Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-11-29 16:07:12 -05:00
Code Issues Projects Releases Packages Wiki Activity

fixed linter warnings

Browse source
This commit is contained in:
qubedmaiska 2025-09-09 12:05:31 -04:00
parent e93ddb3796
commit 1be6e5f9b9
No known key found for this signature in database
GPG key ID: 204BCE0FD52C0501
36 changed files with 107 additions and 229 deletions
Download patch file Download diff file Expand all files Collapse all files

2
user/advanced-topics/how-to-install-software-in-dom0.rst
View file

@ -206,7 +206,7 @@ Update the following two lines, add if needed:
GRUB_SAVEDEFAULT=true
Save and exit nano. Regenerate the GRUB 2 configuration.
Save and exit nano. Regenerate the GRUB 2 configuration.
.. code:: console

67
user/downloading-installing-upgrading/installation-guide-4.1.rst
View file

@ -16,7 +16,7 @@ Hardware requirements
.. DANGER::
**Warning:** Qubes has no control over what happens on your computer before you install it. No software can provide security if it is installed on compromised hardware. Do not install Qubes on a computer you dont trust. See :doc:`installation security </user/downloading-installing-upgrading/install-security>` for more information.
Qubes OS has very specific :doc:`system requirements </user/hardware/system-requirements>`. To ensure compatibility, we strongly recommend using :doc:`Qubes-certified hardware </user/hardware/certified-hardware/certified-hardware>`. Other hardware may require you to perform significant troubleshooting. You may also find it helpful to consult the `Hardware Compatibility List <https://www.qubes-os.org/hcl/>`__.
@ -24,7 +24,7 @@ Qubes OS has very specific :doc:`system requirements </user/hardware/system-requ
Even on supported hardware, you must ensure that `IOMMU-based virtualization <https://en.wikipedia.org/wiki/Input%E2%80%93output_memory_management_unit#Virtualization>`__ is activated in the BIOS or UEFI. Without it, Qubes OS wont be able to enforce isolation. For Intel-based boards, this setting is called Intel Virtualization for Directed I/O (**Intel VT-d**) and for AMD-based boards, it is called AMD I/O Virtualization Technology (or simply **AMD-Vi**). This parameter should be activated in your computers BIOS or UEFI, alongside the standard Virtualization (**Intel VT-x**) and AMD Virtualization (**AMD-V**) extensions. This `external guide <https://web.archive.org/web/20200112220913/https://www.intel.in/content/www/in/en/support/articles/000007139/server-products.html>`__ made for Intel-based boards can help you figure out how to enter your BIOS or UEFI to locate and activate those settings. If those settings are not nested under the Advanced tab, you might find them under the Security tab.
.. warning::
**Note:** Qubes OS is not meant to be installed inside a virtual machine as a guest hypervisor. In other words, *nested virtualization* is not supported. In order for a strict compartmentalization to be enforced, Qubes OS needs to be able to manage the hardware directly.
Copying the ISO onto the installation medium
@ -34,17 +34,17 @@ Copying the ISO onto the installation medium
Pick the most secure existing computer and OS you have available for downloading and copying the Qubes ISO onto the installation medium. `Download <https://www.qubes-os.org/downloads/>`__ a Qubes ISO.
.. DANGER::
**Warning:** Any file you download from the internet could be malicious, even if it appears to come from a trustworthy source. Our philosophy is to :ref:`distrust the infrastructure <introduction/faq:what does it mean to "distrust the infrastructure"?>` . Regardless of how you acquire your Qubes ISO, :doc:`verify its authenticity </project-security/verifying-signatures>` before continuing.
Once the ISO has been verified as authentic, you should copy it onto the installation medium of your choice, such as a USB drive, dual-layer DVD, or Blu-ray disc. The size of each Qubes ISO is available on the `downloads <https://www.qubes-os.org/downloads/>`__ page by hovering over the download button. The instructions below assume youve chosen a USB drive as your medium. If youve chosen a different medium, please adapt the instructions accordingly.
.. warning::
**Note:** There are important :doc:`security considerations </user/downloading-installing-upgrading/install-security>` to keep in mind when choosing an installation medium. Advanced users may wish to :ref:`re-verify their installation media after writing <project-security/verifying-signatures:how to re-verify installation media after writing>` .
.. DANGER::
**Warning:** Be careful to choose the correct device when copying the ISO, or you may lose data. We strongly recommended making a full backup before modifying any devices.
Linux ISO to USB
@ -68,7 +68,7 @@ Windows ISO to USB
On Windows, you can use the `Rufus <https://rufus.akeo.ie/>`__ tool to write the ISO to a USB key. Be sure to select “Write in DD Image mode” *after* selecting the Qubes ISO and pressing “START” on the Rufus main window.
.. note::
**Note:** Using Rufus to create the installation medium means that you `wont be able <https://github.com/QubesOS/qubes-issues/issues/2051>`__ to choose the “Test this media and install Qubes OS” option mentioned in the example below. Instead, choose the “Install Qubes OS” option.
|Rufus menu|
@ -120,7 +120,7 @@ From here, you can navigate the boot screen using the arrow keys on your keyboar
Select the option to test this media and install Qubes OS.
.. note::
**Note:** If the latest stable release is not compatible with your hardware, you may wish to consider :doc:`testing a newer release </user/downloading-installing-upgrading/testing>` .
If the boot screen does not appear, there are several options to troubleshoot. First, try rebooting your computer. If it still loads your currently installed operating system or does not detect your installation medium, make sure the boot order is set up appropriately. The process to change the boot order varies depending on the currently installed system and the motherboard manufacturer. If **Windows 10** is installed on your machine, you may need to follow specific instructions to change the boot order. This may require an `advanced reboot <https://support.microsoft.com/en-us/help/4026206/windows-10-find-safe-mode-and-other-startup-settings>`__.
@ -148,7 +148,7 @@ Installation summary
.. note::
**Did you know?** The Qubes OS installer is completely offline. It doesnt even load any networking drivers, so there is no possibility of internet-based data leaks or attacks during the installation process.
The Installation summary screen allows you to change how the system will be installed and configured, including localization settings. At minimum, you are required to select the storage device on which Qubes OS will be installed.
@ -202,13 +202,13 @@ Installation destination
Under the System section, you must choose the installation destination. Select the storage device on which you would like to install Qubes OS.
.. DANGER::
**Warning:** Be careful to choose the correct installation target, or you may lose data. We strongly recommended making a full backup before proceeding.
Your installation destination can be an internal or external storage drive, such as an SSD, HDD, or USB drive. The installation destination must have a least 32 GiB of free space available.
.. warning::
**Note:** The installation destination cannot be the same as the installation medium. For example, if youre installing Qubes OS *from* a USB drive *onto* a USB drive, they must be two distinct USB drives, and they must both be plugged into your computer at the same time. (**Note:** This may not apply to advanced users who partition their devices appropriately.)
Installing an operating system onto a USB drive can be a convenient way to try Qubes. However, USB drives are typically much slower than internal SSDs. We recommend a very fast USB 3.0 drive for decent performance. Please note that a minimum storage of 32 GiB is required. If you want to install Qubes OS onto a USB drive, just select the USB device as the target installation device. Bear in mind that the installation process is likely to take longer than it would on an internal storage device.
@ -216,13 +216,13 @@ Installing an operating system onto a USB drive can be a convenient way to try Q
|Select storage device|
.. note::
**Did you know?** By default, Qubes OS uses `LUKS <https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup>`__ /`dm-crypt <https://en.wikipedia.org/wiki/Dm-crypt>`__ to encrypt everything except the ``/boot`` partition.
As soon as you press **Done**, the installer will ask you to enter a passphrase for disk encryption. The passphrase should be complex. Make sure that your keyboard layout reflects what keyboard you are actually using. When youre finished, press **Done**.
.. DANGER::
**Warning:** If you forget your encryption passphrase, there is no way to recover it.
|Select storage passhprase|
@ -356,67 +356,24 @@ Getting help
.. |Rufus menu| image:: /attachment/doc/rufus-menu.png
.. |Rufus DD image mode| image:: /attachment/doc/rufus-dd-image-mode.png
.. |ThinkPad T430 BIOS menu| image:: /attachment/doc/Thinkpad-t430-bios-main.jpg
.. |UEFI menu| image:: /attachment/doc/uefi.jpeg
.. |Boot screen| image:: /attachment/doc/boot-screen.png
.. |welcome| image:: /attachment/doc/welcome-to-qubes-os-installation-screen.png
.. |Unsupported hardware detected| image:: /attachment/doc/unsupported-hardware-detected.png
.. |Installation summary not ready| image:: /attachment/doc/installation-summary-not-ready.png
.. |Keyboard layout selection| image:: /attachment/doc/keyboard-layout-selection.png
.. |Language support selection| image:: /attachment/doc/language-support-selection.png
.. |Time and date| image:: /attachment/doc/time-and-date.png
.. |Add-ons| image:: /attachment/doc/add-ons.png
.. |Select storage device| image:: /attachment/doc/select-storage-device.png
.. |Select storage passhprase| image:: /attachment/doc/select-storage-passphrase.png
.. |Installation summary ready| image:: /attachment/doc/installation-summary-ready.png
.. |Account name and password| image:: /attachment/doc/account-name-and-password.png
.. |Grub boot menu| image:: /attachment/doc/grub-boot-menu.png
.. |Unlock storage device screen| image:: /attachment/doc/unlock-storage-device-screen.png
.. |Initial setup menu| image:: /attachment/doc/initial-setup-menu.png
.. |Initial setup menu configuration| image:: /attachment/doc/initial-setup-menu-configuration.png
.. |Login screen| image:: /attachment/doc/login-screen.png
.. |Desktop menu| image:: /attachment/doc/desktop-menu.png

65
user/downloading-installing-upgrading/installation-guide.rst
View file

@ -14,7 +14,7 @@ Hardware requirements
.. DANGER::
**Warning:** Qubes has no control over what happens on your computer before you install it. No software can provide security if it is installed on compromised hardware. Do not install Qubes on a computer you dont trust. See :doc:`installation security </user/downloading-installing-upgrading/install-security>` for more information.
Qubes OS has very specific :doc:`system requirements </user/hardware/system-requirements>`. To ensure compatibility, we strongly recommend using :doc:`Qubes-certified hardware </user/hardware/certified-hardware/certified-hardware>`. Other hardware may require you to perform significant troubleshooting. You may also find it helpful to consult the `Hardware Compatibility List <https://www.qubes-os.org/hcl/>`__.
@ -22,7 +22,7 @@ Qubes OS has very specific :doc:`system requirements </user/hardware/system-requ
Even on supported hardware, you must ensure that `IOMMU-based virtualization <https://en.wikipedia.org/wiki/Input%E2%80%93output_memory_management_unit#Virtualization>`__ is activated in the BIOS or UEFI. Without it, Qubes OS wont be able to enforce isolation. For Intel-based boards, this setting is called Intel Virtualization for Directed I/O (**Intel VT-d**) and for AMD-based boards, it is called AMD I/O Virtualization Technology (or simply **AMD-Vi**). This parameter should be activated in your computers BIOS or UEFI, alongside the standard Virtualization (**Intel VT-x**) and AMD Virtualization (**AMD-V**) extensions. This `external guide <https://web.archive.org/web/20200112220913/https://www.intel.in/content/www/in/en/support/articles/000007139/server-products.html>`__ made for Intel-based boards can help you figure out how to enter your BIOS or UEFI to locate and activate those settings. If those settings are not nested under the Advanced tab, you might find them under the Security tab.
.. warning::
**Note:** Qubes OS is not meant to be installed inside a virtual machine as a guest hypervisor. In other words, *nested virtualization* is not supported. In order for a strict compartmentalization to be enforced, Qubes OS needs to be able to manage the hardware directly.
Copying the ISO onto the installation medium
@ -32,17 +32,17 @@ Copying the ISO onto the installation medium
Pick the most secure existing computer and OS you have available for downloading and copying the Qubes ISO onto the installation medium. `Download <https://www.qubes-os.org/downloads/>`__ a Qubes ISO. If your Internet connection is unstable and the download is interrupted, you could resume the partial download with ``wget --continue`` in case you are currently using wget for downloading or use a download-manager with resume capability. Alternatively you can download installation ISO via BitTorrent that sometimes enables higher download speeds and more reliable downloads of large files.
.. DANGER::
**Warning:** Any file you download from the internet could be malicious, even if it appears to come from a trustworthy source. Our philosophy is to :ref:`distrust the infrastructure <introduction/faq:what does it mean to "distrust the infrastructure"?>` . Regardless of how you acquire your Qubes ISO, :doc:`verify its authenticity </project-security/verifying-signatures>` before continuing.
Once the ISO has been verified as authentic, you should copy it onto the installation medium of your choice, such as a USB drive, dual-layer DVD, or Blu-ray disc. The size of each Qubes ISO is available on the `downloads <https://www.qubes-os.org/downloads/>`__ page by hovering over the download button. The instructions below assume youve chosen a USB drive as your medium. If youve chosen a different medium, please adapt the instructions accordingly.
.. warning::
**Note:** There are important :doc:`security considerations </user/downloading-installing-upgrading/install-security>` to keep in mind when choosing an installation medium. Advanced users may wish to :ref:`re-verify their installation media after writing <project-security/verifying-signatures:how to re-verify installation media after writing>` .
.. DANGER::
**Warning:** Be careful to choose the correct device when copying the ISO, or you may lose data. We strongly recommended making a full backup before modifying any devices.
Linux ISO to USB
@ -66,7 +66,7 @@ Windows ISO to USB
On Windows, you can use the `Rufus <https://rufus.ie/>`__ tool to write the ISO to a USB key. Be sure to select “Write in DD Image mode” *after* selecting the Qubes ISO and pressing “START” on the Rufus main window.
.. note::
**Note:** Using Rufus to create the installation medium means that you `wont be able <https://github.com/QubesOS/qubes-issues/issues/2051>`__ to choose the “Test this media and install Qubes OS” option mentioned in the example below. Instead, choose the “Install Qubes OS” option.
|Rufus menu|
@ -124,7 +124,7 @@ From here, you can navigate the boot screen using the arrow keys on your keyboar
Select the option to test this media and install Qubes OS.
.. note::
**Note:** If the latest stable release is not compatible with your hardware, you may wish to consider installing using the latest kernel. Be aware that this has not been as well tested as the standard kernel.
If the boot screen does not appear, there are several options to troubleshoot. First, try rebooting your computer. If it still loads your currently installed operating system or does not detect your installation medium, make sure the boot order is set up appropriately. The process to change the boot order varies depending on the currently installed system and the motherboard manufacturer. If **Windows 10** is installed on your machine, you may need to follow specific instructions to change the boot order. This may require an `advanced reboot <https://support.microsoft.com/en-us/help/4026206/windows-10-find-safe-mode-and-other-startup-settings>`__.
@ -152,7 +152,7 @@ Installation summary
.. note::
**Did you know?** The Qubes OS installer is completely offline. It doesnt even load any networking drivers, so there is no possibility of internet-based data leaks or attacks during the installation process.
The Installation summary screen allows you to change how the system will be installed and configured, including localization settings. At minimum, you are required to select the storage device on which Qubes OS will be installed.
@ -184,13 +184,13 @@ Installation destination
Under the System section, you must choose the installation destination. Select the storage device on which you would like to install Qubes OS.
.. DANGER::
**Warning:** Be careful to choose the correct installation target, or you may lose data. We strongly recommended making a full backup before proceeding.
Your installation destination can be an internal or external storage drive, such as an SSD, HDD, or USB drive. The installation destination must have a least 32 GiB of free space available.
.. warning::
**Note:** The installation destination cannot be the same as the installation medium. For example, if youre installing Qubes OS *from* a USB drive *onto* a USB drive, they must be two distinct USB drives, and they must both be plugged into your computer at the same time. (**Note:** This may not apply to advanced users who partition their devices appropriately.)
Installing an operating system onto a USB drive can be a convenient way to try Qubes. However, USB drives are typically much slower than internal SSDs. We recommend a very fast USB 3.0 drive for decent performance. Please note that a minimum storage of 32 GiB is required. If you want to install Qubes OS onto a USB drive, just select the USB device as the target installation device. Bear in mind that the installation process is likely to take longer than it would on an internal storage device.
@ -198,13 +198,13 @@ Installing an operating system onto a USB drive can be a convenient way to try Q
|Select storage device screen|
.. note::
**Did you know?** By default, Qubes OS uses `LUKS <https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup>`__ /`dm-crypt <https://en.wikipedia.org/wiki/Dm-crypt>`__ to encrypt everything except the ``/boot`` partition.
As soon as you press **Done**, the installer will ask you to enter a passphrase for disk encryption. The passphrase should be complex. Make sure that your keyboard layout reflects what keyboard you are actually using. When youre finished, press **Done**.
.. DANGER::
**Warning:** If you forget your encryption passphrase, there is no way to recover it.
|Select storage passphrase|
@ -344,64 +344,23 @@ Getting help
.. |Rufus menu| image:: /attachment/doc/rufus-menu.png
.. |Rufus DD image mode| image:: /attachment/doc/rufus-dd-image-mode.png
.. |ThinkPad T430 BIOS menu| image:: /attachment/doc/Thinkpad-t430-bios-main.jpg
.. |UEFI menu| image:: /attachment/doc/uefi.jpeg
.. |Boot screen| image:: /attachment/doc/boot-screen-4.2.png
.. |Language selection window| image:: /attachment/doc/welcome-to-qubes-os-installation-screen-4.2.png
.. |Unsupported hardware detected| image:: /attachment/doc/unsupported-hardware-detected.png
.. |Installation summary screen awaiting input| image:: /attachment/doc/installation-summary-not-ready-4.2.png
.. |Keyboard layout selection| image:: /attachment/doc/keyboard-layout-selection.png
.. |Language support selection| image:: /attachment/doc/language-support-selection.png
.. |Time and date| image:: /attachment/doc/time-and-date.png
.. |Select storage device screen| image:: /attachment/doc/select-storage-device-4.2.png
.. |Select storage passphrase| image:: /attachment/doc/select-storage-passphrase.png
.. |Account name and password creation window.| image:: /attachment/doc/account-name-and-password-4.2.png
.. |Windows showing installation complete and Reboot button.| image:: /attachment/doc/installation-complete-4.2.png
.. |Grub boot menu| image:: /attachment/doc/grub-boot-menu.png
.. |Screen to enter device decryption password| image:: /attachment/doc/unlock-storage-device-screen-4.2.png
.. |Window with link for final configuration| image:: /attachment/doc/initial-setup-menu-4.2.png
.. |Initial configuration menu| image:: /attachment/doc/initial-setup-menu-configuration-4.2.png
.. |Login screen| image:: /attachment/doc/login-screen.png
.. |Desktop menu| image:: /attachment/doc/desktop-menu.png

15
user/downloading-installing-upgrading/supported-releases.rst
View file

@ -11,8 +11,8 @@ Qubes OS
Qubes OS releases are supported for **six months** after each subsequent major or minor release (see :doc:`Version Scheme </developer/releases/version-scheme>`). The current release and past major releases are always available on the `Downloads <https://www.qubes-os.org/downloads/>`__ page, while all ISOs, including past minor releases, are available from our `download mirrors <https://www.qubes-os.org/downloads/#mirrors>`__.
.. list-table::
:widths: 11 11 11 11
.. list-table::
:widths: 11 11 11 11
:align: center
:header-rows: 1
@ -56,7 +56,6 @@ Qubes OS releases are supported for **six months** after each subsequent major o
- TBD
- TBD
- In testing
Note on patch releases
@ -71,8 +70,8 @@ Dom0
The table below shows the OS used for dom0 in each Qubes OS release.
.. list-table::
:widths: 11 11
.. list-table::
:widths: 11 11
:align: center
:header-rows: 1
@ -96,7 +95,6 @@ The table below shows the OS used for dom0 in each Qubes OS release.
- Fedora 37
* - Release 4.3
- Fedora 41
Note on dom0 and EOL
@ -113,8 +111,8 @@ The following table shows select :doc:`template </user/templates/templates>` (an
It is the responsibility of each distribution to clearly notify its users in advance of its own EOL dates, and it is users responsibility to heed these notices by upgrading to supported releases. As a courtesy to Qubes users, we attempt to pass along upstream EOL notices we receive for select distributions, but our ability to do this reliably is dependent on the upstream distributions practices. For example, if a distribution provides a mailing list similar to :ref:`qubes-announce <introduction/support:qubes-announce>`, which allows us to receive only very important, infrequent messages, including EOL announcements, we are much more likely to be able to pass along EOL notices to Qubes users reliably. Qubes users can always check the EOL status of an upstream release on the upstream distributions website (see `Fedora EOL <https://fedoraproject.org/wiki/End_of_life>`__ and `Debian Releases <https://wiki.debian.org/DebianReleases>`__).
.. list-table::
:widths: 11 11 11
.. list-table::
:widths: 11 11 11
:align: center
:header-rows: 1
@ -127,7 +125,6 @@ It is the responsibility of each distribution to clearly notify its users in adv
* - Release 4.3
- 41, 42
- 12, 13
Note on Debian support

13
user/downloading-installing-upgrading/upgrade/4_3.rst
View file

@ -67,16 +67,16 @@ Full list of options can be obtained with ``qubes-dist-upgrade --releasever=4.3
.. code:: bash
Usage: qubes-dist-upgrade --releasever=VERSION [OPTIONS]...
This script is used for updating QubesOS to the next release.
Options:
--releasever=VERSION Specify target release, for example 4.3 or 4.2.
Usage: /usr/lib/qubes/qubes-dist-upgrade-r4.3.sh [OPTIONS]...
This script is used for updating current QubesOS R4.2 to R4.3.
Options:
--update, -t (STAGE 1) Update of dom0, TemplatesVM and StandaloneVM.
--release-upgrade, -r (STAGE 2) Update 'qubes-release' for Qubes R4.3.
@ -92,7 +92,7 @@ Full list of options can be obtained with ``qubes-dist-upgrade --releasever=4.3
--check-supported-templates (STAGE 6) Check if all templates are supported
--all-pre-reboot Execute stages 1 to 3
--all-post-reboot Execute stages 4 to 6
--assumeyes, -y Automatically answer yes for all questions.
--usbvm, -u Current UsbVM defined (default 'sys-usb').
--netvm, -n Current NetVM defined (default 'sys-net').
@ -109,7 +109,6 @@ Full list of options can be obtained with ``qubes-dist-upgrade --releasever=4.3
The enabling with this option do not persist after
successful update. If you want to keep it enabled,
use the normal method instead.
After installing the tool, before-reboot stages can be performed at once with:

4
user/hardware/certified-hardware/certified-hardware.rst
View file

@ -55,10 +55,10 @@ The current Qubes-certified models are listed below in reverse chronological ord
- `NitroPad T430 <https://shop.nitrokey.com/shop/nitropad-t430-119>`__
- :doc:`Certification details </user/hardware/certified-hardware/nitropad-t430/>`
* - `Nitrokey <https://www.nitrokey.com/>`__
- `NitroPad X230 <https://shop.nitrokey.com/shop/product/nitropad-x230-67>`__
- `NitroPad X230 <https://shop.nitrokey.com/shop/product/nitropad-x230-67>`__
- :doc:`Certification details </user/hardware/certified-hardware/nitropad-x230/>`
* - `Insurgo <https://insurgo.ca/>`__
- `PrivacyBeast X230 <https://insurgo.ca/produit/qubesos-certified-privacybeast_x230-reasonably-secured-laptop/>`__
- `PrivacyBeast X230 <https://insurgo.ca/produit/qubesos-certified-privacybeast_x230-reasonably-secured-laptop/>`__
- :doc:`Certification details </user/hardware/certified-hardware/insurgo-privacybeast-x230/>`

2
user/hardware/certified-hardware/insurgo-privacybeast-x230.rst
View file

@ -6,7 +6,7 @@ Insurgo PrivacyBeast X230
.. DANGER::
**Warning:** The CPU in this computer no longer receives microcode updates from Intel. Without microcode updates, Qubes OS cannot ensure that this computer is secure against CPU vulnerabilities. While this computer remains certified for Qubes OS Release 4, we recommend that prospective buyers consider a newer Qubes-certified computer instead.
The `Insurgo PrivacyBeast X230 <https://insurgo.ca/produit/qubesos-certified-privacybeast_x230-reasonably-secured-laptop/>`__ is :doc:`officially certified </user/hardware/certified-hardware/certified-hardware>` for Qubes OS Release 4.

4
user/hardware/certified-hardware/nitropad-t430.rst
View file

@ -6,11 +6,11 @@ NitroPad T430
.. DANGER::
**Warning:** The CPU in this computer no longer receives microcode updates from Intel. Without microcode updates, Qubes OS cannot ensure that this computer is secure against CPU vulnerabilities. While this computer remains certified for Qubes OS Release 4, we recommend that prospective buyers consider a newer Qubes-certified computer instead.
.. warning::
**Note:** Please be advised that the i7-3632QM option is not compatible with Qubes OS, as it does not support VT-d. The option specifically tested by the Qubes team is the i5-3320M.
The `NitroPad T430 <https://shop.nitrokey.com/shop/product/nitropad-t430-119>`__ is :doc:`officially certified </user/hardware/certified-hardware/certified-hardware>` for Qubes OS Release 4.

9
user/hardware/certified-hardware/nitropc-pro-2.rst
View file

@ -6,11 +6,11 @@ NitroPC Pro 2
.. warning::
**Note:** When configuring your NitroPC Pro 2 on the Nitrokey website, there is an option for a discrete graphics card (e.g., Nvidia GeForce RTX 4070 or 4090) in addition to integrated graphics (e.g., Intel UHD 770, which is always included because it is physically built into the CPU). NitroPC Pro 2 configurations that include discrete graphics cards are *not* Qubes-certified. The only NitroPC Pro 2 configurations that are Qubes-certified are those that contain *only* integrated graphics.
.. warning::
**Note:** Only the “Dasharo TianoCore UEFI without Measured Boot, without Nitrokey” firmware option is certified. The “HEADS with Measured Boot, requires Nitrokey!” firmware option is *not* certified.
The `NitroPC Pro 2 <https://shop.nitrokey.com/shop/nitropc-pro-2-523>`__ is :doc:`officially certified </user/hardware/certified-hardware/certified-hardware>` for Qubes OS Release 4.
@ -19,8 +19,8 @@ The `NitroPC Pro 2 <https://shop.nitrokey.com/shop/nitropc-pro-2-523>`__ is :doc
Heres a summary of the main component options available for this mid-tower desktop PC:
.. list-table::
:widths: 29 29
.. list-table::
:widths: 29 29
:align: center
:header-rows: 1
@ -40,7 +40,6 @@ Heres a summary of the main component options available for this mid-tower de
- Wi-Fi 6E, 2400 Mbps, 802.11/a/b/g/n/ac/ax, Bluetooth 5.2
* - Operating system (optional)
- Qubes OS 4.2 or Ubuntu 22.04 LTS
Of special note for Qubes users, the NitroPC Pro 2 features a combined PS/2 port that supports both a PS/2 keyboard and a PS/2 mouse simultaneously with a Y-cable (not included). This allows for full control of dom0 without the need for USB keyboard or mouse passthrough. Nitrokey also offers a special tamper-evident shipping method for an additional fee. With this option, the case screws will be individually sealed and photographed, and the NitroPC Pro 2 will be packed inside a sealed bag. Photographs of the seals will be sent to you by email, which you can use to determine whether the case was opened during transit.

5
user/hardware/certified-hardware/starlabs-starbook.rst
View file

@ -13,8 +13,8 @@ The `Star Labs StarBook <https://starlabs.systems/pages/starbook>`__ is a 14-inc
The Qubes developers have tested and certified the following StarBook configuration options for Qubes OS Release 4:
.. list-table::
:widths: 16 16
.. list-table::
:widths: 16 16
:align: center
:header-rows: 1
@ -34,7 +34,6 @@ The Qubes developers have tested and certified the following StarBook configurat
- coreboot 8.97 (2023-10-03)
* - Operating system
- Qubes OS (pre-installation optional)
|image1|

6
user/hardware/system-requirements.rst
View file

@ -4,7 +4,7 @@ System requirements
.. warning::
Notice: The system requirements on this page are *necessary, but not sufficient*, for Qubes compatibility at a minimal or recommended level. In other words, just because a computer satisfies these requirements doesnt mean that Qubes will successfully install and run on it. We strongly recommend consulting the `resources below <#choosing-hardware>`__ when selecting hardware for Qubes.
Minimum
@ -126,9 +126,9 @@ Important Notes
- You can check whether an Intel processor has VT-x and VT-d on `ark.intel.com <https://ark.intel.com/content/www/us/en/ark.html#@Processors>`__.
.. [1]
.. [1]
There is an ``amd-ucode-firmware`` package, but it only contains microcode for servers and outdated microcode for Chromebooks. Also, the `AMD security website <https://www.amd.com/en/resources/product-security.html>`__ only lists microcode as a mitigation for data center CPUs.
.. [2]
.. [2]
As shown on `the AMD page for Speculative Return Stack Overflow <https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html>`__, updated AGESA™ firmware for AMD Ryzen™ Threadripper™ 5000WX Processors was not available until 2024-01-11, even though the vulnerability became public on 2023-08-08. AMD did not provide updated firmware for other client processors until a date between 2023-08-22 to 2023-08-25.
For Zenbleed, firmware was not available until 2024 for most client parts, even though server parts got microcode on 2023-06-06.

2
user/how-to-guides/backup-emergency-restore-v4.rst
View file

@ -160,7 +160,7 @@ Emergency recovery instructions
[user@restore ~]$ xmlstarlet sel -T -t -m //domain \
-v 'concat(.//property[@name="name"], " ", .//feature[@name="backup-path"])' \
-n qubes.xml
anon-whonix
debian-11
default-mgmt-dvm

12
user/how-to-guides/how-to-install-software.rst
View file

@ -33,7 +33,6 @@ Installing software from default repositories
.. figure:: /attachment/doc/r4.1-dom0-appmenu-select.png
:alt: The Applications tab in Qube Settings
Installing software from other sources
--------------------------------------
@ -87,7 +86,6 @@ This method assumes that you are trying to follow instructions to install some p
.. image:: /attachment/doc/r4.1-dom0-appmenu-select.png
:alt:
Troubleshooting
---------------
@ -252,7 +250,7 @@ Example policy file in R4.1 (with Whonix installed, but not set as default Updat
# any VM with tag `whonix-updatevm` should use `sys-whonix`; this tag is added to `whonix-gw` and `whonix-ws` during installation and is preserved during template clone
@tag:whonix-updatevm @default allow,target=sys-whonix
@tag:whonix-updatevm @anyvm deny
# other templates use sys-net
@type:TemplateVM @default allow,target=sys-net
@anyvm @anyvm deny
@ -277,15 +275,15 @@ Snap packages do not use the normal update channels for Debian and Fedora (apt a
qubes-snapd-helper noarch 1.0.4-1.fc36 qubes-vm-r4.1-current 10 k
Installing dependencies:
[...]
Transaction Summary
========================================================================================================
Install 19 Packages
Total download size: 27 M
Installed size: 88 M
Is this ok [y/N]: y
Downloading Packages:
[..]
Failed to resolve booleanif statement at /var/lib/selinux/targeted/tmp/modules/200/snappy/cil:1174
@ -293,7 +291,7 @@ Snap packages do not use the normal update channels for Debian and Fedora (apt a
[...]
Last metadata expiration check: 0:33:05 ago on Thu 03 Nov 2022 04:34:06.
Notifying dom0 about installed applications
Installed:
snapd-2.56.2-4.fc36.x86_64 qubes-snapd-helper-1.0.4-1.fc36.noarch
[...]

2
user/templates/debian/debian-upgrade.rst
View file

@ -7,7 +7,7 @@ How to upgrade a Debian template in-place
This page is intended for advanced users.
.. DANGER::
**Warning:** This page is intended for advanced users only. Most users seeking to upgrade should instead :ref:`install a new Debian template <user/templates/debian/debian:installing>`. Learn more about the two options :ref:`here <user/templates/debian/debian:upgrading>`.
This page provides instructions for performing an in-place upgrade of an installed :doc:`Debian Template </user/templates/debian/debian>`. If you wish to install a new, unmodified Debian template instead of upgrading a template that is already installed in your system, please see the :doc:`Debian Template </user/templates/debian/debian>` page instead. (:ref:`Learn more about the two options. <user/templates/debian/debian:upgrading>`) In general, upgrading a Debian template follows the same process as `upgrading a native Debian system <https://wiki.debian.org/DebianUpgrade>`__.

4
user/templates/windows/migrate-to-4-1.rst
View file

@ -83,8 +83,8 @@ The PV disk drivers used for migration can be removed after successful installat
After successful uninstallation of the PV disk drivers, the disks will appear as QEMU ATA disks.
.. warning::
.. warning::
This change may lead Windows to declare that the hardware has changed and that in consequence, the activation is no longer valid, possibly complaining that the use of the software is no longer lawful. It should be possible to reactivate the software if a valid product key is provided.

7
user/templates/windows/qubes-windows-tools-4-0.rst
View file

@ -512,7 +512,6 @@ If a specific component is malfunctioning, you can increase its log verbosity as
- Utility that initializes and formats the disk backed by ``private.img`` file. Its registered to run on next system boot during QWT setup, if that feature is selected (it cant run during the setup because Xen block device drivers are not yet active). It in turn registers move-profiles (see below) to run at early boot.
* - relocate-dir
- Utility that moves user profiles directory to the private disk. Its registered as an early boot native executable (similar to chkdsk) so it can run before any profile files are opened by some other process. Its log is in a fixed location: ``c:\move-profiles.log`` (it cant use our common logger library so none of the log settings apply).
Updates
@ -526,13 +525,7 @@ When we publish new QWT version, its usually pushed to the ``current-testing`
That command will download a new QWT .iso from the testing repository. It goes without saying that you should **backup your VMs** before installing anything from testing repos.
.. |windows-seamless-4.png| image:: /attachment/doc/windows-seamless-4.png
.. |windows-seamless-1.png| image:: /attachment/doc/windows-seamless-1.png
.. |windows-seamless-7.png| image:: /attachment/doc/windows-seamless-7.png
.. |qtw-log-level.png| image:: /attachment/doc/qtw-log-level.png

1
user/templates/windows/qubes-windows-tools-4-1.rst
View file

@ -541,7 +541,6 @@ If a specific component is malfunctioning, you can increase its log verbosity as
- Utility that initializes and formats the disk backed by ``private.img`` file. Its registered to run on next system boot during QWT setup, if that feature is selected (it cant run during the setup because Xen block device drivers are not yet active). It in turn registers move-profiles (see below) to run at early boot.
* - relocate-dir
- Utility that moves user profiles directory to the private disk. Its registered as an early boot native executable (similar to chkdsk) so it can run before any profile files are opened by some other process. Its log is in a fixed location: ``C:\move-profiles.log`` (it cant use our common logger library so none of the log settings apply).
If there are network-related issues, the qube doesnt resolve DNS and has trouble accessing the Internet, this might be an issue with the PV Network Drivers.

3
user/troubleshooting/app-menu-shortcut-troubleshooting.rst
View file

@ -230,7 +230,4 @@ While this works well for standard applications, creating a menu entry for Windo
.. note:: Applications installed under *wine* are installed in AppVMs, not in the template on which these AppVMs are based, as the file structure used by *wine* is stored under :file:`~/.wine`, which is part of the persistent data of the AppVM and not inherited from its template.
.. |image1| image:: /attachment/doc/r4.0-dom0-menu.png
.. |image2| image:: /attachment/doc/r4.0-dom0-appmenu-select.png

5
user/troubleshooting/autostart-troubleshooting.rst
View file

@ -28,10 +28,5 @@ Append ``qubes.skip_autostart`` to the end of this line (generally after the ``r
Press ``Ctrl+X`` to boot with the edited GRUB entry. The boot will proceed as usual from here, except that no qube will be autostarted.
.. |grub1.png| image:: /attachment/doc/grub1.png
.. |grub2.png| image:: /attachment/doc/grub2.png
.. |grub3.png| image:: /attachment/doc/grub3.png