wait a few seconds until a web browser starts. Once you close the viewing application the whole DisposableVM will be destroyed. -![r1-open-in-dispvm-3.png](/attachment/wiki/DisposableVms/r1-open-in-dispvm-3.png) +![r4.1-open-in-dispvm-3.png](/attachment/wiki/DisposableVms/r4.1-open-in-dispvm-3.png) ## Opening a file in a DisposableVM via command line (from AppVM) ## diff --git a/user/common-tasks/getting-started.md b/user/common-tasks/getting-started.md index 18729c39..01563286 100644 --- a/user/common-tasks/getting-started.md +++ b/user/common-tasks/getting-started.md @@ -45,7 +45,7 @@ For example, you could use the colors to show that qubes belong to the same doma You might use three or four qubes for work activities and give them all the same distinct color label, for instance. It's entirely up to you. -![snapshot_40.png](/attachment/wiki/GettingStarted/snapshot_40.png) +![snapshot_40.png](/attachment/wiki/GettingStarted/r4.1-snapshot_40.png) In addition to qubes and templates, there's one special domain called [dom0], where many system tools and the desktop manager run. This is where you log in to the system. @@ -77,7 +77,7 @@ Alternatively, you can use a suite of GUI tools, most of which are available thr - The **Disk Space Widget** will notify you if you're ever running out of disk space. - The **Updates Widget** will inform you when template updates are available. -![q40_widgets.png](/attachment/wiki/GettingStarted/q40_widgets.png) +![q40_widgets.png](/attachment/wiki/GettingStarted/r4.1-q40_widgets.png) For an overview of the entire system, you can use the **Qube Manager** (go to the Application Launcher → System Tools → Qube Manager), which displays the states of all the qubes in your system. @@ -91,9 +91,9 @@ You can start apps directly from the Application Launcher or the Application Fin Each qube has its own menu directory under the scheme `Domain: `. After navigating into one of these directories, simply click on the application you'd like to start: -![menu1.png](/attachment/wiki/GettingStarted/menu1.png) +![menu1.png](/attachment/wiki/GettingStarted/r4.1-menu1.png) -![menu2.png](/attachment/wiki/GettingStarted/menu2.png) +![menu2.png](/attachment/wiki/GettingStarted/r4.1-menu2.png) By default, each qube's menu contains only a few shortcuts. If you'd like to add more, enter the qube's **Qube Settings** and add them on the Applications tab. diff --git a/user/common-tasks/managing-appvm-shortcuts.md b/user/common-tasks/managing-appvm-shortcuts.md index e098e514..837d7a42 100644 --- a/user/common-tasks/managing-appvm-shortcuts.md +++ b/user/common-tasks/managing-appvm-shortcuts.md @@ -14,7 +14,7 @@ Managing shortcuts to applications in AppVMs For ease of use Qubes aggregates shortcuts to applications that are installed in AppVMs and shows them in one "start menu" in dom0. Clicking on such shortcut runs the assigned application in its AppVM. -![dom0-menu.png"](/attachment/wiki/ManagingAppVmShortcuts/dom0-menu.png) +![dom0-menu.png"](/attachment/wiki/ManagingAppVmShortcuts/r4.1-dom0-menu.png) To make applications newly installed via the OS's package manager show up in the menu, use the `qvm-sync-appmenus` command (Linux VMs do this automatically): @@ -22,7 +22,7 @@ To make applications newly installed via the OS's package manager show up in the After that, select the *Add more shortcuts* entry in the VM's submenu to customize which applications are shown: -![dom0-appmenu-select.png"](/attachment/wiki/ManagingAppVmShortcuts/dom0-appmenu-select.png) +![dom0-appmenu-select.png"](/attachment/wiki/ManagingAppVmShortcuts/r4.1-dom0-appmenu-select.png) The above image shows that Windows HVMs are also supported (provided that Qubes Tools are installed). diff --git a/user/security-in-qubes/firewall.md b/user/security-in-qubes/firewall.md index 17e305b0..2220eb64 100644 --- a/user/security-in-qubes/firewall.md +++ b/user/security-in-qubes/firewall.md @@ -30,7 +30,7 @@ How to edit rules In order to edit rules for a given qube, select it in the Qubes Manager and press the "firewall" button: -![r2b1-manager-firewall.png](/attachment/wiki/QubesFirewall/r2b1-manager-firewall.png) +![r4.1-manager-firewall.png](/attachment/wiki/QubesFirewall/r4.1-manager-firewall.png) *R4.0 note:* ICMP and DNS are no longer accessible in the GUI, but can be changed via `qvm-firewall` described below. Connections to Updates Proxy are no longer made over network so can not be allowed or blocked with firewall rules (see [R4.0 Updates proxy](https://www.qubes-os.org/doc/software-update-vm/) for more detail. From e9d2c7a655415ca3b2285c1a36a4f934da4b93a3 Mon Sep 17 00:00:00 2001 From: PROTechThor Date: Mon, 26 Oct 2020 04:22:27 +0100 Subject: [PATCH 41/45] Fix links --- introduction/faq.md | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/introduction/faq.md b/introduction/faq.md index 139aaa23..5839257f 100644 --- a/introduction/faq.md +++ b/introduction/faq.md @@ -487,7 +487,26 @@ Enable "debug mode" in the qube's settings, either by checking the box labeled " ### I created a usbVM and assigned usb controllers to it. Now the usbVM wont boot. This is probably because one of the controllers does not support reset. -See the [USB Troubleshooting guide](/doc/usb-troubleshooting/#usbVM-does-not-boot-after-creating-and-assigning-USB-controllers-to-it). +See the [USB Troubleshooting guide](/doc/usb-troubleshooting/#usbvm-does-not-boot-after-creating-and-assigning-usb-controllers-to-it). + +### I assigned a PCI device to a qube, then unassigned it/shut down the qube. Why isn't the device available in dom0? + +This is an intended feature. +A device which was previously assigned to a less trusted qube could attack dom0 if it were automatically reassigned there. +In order to re-enable the device in dom0, either: + + * Reboot the physical machine. + +or + + * Go to the sysfs (`/sys/bus/pci`), find the right device, detach it from the pciback driver and attach back to the original driver. Replace `` with your device, for example `00:1c.2`: + + echo 0000: > /sys/bus/pci/drivers/pciback/unbind + MODALIAS=`cat /sys/bus/pci/devices/0000:/modalias` + MOD=`modprobe -R $MODALIAS | head -n 1` + echo 0000: > /sys/bus/pci/drivers/$MOD/bind + +See also [here][assign_devices]. ### How do I install Flash in a Debian qube? From 9bafa3d27dd391e51002d8939f25c36218f8fd03 Mon Sep 17 00:00:00 2001 From: hackerncoder Date: Mon, 26 Oct 2020 21:27:53 +0100 Subject: [PATCH 42/45] Remove -2 from qubes-manager. Add -1 to convertPDF. Change sysnet-network-prompt to r4.1-..-sysnet.. --- introduction/intro.html | 4 ++-- introduction/screenshots.md | 7 +++---- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/introduction/intro.html b/introduction/intro.html index 25af3bcb..9aa959eb 100644 --- a/introduction/intro.html +++ b/introduction/intro.html @@ -186,8 +186,8 @@ redirect_from:

diff --git a/introduction/screenshots.md b/introduction/screenshots.md index 9a20b249..811ad773 100644 --- a/introduction/screenshots.md +++ b/introduction/screenshots.md @@ -59,10 +59,9 @@ Qubes is all about seamless integration from the user’s point of view. Here yo * * * * * -[![r2b2-manager-and-netvm-network-prompt.png](/attachment/wiki/QubesScreenshots/r4.1-manager-and-sysnet-network-prompt.png)](/attachment/wiki/QubesScreenshots/r4.1-manager-and-sysnet-network-prompt.png) - -All the networking runs in a special, unprivileged NetVM. (Notice the red frame around the Network Manager dialog box on the screen above.) This means that in the event that your network card driver, Wi-Fi stack, or DHCP client is compromised, the integrity of the rest of the system will not be affected! This feature requires Intel VT-d or AMD IOMMU hardware (e.g., Core i5/i7 systems). +[![r4.1-manager-and-sysnet-network-prompt.png](/attachment/wiki/QubesScreenshots/r4.1-manager-and-sysnet-network-prompt.png)](/attachment/wiki/QubesScreenshots/r4.1-manager-and-sysnet-network-prompt.png) +All the networking runs in a special, unprivileged NetVM. (Notice the red frame around the Network Manager dialog box on the screen above.) This means that in the event that your network card driver, Wi-Fi stack, or DHCP client is compromised, the integrity of the rest of the system will not be affected! This feature requires Intel VT-d or AMD IOMMU hardware (e.g., Core i5/i7 systems4.1 * * * * * [![r4.1-software-update.png](/attachment/wiki/QubesScreenshots/r4.1-software-update.png)](/attachment/wiki/QubesScreenshots/r4.1-software-update.png) @@ -89,7 +88,7 @@ Qubes' unique DisposableVMs (DispVMs) allow the user to open any file in a dispo * * * * * -[![r4.1-convert-to-trusted-pdf.png](/attachment/wiki/QubesScreenshots/r4.1-convert-to-trusted-pdf.png)](/attachment/wiki/QubesScreenshots/r4.1-convert-to-trusted-pdf.png) [![r4.1-converting-pdf.png](/attachment/wiki/QubesScreenshots/r4.1-converting-pdf.png)](/attachment/wiki/QubesScreenshots/r4.1-converting-pdf.png) +[![r4.1-convert-to-trusted-pdf-1.png](/attachment/wiki/QubesScreenshots/r4.1-convert-to-trusted-pdf-1.png)](/attachment/wiki/QubesScreenshots/r4.1-convert-to-trusted-pdf-1.png) [![r4.1-converting-pdf.png](/attachment/wiki/QubesScreenshots/r4.1-converting-pdf.png)](/attachment/wiki/QubesScreenshots/r4.1-converting-pdf.png) Qubes provides an advanced infrastructure for programming inter-VM services, such as a PDF converter for untrusted files (which is described in [this article](https://blog.invisiblethings.org/2013/02/21/converting-untrusted-pdfs-into-trusted.html)). From 09602cd961dc2aacc8003febba92f7cf4ca0ca35 Mon Sep 17 00:00:00 2001 From: hackerncoder Date: Mon, 26 Oct 2020 21:39:43 +0100 Subject: [PATCH 43/45] Fix me not being able to use vim (4.1 > ')') --- introduction/screenshots.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/introduction/screenshots.md b/introduction/screenshots.md index 811ad773..5df0dffe 100644 --- a/introduction/screenshots.md +++ b/introduction/screenshots.md @@ -61,7 +61,7 @@ Qubes is all about seamless integration from the user’s point of view. Here yo [![r4.1-manager-and-sysnet-network-prompt.png](/attachment/wiki/QubesScreenshots/r4.1-manager-and-sysnet-network-prompt.png)](/attachment/wiki/QubesScreenshots/r4.1-manager-and-sysnet-network-prompt.png) -All the networking runs in a special, unprivileged NetVM. (Notice the red frame around the Network Manager dialog box on the screen above.) This means that in the event that your network card driver, Wi-Fi stack, or DHCP client is compromised, the integrity of the rest of the system will not be affected! This feature requires Intel VT-d or AMD IOMMU hardware (e.g., Core i5/i7 systems4.1 +All the networking runs in a special, unprivileged NetVM. (Notice the red frame around the Network Manager dialog box on the screen above.) This means that in the event that your network card driver, Wi-Fi stack, or DHCP client is compromised, the integrity of the rest of the system will not be affected! This feature requires Intel VT-d or AMD IOMMU hardware (e.g., Core i5/i7 systems) * * * * * [![r4.1-software-update.png](/attachment/wiki/QubesScreenshots/r4.1-software-update.png)](/attachment/wiki/QubesScreenshots/r4.1-software-update.png) From dde36d4515259e0a030268bb55145358c5c1f0ac Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Tue, 27 Oct 2020 18:00:40 -0700 Subject: [PATCH 44/45] Remove outdated KDE screenshots QubesOS/qubes-issues#5838 --- introduction/screenshots.md | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/introduction/screenshots.md b/introduction/screenshots.md index 0f15d5f6..d089a235 100644 --- a/introduction/screenshots.md +++ b/introduction/screenshots.md @@ -109,15 +109,3 @@ And some more screenshots: [![r2b3-windows-seamless-2.png](/attachment/wiki/QubesScreenshots/r2b3-windows-seamless-2.png)](/attachment/wiki/QubesScreenshots/r2b3-windows-seamless-2.png) -* * * * * - -The following screenshots, [courtesy of Qubes user nalu](https://groups.google.com/d/topic/qubes-users/KhfzF19NG1s/discussion), demonstrate some of the ways in which KDE can be customized to work with Qubes: - -[![r3rc1-nalu-desktop-1.png](/attachment/wiki/QubesScreenshots/r3rc1-nalu-desktop-1.png)](/attachment/wiki/QubesScreenshots/r3rc1-nalu-desktop-1.png) - -[![r3rc1-nalu-desktop-2.png](/attachment/wiki/QubesScreenshots/r3rc1-nalu-desktop-2.png)](/attachment/wiki/QubesScreenshots/r3rc1-nalu-desktop-2.png) - -[![r3rc1-nalu-desktop-3.png](/attachment/wiki/QubesScreenshots/r3rc1-nalu-desktop-3.png)](/attachment/wiki/QubesScreenshots/r3rc1-nalu-desktop-3.png) - -[![r3rc1-nalu-desktop-4.png](/attachment/wiki/QubesScreenshots/r3rc1-nalu-desktop-4.png)](/attachment/wiki/QubesScreenshots/r3rc1-nalu-desktop-4.png) - From 0e5a97785c2d57b4bdf83229622c9342594b051d Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Tue, 27 Oct 2020 19:23:57 -0700 Subject: [PATCH 45/45] Add information about doc review security --- developer/general/doc-guidelines.md | 19 ++++++++++++++++++- introduction/faq.md | 2 +- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/developer/general/doc-guidelines.md b/developer/general/doc-guidelines.md index 79bb1d26..55f8d9a8 100644 --- a/developer/general/doc-guidelines.md +++ b/developer/general/doc-guidelines.md @@ -18,6 +18,22 @@ The documentation is a community effort. Volunteers work hard trying to keep eve If you notice a problem or some way it can be improved, please [edit the documentation][contribute]! +Security +-------- + +All pull requests against [qubes-doc] must pass review prior to be merged, except in the case of [external documentation] (see [#4693]). +This process is designed to ensure that contributed text is accurate and non-malicious. +This process is a best effort that should provide a reasonable degree of assurance, but it is not foolproof. +For example, all text characters are checked for ANSI escape sequences. +However, binaries, such as images, are simply checked to ensure they appear or function the way they should when the website is rendered. +They are not further analyzed in an attempt to determine whether they are malicious. + +Once a pull request passes review, the reviewer should add a signed comment stating, "Passed review as of ``" (or similar). +The documentation maintainer then verifies that the pull request is mechanically sound (no merge conflicts, broken links, ANSI escapes, etc.). +If so, the documentation maintainer then merges the pull request, adds a PGP-signed tag to the latest commit (usually the merge commit), then pushes to the remote. +In cases in which another reviewer is not required, the documentation maintainer may review the pull request (in which case no signed comment is necessary, since it would be redundant with the signed tag). + + Questions, problems, and improvements ------------------------------------- @@ -304,4 +320,5 @@ Please try to write good commit messages, according to the [git-commit]: /doc/coding-style/#commit-message-guidelines [render the site locally]: https://github.com/QubesOS/qubesos.github.io#instructions [qubes-attachment]: https://github.com/QubesOS/qubes-attachment - +[external documentation]: /doc/#external-documentation +[#4693]: https://github.com/QubesOS/qubes-issues/issues/4693 diff --git a/introduction/faq.md b/introduction/faq.md index 5839257f..3ea75e7f 100644 --- a/introduction/faq.md +++ b/introduction/faq.md @@ -278,7 +278,7 @@ This website is hosted on [GitHub Pages][] ([why?][]). Therefore, it is largely outside of our control. We don't consider this a problem, however, since we explicitly [distrust the infrastructure]. For this reason, we don't think that anyone should place undue trust in the live version of this site on the Web. -Instead, if you want to obtain your own trustworthy copy of this website in a secure way, you should clone our [website repo], [verify the PGP signatures on the commits and/or tags] signed by the [doc-signing keys], then either [render the site on your local machine][render] or simply read the source, the vast majority of which was [intentionally written in Markdown so as to be readable as plain text for this very reason][Markdown]. +Instead, if you want to obtain your own trustworthy copy of this website in a secure way, you should clone our [website repo], [verify the PGP signatures on the commits and/or tags] signed by the [doc-signing keys] (which indicates that the content has undergone review per our [documentation guidelines]), then either [render the site on your local machine][render] or simply read the source, the vast majority of which was [intentionally written in Markdown so as to be readable as plain text for this very reason][Markdown]. We've gone to special effort to set all of this up so that no one has to trust the infrastructure and so that the contents of this website are maximally available and accessible. ### What does it mean to "distrust the infrastructure"?