From 02fadafec86156253455b30b3686c972abbf2ed9 Mon Sep 17 00:00:00 2001 From: Alex Dubois Date: Wed, 7 Feb 2018 22:30:44 +0000 Subject: [PATCH 1/4] Update release-notes.md --- releases/4.0/release-notes.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/releases/4.0/release-notes.md b/releases/4.0/release-notes.md index fedfde6c..fe153ee4 100644 --- a/releases/4.0/release-notes.md +++ b/releases/4.0/release-notes.md @@ -31,6 +31,10 @@ New features since 3.2 You can get detailed description in [completed github issues][github-release-notes] +Note +---- +* PV VMs restaured from R3.2 to R4.x will be automatically migrated to PVH from R4.rc4 to address [QSB 37 (Meltdown & Spectre)][qsb-37]. However PV VMs restaured from R4.x are not migrated. + Known issues ------------ @@ -40,6 +44,8 @@ Known issues * For other known issues take a look at [our tickets](https://github.com/QubesOS/qubes-issues/issues?q=is%3Aopen+is%3Aissue+milestone%3A%22Release+4.0%22+label%3Abug) +* Until R4.rc3 included, PV VMs restaured from R3.x backup will not automatically be migrated to PVH mode and may be explosed to [QSB 37][qsb-37]. + It is advised to install updates just after system installation to apply bug fixes for (some of) the above problems. Downloads @@ -76,6 +82,7 @@ We also provide [detailed instruction][upgrade-to-r4.0] for this procedure. [vm-interface]: /doc/vm-interface/ [admin-api]: /news/2017/06/27/qubes-admin-api/ [qsb-24]: https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-024-2016.txt +[qsb-37]: https://www.qubes-os.org/news/2018/01/24/qsb-37-update/ [backup-format]: /doc/backup-emergency-restore-v4/ [api-doc]: https://dev.qubes-os.org/projects/qubes-core-admin/en/latest/ [upgrade-to-r4.0]: /doc/upgrade-to-r4.0/ From 7ac21d0b677946a6fc46349ad004e4ef91f2e046 Mon Sep 17 00:00:00 2001 From: Alex Dubois Date: Thu, 8 Feb 2018 08:26:33 +0000 Subject: [PATCH 2/4] Fixed spelling mistake I enjoy my French restaurants too much :) --- releases/4.0/release-notes.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/releases/4.0/release-notes.md b/releases/4.0/release-notes.md index fe153ee4..b9340efd 100644 --- a/releases/4.0/release-notes.md +++ b/releases/4.0/release-notes.md @@ -33,7 +33,7 @@ You can get detailed description in [completed github issues][github-release-not Note ---- -* PV VMs restaured from R3.2 to R4.x will be automatically migrated to PVH from R4.rc4 to address [QSB 37 (Meltdown & Spectre)][qsb-37]. However PV VMs restaured from R4.x are not migrated. +* PV VMs restaured from R3.2 to R4.x will be automatically migrated to PVH from R4.rc4 to address [QSB 37 (Meltdown & Spectre)][qsb-37]. However PV VMs restored from R4.x are not migrated. Known issues ------------ @@ -44,7 +44,7 @@ Known issues * For other known issues take a look at [our tickets](https://github.com/QubesOS/qubes-issues/issues?q=is%3Aopen+is%3Aissue+milestone%3A%22Release+4.0%22+label%3Abug) -* Until R4.rc3 included, PV VMs restaured from R3.x backup will not automatically be migrated to PVH mode and may be explosed to [QSB 37][qsb-37]. +* Until R4.rc3 included, PV VMs restored from R3.x backup will not automatically be migrated to PVH mode and may be explosed to [QSB 37][qsb-37]. It is advised to install updates just after system installation to apply bug fixes for (some of) the above problems. From e173f5659f2ba57f826fcc8a9cfe691b3957118b Mon Sep 17 00:00:00 2001 From: Alex Dubois Date: Thu, 8 Feb 2018 08:36:44 +0000 Subject: [PATCH 3/4] two other typos fixed. --- releases/4.0/release-notes.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/releases/4.0/release-notes.md b/releases/4.0/release-notes.md index b9340efd..d51a4baf 100644 --- a/releases/4.0/release-notes.md +++ b/releases/4.0/release-notes.md @@ -33,7 +33,7 @@ You can get detailed description in [completed github issues][github-release-not Note ---- -* PV VMs restaured from R3.2 to R4.x will be automatically migrated to PVH from R4.rc4 to address [QSB 37 (Meltdown & Spectre)][qsb-37]. However PV VMs restored from R4.x are not migrated. +* PV VMs restored from R3.2 to R4.x will be automatically migrated to PVH from R4.rc4 to address [QSB 37 (Meltdown & Spectre)][qsb-37]. However PV VMs restored from R4.x are not migrated. Known issues ------------ @@ -44,7 +44,7 @@ Known issues * For other known issues take a look at [our tickets](https://github.com/QubesOS/qubes-issues/issues?q=is%3Aopen+is%3Aissue+milestone%3A%22Release+4.0%22+label%3Abug) -* Until R4.rc3 included, PV VMs restored from R3.x backup will not automatically be migrated to PVH mode and may be explosed to [QSB 37][qsb-37]. +* Until R4.rc3 included, PV VMs restored from R3.x backup will not automatically be migrated to PVH mode and may be exposed to [QSB 37][qsb-37]. It is advised to install updates just after system installation to apply bug fixes for (some of) the above problems. From 4a480c8209305a6f02a1df0dd85a1bad179fbd87 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Thu, 8 Feb 2018 09:05:55 -0600 Subject: [PATCH 4/4] Rewrite security note regarding PV to PVH migration Requested by QubesOS/qubes-issues#3530 --- releases/4.0/release-notes.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/releases/4.0/release-notes.md b/releases/4.0/release-notes.md index d51a4baf..c134b162 100644 --- a/releases/4.0/release-notes.md +++ b/releases/4.0/release-notes.md @@ -31,9 +31,12 @@ New features since 3.2 You can get detailed description in [completed github issues][github-release-notes] -Note ----- -* PV VMs restored from R3.2 to R4.x will be automatically migrated to PVH from R4.rc4 to address [QSB 37 (Meltdown & Spectre)][qsb-37]. However PV VMs restored from R4.x are not migrated. +Security Notes +-------------- + +* PV VMs migrated from 3.2 to 4.0-rc4 or later are automatically set to PVH mode in order to protect against Meltdown (see [QSB #37][qsb-37]). + However, PV VMs migrated from any earlier 4.0 release candidate (RC1, RC2, or RC3) are not automically set to PVH mode. + These must be set manually. Known issues ------------ @@ -44,8 +47,6 @@ Known issues * For other known issues take a look at [our tickets](https://github.com/QubesOS/qubes-issues/issues?q=is%3Aopen+is%3Aissue+milestone%3A%22Release+4.0%22+label%3Abug) -* Until R4.rc3 included, PV VMs restored from R3.x backup will not automatically be migrated to PVH mode and may be exposed to [QSB 37][qsb-37]. - It is advised to install updates just after system installation to apply bug fixes for (some of) the above problems. Downloads