fixed headlines

common-tasks/device-handling.md

@@ -25,26 +25,26 @@ There are currently four categories of devices Qubes understands:
 
 Microphones, block devices and USB devices can be attached with the GUI-tool. PCI devices can be attached using the Qube Settings, but require a VM reboot.
 
-#General Qubes Device Widget Behavior And Handling
+# General Qubes Device Widget Behavior And Handling
 When clicking on the tray icon (looking similar to this: ![SD card and thumbdrive][device manager icon] several device-classes separated by lines are displayed as tooltip. Block devices are displayed on top, microphones one below and USB-devices at the bottom.
 
 On most laptops, integrated hardware such as cameras and fingerprint-readers are implemented as USB-devices and can be found here.
 
-##Attaching Using The Widget
+## Attaching Using The Widget
 Click the tray icon. Hover on a device you want to attach to a VM. A list of running VMs (except dom0) appears. Click on one and your device will be attached!
 
-##Detaching Using The Widget
+## Detaching Using The Widget
 To detach a device, click the Qubes Devices Widget icon again. Attached devices are displayed in bold. Hover the one you want to detach. A list of VMs appears, one showing the eject symbol: ![eject icon]
 
-##Attaching a Device to Several VMs
+## Attaching a Device to Several VMs
 Only `mic` should be attached to more than one running VM. You may *assign* a device to more than one VM (using the [`--persistent`][#attaching-devices] option), however, only one of them can be started at the same time.
 
 But be careful: There is a [bug in `qvm-device block` or `qvm-block`][i4692] which will allow you to *attach* a block device to two running VMs. Don't do that!
 
-#General `qvm-device` Command Line Tool Behavior
+# General `qvm-device` Command Line Tool Behavior
 All devices, including PCI-devices, may be attached from the commandline using the `qvm-device`-tools.
 
-##Device Classes
+## Device Classes
 `qvm-device` expects DEVICE_CLASS as first argument. DEVICE_CLASS can be one of
 
  - `pci`
@@ -52,7 +52,7 @@ All devices, including PCI-devices, may be attached from the commandline using t
  - `block`
  - `mic`
 
-##Actions
+## Actions
 `qvm-device` supports three actions:
 
  - `list` (ls, l) - list all devices of DEVICE_CLASS
@@ -60,7 +60,7 @@ All devices, including PCI-devices, may be attached from the commandline using t
  - `detach` (dt, d) - detach a specific device of DEVICE_CLASS
 
 
-##Global Options
+## Global Options
 These three options are always available:
 
 - `--help`, `-h` - show help message and exit
@@ -73,10 +73,10 @@ A full command consists of one DEVICE_CLASS and one action. If no action is give
 **SYNOPSIS**:
 `qvm-device DEVICE_CLASS {action} [action-specific arguments] [options]`
 
-##Actions
+## Actions
 Actions are applicable to every DEVICE_CLASS and expose some additional options.
 
-###Listing Devices
+### Listing Devices
 The `list` action lists known devices in the system. `list` accepts VM-names to narrow down listed devices. Devices available in, as well as attached to the named VMs will be listed.
 
 `list` accepts two options:
@@ -87,7 +87,7 @@ The `list` action lists known devices in the system. `list` accepts VM-names to
 **SYNOPSIS**
 `qvm-device DEVICE_CLASS {list|ls|l} [--all [--exclude VM [VM [...]]] | VM [VM [...]]]`
 
-###Attaching Devices
+### Attaching Devices
 The `attach` action assigns an exposed device to a VM. This makes the device available in the VM it's attached to. Required argument are targetVM and sourceVM:deviceID. (sourceVM:deviceID can be determined from `list` output)
 
 `attach` accepts two options:
@@ -98,7 +98,7 @@ The `attach` action assigns an exposed device to a VM. This makes the device ava
 **SYNOPSIS**
 `qvm-device DEVICE_CLASS {attach|at|a} targetVM sourceVM:deviceID [options]`
 
-###Detaching Devices
+### Detaching Devices
 The `detach` action removes an assigned device from a targetVM. It won't be available afterwards anymore. Though it tries to do so gracefully, beware that data-connections might be broken unexpectedly, so close any transaction before detaching a device!
 
 If no specific `sourceVM:deviceID` combination is given, *all devices of that DEVICE_CLASS will be detached.*

common-tasks/pci-devices.md

@@ -28,7 +28,7 @@ While PCI device can only be used by one powered on VM at a time, it *is* possib
 This means that you can use the device in one VM, shut that VM down, start up a different VM (to which the same device is now attached), then use the device in that VM.
 This can be useful if, for example, you have only one USB controller, but you have multiple security domains which all require the use of different USB devices.
 
-#Attaching Devices Using the GUI
+# Attaching Devices Using the GUI
 The qube settings for a VM offers the "Devices"-tab. There you can attach PCI-devices to a qube.
 
  1. To reach the settings of any qube either
@@ -42,7 +42,7 @@ The qube settings for a VM offers the "Devices"-tab. There you can attach PCI-de
  4. You're done. If everything worked out, once the qube boots (or reboots if it's running) it will start with the pci device attached.
  5. In case it doesn't work out, first try disabling memory-balancing in the settings ("Advanced" tab). If that doesn't help, read on to learn how to disable the strict reset requirement!
 
-#`qvm-pci` Usage
+# `qvm-pci` Usage
 The `qvm-pci` tool allows PCI attachment and detachment. It's a shortcut for [`qvm-device pci`][qvm-device].
 
 To figure out what device to attach, first list the available PCI devices by running (as user) in dom0:
@@ -62,9 +62,9 @@ For example, if `00_1a.0` is the BDF of the device you want to attach to the "wo
     qvm-pci attach work dom0:00_1a.0 --persistent
 
 
-#Possible Issues
+# Possible Issues
 
-##DMA Buffer Size
+## DMA Buffer Size
 
 VMs with attached PCI devices in Qubes have allocated a small buffer for DMA operations (called swiotlb).
 By default it is 2MB, but some devices need a larger buffer.
@@ -77,7 +77,7 @@ To change this allocation, edit VM's kernel parameters (this is expressed in 512
 
 This is [known to be needed][ml1] for the Realtek RTL8111DL Gigabit Ethernet Controller.
 
-##PCI Passthrough Issues
+## PCI Passthrough Issues
 
 Sometimes the PCI arbitrator is too strict. 
 There is a way to enable permissive mode for it.
@@ -87,19 +87,19 @@ At other times, you may instead need to disable the FLR requirement on a device.
 Both can be achieved during attachment with `qvm-pci` as described below.
 
 
-#Additional Attach Options
+# Additional Attach Options
 Attaching a PCI device through the commandline offers additional options, specifiable via the `--option`/`-o` option. (Yes, confusing wording, there's an [issue for that](https://github.com/QubesOS/qubes-issues/issues/4530).)
 
 `qvm-pci` exposes two additional options. Both are intended to fix device or driver specific issues, but both come with [heavy security implications][security considerations]! **Make sure you understand them before continuing!**
 
-##no-strict-reset
+## no-strict-reset
 Do not require PCI device to be reset before attaching it to another VM. This may leak usage data even without malicious intent!
 
 usage example:
 
     qvm-pci a work dom0:00_1a.0 --persistent -o no-strict-reset=true
 
-##permissive
+## permissive
 Allow write access to full PCI config space instead of whitelisted registers. This increases attack surface and possibility of [side channel attacks].
 
 usage example:
@@ -108,7 +108,7 @@ usage example:
 
 
 
-#Bringing PCI Devices Back to dom0
+# Bringing PCI Devices Back to dom0
 By default, when a device is detached from a VM (or when a VM with an attached PCI device is shut down), the device is *not* automatically attached back to dom0.
 
 This is an intended feature.

common-tasks/usb-devices.md

@@ -20,7 +20,7 @@ Examples for valid cases for attaching full USB-devices:
 
 (If you are thinking to use a two-factor-authentication device, [there is an app for that][qubes u2f proxy]. But it has some [issues][4661].)
 
-##Using The GUI to Attach a Drive
+## Using The GUI to Attach a Drive
 (**Note:** In the present context, the term "USB drive" denotes any [USB mass storage device][mass-storage].
 In addition to smaller flash memory sticks, this includes things like USB external hard drives.)
 
@@ -40,7 +40,7 @@ Click on one and your USB drive will be attached!
 However, it often means the AppVM won't detect the new partition and you will need to manually mount it inside the AppVM.
 See below for more detailed steps.
 
-##Using The GUI to Attach a USB-Device
+## Using The GUI to Attach a USB-Device
 Click the device-manager-icon: ![device manager icon]  
 A list of available devices appears. USB-devices have a USB-icon to their right: ![usb icon]
 
@@ -54,7 +54,7 @@ Hover on the attached device to display a list of running VMs.
 The one to which your device is connected will have an eject button ![eject icon] next to it.
 Click that and your device will be detached.
 
-#Block Devices in VMs
+# Block Devices in VMs
 If not specified otherwise, block devices will show up as `/dev/xvdi*` in a linux VM, where `*` may be the partition-number. If a block device isn't automatically mounted after attaching, open a terminal in the VM and execute:
 
     cd ~
@@ -70,7 +70,7 @@ If several different block-devices are attached to a single VM, the last letter
 
 To specify this device node name, you need to use the command line tool and its [`frontend-dev`-option][frontend-dev].
 
-##Attaching a Drive Using The Command-Line
+## Attaching a Drive Using The Command-Line
 The command-line tool you may use to mount whole USB drives or their partitions is `qvm-block`, a shortcut for `qvm-device block`.
 
 `qvm-block` won't recognise your device by any given name, but rather the device-node the sourceVM assigns. So make sure you have the drive available in the sourceVM, then list the available block devices (step 1.) to find the corresponding device-node.
@@ -117,7 +117,7 @@ In case of a USB-drive, make sure it's attached to your computer. If you don't s
 
  6.  You may now remove the device or attach it to another qube.
 
-##Attaching a Full USB-Device Using The Command-Line
+## Attaching a Full USB-Device Using The Command-Line
 In dom0, you can use `qvm-usb` from the commandline to attach and detach devices.
 
 Listing available USB devices:
@@ -149,12 +149,12 @@ When you finish, detach the device.
     sys-usb:2-5     058f:3822 058f_USB_2.0_Camera
     sys-usb:2-1     03f0:0641 PixArt_Optical_Mouse
 
-#Additional Attach Options
+# Additional Attach Options
 Attaching a block device through the command line offers additional customisation options, specifiable via the `--option`/`-o` option. (Yes, confusing wording, there's an [issue for that](https://github.com/QubesOS/qubes-issues/issues/4530).)
 
 Note: `qvm-usb` does currently *not* support any additional options.
 
-##frontend-dev
+## frontend-dev
 This option allows you to specify the name of the device node made available in the targetVM. This defaults to `xvdi` or, if already occupied, the first available device node name in alphabetical order. (The next one tried will be `xvdj`, then `xvdk`, and so on ...)
 
 usage example:
@@ -163,7 +163,7 @@ usage example:
 
 This command will attach the partition `sda1` to `work` as `/dev/xvdz`.
 
-##read-only
+## read-only
 Attach device in read-only mode. Protects the block device in case you don't trust the targetVM.
 
 If the device is a read-only device, this option is forced true.
@@ -178,7 +178,7 @@ There exists a shortcut to set read-only `true`, `--ro`:
 
 The two commands are equivalent.
 
-##devtype
+## devtype
 Usually, a block device is attached as disk. In case you need to attach a block device as cdrom, this option allows that.
 
 usage example:
@@ -187,8 +187,8 @@ usage example:
 
 This option accepts `cdrom` and `disk`, default is `disk`.
 
-#Miscellaneous/Customisation
-##Recovering From Premature Block-Device Destruction
+# Miscellaneous/Customisation
+## Recovering From Premature Block-Device Destruction
 If the you fail to detach the drive before it's destroyed in the sourceVM (e.g. by physically detaching the thumbdrive), [there will be problems][premature removal].
 
 To recover from this error state, in dom0 run
@@ -199,7 +199,7 @@ To recover from this error state, in dom0 run
 
 However, if the block device originated in dom0, you will have to refer to the [old way][detach dom0 device].
 
-##Attaching a File
+## Attaching a File
 To attach a file as block device to another qube, first turn it into a loopback device inside the sourceVM.
 
  1. In the linux sourceVM run
@@ -226,10 +226,10 @@ To attach a file as block device to another qube, first turn it into a loopback
 
         sudo losetup -d /dev/loop0
 
-##Creating And Using a USB qube
+## Creating And Using a USB qube
 If you've selected to install a usb-qube during system installation, everything is already set up for you in `sys-usb`. If you've later decided to create a usb-qube, please follow [this guide][USB-qube howto].
 
-##Installation Of `qubes-usb-proxy`
+## Installation Of `qubes-usb-proxy`
 To use this feature, the[`qubes-usb-proxy`][qubes-usb-proxy] package needs to be installed in the templates used for the USB qube and qubes you want to connect USB devices to.
 This section exists for reference or in case something broke and you need to reinstall `qubes-usb-proxy`. Under normal conditions, `qubes-usb-proxy` should already be installed and good to go.
 
@@ -241,13 +241,13 @@ Note: you cannot pass through devices from dom0 (in other words: a [USB qube][US
 - Debian/Ubuntu: `sudo apt-get install qubes-usb-proxy`
 
 
-##Using USB Keyboards And Other Input Devices
+## Using USB Keyboards And Other Input Devices
 **Warning:** especially keyboards need to be accepted by default when using them to login! Please make sure you carefully read and understood the **[security considerations]** before continuing!
 
 Mouse and keyboard setup are part of [setting up a USB-qube][keyboard setup].
 
 
-##Finding The Right USB Controller
+## Finding The Right USB Controller
 
 Some USB devices are not compatible with the USB pass-through method Qubes employs.
 In situations like these, you can try to pass through the entire USB controller to a qube as PCI device.