Merge branch 'patch-54' of https://github.com/adrelanos/qubes-doc into adrelanos-patch-54

This commit is contained in:
Andrew David Wong 2019-11-27 01:56:02 -06:00
commit cafb773d9a
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17

View File

@ -278,12 +278,71 @@ If you require `PV` mode, install `grub2-xen` in dom0 and change the template's
Booting to a kernel inside the template is not supported under `PVH`.
### Installing kernel in Debian VM
#### Distribution kernel
Install whatever kernel you want, making sure to include the headers.
If you are using a distribution kernel package (`linux-image-amd64` package), the initramfs and kernel modules should be handled automatically.
If not, or you are building the kernel manually, do this using `dkms` and `initramfs-tools`:
Apply the following instruction in a Debian TemplateVM or in a Debian StandaloneVM.
Using a distribution kernel package the initramfs and kernel modules should be handled automatically.
Create folder `/boot/grub`.
~~~
sudo mkdir -p /boot/grub
~~~
Install distribution kernel image, kernel headers and the grub configuration generator.
~~~
sudo apt install --no-install-recommends linux-image-amd64 linux-headers-amd64 grub2-common
~~~
Generate the grub configuration file.
~~~
sudo update-grub
~~~
You can safely ignore this error message:
`grub2-probe: error: cannot find a GRUB drive for /dev/mapper/dmroot. Check your device.map`
You may want to adjust some settings in `/etc/default/grub` (or better `/etc/default/grub.d`). For example, lower `GRUB_TIMEOUT` to speed up VM startup. You need to re-run `sudo update-grub` after making grub configuration changes.
Then shutdown the VM.
Go to dom0 -> Qubes VM Manger -> right click on the VM -> Qube settings -> Advanced
Depends on `Virtualization` mode setting:
* `Virtualization` mode `PV`: Possible, however use of `Virtualization` mode `PV` mode is discouraged for security purposes.
* If you require `Virtualization` mode `PV` mode, install `grub2-xen` in dom0. This can be done by running command `sudo qubes-dom0-update grub2-xen` in dom0.
* `Virtualization` mode `PVH`: Possible.
* `Virtualization` mode `HVM`: Possible.
The `Kernel` setting of the `Virtualization` mode setting:
* If `Virtualization` is set to `PVH` -> `Kernel` -> choose `pvgrub2-pvh` -> OK
* If `Virtualization` is set to `PV` -> `Kernel` -> choose `pvgrub2` -> OK
* If `Virtualization` is set to `HVM` -> `Kernel` -> choose `none` -> OK
Start the VM.
The process of using Qubes VM kernel with distribution kernel is complete.
#### Custom kernel
Any kernel can be installed. Just make sure to install kernel headers as well.
If you are building the kernel manually, do this using `dkms` and `initramfs-tools`.
Run DKMS. Replace this <kernel-version> with actual kernel version.
sudo dkms autoinstall -k <kernel-version>
For example.
sudo dkms autoinstall -k 4.19.0-6-amd64
Update initramfs.
sudo dkms autoinstall -k <kernel-version> # replace this <kernel-version> with actual kernel version
sudo update-initramfs -u
The output should look like this:
@ -303,28 +362,7 @@ The output should look like this:
$ sudo update-initramfs -u
update-initramfs: Generating /boot/initrd.img-3.16.0-4-amd64
When the kernel is installed, you need to create a GRUB configuration.
You may want to adjust some settings in `/etc/default/grub`; for example, lower `GRUB_TIMEOUT` to speed up VM startup.
Then, you need to generate the actual configuration with the `update-grub2` tool:
~~~
sudo mkdir /boot/grub
sudo update-grub2
~~~
You can safely ignore this error message:
~~~
grub2-probe: error: cannot find a GRUB drive for /dev/mapper/dmroot. Check your device.map
~~~
Then shutdown the VM.
**Note:** You may also use `PV` mode instead of `HVM` but this is not recommended for security purposes.
If you require `PV` mode, install `grub2-xen` in dom0 and change the template's kernel to `pvgrub2`.
Booting to a kernel inside the template is not supported under `PVH`.
### Troubleshooting
#### Troubleshooting
In case of problems, you can access the VM console using `sudo xl console VMNAME` in dom0, then access the GRUB menu.
You need to call it just after starting the VM (until `GRUB_TIMEOUT` expires); for example, in a separate dom0 terminal window.