From 27a745dd59bcc9e38a1231d378b204f551d60577 Mon Sep 17 00:00:00 2001 From: PROTechThor Date: Fri, 30 Oct 2020 15:07:40 +0100 Subject: [PATCH 01/37] Add VPN Troubleshooting --- doc.md | 12 +-------- external/configuration-guides/vpn.md | 4 +-- user/troubleshooting/vpn-troubleshooting.md | 28 +++++++++++++++++++++ 3 files changed, 30 insertions(+), 14 deletions(-) create mode 100644 user/troubleshooting/vpn-troubleshooting.md diff --git a/doc.md b/doc.md index 97581ee9..931ab9ba 100644 --- a/doc.md +++ b/doc.md @@ -130,6 +130,7 @@ Core documentation for Qubes users. * [USB Troubleshooting](/doc/usb-troubleshooting/) * [GUI Troubleshooting](/doc/gui-troubleshooting/) * [Media Troubleshooting](/doc/media-troubleshooting/) + * [VPN Troubleshooting](/doc/vpn-troubleshooting/) ### Reference Pages @@ -271,17 +272,6 @@ For more, please see [Qubes Community Documentation](https://github.com/Qubes-Co * [Language Localization](/doc/language-localization/) * [Dark Theme in Dom0 and DomU](/doc/dark-theme/) * [Safely Removing TemplateVM Packages (Example: Thunderbird)](/doc/removing-templatevm-packages/) - - ### Troubleshooting - - * [Installing on system with new AMD GPU (missing firmware problem)](https://groups.google.com/group/qubes-devel/browse_thread/thread/e27a57b0eda62f76) - * [How to install an Nvidia driver in dom0](/doc/install-nvidia-driver/) - * [Nvidia troubleshooting guide](/doc/nvidia-troubleshooting/) - * [Lenovo ThinkPad Troubleshooting](/doc/thinkpad-troubleshooting/) - * [Apple MacBook Troubleshooting](/doc/macbook-troubleshooting/) - * [Getting Sony Vaio Z laptop to work with Qubes](/doc/sony-vaio-tinkering/) - * [Intel Integrated Graphics Troubleshooting](/doc/intel-igfx-troubleshooting/) - ### Troubleshooting diff --git a/external/configuration-guides/vpn.md b/external/configuration-guides/vpn.md index 1f843215..002a28f3 100644 --- a/external/configuration-guides/vpn.md +++ b/external/configuration-guides/vpn.md @@ -318,6 +318,4 @@ If you want to update your TemplateVMs through the VPN, you can enable the `qube Troubleshooting --------------- -* Always test your basic VPN connection before adding scripts. -* Test DNS: Ping a familiar domain name from an appVM. It should print the IP address for the domain. -* Use `iptables -L -v` and `iptables -L -v -t nat` to check firewall rules. The latter shows the critical PR-QBS chain that enables DNS forwarding. +See the [VPN Troubleshooting](/doc/vpn-troubleshooting/) guide for tips on how to fix common VPN issues. diff --git a/user/troubleshooting/vpn-troubleshooting.md b/user/troubleshooting/vpn-troubleshooting.md new file mode 100644 index 00000000..5ea4cc12 --- /dev/null +++ b/user/troubleshooting/vpn-troubleshooting.md @@ -0,0 +1,28 @@ +--- +layout: doc +title: VPN Troubleshooting +permalink: /doc/vpn-troubleshooting/ +--- + +# VPN Troubleshooting Guide # + +## Tips + +* Check the VPN service's log in the VPN VM by running: + ~~~ + sudo journalctl -u qubes-vpn-handler + ~~~ +* Always test your basic VPN connection before adding scripts. + +* Test DNS: Ping a familiar domain name from an appVM. It should print the IP address for the domain. + +* Use `iptables -L -v` and `iptables -L -v -t nat` to check firewall rules. The latter shows the critical PR-QBS chain that enables DNS forwarding. + +## VPN does not reconnect after suspend +After suspend/resume, your VPN may not automatically reconnect. In order to get it to work, you must kill your VPN system and restart it. + +## VPN stuck at "Ready to start link" + +After setting up your VPN system and restarting the VM, you may be repeatedly getting the popup "Ready to start link", but the VPN isn't connected. + +To figure out the root of the problem, check the VPN logs in `/var/logs/syslog`. The log may reveal issues like missing libraries, which you can then install. From 1ef9e4f1d09a91dedeb0c1b7d1ed41193b01069c Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Fri, 30 Oct 2020 15:27:17 +0100 Subject: [PATCH 02/37] Add firewall troubleshooting link --- doc.md | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/doc.md b/doc.md index 97581ee9..dfb58635 100644 --- a/doc.md +++ b/doc.md @@ -130,6 +130,7 @@ Core documentation for Qubes users. * [USB Troubleshooting](/doc/usb-troubleshooting/) * [GUI Troubleshooting](/doc/gui-troubleshooting/) * [Media Troubleshooting](/doc/media-troubleshooting/) + * [Firewall Troubleshooting](/doc/firewall/#firewall-troubleshooting) ### Reference Pages @@ -271,17 +272,6 @@ For more, please see [Qubes Community Documentation](https://github.com/Qubes-Co * [Language Localization](/doc/language-localization/) * [Dark Theme in Dom0 and DomU](/doc/dark-theme/) * [Safely Removing TemplateVM Packages (Example: Thunderbird)](/doc/removing-templatevm-packages/) - - ### Troubleshooting - - * [Installing on system with new AMD GPU (missing firmware problem)](https://groups.google.com/group/qubes-devel/browse_thread/thread/e27a57b0eda62f76) - * [How to install an Nvidia driver in dom0](/doc/install-nvidia-driver/) - * [Nvidia troubleshooting guide](/doc/nvidia-troubleshooting/) - * [Lenovo ThinkPad Troubleshooting](/doc/thinkpad-troubleshooting/) - * [Apple MacBook Troubleshooting](/doc/macbook-troubleshooting/) - * [Getting Sony Vaio Z laptop to work with Qubes](/doc/sony-vaio-tinkering/) - * [Intel Integrated Graphics Troubleshooting](/doc/intel-igfx-troubleshooting/) - ### Troubleshooting From cf04fba2228bff6c25ce0931eb7e2f50cabca03a Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Sun, 1 Nov 2020 14:50:05 +0100 Subject: [PATCH 03/37] Update vpn-troubleshooting.md --- user/troubleshooting/vpn-troubleshooting.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/user/troubleshooting/vpn-troubleshooting.md b/user/troubleshooting/vpn-troubleshooting.md index 5ea4cc12..67882f7b 100644 --- a/user/troubleshooting/vpn-troubleshooting.md +++ b/user/troubleshooting/vpn-troubleshooting.md @@ -8,7 +8,7 @@ permalink: /doc/vpn-troubleshooting/ ## Tips -* Check the VPN service's log in the VPN VM by running: +* If using qubes-vpn, check the VPN service's log in the VPN VM by running: ~~~ sudo journalctl -u qubes-vpn-handler ~~~ @@ -19,10 +19,13 @@ permalink: /doc/vpn-troubleshooting/ * Use `iptables -L -v` and `iptables -L -v -t nat` to check firewall rules. The latter shows the critical PR-QBS chain that enables DNS forwarding. ## VPN does not reconnect after suspend -After suspend/resume, your VPN may not automatically reconnect. In order to get it to work, you must kill your VPN system and restart it. + +This applies when using OpenVPN. + +After suspend/resume, OpenVPN may not automatically reconnect. In order to get it to work, you must kill the OpenVPN process and restart it. ## VPN stuck at "Ready to start link" -After setting up your VPN system and restarting the VM, you may be repeatedly getting the popup "Ready to start link", but the VPN isn't connected. +After setting up OpenVPN and restarting the VM, you may be repeatedly getting the popup "Ready to start link", but the VPN isn't connected. -To figure out the root of the problem, check the VPN logs in `/var/logs/syslog`. The log may reveal issues like missing libraries, which you can then install. +To figure out the root of the problem, check the VPN logs in `/var/logs/syslog`. The log may reveal issues like missing OpenVPN libraries, which you can then install. From b80a534a5055ddd1434d98bec088c64bd272383a Mon Sep 17 00:00:00 2001 From: ctrlaltf24 <70006231+ctrlaltf24@users.noreply.github.com> Date: Mon, 2 Nov 2020 20:42:06 -0800 Subject: [PATCH 04/37] DispVM lifetime clarification --- user/common-tasks/disposablevm.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/user/common-tasks/disposablevm.md b/user/common-tasks/disposablevm.md index a0f6e205..d50cc4f7 100644 --- a/user/common-tasks/disposablevm.md +++ b/user/common-tasks/disposablevm.md @@ -122,7 +122,9 @@ Note that the `qvm-open-in-dvm` process will not exit until you close the applic ## Starting an arbitrary program in a DisposableVM from an AppVM ## Sometimes it can be useful to start an arbitrary program in a DisposableVM. -This can be done from an AppVM by running +The DisposableVM will stay running so long as the process which started the DisposableVM has not exited. +Some applications, such as GNOME Terminal, do not wait for the application to close before the process exits (details [here](https://github.com/QubesOS/qubes-issues/issues/2581#issuecomment-272664009)). +Starting an arbitrary program can be done from an AppVM by running ~~~ [user@vault ~]$ qvm-run '@dispvm' xterm @@ -134,7 +136,9 @@ The created DisposableVM can be accessed via other tools (such as `qvm-copy-to-v ## Starting an arbitrary application in a DisposableVM via command line from dom0 ## The Application Launcher has shortcuts for opening a terminal and a web browser in dedicated DisposableVMs, since these are very common tasks. -However, it is possible to start an arbitrary application in a DisposableVM directly from dom0 by running: +The DisposableVM will stay running so long as the process which started the DisposableVM has not exited. +Some applications, such as GNOME Terminal, do not wait for the application to close before the process exits (details [here](https://github.com/QubesOS/qubes-issues/issues/2581#issuecomment-272664009)). +It is possible to start an arbitrary application in a DisposableVM directly from dom0 by running: ~~~ $ qvm-run --dispvm=dvm-template --service qubes.StartApp+xterm From fa61755afde5d4c5c473e6f815d261c69c4f09be Mon Sep 17 00:00:00 2001 From: PROTechThor Date: Tue, 3 Nov 2020 14:51:22 +0100 Subject: [PATCH 05/37] Amend installation guide and troubleshooting --- user/downloading-installing-upgrading/installation-guide.md | 2 ++ user/troubleshooting/installation-troubleshooting.md | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/user/downloading-installing-upgrading/installation-guide.md b/user/downloading-installing-upgrading/installation-guide.md index b6f5cb3e..f7fab4c5 100644 --- a/user/downloading-installing-upgrading/installation-guide.md +++ b/user/downloading-installing-upgrading/installation-guide.md @@ -367,6 +367,8 @@ The [Qubes backup system] allows you to do this securely and easily. We urge you to read it! It may very well contain the answers to your questions. (Since the documentation is a community effort, we'd also greatly appreciate your help in [improving] it!) + * If issues arise during installation, see the [Installation Troubleshooting](/doc/installation-troubleshooting) guide. + * If you don't find your answer in the documentation, please see [Help, Support, Mailing Lists, and Forum] for places to ask. * Please do **not** email individual members of the Qubes team with questions about installation or other problems. diff --git a/user/troubleshooting/installation-troubleshooting.md b/user/troubleshooting/installation-troubleshooting.md index f3d51fcb..89e8f58b 100644 --- a/user/troubleshooting/installation-troubleshooting.md +++ b/user/troubleshooting/installation-troubleshooting.md @@ -27,10 +27,10 @@ If a machine can not boot from a bigger USB, it may be too old to run Qubes. Errors will occur if the Qubes installer is corrupted. Ensure that the installer is correct and complete before writing it to a flash drive by [verifying the ISO](/security/verifying-signatures/#how-to-verify-qubes-iso-signatures). * **Change the method you used to [write your ISO to a USB key](/doc/installation-guide/#copying-the-iso-onto-the-installation-medium):** -Some people use the ``dd`` command (recommended), others use tools like Rufus and balenaEtcher. +Some people use the ``dd`` command (recommended), others use tools like Rufus, balenaEtcher or the GNOME Disk Utility. If installation fails after using one tool, try a different one. For example, if you are facing trouble installing Qubes after writing the ISO using Rufus, then try using other tools like balenaEtcher or the ``dd`` command. - +In case the boot partition is not set to "active" after copying the ISO, you can use some other tool like `gparted` on a Linux system to activate it. ## Boot screen does not appear / system does not detect your installation medium ## From b0fd14f7f85962a5be98c55e98c0f42c62af9925 Mon Sep 17 00:00:00 2001 From: PROTechThor Date: Tue, 3 Nov 2020 18:08:12 +0100 Subject: [PATCH 06/37] Edit Thinkpad Troubleshooting --- doc.md | 2 +- .../troubleshooting/thinkpad-troubleshooting.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) rename {user => external}/troubleshooting/thinkpad-troubleshooting.md (95%) diff --git a/doc.md b/doc.md index dfb58635..734904c8 100644 --- a/doc.md +++ b/doc.md @@ -275,10 +275,10 @@ For more, please see [Qubes Community Documentation](https://github.com/Qubes-Co ### Troubleshooting + * [Lenovo ThinkPad Troubleshooting](/doc/thinkpad-troubleshooting/) * [Installing on system with new AMD GPU (missing firmware problem)](https://groups.google.com/group/qubes-devel/browse_thread/thread/e27a57b0eda62f76) * [How to install an Nvidia driver in dom0](/doc/install-nvidia-driver/) * [Nvidia troubleshooting guide](/doc/nvidia-troubleshooting/) - * [Lenovo ThinkPad Troubleshooting](/doc/thinkpad-troubleshooting/) * [Apple MacBook Troubleshooting](/doc/macbook-troubleshooting/) * [Getting Sony Vaio Z laptop to work with Qubes](/doc/sony-vaio-tinkering/) * [Intel Integrated Graphics Troubleshooting](/doc/intel-igfx-troubleshooting/) diff --git a/user/troubleshooting/thinkpad-troubleshooting.md b/external/troubleshooting/thinkpad-troubleshooting.md similarity index 95% rename from user/troubleshooting/thinkpad-troubleshooting.md rename to external/troubleshooting/thinkpad-troubleshooting.md index 8615920c..fe58324f 100644 --- a/user/troubleshooting/thinkpad-troubleshooting.md +++ b/external/troubleshooting/thinkpad-troubleshooting.md @@ -15,7 +15,7 @@ redirect_from: # Lenovo ThinkPad Troubleshooting # -## Instructions to create USB installation medium for newer (UEFI-only) ThinkPads ## +## Installation from USB stick fails for newer (UEFI-only) ThinkPads ## Some newer ThinkPads (e.g. T470, T470p, [P51](https://www.svensemmler.org/blog/2017/12/17/qubes-on-thinkpad-p51.html), ThinkPad 25, but not the [P53](https://github.com/QubesOS/qubes-issues/issues/5851)) are likely to fail installation attempts made from a USB stick that was created with dd or Rufus, and even from a DVD burned using official ISO images - if the ThinkPad is configured for UEFI boot. If you don't want to use Legacy Mode as a workaround, the following instructions should help you create a Qubes Installation USB stick that works in UEFI-only mode. In a nutshell, you need to use the Fedora livecd-tools to make a Qubes Installation USB Stick from the Qubes ISO image, then update the label on the partition of that USB stick to "BOOT", and then update the BOOT/EFI/BOOTX64.cfg file on the USB stick so that all labels point to BOOT. In more detail: @@ -42,7 +42,7 @@ In a nutshell, you need to use the Fedora livecd-tools to make a Qubes Installat That's it! You can now reboot the machine with the Qubes USB Installation stick attached, and press F12 to select it as the boot device at startup. Proceed to install Qubes OS normally. Enjoy! -## ThinkPads with Intel HD 3000 graphics ## +## Random reboots on ThinkPads with Intel HD 3000 graphics ## Several ThinkPad models have Intel HD 3000 graphics, including the T420s and the T520. Some users with these laptops have experienced random reboots, which were @@ -50,7 +50,7 @@ solved by adding `i915.enable_rc6=0` as a kernel parameter to `GRUB_CMDLINE_LINUX` in the file `/etc/default/grub` in dom0. -## Instructions for getting your Lenovo Thinkpad X201 & X200 laptop working with Qubes/Linux ## +## Can't boot the installer from a USB on Thinkpad X201 & X200 ## For being able to boot the installer from USB, you have to disable VT-d in the BIOS. Enter the BIOS by hitting F1, go to Config - CPU and then disable VT-d there. @@ -79,7 +79,7 @@ Then reboot, enter BIOS and re-enable VT-d. 2. Add the script to the startup-items of your desktop environment. -## Instructions for getting your Lenovo 450 laptop working with Qubes/Linux ## +## Can’t boot from USB stick on Lenovo 450 ## Lenovo 450 uses UEFI, so some settings are needed to get Qubes (or Fedora) to boot, otherwise Qubes install USB stick will reboot right after boot selector screen and not continue install. From 7fd6d050f6bf1d2989d3bca4937dab6e7564addc Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Tue, 3 Nov 2020 14:08:39 -0800 Subject: [PATCH 07/37] Add step for creating application shortcuts Closes #1071 --- user/common-tasks/software-update-domu.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user/common-tasks/software-update-domu.md b/user/common-tasks/software-update-domu.md index 1ddd1ffb..3bc6b44b 100644 --- a/user/common-tasks/software-update-domu.md +++ b/user/common-tasks/software-update-domu.md @@ -25,6 +25,8 @@ To permanently install new software in a TemplateVM: 3. Install software as normally instructed inside that operating system (e.g. using `dnf`, or the dedicated GUI application). 4. Shut down the TemplateVM. 5. Restart all [TemplateBasedVMs] based on the TemplateVM. + 6. (Optional) In the relevant [TemplateBasedVMs]' **Qube settings**, go to the **Applications** tab, select the new application(s) from the list, and press OK. + These new shortcuts will appear in the Applications Menu. ## Updating software in TemplateVMs From 8e65bbf62296eb1f29cb8968242f32bd873953bc Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Tue, 3 Nov 2020 14:17:40 -0800 Subject: [PATCH 08/37] Add screenshot and link to troubleshooting Also capitalize the "S" in "Qube Settings". Unfortunately, this is somewhat inconsistent between the Qube Manager and the Qubes Domains widget. Hopefully, capitalizing both words makes it clear that this is also the title of something, rather than the commonplace but erroneous capitalization of the term "qube" to refer to a VM. See QubesOS/qubes-issues#4723. This is a follow-up to #1071. --- user/common-tasks/software-update-domu.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/user/common-tasks/software-update-domu.md b/user/common-tasks/software-update-domu.md index 3bc6b44b..379e812c 100644 --- a/user/common-tasks/software-update-domu.md +++ b/user/common-tasks/software-update-domu.md @@ -25,8 +25,11 @@ To permanently install new software in a TemplateVM: 3. Install software as normally instructed inside that operating system (e.g. using `dnf`, or the dedicated GUI application). 4. Shut down the TemplateVM. 5. Restart all [TemplateBasedVMs] based on the TemplateVM. - 6. (Optional) In the relevant [TemplateBasedVMs]' **Qube settings**, go to the **Applications** tab, select the new application(s) from the list, and press OK. + 6. (Optional) In the relevant [TemplateBasedVMs]' **Qube Settings**, go to the **Applications** tab, select the new application(s) from the list, and press OK. These new shortcuts will appear in the Applications Menu. + (If you encounter problems, see [here][shortcuts] for troubleshooting.) + +![[The Applications tab in Qube Settings](/attachment/wiki/ManagingAppVmShortcuts/r4.1-dom0-appmenu-select.png)](/attachment/wiki/ManagingAppVmShortcuts/r4.1-dom0-appmenu-select.png) ## Updating software in TemplateVMs @@ -321,4 +324,5 @@ Note that the app will autostart only when the AppVM starts. If you would like t [service framework]: /doc/qubes-service/ [How to Reinstall a TemplateVM]: /doc/reinstall-template/ [installing contributed packages]: /doc/installing-contributed-packages/ +[shortcuts]: /doc/managing-appvm-shortcuts/ From 4e50924d3c9b42f9b5aa2d32d359dc842b6b1ff9 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Tue, 3 Nov 2020 14:23:31 -0800 Subject: [PATCH 09/37] Move "Managing AppVM Shortcuts" to Troubleshooting As mentioned in #1071, this page is really about troubleshooting. Reading this page normally shouldn't be required, so it doesn't really belong under "Common Tasks." The only exception to this would be non-Linux VMs for which a manual sync is required. That's one argument in favor of moving this under "Advanced Configuration" rather than "Troubleshooting," but at least half of this page is undeniably about troubleshooting. There's also a "behind the scenes" section at the end that belongs in the Developer Documentation. --- .../{common-tasks => troubleshooting}/managing-appvm-shortcuts.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename user/{common-tasks => troubleshooting}/managing-appvm-shortcuts.md (100%) diff --git a/user/common-tasks/managing-appvm-shortcuts.md b/user/troubleshooting/managing-appvm-shortcuts.md similarity index 100% rename from user/common-tasks/managing-appvm-shortcuts.md rename to user/troubleshooting/managing-appvm-shortcuts.md From 18be4c7e1fbbb1de32d31e9ef6745fe2923f0a51 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Tue, 3 Nov 2020 14:30:25 -0800 Subject: [PATCH 10/37] Move "Application Shortcuts" to Troubleshooting --- doc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc.md b/doc.md index dfb58635..a295c582 100644 --- a/doc.md +++ b/doc.md @@ -77,7 +77,6 @@ Core documentation for Qubes users. * [PCI Devices](/doc/pci-devices/) * [Device Handling](/doc/device-handling/) * [Optical Discs](/doc/optical-discs/) - * [Application Shortcuts](/doc/managing-appvm-shortcuts/) * [Fullscreen Mode](/doc/full-screen-mode/) ### Managing Operating Systems within Qubes @@ -123,6 +122,7 @@ Core documentation for Qubes users. * [Installation Troubleshooting](/doc/installation-troubleshooting) * [UEFI Troubleshooting](/doc/uefi-troubleshooting/) * [Suspend/Resume Troubleshooting](/doc/suspend-resume-troubleshooting/) + * [Application Shortcut Troubleshooting](/doc/managing-appvm-shortcuts/) * [VM Troubleshooting](/doc/vm-troubleshooting/) * [HVM Troubleshooting](/doc/hvm-troubleshooting/) * [Disk Troubleshooting](/doc/disk-troubleshooting/) From 0921e18e970df9877189571c6f43841d3d7c988a Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Tue, 3 Nov 2020 16:05:02 -0800 Subject: [PATCH 11/37] Explain why repos are enabled permanently Closes QubesOS/qubes-issues#4667 --- user/common-tasks/software-update-domu.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user/common-tasks/software-update-domu.md b/user/common-tasks/software-update-domu.md index 379e812c..86b126a5 100644 --- a/user/common-tasks/software-update-domu.md +++ b/user/common-tasks/software-update-domu.md @@ -110,6 +110,10 @@ sudo dnf config-manager --set-enabled rpmfusion-nonfree-updates sudo dnf upgrade --refresh ~~~ +This will permanently enable the RPM Fusion repos. +If you install software from here, it's important to keep these repos enabled so that you can receiving future updates. +If you only enable these repos temporarily to install a package the Qubes update mechanism may persistently notify you that updates are available, since it cannot download them. + ### Reverting changes to a TemplateVM From de87e984e0cda9e6180439f5b1c4d87ab7d8a607 Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Wed, 4 Nov 2020 03:14:31 +0100 Subject: [PATCH 12/37] Remove "missing firmware problem" link --- doc.md | 1 - 1 file changed, 1 deletion(-) diff --git a/doc.md b/doc.md index dfb58635..574a3512 100644 --- a/doc.md +++ b/doc.md @@ -275,7 +275,6 @@ For more, please see [Qubes Community Documentation](https://github.com/Qubes-Co ### Troubleshooting - * [Installing on system with new AMD GPU (missing firmware problem)](https://groups.google.com/group/qubes-devel/browse_thread/thread/e27a57b0eda62f76) * [How to install an Nvidia driver in dom0](/doc/install-nvidia-driver/) * [Nvidia troubleshooting guide](/doc/nvidia-troubleshooting/) * [Lenovo ThinkPad Troubleshooting](/doc/thinkpad-troubleshooting/) From b7821598a339fa493113693117ec5a11c97e4ed4 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Fri, 6 Nov 2020 12:29:42 -0800 Subject: [PATCH 13/37] Add prep section for installing PGP verification programs This is a first step toward improving the instructions for non-Linux users (QubesOS/qubes-issues#6191, #1076). --- project-security/verifying-signatures.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/project-security/verifying-signatures.md b/project-security/verifying-signatures.md index e5c9078d..28aabd51 100644 --- a/project-security/verifying-signatures.md +++ b/project-security/verifying-signatures.md @@ -52,6 +52,24 @@ There are three basic steps in this process: If you run into any problems, please consult the [Troubleshooting FAQ] below. + +### Preparation + +Before we begin, you'll need a program that can verify PGP signatures. +Any such program will do, but here are some examples for popular operating systems: + +**Windows:** [Gpg4win](https://gpg4win.org/download.html). +Use the Windows command line (`cmd.exe`) to enter commands. + +**Mac:** [GPG Suite](https://gpgtools.org/). +Open a terminal to enter commands. + +**Linux:** `gpg2` from your package manager or from [gnupg.org](https://gnupg.org/download/index.html). +Open a terminal to enter commands. + +The commands below will use `gpg2`, but if that doesn't work for you, try `gpg` instead. + + ### 1. Get the Qubes Master Signing Key and verify its authenticity Every file published by the Qubes Project (ISO, RPM, TGZ files and Git repositories) is digitally signed by one of the developer keys or Release Signing Keys. From 0bd2db66701eec22901163e29af8955f67ec8178 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 7 Nov 2020 22:59:55 -0800 Subject: [PATCH 14/37] Add documentation links and direct users to read them QubesOS/qubes-issues#6191 --- project-security/verifying-signatures.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/project-security/verifying-signatures.md b/project-security/verifying-signatures.md index 28aabd51..4c2a3dfb 100644 --- a/project-security/verifying-signatures.md +++ b/project-security/verifying-signatures.md @@ -58,16 +58,17 @@ If you run into any problems, please consult the [Troubleshooting FAQ] below. Before we begin, you'll need a program that can verify PGP signatures. Any such program will do, but here are some examples for popular operating systems: -**Windows:** [Gpg4win](https://gpg4win.org/download.html). +**Windows:** [Gpg4win](https://gpg4win.org/download.html) ([documentation](https://www.gpg4win.org/documentation.html)). Use the Windows command line (`cmd.exe`) to enter commands. -**Mac:** [GPG Suite](https://gpgtools.org/). +**Mac:** [GPG Suite](https://gpgtools.org/) ([documentation](https://gpgtools.tenderapp.com/kb)). Open a terminal to enter commands. -**Linux:** `gpg2` from your package manager or from [gnupg.org](https://gnupg.org/download/index.html). +**Linux:** `gpg2` from your package manager or from [gnupg.org](https://gnupg.org/download/index.html) ([documentation](https://www.gnupg.org/documentation/)). Open a terminal to enter commands. The commands below will use `gpg2`, but if that doesn't work for you, try `gpg` instead. +If that still doesn't work, please consult the documentation for your specific program (see links above). ### 1. Get the Qubes Master Signing Key and verify its authenticity From 3e9eaed285eec332d416b546155e85ffc15c0ddc Mon Sep 17 00:00:00 2001 From: donoban Date: Sun, 8 Nov 2020 22:49:27 +0100 Subject: [PATCH 15/37] Added note for disabled repositories --- user/managing-os/minimal-templates.md | 1 + 1 file changed, 1 insertion(+) diff --git a/user/managing-os/minimal-templates.md b/user/managing-os/minimal-templates.md index cc81268e..d16d5940 100644 --- a/user/managing-os/minimal-templates.md +++ b/user/managing-os/minimal-templates.md @@ -32,6 +32,7 @@ There are currently three Minimal TemplateVMs corresponding to the standard [Fed 3. The Minimal TemplateVMs are intentionally *minimal*. [Do not ask for your favorite package to be added to the minimal template by default.][pref-default] +4. In order to reduce unnecessary risk, unused repositories have been disabled by default. Check if you should enable some of them if some package fails to install but it works fine in the standard TemplateVM. ## Installation From 62b0a80086ad16b5931ccd7e7dd09eda939e51b4 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sun, 8 Nov 2020 18:57:23 -0800 Subject: [PATCH 16/37] Fix sentence --- user/managing-os/minimal-templates.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user/managing-os/minimal-templates.md b/user/managing-os/minimal-templates.md index d16d5940..2dff7c51 100644 --- a/user/managing-os/minimal-templates.md +++ b/user/managing-os/minimal-templates.md @@ -32,7 +32,8 @@ There are currently three Minimal TemplateVMs corresponding to the standard [Fed 3. The Minimal TemplateVMs are intentionally *minimal*. [Do not ask for your favorite package to be added to the minimal template by default.][pref-default] -4. In order to reduce unnecessary risk, unused repositories have been disabled by default. Check if you should enable some of them if some package fails to install but it works fine in the standard TemplateVM. +4. In order to reduce unnecessary risk, unused repositories have been disabled by default. + If you wish to install or update any packages from those repositories, you must enable them. ## Installation From cc3b1f82a95b00e2a370a55b823517baa190a6bb Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Thu, 12 Nov 2020 08:29:09 -0800 Subject: [PATCH 17/37] Improve instructions regarding QMSK authentication Inspired by a forum discussion: https://qubes-os.discourse.group/t/there-is-no-way-to-validate-qubes-master-signing-key/1441 --- project-security/verifying-signatures.md | 54 ++++++++++++++++-------- 1 file changed, 36 insertions(+), 18 deletions(-) diff --git a/project-security/verifying-signatures.md b/project-security/verifying-signatures.md index 4c2a3dfb..ad519fc6 100644 --- a/project-security/verifying-signatures.md +++ b/project-security/verifying-signatures.md @@ -92,38 +92,56 @@ There are several ways to get the Qubes Master Signing Key. $ gpg2 --import ./qubes-master-signing-key.asc - - Get it from a public [keyserver] (specified on first use with `--keyserver `, then saved in `~/.gnupg/gpg.conf`), e.g.: + - Get it from a public [keyserver] (specified on first use with `--keyserver ` along with keyserver options to include key signatures), e.g.: - $ gpg2 --keyserver pool.sks-keyservers.net --recv-keys 0x427F11FD0FAA4B080123F01CDDFA1A3E36879494 + $ gpg2 --keyserver-options no-self-sigs-only,no-import-clean --keyserver hkp://pool.sks-keyservers.net:11371 --recv-keys 0x427F11FD0FAA4B080123F01CDDFA1A3E36879494 The Qubes Master Signing Key is also available in the [Qubes Security Pack] and in the archives of the project's [developer][devel-master-key-msg] and [user][user-master-key-msg] [mailing lists]. -Once you have obtained the Qubes Master Signing Key, you should verify the fingerprint of this key very carefully by obtaining copies of the fingerprint from multiple independent sources and comparing them to the downloaded key's fingerprint to ensure they match. -Here are some ideas: - - - Use the PGP Web of Trust. - - Check the key against different keyservers. - - Use different search engines to search for the fingerprint. - - Use Tor to view and search for the fingerprint on various websites. - - Use various VPNs and proxy servers. - - Use different Wi-Fi networks (work, school, internet cafe, etc.). - - Ask people to post the fingerprint in various forums and chat rooms. - - Check against PDFs and photographs in which the fingerprint appears - (e.g., slides from a talk or on a T-shirt). - - Repeat all of the above from different computers and devices. +Once you have obtained the Qubes Master Signing Key, you must verify that it is authentic rather than a forgery. +Anyone can create a PGP key with the name "Qubes Master Signing Key," so you cannot rely on the name alone. +You also should not rely on any single website, not even over HTTPS. +So, what *should* you do? +One option is to use the PGP [Web of Trust](https://en.wikipedia.org/wiki/Web_of_trust). In addition, some operating systems have built-in keyrings containing keys capable of validating the Qubes Master Signing Key. For example, if you have a Debian system, then your keyring may already contain the necessary keys. -For additional security, we also publish the fingerprint of the Qubes Master Signing Key here (but [remember not to blindly trust the live version of this website][website-trust]): +Another option is to rely on the key's fingerprint. +Every PGP key has a fingerprint that uniquely identifies it among all PGP keys (viewable with `gpg2 --fingerprint `). +Therefore, if you know the genuine Qubes Master Signing Key fingerprint, then you always have an easy way to confirm whether any purported copy of it is authentic, simply by comparing the fingerprints. + +For example, here is the Qubes Master Signing Key fingerprint: pub 4096R/36879494 2010-04-01 Key fingerprint = 427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494 uid Qubes Master Signing Key -Once you're confident that you have the legitimate Qubes Master Signing Key, set its trust level to "ultimate" so that it can be used to automatically verify all the keys signed by the Qubes Master Signing Key (in particular, Release Signing Keys). +But how do you know that this is the real fingerprint? +After all, [this website could be compromised][website-trust], so the fingerprint you see here may not be genuine. +That's why we strongly suggest obtaining the fingerprint from *multiple, independent sources in several different ways*. - $ gpg2 --edit-key 0x36879494 +Here are some ideas for how to do that: + + - Download the key from different keyservers. + - Use different search engines to search for the fingerprint. + - Check the fingerprint on various websites (e.g., [mailing lists](https://groups.google.com/g/qubes-users/c/CLnB5uFu_YQ/m/ZjObBpz0S9UJ), [discussion forums](https://qubes-os.discourse.group/t/there-is-no-way-to-validate-qubes-master-signing-key/1441/9?u=adw), [social media posts](https://twitter.com/rootkovska/status/496976187491876864), [personal websites](https://andrewdavidwong.com/fingerprints.txt)). + - Check against PDFs, photographs, and videos in which the fingerprint appears + (e.g., [slides from a talk](https://hyperelliptic.org/PSC/slides/psc2015_qubesos.pdf), on a [T-shirt](https://twitter.com/legind/status/813847907858337793/photo/2), or in the [recording of a presentation](https://youtu.be/S0TVw7U3MkE?t=2563)). + - Download old Qubes ISOs from different sources and check the included Qubes Master Signing Key. + - Ask people to post the fingerprint on various mailing lists, forums, and chat rooms. + - Repeat the above over Tor. + - Repeat the above over various VPNs and proxy servers. + - Repeat the above on different networks (work, school, internet cafe, etc.). + - Text, email, call, video chat, snail mail, or meet up with people you know to confirm the fingerprint. + - Repeat the above from different computers and devices. + +Once you've obtained the fingerprint from enough independent sources in enough different ways that you feel confident that you know the genuine fingerprint, keep it in a safe place. +Every time you need to check whether a key claiming to be the Qubes Master Signing Key is authentic, compare that key's fingerprint to your trusted copy and confirm they match. + +Now that you've imported the authentic Qubes Master Signing Key, set its trust level to "ultimate" so that it can be used to automatically verify all the keys signed by the Qubes Master Signing Key (in particular, Release Signing Keys). + + $ gpg2 --edit-key 0x427F11FD0FAA4B080123F01CDDFA1A3E36879494 gpg (GnuPG) 1.4.18; Copyright (C) 2014 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. From 03e6dd2bdafa15fde11312066851ae9a22068be3 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Thu, 12 Nov 2020 08:53:32 -0800 Subject: [PATCH 18/37] Add more supporting links --- project-security/verifying-signatures.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/project-security/verifying-signatures.md b/project-security/verifying-signatures.md index ad519fc6..39eedd36 100644 --- a/project-security/verifying-signatures.md +++ b/project-security/verifying-signatures.md @@ -124,8 +124,8 @@ That's why we strongly suggest obtaining the fingerprint from *multiple, indepen Here are some ideas for how to do that: - Download the key from different keyservers. - - Use different search engines to search for the fingerprint. - - Check the fingerprint on various websites (e.g., [mailing lists](https://groups.google.com/g/qubes-users/c/CLnB5uFu_YQ/m/ZjObBpz0S9UJ), [discussion forums](https://qubes-os.discourse.group/t/there-is-no-way-to-validate-qubes-master-signing-key/1441/9?u=adw), [social media posts](https://twitter.com/rootkovska/status/496976187491876864), [personal websites](https://andrewdavidwong.com/fingerprints.txt)). + - Use different search engines to [search](https://duckduckgo.com/?q=%22427F+11FD+0FAA+4B08+0123+F01C+DDFA+1A3E+3687+9494%22) for the fingerprint. + - Check the fingerprint on various websites (e.g., [mailing lists](https://groups.google.com/g/qubes-users/c/CLnB5uFu_YQ/m/ZjObBpz0S9UJ), [discussion forums](https://qubes-os.discourse.group/t/there-is-no-way-to-validate-qubes-master-signing-key/1441/9?u=adw), [social](https://twitter.com/rootkovska/status/496976187491876864) [media](https://www.reddit.com/r/Qubes/comments/5bme9n/fingerprint_verification/), [personal websites](https://andrewdavidwong.com/fingerprints.txt)). - Check against PDFs, photographs, and videos in which the fingerprint appears (e.g., [slides from a talk](https://hyperelliptic.org/PSC/slides/psc2015_qubesos.pdf), on a [T-shirt](https://twitter.com/legind/status/813847907858337793/photo/2), or in the [recording of a presentation](https://youtu.be/S0TVw7U3MkE?t=2563)). - Download old Qubes ISOs from different sources and check the included Qubes Master Signing Key. From c9ce37b388048b10b517df65f8e9bf561598cf39 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Thu, 12 Nov 2020 08:55:51 -0800 Subject: [PATCH 19/37] Substitute older mailing list post with key attached --- project-security/verifying-signatures.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/project-security/verifying-signatures.md b/project-security/verifying-signatures.md index 39eedd36..6f0b346d 100644 --- a/project-security/verifying-signatures.md +++ b/project-security/verifying-signatures.md @@ -125,7 +125,7 @@ Here are some ideas for how to do that: - Download the key from different keyservers. - Use different search engines to [search](https://duckduckgo.com/?q=%22427F+11FD+0FAA+4B08+0123+F01C+DDFA+1A3E+3687+9494%22) for the fingerprint. - - Check the fingerprint on various websites (e.g., [mailing lists](https://groups.google.com/g/qubes-users/c/CLnB5uFu_YQ/m/ZjObBpz0S9UJ), [discussion forums](https://qubes-os.discourse.group/t/there-is-no-way-to-validate-qubes-master-signing-key/1441/9?u=adw), [social](https://twitter.com/rootkovska/status/496976187491876864) [media](https://www.reddit.com/r/Qubes/comments/5bme9n/fingerprint_verification/), [personal websites](https://andrewdavidwong.com/fingerprints.txt)). + - Check the fingerprint on various websites (e.g., [mailing lists](https://groups.google.com/g/qubes-devel/c/RqR9WPxICwg/m/kaQwknZPDHkJ), [discussion forums](https://qubes-os.discourse.group/t/there-is-no-way-to-validate-qubes-master-signing-key/1441/9?u=adw), [social](https://twitter.com/rootkovska/status/496976187491876864) [media](https://www.reddit.com/r/Qubes/comments/5bme9n/fingerprint_verification/), [personal websites](https://andrewdavidwong.com/fingerprints.txt)). - Check against PDFs, photographs, and videos in which the fingerprint appears (e.g., [slides from a talk](https://hyperelliptic.org/PSC/slides/psc2015_qubesos.pdf), on a [T-shirt](https://twitter.com/legind/status/813847907858337793/photo/2), or in the [recording of a presentation](https://youtu.be/S0TVw7U3MkE?t=2563)). - Download old Qubes ISOs from different sources and check the included Qubes Master Signing Key. From dca896aacddea719a4fbcafb29d8bbbdc81d8226 Mon Sep 17 00:00:00 2001 From: pierwill <19642016+pierwill@users.noreply.github.com> Date: Thu, 12 Nov 2020 21:19:11 -0800 Subject: [PATCH 20/37] Fix markdown links Fixes two malformed links in qrexec socket services doc. --- developer/services/qrexec-socket-services.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/developer/services/qrexec-socket-services.md b/developer/services/qrexec-socket-services.md index a98045eb..e15adc3d 100644 --- a/developer/services/qrexec-socket-services.md +++ b/developer/services/qrexec-socket-services.md @@ -223,8 +223,8 @@ echo -e 'policy.Ask dom0\0' | nc -U /etc/qubes-rpc/policy.Ask ## Further reading -* [Qrexec overview][qrexec](/doc/qrexec/) -* [Qrexec internals][qrexec](/doc/qrexec-internals/) +* [Qrexec overview](/doc/qrexec/) +* [Qrexec internals](/doc/qrexec-internals/) * [qubes-core-qrexec](https://github.com/QubesOS/qubes-core-qrexec/) repository - contains the above example * [systemd.socket](https://www.freedesktop.org/software/systemd/man/systemd.socket.html) - socket unit configuration * [Streams in Python asyncio](https://docs.python.org/3/library/asyncio-stream.html) From 371d5471a5bbbf6f730e3f548b7331df1d1598cb Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Thu, 12 Nov 2020 22:46:59 -0800 Subject: [PATCH 21/37] Remove keyserver and search engine ideas --- project-security/verifying-signatures.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/project-security/verifying-signatures.md b/project-security/verifying-signatures.md index 6f0b346d..6e6c0ca9 100644 --- a/project-security/verifying-signatures.md +++ b/project-security/verifying-signatures.md @@ -123,8 +123,6 @@ That's why we strongly suggest obtaining the fingerprint from *multiple, indepen Here are some ideas for how to do that: - - Download the key from different keyservers. - - Use different search engines to [search](https://duckduckgo.com/?q=%22427F+11FD+0FAA+4B08+0123+F01C+DDFA+1A3E+3687+9494%22) for the fingerprint. - Check the fingerprint on various websites (e.g., [mailing lists](https://groups.google.com/g/qubes-devel/c/RqR9WPxICwg/m/kaQwknZPDHkJ), [discussion forums](https://qubes-os.discourse.group/t/there-is-no-way-to-validate-qubes-master-signing-key/1441/9?u=adw), [social](https://twitter.com/rootkovska/status/496976187491876864) [media](https://www.reddit.com/r/Qubes/comments/5bme9n/fingerprint_verification/), [personal websites](https://andrewdavidwong.com/fingerprints.txt)). - Check against PDFs, photographs, and videos in which the fingerprint appears (e.g., [slides from a talk](https://hyperelliptic.org/PSC/slides/psc2015_qubesos.pdf), on a [T-shirt](https://twitter.com/legind/status/813847907858337793/photo/2), or in the [recording of a presentation](https://youtu.be/S0TVw7U3MkE?t=2563)). From 3e8e7cc6b4a9f5429dc32201434bb88de2ceb50b Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Fri, 13 Nov 2020 02:03:10 -0800 Subject: [PATCH 22/37] Improve template switching instructions --- user/managing-os/templates.md | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/user/managing-os/templates.md b/user/managing-os/templates.md index cf2137d7..bec48afe 100644 --- a/user/managing-os/templates.md +++ b/user/managing-os/templates.md @@ -117,11 +117,11 @@ If this doesn't work, please see [How to Remove VMs Manually]. If the Applications Menu entry doesn't go away after you uninstall a TemplateVM, execute the following type of command in dom0: - $ rm ~/.local/share/applications/ + $ rm ~/.local/share/applications/ Applications Menu entries for backups of removed VMs can also be found in `/usr/local/share/applications/` of dom0. - $ rm /usr/local/share/applications/ + $ rm /usr/local/share/applications/ ## Reinstalling @@ -137,24 +137,22 @@ When you install a new template or upgrade a clone of a template, it is recommen Applications Menu --> System Tools --> Qubes Global Settings --> Default template -2. Base AppVMs on the new template. +2. If your keyboard or mouse is connected through `sys-usb`, switch `sys-usb` to the new template. + (Note that this is a single command to ensure that `sys-usb` restarts. + If it does not, you will not be able to use your USB keyboard or mouse.) + + [user@dom0 ~]$ qvm-shutdown --wait sys-usb; qvm-prefs sys-usb template ; qvm-start sys-usb + +3. Base AppVMs on the new template. Applications Menu --> System Tools --> Qubes Template Manager -3. Base the [DisposableVM Template] on the new template. +4. Base the [DisposableVM Template] on the new template. - [user@dom0 ~]$ qvm-create -l red -t new-template new-template-dvm - [user@dom0 ~]$ qvm-prefs new-template-dvm template_for_dispvms True - [user@dom0 ~]$ qvm-features new-template-dvm appmenus-dispvm 1 - [user@dom0 ~]$ qubes-prefs default-dispvm new-template-dvm - -4. Updating the template for sys-usb if peripheral devices are dependent upon the VM - - If you are running Qubes on a desktop or other device where the peripheral devices such as keyboard / mouse / trackpad are dependent upon the sys-usb appVM then updating the template is a challenge. In this situation, you can use the following commands in a dom0 terminal window to update the templateVM. - - $ qvm-shutdown --wait sys-usb; qvm-prefs sys-usb template fedora-31; qvm-start sys-usb - - Be careful to run this set of commands as shown above (3 commands in a single line) because if the sys-usb VM does not start back up you may be locked out of your machine. + [user@dom0 ~]$ qvm-create -l red -t + [user@dom0 ~]$ qvm-prefs template_for_dispvms True + [user@dom0 ~]$ qvm-features appmenus-dispvm 1 + [user@dom0 ~]$ qubes-prefs default-dispvm ## Advanced From d2c9f07bbcd6a9c81839284b7536a9c040ed7794 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Fri, 13 Nov 2020 13:22:35 +0100 Subject: [PATCH 23/37] license: drop note about dual-licensing This was never enforced (and the way it's written is not enforceable). So, lets remove dead text. If we'd like to enforce something like this in the future, we'd need to require contributors signing CLA. But it wouldn't apply to past contributions anyway. --- developer/code/license.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/developer/code/license.md b/developer/code/license.md index 1a7879a2..7064d94c 100644 --- a/developer/code/license.md +++ b/developer/code/license.md @@ -14,8 +14,3 @@ Qubes OS License Qubes is a compilation of software packages, each under its own license. The compilation is made available under the GNU General Public License version 2. The full text of the GPL v2 license can be found [here](http://www.gnu.org/licenses/gpl-2.0.html). - -Note on rights to double-licensing of the Qubes code ----------------------------------------------------- - -Invisible Things Lab (ITL), who has funded and run the Qubes project since the beginning, and who has contributed the majority of Qubes-specific code (specifically: `core-*`, `gui-*`, and `qubes-*` repositories) would like to have a right to redistribute parts of this code under proprietary licenses. This is especially important for Qubes R3 and later, where the new architecture allows the creation of many editions of Qubes, using different hypervisors, some of which might not be open source. That's why we ask every developer who contributes code to Qubes project to grant ITL permission to reuse the code under a different license, and to express this consent by including the [standard signed-off line](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?id=HEAD#n416) in the commit. From e0f89ddaebc559fa4fa13cc2b0ef77d3f3d5f157 Mon Sep 17 00:00:00 2001 From: PROTechThor Date: Sat, 14 Nov 2020 06:26:22 +0100 Subject: [PATCH 24/37] Edit Sony Vaio Tinkering --- doc.md | 2 +- .../troubleshooting/sony-vaio-tinkering.md | 28 +++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) rename {user => external}/troubleshooting/sony-vaio-tinkering.md (60%) diff --git a/doc.md b/doc.md index 354c1b7a..6b95cd15 100644 --- a/doc.md +++ b/doc.md @@ -279,7 +279,7 @@ For more, please see [Qubes Community Documentation](https://github.com/Qubes-Co * [How to install an Nvidia driver in dom0](/doc/install-nvidia-driver/) * [Nvidia troubleshooting guide](/doc/nvidia-troubleshooting/) * [Apple MacBook Troubleshooting](/doc/macbook-troubleshooting/) - * [Getting Sony Vaio Z laptop to work with Qubes](/doc/sony-vaio-tinkering/) + * [Sony Vaio Troubleshooting](/doc/sony-vaio-tinkering/) * [Intel Integrated Graphics Troubleshooting](/doc/intel-igfx-troubleshooting/) ### Building Guides diff --git a/user/troubleshooting/sony-vaio-tinkering.md b/external/troubleshooting/sony-vaio-tinkering.md similarity index 60% rename from user/troubleshooting/sony-vaio-tinkering.md rename to external/troubleshooting/sony-vaio-tinkering.md index 022e8bfa..64e3df26 100644 --- a/user/troubleshooting/sony-vaio-tinkering.md +++ b/external/troubleshooting/sony-vaio-tinkering.md @@ -11,36 +11,37 @@ redirect_from: Instructions for getting your Sony Vaio Z laptop working with Qubes/Linux ========================================================================= -Sony Vaio Z are great laptops -- they are very powerful, yet compact. The newer models, starting from Z12 are, however, not very well supported by Linux kernels (at least 2.6.34 that we currently use in Dom0) and thus some tinkering is needed to get Qubes working on those machines. +The following issues were reported on Qubes 3.2 and may not be prevalent on Qubes 4.0. -Getting the graphics card working under Linux/Qubes OS ------------------------------------------------------- +Graphics card does not work +--------------------------- -Newer models of Sony Vaio Z come with an "intelligent" GPU switch, that automatically chooses either Intel Integrated GPU (IGD) or the discrete NVIDIA GPU. This confuses the Linux graphics so much, that in most cases won't even be able to install a regular Linux on such a machine. Unfortunately, moving the switch into the "Stamina" position apparently doesn't work, and the automatic GPU switching is still active. +Newer models of Sony Vaio Z come with an "intelligent" GPU switch, that automatically chooses either Intel Integrated GPU (IGD) or the discrete NVIDIA GPU. This confuses the Linux graphics so much, that in most cases, it won't even be able to install a regular Linux on such a machine. Unfortunately, moving the switch into the "Stamina" position apparently doesn't work, and the automatic GPU switching is still active. One solution that actually worked for me was to reflash the BIOS (I know, I know, this is scary) and to enable the so called "Advanced Menu" in the BIOS. This Advanced Menu allows you to choose the desired behaviour of the GPU switch, which in our case would be to set it to "Static" and then move the mechanical switch to the "Stamina" position, that enabled the Intel IGD (which is much better supported on Linux). -If you think you are ready to reflash you BIOS, here are the instructions that worked for me: - -[http://forum.notebookreview.com/sony/473226-insyde-hacking-new-vaio-z-advanced-menu-bios.html](http://forum.notebookreview.com/sony/473226-insyde-hacking-new-vaio-z-advanced-menu-bios.html) +If you think you are ready to reflash you BIOS, you can follow [these instructions](http://forum.notebookreview.com/sony/473226-insyde-hacking-new-vaio-z-advanced-menu-bios.html). **WARNING**: We take absolutely no responsibility that the BIOS reflashing instructions given at the referenced forum are 1) valid, 2) non-malicious, and 3) work at all. Do this step at your own risk. Keep in mind that reflashing your BIOS might yield your system unusable. If you don't feel like taking this risk (which is a reasonable state of mind), look for a different notebook, or ask Sony Support to enable this option for you. -In practice I have downloaded the BIOS-patching tools, run them in a VM on a BIOS image I extracted from my laptop, diffed the two versions, and concluded that it doesn't *seem* malicious, and then bravely applied tha patched image. If you don't know what are you doing, just get a different laptop, really! +In practice I have downloaded the BIOS-patching tools, run them in a VM on a BIOS image I extracted from my laptop, diffed the two versions, and concluded that it doesn't *seem* malicious, and then bravely applied that patched image. If you don't know what are you doing, just get a different laptop, really! On a side note, we should note that allowing anybody to reflash the BIOS is really a bad idea from a security point of view (Hello Evil Maids!). Shame on you, Sony! -Getting the touchpad working during installation ------------------------------------------------- +Touchpad does not work during installation +------------------------------------------ -In order to get the touchpad working during installation you should pass the **~~~i8042.nopnp=1~~~** option to the kernel before the installer starts. +In order to get the touchpad working during installation you should pass the `i8042.nopnp=1` option to the kernel before the installer starts: -\ +~~~ +sudo nano /etc/default/grub +GRUB_CMDLINE_LINUX_DEFAULT="i8042.nopnp=1" +~~~ Applying other fixes -------------------- -There are a few more fixes needed for Sony Vaio Z, and we have prepared a special package that you can install in Dom0 that applies them all. After the installation is complete, open console in Dom0 and do the following: +There are a few more fixes needed for Sony Vaio Z, and we have prepared a special package that you can install in dom0 that applies them all. After the installation is complete, open a console in dom0 and do the following: ~~~ $ sudo bash @@ -55,4 +56,3 @@ This script takes care about the following: - Adding special option for the sound module (so you can get sound) - Adding pm-suspend scripts that take care about restoring your screen after resume -... now, having done this all, you will surely feel unprecedented satisfaction and you will love your Vaio very much! ;) From 2711404f7d1e1d8525c2662e58bb608906070001 Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Sat, 14 Nov 2020 06:32:10 +0100 Subject: [PATCH 25/37] Change word --- external/troubleshooting/sony-vaio-tinkering.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/external/troubleshooting/sony-vaio-tinkering.md b/external/troubleshooting/sony-vaio-tinkering.md index 64e3df26..34e4552f 100644 --- a/external/troubleshooting/sony-vaio-tinkering.md +++ b/external/troubleshooting/sony-vaio-tinkering.md @@ -24,7 +24,7 @@ If you think you are ready to reflash you BIOS, you can follow [these instructio **WARNING**: We take absolutely no responsibility that the BIOS reflashing instructions given at the referenced forum are 1) valid, 2) non-malicious, and 3) work at all. Do this step at your own risk. Keep in mind that reflashing your BIOS might yield your system unusable. If you don't feel like taking this risk (which is a reasonable state of mind), look for a different notebook, or ask Sony Support to enable this option for you. -In practice I have downloaded the BIOS-patching tools, run them in a VM on a BIOS image I extracted from my laptop, diffed the two versions, and concluded that it doesn't *seem* malicious, and then bravely applied that patched image. If you don't know what are you doing, just get a different laptop, really! +In practice I have downloaded the BIOS-patching tools, run them in a VM on a BIOS image I extracted from my laptop, diffed the two versions, and concluded that it doesn't *seem* malicious, and then bravely applied the patched image. If you don't know what are you doing, just get a different laptop, really! On a side note, we should note that allowing anybody to reflash the BIOS is really a bad idea from a security point of view (Hello Evil Maids!). Shame on you, Sony! From fdcaadaeec4d91edc01bdfd8774c9e27de04260d Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 14 Nov 2020 00:16:13 -0800 Subject: [PATCH 26/37] Add info about distribution-gpg-keys; clarify section Thank you to Andrew Clausen for pointing out this package. --- project-security/verifying-signatures.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/project-security/verifying-signatures.md b/project-security/verifying-signatures.md index 6e6c0ca9..758ea596 100644 --- a/project-security/verifying-signatures.md +++ b/project-security/verifying-signatures.md @@ -104,8 +104,9 @@ You also should not rely on any single website, not even over HTTPS. So, what *should* you do? One option is to use the PGP [Web of Trust](https://en.wikipedia.org/wiki/Web_of_trust). -In addition, some operating systems have built-in keyrings containing keys capable of validating the Qubes Master Signing Key. -For example, if you have a Debian system, then your keyring may already contain the necessary keys. +In addition, some operating systems include the means to acquire the Qubes Master Signing Key in a secure way. +For example, on Fedora, `dnf install distribution-gpg-keys` will get you the Qubes Master Signing Key along with several other Qubes keys. +On Debian, your keyring may already contain the necessary keys. Another option is to rely on the key's fingerprint. Every PGP key has a fingerprint that uniquely identifies it among all PGP keys (viewable with `gpg2 --fingerprint `). From 8452712d308c4faf61b2637406f1149ec8a48b79 Mon Sep 17 00:00:00 2001 From: Enjeck Cleopatra <32180937+PROTechThor@users.noreply.github.com> Date: Sat, 14 Nov 2020 18:55:41 +0100 Subject: [PATCH 27/37] Add Multiboot Troubleshooting link --- doc.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc.md b/doc.md index 6b95cd15..9c8b3e0d 100644 --- a/doc.md +++ b/doc.md @@ -281,6 +281,7 @@ For more, please see [Qubes Community Documentation](https://github.com/Qubes-Co * [Apple MacBook Troubleshooting](/doc/macbook-troubleshooting/) * [Sony Vaio Troubleshooting](/doc/sony-vaio-tinkering/) * [Intel Integrated Graphics Troubleshooting](/doc/intel-igfx-troubleshooting/) + * [Multiboot Troubleshooting](/doc/multiboot/#troubleshooting) ### Building Guides From 2062b31502fb24c9d9c9738de85f13de5fedea3f Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 14 Nov 2020 18:25:13 -0800 Subject: [PATCH 28/37] Add Fedora and Debian methods for acquiring the QMSK Thanks to Andrew Clausen for the suggestion. --- project-security/verifying-signatures.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/project-security/verifying-signatures.md b/project-security/verifying-signatures.md index 758ea596..3fc877db 100644 --- a/project-security/verifying-signatures.md +++ b/project-security/verifying-signatures.md @@ -84,6 +84,12 @@ There are several ways to get the Qubes Master Signing Key. $ gpg2 --import /usr/share/qubes/qubes-master-key.asc + - If you're on Fedora, you can get it in the `distribution-gpg-keys` package: + + $ dnf install distribution-gpg-keys + + - If you're on Debian, it may already be included in your keyring. + - Fetch it with GPG: $ gpg2 --fetch-keys https://keys.qubes-os.org/keys/qubes-master-signing-key.asc From 968e4a378fbb9abbd1d4bb3e791512b49e2d25e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Pierret=20=28fepitre=29?= Date: Sun, 15 Nov 2020 09:36:14 +0100 Subject: [PATCH 29/37] Add .gitlab-ci.yml --- .gitlab-ci.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 00000000..68adf784 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,5 @@ +include: + - https://raw.githubusercontent.com/QubesOS/qubes-continuous-integration/master/gitlab-website.yml + +build:doc: + extends: .website From 6da63e3878089c9a68b50397f33594e7906c0397 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 16 Nov 2020 02:14:26 -0800 Subject: [PATCH 30/37] Improve cross-linking between pages --- user/advanced-configuration/disposablevm-customization.md | 6 +++--- user/reference/glossary.md | 6 ++++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/user/advanced-configuration/disposablevm-customization.md b/user/advanced-configuration/disposablevm-customization.md index 1e14eddd..35680337 100644 --- a/user/advanced-configuration/disposablevm-customization.md +++ b/user/advanced-configuration/disposablevm-customization.md @@ -15,9 +15,9 @@ redirect_from: ## Introduction -A DisposableVM (previously known as a "DispVM") in can be based on any TemplateBasedVM. -You can also choose to use different DisposableVM Templates for different DisposableVMs. -To prepare AppVM to be a DisposableVM Template, you need to set `template_for_dispvms` property, for example: +A [DisposableVM](/doc/disposablevm) can be based on any [TemplateBasedVM](/doc/glossary/#templatebasedvm). +You can also choose to use different [DisposableVM Templates](/doc/glossary/#disposablevm-template) for different DisposableVMs. +To prepare an AppVM to be a DisposableVM Template, you need to set `template_for_dispvms` property, for example: [user@dom0 ~]$ qvm-prefs fedora-26-dvm template_for_dispvms True diff --git a/user/reference/glossary.md b/user/reference/glossary.md index 9f01fb71..2358aa14 100644 --- a/user/reference/glossary.md +++ b/user/reference/glossary.md @@ -119,8 +119,9 @@ FirewallVM FirewallVMs, as defined here, no longer exist in Qubes 4.0 or later (see [here][pr-748] for technical details).* Firewall Virtual Machine. -A type of [ProxyVM](#proxyvm) that is used to enforce network-level policies (a.k.a. "firewall rules"). +A type of [ProxyVM](#proxyvm) that is used to enforce network-level policies (a.k.a. "firewall rules"). A FirewallVM called `sys-firewall` is created by default in most Qubes installations. +Also see [Qubes Firewall](/doc/firewall/). DisposableVM ------------ @@ -191,7 +192,8 @@ This allows for optimal performance on guest operating systems such as Windows. Windows Tools ----- -Qubes Windows Tools are a set of programs and drivers that provide integration of Windows [AppVMs](#appvm) with the rest of the Qubes system. +[Qubes Windows Tools](/doc/windows-tools/) (QWT) are a set of programs and drivers that provide integration of Windows [AppVMs](#appvm) with the rest of the Qubes system. +Also see [Windows](/doc/windows/). QWT ---- From 84dcf72aec36db9c20a66706a686c44d0750b1b7 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 16 Nov 2020 03:54:14 -0800 Subject: [PATCH 31/37] Improve "copying" documentation --- user/common-tasks/copy-from-dom0.md | 84 +++++++++++++++-------------- user/common-tasks/copy-paste.md | 66 +++++++++++------------ user/common-tasks/copying-files.md | 56 ++++++++++--------- 3 files changed, 105 insertions(+), 101 deletions(-) diff --git a/user/common-tasks/copy-from-dom0.md b/user/common-tasks/copy-from-dom0.md index 67c8fe89..dfe2e467 100644 --- a/user/common-tasks/copy-from-dom0.md +++ b/user/common-tasks/copy-from-dom0.md @@ -9,67 +9,71 @@ redirect_from: - /wiki/CopyToDomZero/ --- -Copying from (and to) dom0 -========================== +# Copying from (and to) dom0 -Copying **from** dom0 ---------------------- +This page covers copying files and clipboard text between [dom0](/doc/glossary/#dom0) and [domUs](/doc/glossary/#domu). +Since dom0 is special, the processes are different from [copying and pasting text between qubes](/doc/copy-paste/) and [copying and moving files between qubes](/doc/copying-files/). -To copy a file from dom0 to a VM (domU), simply use `qvm-copy-to-vm`: +## Copying **from** dom0 -~~~ -qvm-copy-to-vm -~~~ +### Copying files from dom0 -The file will arrive in your destination VM in the `~/QubesIncoming/dom0/` directory. +To copy a file from dom0 to a VM, simply use `qvm-copy-to-vm`: -### Copying logs from dom0 ### + qvm-copy-to-vm + +The file will arrive in the target VM in the `/home/user/QubesIncoming/dom0/` directory. + +### Copying and pasting clipboard text from dom0 + +Use the **Qubes Clipboard** widget: + + 1. Copy text to the clipboard normally in dom0 (e.g., by pressing Ctrl+C). + + 2. Click the **Qubes Clipboard** icon in the Notification Area. + + 3. Click "Copy dom0 clipboard". + This displays a notification that text has been copied to the inter-qube clipboard. + + 4. Press Ctrl+Shift+V in the target qube. + This pastes the inter-qube clipboard contents into the target qube's normal clipboard. + + 5. Paste normally within that qube (e.g., by pressing Shift+V). + +Alternatively, you can put your text in a file, then [copy it as a file](#copying-files-from-dom0). +Or, you can write the data you wish to copy into `/var/run/qubes/qubes-clipboard.bin`, then `echo -n dom0 > /var/run/qubes/qubes-clipboard.bin.source`. +Then use Ctrl+Shift+V to paste the data to the target qube. + +### Copying logs from dom0 In order to easily copy/paste the contents of logs from dom0 to the inter-VM clipboard, you can simply: -1. Right-click on the desired VM in the Qubes VM Manager. -2. Click "Logs." -3. Click on the desired log. -4. Click "Copy to Qubes clipboard." + 1. Right-click on the desired qube in the Qube Manager. -You may now paste the log contents to any VM as you normally would (i.e., Ctrl-Shift-V, then Ctrl-V). + 2. Click "Logs." -### Copy/paste from dom0 ### + 3. Click on the desired log. -For data other than logs, there are several options: + 4. Click "Copy to Qubes clipboard." -1. Use the **Qubes Clipboard** widget: - - Copy text to the clipboard normally in dom0. - - Click the **Qubes Clipboard** icon in the Notification Area. - - Click "Copy dom0 clipboard". - - Receive a notification that text has been copied to the inter-qube clipboard. - - Press Ctrl + Shift + V in a qube to paste into the desired qube's clipboard. - - Paste normally within that qube. -2. Copy it as a file (see above) -3. Write the data you wish to copy into `/var/run/qubes/qubes-clipboard.bin`, then `echo -n dom0 > /var/run/qubes/qubes-clipboard.bin.source`. - Then use Ctrl-Shift-V to paste the data to the desired VM. +You may now paste the log contents in qube as you normally would (e.g., Ctrl+Shift+V, then Ctrl+V). -Copying **to** dom0 -------------------- +## Copying **to** dom0 Copying anything into dom0 is not advised, since doing so can compromise the security of your Qubes system. -For this reason, there is no simple means of copying anything into dom0, unlike [copying from dom0](#copying-from-dom0) and [copying files between VMs](/doc/copying-files/). +For this reason, there is no simple means of copying anything into dom0, unlike [copying from dom0](#copying-from-dom0). -There should normally be few reasons for the user to want to copy anything from VMs to dom0, as dom0 only acts as a "thin trusted terminal", and no user applications run there. -One possible use-case for this is if we want to use a desktop wallpaper in dom0 we have located in one of our AppVMs (e.g. in the 'personal' AppVM where we got the wallpaper from our camera or downloaded it from the Internet). -While this use-case is understandable, imagine what would happen if the wallpaper (e.g. a JPEG file) was somehow malformed or malicious and attempted to exploit a hypothetical JPEG parser bug in dom0 code (e.g. in the dom0's Xorg/KDE code that parses the wallpaper and displays it). +There should normally be few reasons for the user to want to copy anything from domUs to dom0, as dom0 only acts as a "thin trusted terminal", and no user applications run there. +Sometimes, new users feel the urge to copy a desktop wallpaper image into dom0, but that is not necessary. +A safer approach is simply to display the image in [full-screen mode](/doc/full-screen-mode/) in an AppVM, then take a screenshot from dom0, which results in exactly the image needed for a wallpaper, created securely and natively in dom0. If you are determined to copy some files to dom0 anyway, you can use the following method. (If you want to copy text, first save it into a text file.) Run this command in a dom0 terminal: -~~~ -qvm-run --pass-io 'cat /path/to/file_in_src_domain' > /path/to/file_name_in_dom0 -~~~ + qvm-run --pass-io 'cat /path/to/file_in_src_domain' > /path/to/file_name_in_dom0 -Note that you can use the same method to copy files from dom0 to VMs (if, for some reason, you don't want to use `qvm-copy-to-vm`): +Note that you can use the same method to copy files from dom0 to domUs (if, for some reason, you don't want to use `qvm-copy-to-vm`): -~~~ -cat /path/to/file_in_dom0 | qvm-run --pass-io 'cat > /path/to/file_name_in_appvm' -~~~ + cat /path/to/file_in_dom0 | qvm-run --pass-io 'cat > /path/to/file_name_in_appvm' diff --git a/user/common-tasks/copy-paste.md b/user/common-tasks/copy-paste.md index e2d7baeb..03c9b5ed 100644 --- a/user/common-tasks/copy-paste.md +++ b/user/common-tasks/copy-paste.md @@ -1,6 +1,6 @@ --- layout: doc -title: Copy and Paste +title: Copying and pasting text between qubes permalink: /doc/copy-paste/ redirect_from: - /en/doc/copy-paste/ @@ -8,51 +8,49 @@ redirect_from: - /wiki/CopyPaste/ --- -Copy and Paste between domains -============================== +Copying and pasting text between qubes +====================================== -Qubes fully supports secure copy and paste operation between domains. -In order to copy a clipboard from domain A to domain B, follow those steps: +*This page is about copying and pasting plain text. +If you wish to copy more complex data, such as rich text or images, see [copying and moving files between qubes](/doc/copying-files/). +For dom0, see [copying from (and to) dom0](/doc/copy-from-dom0/).* -1. Click on the application window in domain A where you have selected text for copying. - Then use the *app-specific* hot-key (or menu option) to copy this into domain's local clipboard (in other words: do the copy operation as usual, in most cases by pressing Ctrl-C). -2. Then (when the app in domain A is still in focus) press Ctrl-Shift-C magic hot-key. - This will tell Qubes that we want to select this domain's clipboard for *global copy* between domains. -3. Now select the destination app, running in domain B, and press Ctrl-Shift-V, another magic hot-key that will tell Qubes to make the clipboard marked in the previous step available to apps running in domain B. - This step is necessary because it ensures that only domain B will get access to the clipboard copied from domain A, and not any other domain that might be running in the system. -4. Now, in the destination app use the app-specific key combination (usually Ctrl-V) for pasting the clipboard. +Qubes OS features a secure inter-qube clipboard that allows you to copy and paste text between qubes. -Note that the global clipboard will be cleared after step \#3, to prevent accidental leakage to another domain, if the user accidentally pressed Ctrl-Shift-V later. +In order to copy text from qube A to qube B: -This 4-step process might look complex, but after some little practice it really is very easy and fast. -At the same time it provides the user with full control over who has access to the clipboard. + 1. Select text from the source app in qube A, then copy it normally (e.g., by pressing Ctrl+C). -Note that only simple plain text copy/paste is supported between AppVMs. -This is discussed in a bit more detail in [this message](https://groups.google.com/group/qubes-devel/msg/57fe6695eb8ec8cd). + 2. With the source app in qube A still in focus, press Ctrl+Shift+C. + This copies the text from qube A's clipboard to the inter-qube clipboard. -On Copy/Paste Security ----------------------- + 3. Select the target app in qube B and press Ctrl+Shift+V. + This copies the text from the inter-qube clipboard to qube B's clipboard and clears the inter-qube clipboard, ensuring that only qube B will have access to the copied text. -The scheme is *secure* because it doesn't allow other VMs to steal the content of the clipboard. -However, one should keep in mind that performing a copy and paste operation from *less trusted* to *more trusted* domain can always be potentially insecure, because the data that we insert might potentially try to exploit some hypothetical bug in the destination VM (e.g. -the seemingly innocent link that we copy from untrusted domain, might turn out to be, in fact, a large buffer of junk that, when pasted into the destination VM's word processor could exploit a hypothetical bug in the undo buffer). -This is a general problem and applies to any data transfer between *less trusted to more trusted* domains. -It even applies to copying files between physically separate machines (air-gapped) systems. -So, you should always copy clipboard and data only from *more trusted* to *less trusted* domains. + 4. Paste the text in the target app in qube B normally (e.g., by pressing Ctrl+V). -See also [this article](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) for more information on this topic, and some ideas of how we might solve this problem in some future version of Qubes. +This process might look complicated at first glance, but in practice it is actually very easy and fast once you get used to it. +At the same time, it provides you with full control over exactly which qube receives the content of the inter-qube clipboard every time. -And [this message](https://groups.google.com/group/qubes-devel/msg/48b4b532cee06e01) from qubes-devel. +Security +-------- -Copy/Paste between dom0 and other domains ------------------------------------------ +The inter-qube clipboard system is secure because it doesn't allow any qube other than your selected target to steal any contents from the inter-qube clipboard. +Without such a system in place, any password you were to copy from the password manager in your vault qube to another qube, for example, would immediately be leaked to every other running qube in the system, including qubes that are untrusted by default, such as `sys-net`. +By giving you precise control over exactly which qube receives the inter-qube clipboard content, then immediately wiping the inter-qube clipboard afterward, Qubes OS protects the confidentiality of the text being copied. -See ["Copying from (and to) dom0"](/doc/copy-from-dom0/). +However, one should keep in mind that performing a copy and paste operation from *less trusted* to *more trusted* qube is always potentially insecure, since the data that we copy could exploit some hypothetical bug in the target qube. +For example, the seemingly-innocent link that we copy from an untrusted qube could turn out to be a large buffer of junk that, when pasted into the target qube's word processor, could exploit a hypothetical bug in the undo buffer. +This is a general problem and applies to any data transfer from *less trusted* to *more trusted* qubes. +It even applies to copying files between physically separate (air-gapped) machines. +Therefore, you should always copy clipboard data only from *more trusted* to *less trusted* qubes. + +See also [this article](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) for more information on this topic, and some ideas of how we might solve this problem in some future version of Qubes, as wlel as [this message](https://groups.google.com/group/qubes-devel/msg/48b4b532cee06e01) from qubes-devel. Clipboard automatic policy enforcement -------------------------------------- -The Qubes clipboard [RPC policy] is configurable in: +The Qubes clipboard [RPC policy](/doc/rpc-policy/) is configurable in: ~~~ /etc/qubes-rpc/policy/qubes.ClipboardPaste @@ -66,7 +64,7 @@ For example, if you are certain that you never wish to paste *into* your "vault" @anyvm @anyvm ask ~~~ -Shortcut Configuration +Shortcut configuration ---------------------- The copy/paste shortcuts are configurable in: @@ -78,7 +76,3 @@ The copy/paste shortcuts are configurable in: If you edit a line in this file, you must uncomment it (by removing the initial `#` character), or else it will have no effect. VMs need to be restarted in order for changes in `/etc/qubes/guid.conf` to take effect. - - -[RPC policy]: /doc/rpc-policy/ - diff --git a/user/common-tasks/copying-files.md b/user/common-tasks/copying-files.md index 21688795..9db80673 100644 --- a/user/common-tasks/copying-files.md +++ b/user/common-tasks/copying-files.md @@ -1,6 +1,6 @@ --- layout: doc -title: Copying Files between qubes +title: Copying and moving files between qubes permalink: /doc/copying-files/ redirect_from: - /en/doc/copying-files/ @@ -8,31 +8,34 @@ redirect_from: - /wiki/CopyingFiles/ --- -Copying files and folders between qubes -============================= +Copying and moving files between qubes +====================================== -Qubes also supports secure copying of files and folders between qubes. -These instructions refer to file(s) but equally apply to copying folders. +*This page is about copying and moving files. +If you wish to simply copy and paste text, that can be done more easily using the inter-qube clipboard. +See [copying and pasting text between qubes](/doc/copy-paste/). +For dom0, see [copying from (and to) dom0](/doc/copy-from-dom0/).* -In order to copy file(s) from qube A to qube B, follow these steps: +Qubes OS supports the secure copying and moving of files and directories (folders) between qubes. -GUI ---- +For simplicity, these instructions will refer to copying/moving a single file, but they apply equally well to groups of files and directories, which are copied recursively. -1. Open file manager in the source qube (qube A), choose file(s) that you wish to copy, and right click on the selection, and choose `Copy to another AppVM` + 1. Open a file manager in the qube containing the file you wish to copy (the source qube), right-click on the file you wish to copy or move, and select `Copy to Other AppVM...` or `Move to Other AppVM...`. -2. A dialog box will appear asking for the name of the destination qube (qube B). + 2. A dialog box will appear in dom0 asking for the name of the target qube (qube B). + Enter or select the desired destination qube name. -3. A confirmation dialog box will appear(this will be displayed by Dom0, so none of the qubes can fake your consent). - After you click ok, qube B will be started if it is not already running, the file copy operation will start, and the files will be copied into the following folder in qube B: + 3. If the target qube is not already running, it will be started automatically, and the file will be copied there. + It will show up in this directory (which will automatically be created if it does not already exist): - `/home/user/QubesIncoming/` + /home/user/QubesIncoming// -4. You can now move them whenever you like in the qube B filesystem using the file manager there. + If you selected **Move** rather than **Copy**, the original file in the source qube will be deleted. + (Moving a file is equivalent to copying the file, then deleting the original.) + 4. If you wish, you may now move the file in the target qube to a different directory and delete the `/home/user/QubesIncoming/` directory when no longer needed. -CLI ---- +The same operations are also available via these command-line tools: ``` qvm-copy [--without-progress] file [file]+ @@ -42,18 +45,21 @@ qvm-copy [--without-progress] file [file]+ qvm-move [--without-progress] file [file]+ ``` +Security +-------- -On inter-qube file copy security ----------------------------------- - -The scheme is *secure* because it doesn't allow other qubes to steal the files that are being copied, and also doesn't allow the source qube to overwrite arbitrary files on the destination qube. -Also, Qubes's file copy scheme doesn't use any sort of virtual block devices for file copy -- instead we use Xen shared memory, which eliminates lots of processing of untrusted data. +The inter-qube file copy system is secure because it doesn't allow other qubes to steal the files that are being copied, and it doesn't allow the source qube to overwrite arbitrary files on the destination qube. +Moreover, this system doesn't use any sort of virtual block device for file copy. +Instead, we use Xen shared memory, which eliminates a lot of processing of untrusted data. For example, the receiving qube is *not* forced to parse untrusted partitions or file systems. -In this respect our file copy mechanism provides even more security than file copy between two physically separated (air-gapped) machines! +In this respect, the inter-qube file copy system provides even more security than file copy between two physically separated (air-gapped) machines! +(See [Software compartmentalization vs. physical separation](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) for more on this.) -However, one should keep in mind that performing a data transfer from *less trusted* to *more trusted* qubes can always be potentially insecure, because the data that we insert might potentially try to exploit some hypothetical bug in the destination qube (e.g. a seemingly innocent JPEG that we copy from an untrusted qube might contain a specially crafted exploit for a bug in JPEG parsing application in the destination qube). -This is a general problem and applies to any data transfer between *less trusted to more trusted* qubes. +However, one should keep in mind that performing a data transfer from *less trusted* to *more trusted* qubes is always potentially insecure if the data will be parsed in the target qube. +This is because the data that we copy could try to exploit some hypothetical bug in software running in the target qube. +For example, a seemingly-innocent JPEG that we copy from an untrusted qube might contain a specially-crafted exploit for a bug in a JPEG-parsing application in the target qube. +This is a general problem and applies to any data transfer from *less trusted* to *more trusted* qubes. It even applies to the scenario of copying files between air-gapped machines. -So, you should always copy data only from *more trusted* to *less trusted* qubes. +Therefore, you should always copy data only from *more trusted* to *less trusted* qubes. See also [this article](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) for more information on this topic, and some ideas of how we might solve this problem in some future version of Qubes. From 2535c3a3d1ddcbcca91d5ae1e9bddebb06dcaab8 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 16 Nov 2020 04:09:33 -0800 Subject: [PATCH 32/37] Link to dom0 glossary entry --- user/common-tasks/software-update-dom0.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user/common-tasks/software-update-dom0.md b/user/common-tasks/software-update-dom0.md index 4512605a..daecefbb 100644 --- a/user/common-tasks/software-update-dom0.md +++ b/user/common-tasks/software-update-dom0.md @@ -10,7 +10,7 @@ redirect_from: # Installing and updating software in dom0 -Updating dom0 is one of the main steps in [Updating Qubes OS]. +Updating [dom0] is one of the main steps in [Updating Qubes OS]. It is very important to keep dom0 up-to-date with the latest [security] updates. We also publish dom0 updates for various non-security bug fixes and enhancements to Qubes components. In addition, you may wish to update the kernel, drivers, or libraries in dom0 when [troubleshooting newer hardware]. @@ -218,6 +218,7 @@ For example: sys-whonix. Qubes VM Manager -> System -> Global Settings -> UpdateVM -> sys-whonix +[dom0]: /doc/glossary/#dom0 [Updating Qubes OS]: /doc/updating-qubes-os/ [security]: /security/ [testing]: /doc/testing/ From f5cb15d1a3a69dfc49f880fc75844c23a8f7c334 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 16 Nov 2020 04:54:31 -0800 Subject: [PATCH 33/37] Fix typo --- user/common-tasks/copy-paste.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/common-tasks/copy-paste.md b/user/common-tasks/copy-paste.md index 03c9b5ed..fc27067e 100644 --- a/user/common-tasks/copy-paste.md +++ b/user/common-tasks/copy-paste.md @@ -45,7 +45,7 @@ This is a general problem and applies to any data transfer from *less trusted* t It even applies to copying files between physically separate (air-gapped) machines. Therefore, you should always copy clipboard data only from *more trusted* to *less trusted* qubes. -See also [this article](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) for more information on this topic, and some ideas of how we might solve this problem in some future version of Qubes, as wlel as [this message](https://groups.google.com/group/qubes-devel/msg/48b4b532cee06e01) from qubes-devel. +See also [this article](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) for more information on this topic, and some ideas of how we might solve this problem in some future version of Qubes, as well as [this message](https://groups.google.com/group/qubes-devel/msg/48b4b532cee06e01) from qubes-devel. Clipboard automatic policy enforcement -------------------------------------- From 31d28d0ad2f2277212e31b9eb6f77fd4a0469eba Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 16 Nov 2020 05:00:24 -0800 Subject: [PATCH 34/37] Update links --- user/security-in-qubes/split-gpg.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user/security-in-qubes/split-gpg.md b/user/security-in-qubes/split-gpg.md index 2dff3068..9a1c1431 100644 --- a/user/security-in-qubes/split-gpg.md +++ b/user/security-in-qubes/split-gpg.md @@ -378,8 +378,8 @@ As always, exercise caution and use your good judgment.) [intro]: #what-is-split-gpg-and-why-should-i-use-it-instead-of-the-standard-gpg [se-pinentry]: https://unix.stackexchange.com/a/379373 [​subkeys]: https://wiki.debian.org/Subkeys -[copied]: /doc/copying-files#on-inter-qube-file-copy-security -[pasted]: /doc/copy-paste#on-copypaste-security +[copied]: /doc/copying-files#security +[pasted]: /doc/copy-paste#security [​MUA]: https://en.wikipedia.org/wiki/Mail_user_agent [covert channels]: /doc/data-leaks [trusting-templates]: /doc/templates/#trusting-your-templatevms From 17021f6cb7f4b46703ac84808bf047a5ed280314 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Wed, 18 Nov 2020 22:26:22 -0800 Subject: [PATCH 35/37] Update doc guidelines regarding HTML, CSS, and images --- developer/general/doc-guidelines.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/developer/general/doc-guidelines.md b/developer/general/doc-guidelines.md index 55f8d9a8..04c327a4 100644 --- a/developer/general/doc-guidelines.md +++ b/developer/general/doc-guidelines.md @@ -126,6 +126,8 @@ To add an image to a page, use the following syntax in the main document: ``` Then, submit your image(s) in a separate pull request to the [qubes-attachment] repository using the same path and filename. +This is the only permitted way to include images. +Do not link to images on other websites. Version-specific Documentation @@ -248,6 +250,11 @@ All the documentation is written in Markdown for maximum accessibility. When making contributions, please try to observe the following style conventions: * Use spaces instead of tabs. + * Do not write HTML inside Markdown documents (except in rare, unavoidable cases, such as alerts). + In particular, never include HTML or CSS for styling, formatting, or white space control. + That belongs in the (S)CSS files instead. + * Link only to images in [qubes-attachment] (see [instructions above](#how-to-add-images)). + Do not link to images on other websites. * In order to enable offline browsing, use relative paths (e.g., `/doc/doc-guidelines/` instead of `https://www.qubes-os.org/doc/doc-guidelines/`, except when the source text will be reproduced outside of the Qubes website repo. Examples of exceptions: * [QSBs] (intended to be read as plain text) From caeb1453552abeb3b93623862b9a2f6c47885155 Mon Sep 17 00:00:00 2001 From: Santori Helix <74464484+santorihelix@users.noreply.github.com> Date: Thu, 19 Nov 2020 20:53:08 +0000 Subject: [PATCH 36/37] Fixed a grammar error in the intro Changed "...the role of the x plays..." to "...the role of the x is played by..." --- user/security-in-qubes/split-gpg.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/security-in-qubes/split-gpg.md b/user/security-in-qubes/split-gpg.md index 9a1c1431..b2f20a02 100644 --- a/user/security-in-qubes/split-gpg.md +++ b/user/security-in-qubes/split-gpg.md @@ -16,7 +16,7 @@ redirect_from: # Qubes Split GPG # -Split GPG implements a concept similar to having a smart card with your private GPG keys, except that the role of the "smart card" plays another Qubes AppVM. +Split GPG implements a concept similar to having a smart card with your private GPG keys, except that the role of the "smart card" is played by another Qubes AppVM. This way one, not-so-trusted domain, e.g. the one where Thunderbird is running, can delegate all crypto operations, such as encryption/decryption and signing to another, more trusted, network-isolated, domain. This way the compromise of your domain where Thunderbird or another client app is running -- arguably a not-so-unthinkable scenario -- does not allow the attacker to automatically also steal all your keys. (We should make a rather obvious comment here that the so-often-used passphrases on private keys are pretty meaningless because the attacker can easily set up a simple backdoor which would wait until the user enters the passphrase and steal the key then.) From b0232f96ada7928301d6b43c80c13147fe36f2b5 Mon Sep 17 00:00:00 2001 From: Santori Helix <74464484+santorihelix@users.noreply.github.com> Date: Thu, 19 Nov 2020 21:01:20 +0000 Subject: [PATCH 37/37] Update split-gpg.md --- user/security-in-qubes/split-gpg.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/security-in-qubes/split-gpg.md b/user/security-in-qubes/split-gpg.md index b2f20a02..a762618c 100644 --- a/user/security-in-qubes/split-gpg.md +++ b/user/security-in-qubes/split-gpg.md @@ -17,7 +17,7 @@ redirect_from: # Qubes Split GPG # Split GPG implements a concept similar to having a smart card with your private GPG keys, except that the role of the "smart card" is played by another Qubes AppVM. -This way one, not-so-trusted domain, e.g. the one where Thunderbird is running, can delegate all crypto operations, such as encryption/decryption and signing to another, more trusted, network-isolated, domain. +This way one not-so-trusted domain, e.g. the one where Thunderbird is running, can delegate all crypto operations -- such as encryption/decryption and signing -- to another, more trusted, network-isolated domain. This way the compromise of your domain where Thunderbird or another client app is running -- arguably a not-so-unthinkable scenario -- does not allow the attacker to automatically also steal all your keys. (We should make a rather obvious comment here that the so-often-used passphrases on private keys are pretty meaningless because the attacker can easily set up a simple backdoor which would wait until the user enters the passphrase and steal the key then.)