mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2024-10-01 01:25:40 -04:00
Remove zero-width spaces (U+200B) left by trac
This commit is contained in:
Marek Marczykowski-Górecki
parent
0d01545c57
commit
ceb8074479
@ -11,7 +11,7 @@ Installing and Using Anti Evil Maid (AEM) with Qubes OS
|
||||
Background
|
||||
----------
|
||||
|
||||
Please read [this blog article](http://theinvisiblethings.blogspot.com/2011/09/anti-evil-maid.html).
|
||||
Please read [this blog article](http://theinvisiblethings.blogspot.com/2011/09/anti-evil-maid.html).
|
||||
|
||||
Installing
|
||||
----------
|
||||
@ -22,16 +22,16 @@ In Dom0 install anti-evil-maid:
|
||||
sudo qubes-dom0-update anti-evil-maid
|
||||
{% endhighlight %}
|
||||
|
||||
More information regarding configuration in the [README](http://git.qubes-os.org/?p=joanna/antievilmaid.git;a=blob_plain;f=README;hb=HEAD) file.
|
||||
More information regarding configuration in the [README](http://git.qubes-os.org/?p=joanna/antievilmaid.git;a=blob_plain;f=README;hb=HEAD) file.
|
||||
|
||||
Security Considerations
|
||||
-----------------------
|
||||
|
||||
[Qubes security guidelines](/wiki/SecurityGuidelines) dictate that USB devices should never be attached directly to dom0, since this can result in the entire system being compromised. However, in its default configuration, installing and using AEM requires attaching a USB drive (i.e., [mass storage device](https://en.wikipedia.org/wiki/USB_mass_storage_device_class)) directly to dom0. (The other option is to install AEM to an internal disk. However, this carries significant security implications, as explained [here](http://theinvisiblethings.blogspot.com/2011/09/anti-evil-maid.html).) This presents us with a classic security trade-off: each Qubes user must make a choice between protecting dom0 from a potentially malicious USB drive, on the one hand, and protecting the system from Evil Maid attacks, on the other hand. Given the practical feasibility of attacks like [BadUSB](https://srlabs.de/badusb/) and revelations regarding pervasive government hardware backdoors, this is no longer a straightforward decision. New, factory-sealed USB drives cannot simply be assumed to be "clean" (e.g., to have non-malicious microcontroller firmware). Therefore, it is up to each individual Qubes user to evaluate the relative risk of each attack vector against his or her security model.
|
||||
[Qubes security guidelines](/wiki/SecurityGuidelines) dictate that USB devices should never be attached directly to dom0, since this can result in the entire system being compromised. However, in its default configuration, installing and using AEM requires attaching a USB drive (i.e., [mass storage device](https://en.wikipedia.org/wiki/USB_mass_storage_device_class)) directly to dom0. (The other option is to install AEM to an internal disk. However, this carries significant security implications, as explained [here](http://theinvisiblethings.blogspot.com/2011/09/anti-evil-maid.html).) This presents us with a classic security trade-off: each Qubes user must make a choice between protecting dom0 from a potentially malicious USB drive, on the one hand, and protecting the system from Evil Maid attacks, on the other hand. Given the practical feasibility of attacks like [BadUSB](https://srlabs.de/badusb/) and revelations regarding pervasive government hardware backdoors, this is no longer a straightforward decision. New, factory-sealed USB drives cannot simply be assumed to be "clean" (e.g., to have non-malicious microcontroller firmware). Therefore, it is up to each individual Qubes user to evaluate the relative risk of each attack vector against his or her security model.
|
||||
|
||||
For example, a user who frequently travels with a Qubes laptop holding sensitive data may be at a much higher risk of Evil Maid attacks than a home user with a stationary Qubes desktop. If the frequent traveler judges her risk of an Evil Maid attack to be higher than the risk of a malicious USB device, she might reasonably opt to install and use AEM. On the other hand, the home user might deem the probability of an Evil Maid attack occurring in her own home to be so low that there is a higher probability that any USB drive she purchases is already compromised, in which case she might reasonably opt never to attach any USB devices directly to dom0. (In either case, users can--and should--secure dom0 against further USB-related attacks through the use of a [USBVM](/wiki/SecurityGuidelines#CreatingandUsingaUSBVM).)
|
||||
|
||||
For more information, please see [this discussion thread](https://groups.google.com/d/msg/qubes-devel/EBc4to5IBdg/n1hfsHSfbqsJ).
|
||||
For more information, please see [this discussion thread](https://groups.google.com/d/msg/qubes-devel/EBc4to5IBdg/n1hfsHSfbqsJ).
|
||||
|
||||
Known issues
|
||||
------------
|
||||
|
||||
@ -81,7 +81,7 @@ kernelopts : iommu=soft swiotlb=2048 (default)
|
||||
# qvm-prefs -s netvm kernelopts "iommu=soft swiotlb=4096"
|
||||
{% endhighlight %}
|
||||
|
||||
This is [known to be needed](https://groups.google.com/group/qubes-devel/browse_thread/thread/631c4a3a9d1186e3) for Realtek RTL8111DL Gigabit Ethernet Controller.
|
||||
This is [known to be needed](https://groups.google.com/group/qubes-devel/browse_thread/thread/631c4a3a9d1186e3) for Realtek RTL8111DL Gigabit Ethernet Controller.
|
||||
|
||||
### PCI passthrough issues
|
||||
|
||||
@ -103,9 +103,9 @@ WantedBy=multi-user.target
|
||||
|
||||
Then enable it with `systemctl enable qubes-pre-netvm.service`
|
||||
|
||||
See also: [https://groups.google.com/forum/\#!topic/qubes-users/Fs94QAc3vQI](https://groups.google.com/forum/#!topic/qubes-users/Fs94QAc3vQI), [http://wiki.xen.org/wiki/Xen\_PCI\_Passthrough](http://wiki.xen.org/wiki/Xen_PCI_Passthrough)
|
||||
See also: [https://groups.google.com/forum/\#!topic/qubes-users/Fs94QAc3vQI](https://groups.google.com/forum/#!topic/qubes-users/Fs94QAc3vQI), [http://wiki.xen.org/wiki/Xen\_PCI\_Passthrough](http://wiki.xen.org/wiki/Xen_PCI_Passthrough)
|
||||
|
||||
**NOTE:** By setting the permissive flag for the PCI device, you're potentially weakening the device isolation, especially if your system is not equipped with VT-d Interrupt Remapping unit -- see [this paper, page 7](http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf) for more details.
|
||||
**NOTE:** By setting the permissive flag for the PCI device, you're potentially weakening the device isolation, especially if your system is not equipped with VT-d Interrupt Remapping unit -- see [this paper, page 7](http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf) for more details.
|
||||
|
||||
Bringing PCI device back to dom0
|
||||
--------------------------------
|
||||
|
||||
@ -89,6 +89,6 @@ In order to migrate your Qubes system from one physical machine to another, simp
|
||||
Notes
|
||||
-----
|
||||
|
||||
- For the technical details of the backup system, please refer to [this thread](https://groups.google.com/d/topic/qubes-devel/TQr_QcXIVww/discussion).
|
||||
- If working with symlinks, note the issues described in [this thread](https://groups.google.com/d/topic/qubes-users/EITd1kBHD30/discussion).
|
||||
- For the technical details of the backup system, please refer to [this thread](https://groups.google.com/d/topic/qubes-devel/TQr_QcXIVww/discussion).
|
||||
- If working with symlinks, note the issues described in [this thread](https://groups.google.com/d/topic/qubes-users/EITd1kBHD30/discussion).
|
||||
|
||||
|
||||
@ -73,7 +73,7 @@ Known problems during building or when running the VM
|
||||
Can't open file archlinux-2013.02.01-dual.iso
|
||||
---------------------------------------------
|
||||
|
||||
Archlinux ISO files are sometimes removed from mirrors. Check the last version available on the archlinux mirror (eg: [http://mir.archlinux.fr/iso/](http://mir.archlinux.fr/iso/)), and update qubes-src/linux-template-builder/scripts\_archlinux/00\_prepare.sh accordingly:
|
||||
Archlinux ISO files are sometimes removed from mirrors. Check the last version available on the archlinux mirror (eg: [http://mir.archlinux.fr/iso/](http://mir.archlinux.fr/iso/)), and update qubes-src/linux-template-builder/scripts\_archlinux/00\_prepare.sh accordingly:
|
||||
|
||||
{% highlight trac-wiki %}
|
||||
ISO_VERSION=2013.06.01
|
||||
@ -147,7 +147,7 @@ Commenting out "\#define HAVE\_ATTRIBUTE\_FORMAT\_PARSETUPLE" from chroot\_archl
|
||||
|
||||
A better fix is planned for the next python release (the bug is considered release blocking), and will be updated in archlinux chroot as soon as available.
|
||||
|
||||
[1] [http://bugs.python.org/issue17547](http://bugs.python.org/issue17547)
|
||||
[1] [http://bugs.python.org/issue17547](http://bugs.python.org/issue17547)
|
||||
|
||||
The boot process fails without visible errors in the logs, but spawn a recovery shell
|
||||
-------------------------------------------------------------------------------------
|
||||
|
||||
@ -136,7 +136,7 @@ As soon as you manage to make qrexec and qubes-gui-agent working, it should be s
|
||||
|
||||
Several XEN libraries are required for Qubes to work correctly. In fact, you need to make xenstore commands working before anything else. For this, Qubes git can be used as several patches have been selected by Qubes developpers that could impact the activity inside a VM. Start be retrieving a recent git and identify how you can build a package from it: `git clone git://git.qubes-os.org/marmarek/xen`
|
||||
|
||||
Find the .spec file in the git repository (this is the file being used to build rpm packages), and try to adapt it to your OS in order to build a package similar to the target 'xen-vm'. For example, a PKGBUILD has been created for [ArchLinux?](/wiki/ArchLinux) and can be found on [http://aur.archlinux.org/packages/qu/qubes-vm-xen/PKGBUILD](http://aur.archlinux.org/packages/qu/qubes-vm-xen/PKGBUILD).
|
||||
Find the .spec file in the git repository (this is the file being used to build rpm packages), and try to adapt it to your OS in order to build a package similar to the target 'xen-vm'. For example, a PKGBUILD has been created for [ArchLinux?](/wiki/ArchLinux) and can be found on [http://aur.archlinux.org/packages/qu/qubes-vm-xen/PKGBUILD](http://aur.archlinux.org/packages/qu/qubes-vm-xen/PKGBUILD).
|
||||
|
||||
Don't be afraid with the complexity of the PKGBUILD, most of the code is almost a copy/paste of required sources and patches found in the .spec file provided in the git repository.
|
||||
|
||||
@ -146,12 +146,12 @@ Now install the package you built and mount /proc/xen. Verify that xenstore-read
|
||||
|
||||
### Qubes-OS core agents (qrexec...)
|
||||
|
||||
[https://aur.archlinux.org/packages/qu/qubes-vm-core/PKGBUILD](https://aur.archlinux.org/packages/qu/qubes-vm-core/PKGBUILD)
|
||||
[https://aur.archlinux.org/packages/qu/qubes-vm-core/PKGBUILD](https://aur.archlinux.org/packages/qu/qubes-vm-core/PKGBUILD)
|
||||
|
||||
### Qubes-OS kernel modules
|
||||
|
||||
[https://aur.archlinux.org/packages/qu/qubes-vm-kernel-modules/PKGBUILD](https://aur.archlinux.org/packages/qu/qubes-vm-kernel-modules/PKGBUILD)
|
||||
[https://aur.archlinux.org/packages/qu/qubes-vm-kernel-modules/PKGBUILD](https://aur.archlinux.org/packages/qu/qubes-vm-kernel-modules/PKGBUILD)
|
||||
|
||||
### Qubes-OS gui agents
|
||||
|
||||
[https://aur.archlinux.org/packages/qu/qubes-vm-gui/PKGBUILD](https://aur.archlinux.org/packages/qu/qubes-vm-gui/PKGBUILD)
|
||||
[https://aur.archlinux.org/packages/qu/qubes-vm-gui/PKGBUILD](https://aur.archlinux.org/packages/qu/qubes-vm-gui/PKGBUILD)
|
||||
|
||||
@ -20,7 +20,7 @@ Maintaining proper coding style is very important for any larger software projec
|
||||
|
||||
Often, developers, usually smart developers, neglect the value of proper coding style, thinking that it's most important how their code works, and expecting that if it solves some problem using a nice and neat trick, then it's all that is really required. Such thinking shows, however, immaturity and is a signal that the developer, however bright and smart, might not be a good fit for any larger project. Writing a clever exploit, that is to be used at one Black Hat show is one thing, while writing a useful software that is to be used and maintained for years, is quite a different story. If you want to show off how smart programmer you are, then you should become a researcher and write exploits. If, on the other hand, you want to be part of a team that makes real, useful software, you should ensure your coding style is impeccable. We often, at Qubes project, often took shortcuts, and often wrote nasty code, and this always back fired at us, sometime months, sometime years later, the net result being we had to spend time fixing code, rather than implementing new functionality.
|
||||
|
||||
And here's a [link to the real case](https://groups.google.com/forum/#!msg/qubes-devel/XgTo6L8-5XA/JLOadvBqnqMJ) (one Qubes Security Bulletin) demonstrating how the above described problem lead to a real security bug. Never assume you're smart enough that you can disregard clean and rigorous coding!
|
||||
And here's a [link to the real case](https://groups.google.com/forum/#!msg/qubes-devel/XgTo6L8-5XA/JLOadvBqnqMJ) (one Qubes Security Bulletin) demonstrating how the above described problem lead to a real security bug. Never assume you're smart enough that you can disregard clean and rigorous coding!
|
||||
|
||||
General typographic conventions
|
||||
-------------------------------
|
||||
@ -120,13 +120,13 @@ Source Code management (Git) guidelines
|
||||
|
||||
- Use git to maintain all code for Qubes project.
|
||||
|
||||
- Before you start using git, make sure you understand that git is a decentralized Source Code Management system, and that it doesn't behave like traditional, centralized source code management systems, such as SVN. Here's a good [introductory book on git](http://git-scm.com/book). Read it.
|
||||
- Before you start using git, make sure you understand that git is a decentralized Source Code Management system, and that it doesn't behave like traditional, centralized source code management systems, such as SVN. Here's a good [introductory book on git](http://git-scm.com/book). Read it.
|
||||
|
||||
- Qubes code is divided into many git repositories. There are several reasons for that:
|
||||
- This creates natural boundaries between different code blocks, enforcing proper interfaces, and easing independent development to be conducted on various code parts at the same time, without the fear of running into conflicts.
|
||||
- By maintaining relatively small git repositories, it is easy for new developers to understand the code and contribute new patches, without the need to understand all the other code.
|
||||
- Code repositories represent also licensing boundaries. So, e.g. because `core-agent-linux` and `core-agent-windows` are maintained in two different repositories, it is possible to have the latter under a proprietary, non-GPL license, while keeping the former fully open source.
|
||||
- We have drastically changes the layout and naming of the code repositories shortly after Qubes OS R2 Beta 2 release. For details on the current code layout, please read [this article](http://theinvisiblethings.blogspot.com/2013/03/introducing-qubes-odyssey-framework.html).
|
||||
- We have drastically changes the layout and naming of the code repositories shortly after Qubes OS R2 Beta 2 release. For details on the current code layout, please read [this article](http://theinvisiblethings.blogspot.com/2013/03/introducing-qubes-odyssey-framework.html).
|
||||
|
||||
Security coding guidelines
|
||||
--------------------------
|
||||
@ -151,7 +151,7 @@ Security coding guidelines
|
||||
Python-specific guidelines
|
||||
--------------------------
|
||||
|
||||
- Please follow the guidlines [here](http://www.python.org/dev/peps/pep-0008/), unless they were in conflict with what is written on this page.
|
||||
- Please follow the guidlines [here](http://www.python.org/dev/peps/pep-0008/), unless they were in conflict with what is written on this page.
|
||||
|
||||
C and C++ specific guidelines
|
||||
-----------------------------
|
||||
|
||||
@ -19,16 +19,16 @@ Note that the global clipboard will be cleared after step \#3, to prevent accide
|
||||
|
||||
This 4-step process might look complex, but after some little practice it really is very easy and fast. At the same time it provides the user with full control over who has access to the clipboard.
|
||||
|
||||
Note that only simple plain text copy/paste is supported between AppVMs. This is discussed in a bit more detail in [this message](https://groups.google.com/group/qubes-devel/msg/57fe6695eb8ec8cd).
|
||||
Note that only simple plain text copy/paste is supported between AppVMs. This is discussed in a bit more detail in [this message](https://groups.google.com/group/qubes-devel/msg/57fe6695eb8ec8cd).
|
||||
|
||||
On Copy/Paste Security
|
||||
----------------------
|
||||
|
||||
The scheme is *secure* because it doesn't allow other VMs to steal the content of the clipboard. However, one should keep in mind that performing a copy and paste operation from *less trusted* to *more trusted* domain can always be potentially insecure, because the data that we insert might potentially try to exploit some hypothetical bug in the destination VM (e.g. the seemingly innocent link that we copy from untrusted domain, might turn out to be, in fact, a large buffer of junk that, when pasted into the destination VM's word processor could exploit a hypothetical bug in the undo buffer). This is a general problem and applies to any data transfer between *less trusted to more trusted* domain. It even applies to copying files between physically separate machines (air-gapped) systems. So, you should always copy clipboard and data only from *more trusted* to *less trusted* domains.
|
||||
|
||||
See also [this article](http://theinvisiblethings.blogspot.com/2011/03/partitioning-my-digital-life-into.html) for more information on this topic, and some ideas of how we might solve this problem in some future version of Qubes.
|
||||
See also [this article](http://theinvisiblethings.blogspot.com/2011/03/partitioning-my-digital-life-into.html) for more information on this topic, and some ideas of how we might solve this problem in some future version of Qubes.
|
||||
|
||||
And [this message](https://groups.google.com/group/qubes-devel/msg/48b4b532cee06e01) from qubes-devel.
|
||||
And [this message](https://groups.google.com/group/qubes-devel/msg/48b4b532cee06e01) from qubes-devel.
|
||||
|
||||
Copy/Paste between dom0 and other domains
|
||||
-----------------------------------------
|
||||
|
||||
@ -35,6 +35,6 @@ The scheme is *secure* because it doesn't allow other domains to steal the files
|
||||
|
||||
However, one should keep in mind that performing a data transfer from *less trusted* to *more trusted* domain can always be potentially insecure, because the data that we insert might potentially try to exploit some hypothetical bug in the destination VM (e.g. a seemingly innocent JPEG that we copy from untrusted domain, might turned out to be specially craft exploit for some hypothetical bug in JPEG parsing application in the destination domain). This is a general problem and applies to any data transfer between *less trusted to more trusted* domain. It even applies to the scenario of copying files between air-gapped machines. So, you should always copy data only from *more trusted* to *less trusted* domains.
|
||||
|
||||
See also [this article](http://theinvisiblethings.blogspot.com/2011/03/partitioning-my-digital-life-into.html) for more information on this topic, and some ideas of how we might solve this problem in some future version of Qubes.
|
||||
See also [this article](http://theinvisiblethings.blogspot.com/2011/03/partitioning-my-digital-life-into.html) for more information on this topic, and some ideas of how we might solve this problem in some future version of Qubes.
|
||||
|
||||
You may also want to read how to [revoke "Yes to All" authorization](/wiki/Qrexec#RevokingYestoAllauthorization)
|
||||
|
||||
@ -19,7 +19,7 @@ For example, suppose you have an `email` AppVM. You have set the firewall rules
|
||||
|
||||
Note that physically air-gapped machines are not necessarily immune to this problem. Covert channels can potentially take many forms (e.g., sneakernet thumb drive, bluetooth, or even microphone and speakers).
|
||||
|
||||
For a further discussion of covert channels, see [this thread](https://groups.google.com/d/topic/qubes-users/AqZV65yZLuU/discussion) and ticket 817.
|
||||
For a further discussion of covert channels, see [this thread](https://groups.google.com/d/topic/qubes-users/AqZV65yZLuU/discussion) and ticket 817.
|
||||
|
||||
Types of Data Leaks
|
||||
-------------------
|
||||
@ -34,4 +34,4 @@ In order to understand and attmept to prevent data leaks in Qubes, we must disti
|
||||
|
||||
Both Qubes firewall and an empty NetVM (i.e., setting the NetVM of an AppVM to "none") can fully protect against leaks of type 3. However, neither Qubes firewall nor an empty NetVM are guaranteed to protect against leaks of types 1 and 2. It is likely that the only way to fully protect against leaks of type 1 and 2 is to either pause or shut down all other VMs while performing sensitive operations in the target VM(s) (such as key generation).
|
||||
|
||||
For further discussion, see [this thread](https://groups.google.com/d/topic/qubes-users/t0cmNfuVduw/discussion).
|
||||
For further discussion, see [this thread](https://groups.google.com/d/topic/qubes-users/t0cmNfuVduw/discussion).
|
||||
|
||||
@ -8,19 +8,19 @@ redirect_from: /wiki/DevelBooks/
|
||||
Below is a list of various books that might be useful in learning some basics needed for Qubes development.
|
||||
|
||||
- A must-read about Xen internals:
|
||||
- [http://www.amazon.com/Definitive-Guide-Xen-Hypervisor/dp/013234971X](http://www.amazon.com/Definitive-Guide-Xen-Hypervisor/dp/013234971X)
|
||||
- [http://www.amazon.com/Definitive-Guide-Xen-Hypervisor/dp/013234971X](http://www.amazon.com/Definitive-Guide-Xen-Hypervisor/dp/013234971X)
|
||||
|
||||
- Some good books about Linux kernel:
|
||||
- [http://www.amazon.com/Linux-Kernel-Development-Robert-Love/dp/0672327201](http://www.amazon.com/Linux-Kernel-Development-Robert-Love/dp/0672327201)
|
||||
- [http://www.amazon.com/Linux-Device-Drivers-Jonathan-Corbet/dp/0596005903](http://www.amazon.com/Linux-Device-Drivers-Jonathan-Corbet/dp/0596005903)
|
||||
- [http://www.amazon.com/Linux-Kernel-Development-Robert-Love/dp/0672327201](http://www.amazon.com/Linux-Kernel-Development-Robert-Love/dp/0672327201)
|
||||
- [http://www.amazon.com/Linux-Device-Drivers-Jonathan-Corbet/dp/0596005903](http://www.amazon.com/Linux-Device-Drivers-Jonathan-Corbet/dp/0596005903)
|
||||
|
||||
- Solid intro into Trusted Computing by David Grawrock (original Intel architect for TXT):
|
||||
- [http://www.amazon.com/Dynamics-Trusted-Platform-Buildin-Grawrock/dp/1934053082](http://www.amazon.com/Dynamics-Trusted-Platform-Buildin-Grawrock/dp/1934053082)
|
||||
- [http://www.amazon.com/Dynamics-Trusted-Platform-Buildin-Grawrock/dp/1934053082](http://www.amazon.com/Dynamics-Trusted-Platform-Buildin-Grawrock/dp/1934053082)
|
||||
|
||||
- Good book about GIT:
|
||||
- [http://progit.org/book/](http://progit.org/book/)
|
||||
- [http://progit.org/book/](http://progit.org/book/)
|
||||
|
||||
- Useful books about Python:
|
||||
- [http://www.qtrac.eu/py3book.html](http://www.qtrac.eu/py3book.html) (Note that Qubes management tools are written in Python 2.6, but this book is still a very good choice)
|
||||
- [http://www.qtrac.eu/pyqtbook.html](http://www.qtrac.eu/pyqtbook.html)
|
||||
- [http://www.qtrac.eu/py3book.html](http://www.qtrac.eu/py3book.html) (Note that Qubes management tools are written in Python 2.6, but this book is still a very good choice)
|
||||
- [http://www.qtrac.eu/pyqtbook.html](http://www.qtrac.eu/pyqtbook.html)
|
||||
|
||||
|
||||
@ -22,11 +22,11 @@ Often it is more difficult to exploit a bug on the x64 Linux than it is on x86 L
|
||||
|
||||
There a few things that are KDE-specific, but generally it should not be a big problem to also add Gnome support to Qubes (in Dom0 of course). Those KDE-specific things are:
|
||||
|
||||
- Qubes requires KDM (KDE Login Manager), rather than GDM, for the very simple reason that GDM doesn't obey standards and start `/usr/bin/Xorg` instead of `/usr/bin/X`. This is important for Qubes, because we need to load a special "X wrapper" (to make it possible to use Linux usermode shared memory to access Xen shared memory pages in our App Viewers -- see the sources [here](http://qubes-os.org/gitweb/?p=mainstream/gui.git;a=tree;f=shmoverride;h=75133ddcdad0c6a59e630f005569bb8c758b67c5;hb=HEAD)). So, Qubes makes the `/usr/bin/X` to be a symlink to the Qubes X Wrapper, which, in turn, executes the `/usr/bin/Xorg`. This works well with KDM (and would probably also work with other X login managers), but not with GDM. If somebody succeeded in makeing GDM to execute `/usr/bin/X` instead of `/usr/bin/Xorg`, we would love to hear about it!
|
||||
- Qubes requires KDM (KDE Login Manager), rather than GDM, for the very simple reason that GDM doesn't obey standards and start `/usr/bin/Xorg` instead of `/usr/bin/X`. This is important for Qubes, because we need to load a special "X wrapper" (to make it possible to use Linux usermode shared memory to access Xen shared memory pages in our App Viewers -- see the sources [here](http://qubes-os.org/gitweb/?p=mainstream/gui.git;a=tree;f=shmoverride;h=75133ddcdad0c6a59e630f005569bb8c758b67c5;hb=HEAD)). So, Qubes makes the `/usr/bin/X` to be a symlink to the Qubes X Wrapper, which, in turn, executes the `/usr/bin/Xorg`. This works well with KDM (and would probably also work with other X login managers), but not with GDM. If somebody succeeded in makeing GDM to execute `/usr/bin/X` instead of `/usr/bin/Xorg`, we would love to hear about it!
|
||||
|
||||
- We maintain a special [repository](/wiki/KdeDom0) for building packages specifically for Qubes Dom0.
|
||||
|
||||
- We've patched the KDE's Window Manager (specifically [one of the decoration plugins](https://qubes-os.org/gitweb/?p=mainstream/kde-dom0.git;a=commit;h=e1a530d8188a47921da35beff03998eb3fce8e2c)) to draw window decorations in the color of the specific AppVM's label.
|
||||
- We've patched the KDE's Window Manager (specifically [one of the decoration plugins](https://qubes-os.org/gitweb/?p=mainstream/kde-dom0.git;a=commit;h=e1a530d8188a47921da35beff03998eb3fce8e2c)) to draw window decorations in the color of the specific AppVM's label.
|
||||
|
||||
If you're interested in porting GNOME for Qubes Dom0 use, let us know -- we will most likely welcome patches in this area.
|
||||
|
||||
|
||||
@ -5,7 +5,7 @@ permalink: /doc/DiskTRIM/
|
||||
redirect_from: /wiki/DiskTRIM/
|
||||
---
|
||||
|
||||
VMs have already TRIM enabled by default, but dom0 doesn't. There are some security implications (read for example [this article](http://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html)), but IMO not very serious.
|
||||
VMs have already TRIM enabled by default, but dom0 doesn't. There are some security implications (read for example [this article](http://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html)), but IMO not very serious.
|
||||
|
||||
To enable TRIM in dom0 you need:
|
||||
|
||||
@ -32,4 +32,4 @@ To enable TRIM in dom0 you need:
|
||||
6. Add "discard" option to `/etc/fstab` for root device
|
||||
7. Reboot the system, verify that allow-discards is really enabled (`dmsetup table`)
|
||||
|
||||
There is a [bug affecting allow-discards option](https://bugzilla.redhat.com/show_bug.cgi?id=890533), once it will be fixed, first two steps will be no longer needed.
|
||||
There is a [bug affecting allow-discards option](https://bugzilla.redhat.com/show_bug.cgi?id=890533), once it will be fixed, first two steps will be no longer needed.
|
||||
|
||||
@ -11,7 +11,7 @@ Disposable VMs (DispVMs)
|
||||
Background
|
||||
----------
|
||||
|
||||
See [this article](http://theinvisiblethings.blogspot.com/2010/06/disposable-vms.html) for a background on why would one want to use a Disposable VM and what it is.
|
||||
See [this article](http://theinvisiblethings.blogspot.com/2010/06/disposable-vms.html) for a background on why would one want to use a Disposable VM and what it is.
|
||||
|
||||
Opening a file in a Disposable VM (via GUI)
|
||||
-------------------------------------------
|
||||
@ -86,4 +86,4 @@ lrwxrwxrwx 1 joanna joanna 47 Mar 11 13:59 savefile_root -> /var/lib/qubes/vm-te
|
||||
Disposable VMs and Local Forensics
|
||||
----------------------------------
|
||||
|
||||
At this time, DispVMs should not be relied upon to circumvent local forensics, as they do not run entirely in RAM. For details, see [this thread](https://groups.google.com/d/topic/qubes-devel/QwL5PjqPs-4/discussion).
|
||||
At this time, DispVMs should not be relied upon to circumvent local forensics, as they do not run entirely in RAM. For details, see [this thread](https://groups.google.com/d/topic/qubes-devel/QwL5PjqPs-4/discussion).
|
||||
|
||||
@ -29,15 +29,15 @@ Secure update mechanism we use in Qubes (starting from Beta 2
|
||||
|
||||
Keeping Dom0 not connected to any network makes it hard, however, to provide updates for software in Dom0. For this reason we have come up with the following mechanism for Dom0 updates, which minimizes the amount of untrusted input processed by Dom0 software:
|
||||
|
||||
The update process is initiated by [qvm-dom0-update script](http://git.qubes-os.org/?p=joanna/core.git;a=blob;f=dom0/qvm-tools/qvm-dom0-update;h=d6ac222fdc3850a0f1269df27746c9ed6e84c8a9;hb=HEAD), running in Dom0.
|
||||
The update process is initiated by [qvm-dom0-update script](http://git.qubes-os.org/?p=joanna/core.git;a=blob;f=dom0/qvm-tools/qvm-dom0-update;h=d6ac222fdc3850a0f1269df27746c9ed6e84c8a9;hb=HEAD), running in Dom0.
|
||||
|
||||
Updates (\*.rpm files) are checked and downloaded by UpdateVM, which by default is the same as the firewall VM, but can be configured to be any other, network-connected VM. This is done by [qubes\_download\_dom0\_updates.sh script](http://git.qubes-os.org/?p=joanna/core.git;a=blob;f=common/qubes_download_dom0_updates.sh;h=dfc46123e9c0904d019d3f05008bc3adca21921d;hb=HEAD) (this script is executed using qrexec by the previously mentioned qvm-dom0-update). Note that we assume that this script might get compromised and might download a maliciously compromised downloads -- this is not a problem as Dom0 verifies digital signatures on updates later. The downloaded rpm files are placed in a ```/var/lib/qubes/dom0-updates``` directory on UpdateVM filesystem (again, they might get compromised while being kept there, still this isn't a problem). This directory is passed to yum using the ```--installroot=``` option.
|
||||
Updates (\*.rpm files) are checked and downloaded by UpdateVM, which by default is the same as the firewall VM, but can be configured to be any other, network-connected VM. This is done by [qubes\_download\_dom0\_updates.sh script](http://git.qubes-os.org/?p=joanna/core.git;a=blob;f=common/qubes_download_dom0_updates.sh;h=dfc46123e9c0904d019d3f05008bc3adca21921d;hb=HEAD) (this script is executed using qrexec by the previously mentioned qvm-dom0-update). Note that we assume that this script might get compromised and might download a maliciously compromised downloads -- this is not a problem as Dom0 verifies digital signatures on updates later. The downloaded rpm files are placed in a ```/var/lib/qubes/dom0-updates``` directory on UpdateVM filesystem (again, they might get compromised while being kept there, still this isn't a problem). This directory is passed to yum using the ```--installroot=``` option.
|
||||
|
||||
Once updates are downloaded, the update script that runs in UpdateVM requests an RPM service [qubes.ReceiveUpdates](http://git.qubes-os.org/?p=joanna/core.git;a=blob;f=dom0/aux-tools/qubes.ReceiveUpdates;h=7134323902b37a0be41b98ef8dbde61a94b1d189;hb=HEAD) to be executed in Dom0. This service is implemented by [qubes-receive-updates script](http://git.qubes-os.org/?p=joanna/core.git;a=blob;f=dom0/aux-tools/qubes-receive-updates;h=af386090b4a98de7f00736b60b9a1ca16f337822;hb=HEAD) running in Dom0. The Dom0's qvm-dom0-update script (which originally initiated the whole update process) waits until qubes-receive-updates finished.
|
||||
Once updates are downloaded, the update script that runs in UpdateVM requests an RPM service [qubes.ReceiveUpdates](http://git.qubes-os.org/?p=joanna/core.git;a=blob;f=dom0/aux-tools/qubes.ReceiveUpdates;h=7134323902b37a0be41b98ef8dbde61a94b1d189;hb=HEAD) to be executed in Dom0. This service is implemented by [qubes-receive-updates script](http://git.qubes-os.org/?p=joanna/core.git;a=blob;f=dom0/aux-tools/qubes-receive-updates;h=af386090b4a98de7f00736b60b9a1ca16f337822;hb=HEAD) running in Dom0. The Dom0's qvm-dom0-update script (which originally initiated the whole update process) waits until qubes-receive-updates finished.
|
||||
|
||||
The qubes-receive-updates script processes the untrusted input from Update VM: it first extracts the received \*.rpm files (that are sent over qrexec data connection) and then verifies digital signature on each file. The qubes-receive-updates script is a security-critical component of the Dom0 update process (as is the [qfile-dom0-unpacker.c](http://git.qubes-os.org/?p=joanna/core.git;a=blob;f=dom0/aux-tools/qfile-dom0-unpacker.c;h=757a2c43ba9e6780e8173b0049b2678efa0fda84;hb=HEAD) and the rpm utility, both used by the qubes-receive-updates for processing the untrusted input.
|
||||
The qubes-receive-updates script processes the untrusted input from Update VM: it first extracts the received \*.rpm files (that are sent over qrexec data connection) and then verifies digital signature on each file. The qubes-receive-updates script is a security-critical component of the Dom0 update process (as is the [qfile-dom0-unpacker.c](http://git.qubes-os.org/?p=joanna/core.git;a=blob;f=dom0/aux-tools/qfile-dom0-unpacker.c;h=757a2c43ba9e6780e8173b0049b2678efa0fda84;hb=HEAD) and the rpm utility, both used by the qubes-receive-updates for processing the untrusted input.
|
||||
|
||||
Once qubes-receive-updates finished unpacking and verifying the updates, the updates are placed in ``qubes-receive-updates`` directory in Dom0 filesystem. Those updates are now trusted. Dom0 is configured (see /etc/yum.conf in Dom0) to use this directory as a default (and only) [yum repository](http://git.qubes-os.org/?p=joanna/core.git;a=blob;f=dom0/qubes-cached.repo;h=963a7ba524d4d63296718161fe4bcd3cad1ff5e7;hb=HEAD).
|
||||
Once qubes-receive-updates finished unpacking and verifying the updates, the updates are placed in ``qubes-receive-updates`` directory in Dom0 filesystem. Those updates are now trusted. Dom0 is configured (see /etc/yum.conf in Dom0) to use this directory as a default (and only) [yum repository](http://git.qubes-os.org/?p=joanna/core.git;a=blob;f=dom0/qubes-cached.repo;h=963a7ba524d4d63296718161fe4bcd3cad1ff5e7;hb=HEAD).
|
||||
|
||||
Finally, qvm-dom0-updates runs ``yum update`` that fetches the rpms from qubes-cached repo and installs them as usual.
|
||||
|
||||
|
||||
@ -14,9 +14,9 @@ The Qubes project is now accepting donations in Bitcoins. You can use the follow
|
||||
14zockMSKKp5MK6X2cHJ3mQwm9MwYsJ39j
|
||||
{% endhighlight %}
|
||||
|
||||
This address can also be found in a message posted to Qubes mailing list, which can be viewed via Google Groups Web interface over SSL [here](https://groups.google.com/d/msg/qubes-devel/u3wAzm1dB5Y/s5CiUGDebL4J), for double verification. For additional verification, you can verify the digital signature on the message, which should come from Joanna Rutkowska.
|
||||
This address can also be found in a message posted to Qubes mailing list, which can be viewed via Google Groups Web interface over SSL [here](https://groups.google.com/d/msg/qubes-devel/u3wAzm1dB5Y/s5CiUGDebL4J), for double verification. For additional verification, you can verify the digital signature on the message, which should come from Joanna Rutkowska.
|
||||
|
||||
You can check how much others have donated already (over the entire time) via [blockexplorer](https://blockexplorer.com/address/14zockMSKKp5MK6X2cHJ3mQwm9MwYsJ39j) and [blockchain](https://blockchain.info/address/14zockMSKKp5MK6X2cHJ3mQwm9MwYsJ39j).
|
||||
You can check how much others have donated already (over the entire time) via [blockexplorer](https://blockexplorer.com/address/14zockMSKKp5MK6X2cHJ3mQwm9MwYsJ39j) and [blockchain](https://blockchain.info/address/14zockMSKKp5MK6X2cHJ3mQwm9MwYsJ39j).
|
||||
|
||||
FAQ
|
||||
---
|
||||
|
||||
@ -16,7 +16,7 @@ Qubes audio virtualization protocol does not implement latency reporting for sec
|
||||
Implementing external audio devices
|
||||
-----------------------------------
|
||||
|
||||
First you need to identify an user VM dedicated to audio and [assign a device](https://wiki.qubes-os.org/wiki/AssigningDevices) to it. In the most common case the assigned device is the USB controller to which your USB audio card will be connected.
|
||||
First you need to identify an user VM dedicated to audio and [assign a device](https://wiki.qubes-os.org/wiki/AssigningDevices) to it. In the most common case the assigned device is the USB controller to which your USB audio card will be connected.
|
||||
|
||||
### Fedora VMs
|
||||
|
||||
|
||||
@ -8,7 +8,7 @@ redirect_from: /wiki/FedoraTemplateUpgrade/
|
||||
Upgrade of Fedora template
|
||||
==========================
|
||||
|
||||
This instruction in simplified version of [official Fedora instruction](https://fedoraproject.org/wiki/Upgrading_Fedora_using_yum). Note that only "yum" method will work in Qubes template VM (if you are curious why: mostly because template VM does not have own bootloader).
|
||||
This instruction in simplified version of [official Fedora instruction](https://fedoraproject.org/wiki/Upgrading_Fedora_using_yum). Note that only "yum" method will work in Qubes template VM (if you are curious why: mostly because template VM does not have own bootloader).
|
||||
|
||||
Upgrading Fedora 18 to Fedora 20
|
||||
--------------------------------
|
||||
|
||||
@ -28,7 +28,7 @@ Enabling full screen mode for select VMs
|
||||
|
||||
If you want to enable full screen mode for select VMs, you can do that by creating the following entry in the /etc/qubes/guid.conf file in Dom0:
|
||||
|
||||
**Note:** There should be only one `VM: {}` block in the file (or you will [get into problems](https://groups.google.com/d/msg/qubes-users/-Yf9yNvTsVI/xXsEm8y2lrYJ))
|
||||
**Note:** There should be only one `VM: {}` block in the file (or you will [get into problems](https://groups.google.com/d/msg/qubes-users/-Yf9yNvTsVI/xXsEm8y2lrYJ))
|
||||
|
||||
{% highlight trac-wiki %}
|
||||
VM: {
|
||||
|
||||
@ -94,9 +94,9 @@ AppVM -\> dom0 messages
|
||||
|
||||
Proper handling of the below messages is security-critical. Observe that beside two messages (`CLIPBOARD` and `MFNDUMP`) the rest have fixed size, so the parsing code can be small.
|
||||
|
||||
The *override\_redirect* window attribute is explained at [Override Redirect Flag](http://tronche.com/gui/x/xlib/window/attributes/override-redirect.html). The *transient\_for* attribute is explained at [Transient\_for attribute](http://tronche.com/gui/x/icccm/sec-4.html#WM_TRANSIENT_FOR).
|
||||
The *override\_redirect* window attribute is explained at [Override Redirect Flag](http://tronche.com/gui/x/xlib/window/attributes/override-redirect.html). The *transient\_for* attribute is explained at [Transient\_for attribute](http://tronche.com/gui/x/icccm/sec-4.html#WM_TRANSIENT_FOR).
|
||||
|
||||
Window manager hints and flags are described at [http://standards.freedesktop.org/wm-spec/latest/](http://standards.freedesktop.org/wm-spec/latest/), especially part about `_NET_WM_STATE`.
|
||||
Window manager hints and flags are described at [http://standards.freedesktop.org/wm-spec/latest/](http://standards.freedesktop.org/wm-spec/latest/), especially part about `_NET_WM_STATE`.
|
||||
|
||||
Each message starts with the following header
|
||||
|
||||
|
||||
@ -83,7 +83,7 @@ That's a great question, but there's no one-size-fits-all answer. It depends on
|
||||
|
||||
It's a good idea to start out with the three domains created automatically by the installer: work, personal, and untrusted. Then, if and when you start to feel that some activity just doesn't fit into any of your existing domains, you can easily create a new domain for it. You'll also be able to easily copy any files you need to the newly created domain, as explained [here](/wiki/CopyingFiles).
|
||||
|
||||
More paranoid people might find it worthwhile to read [this article](http://theinvisiblethings.blogspot.com/2011/03/partitioning-my-digital-life-into.html), which describes how one of the Qubes authors partitions her digital life into security domains.
|
||||
More paranoid people might find it worthwhile to read [this article](http://theinvisiblethings.blogspot.com/2011/03/partitioning-my-digital-life-into.html), which describes how one of the Qubes authors partitions her digital life into security domains.
|
||||
|
||||
Full Screen Domains
|
||||
-------------------
|
||||
|
||||
94
HCL-R2B2.md
94
HCL-R2B2.md
@ -164,9 +164,9 @@ OK
|
||||
|
||||
X
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/hag-MQDH_Vs/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/hag-MQDH_Vs/discussion)
|
||||
|
||||
[Alex Dubois](https://groups.google.com/d/msg/qubes-devel/hag-MQDH_Vs/pmJ7TIWUWAsJ)
|
||||
[Alex Dubois](https://groups.google.com/d/msg/qubes-devel/hag-MQDH_Vs/pmJ7TIWUWAsJ)
|
||||
|
||||
Apple MacBookPro
|
||||
(Intel HD Graphics, Ivy Bridge, i5-3210M)
|
||||
@ -177,15 +177,15 @@ OK
|
||||
|
||||
OK
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/ZbjrseLxuPQ/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/ZbjrseLxuPQ/discussion)
|
||||
|
||||
[ph145h](https://groups.google.com/d/msg/qubes-users/ZbjrseLxuPQ/5Jx5DvpnwMMJ)
|
||||
[ph145h](https://groups.google.com/d/msg/qubes-users/ZbjrseLxuPQ/5Jx5DvpnwMMJ)
|
||||
|
||||
ASUS UX-31
|
||||
|
||||
\*
|
||||
|
||||
[Stephen Boyd](https://groups.google.com/d/topic/qubes-devel/6I07Bbzn5M4/discussion)
|
||||
[Stephen Boyd](https://groups.google.com/d/topic/qubes-devel/6I07Bbzn5M4/discussion)
|
||||
|
||||
ASUS X55A
|
||||
|
||||
@ -193,7 +193,7 @@ X
|
||||
|
||||
X
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/2csjvHia9Rw/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/2csjvHia9Rw/discussion)
|
||||
|
||||
X
|
||||
|
||||
@ -201,9 +201,9 @@ X
|
||||
|
||||
X
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/2csjvHia9Rw/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/2csjvHia9Rw/discussion)
|
||||
|
||||
[Zrubi](https://groups.google.com/d/msg/qubes-devel/2csjvHia9Rw/NRsqR0g6wIMJ)
|
||||
[Zrubi](https://groups.google.com/d/msg/qubes-devel/2csjvHia9Rw/NRsqR0g6wIMJ)
|
||||
|
||||
Dell Latitude E4300
|
||||
(Intel GMA 4500M; Mobile 4 Series Chipset; Core2 Duo P9600)
|
||||
@ -214,9 +214,9 @@ OK
|
||||
|
||||
OK
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/LNJqSbH0cOQ/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/LNJqSbH0cOQ/discussion)
|
||||
|
||||
[Pablo Costa](https://groups.google.com/d/msg/qubes-devel/LNJqSbH0cOQ/VC9EwEDrXMQJ)
|
||||
[Pablo Costa](https://groups.google.com/d/msg/qubes-devel/LNJqSbH0cOQ/VC9EwEDrXMQJ)
|
||||
|
||||
Dell Latitude 5520
|
||||
|
||||
@ -224,9 +224,9 @@ OK
|
||||
|
||||
OK
|
||||
|
||||
[read more](https://groups.google.com/group/qubes-devel/msg/7418e7084c2de99f?hl=en)
|
||||
[read more](https://groups.google.com/group/qubes-devel/msg/7418e7084c2de99f?hl=en)
|
||||
|
||||
[Erik Edin](https://groups.google.com/group/qubes-devel/msg/7418e7084c2de99f?hl=en)
|
||||
[Erik Edin](https://groups.google.com/group/qubes-devel/msg/7418e7084c2de99f?hl=en)
|
||||
|
||||
Dell Latitude E6320
|
||||
(Intel HD graphics; Sandy Bridge; i5-2540M; BIOS: A06)
|
||||
@ -237,9 +237,9 @@ OK
|
||||
|
||||
OK
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/FyA7_Kzw1WA/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/FyA7_Kzw1WA/discussion)
|
||||
|
||||
[Alex](https://groups.google.com/d/msg/qubes-users/F-jVh62ANak/s57rqUWTY7kJ)
|
||||
[Alex](https://groups.google.com/d/msg/qubes-users/F-jVh62ANak/s57rqUWTY7kJ)
|
||||
|
||||
Dell Latitude E6430
|
||||
(Intel HD graphics; Ivy Bridge; i5-3340M, BIOS: A11)
|
||||
@ -250,7 +250,7 @@ OK
|
||||
|
||||
OK
|
||||
|
||||
[Zrubi](https://groups.google.com/d/msg/qubes-users/pAVGe04ZC48/AJwY6yd7LeIJ)
|
||||
[Zrubi](https://groups.google.com/d/msg/qubes-users/pAVGe04ZC48/AJwY6yd7LeIJ)
|
||||
|
||||
Dell Latitude E6520
|
||||
|
||||
@ -258,9 +258,9 @@ OK
|
||||
|
||||
OK
|
||||
|
||||
[read more](https://groups.google.com/group/qubes-devel/msg/340afc6fc2d06d0e)
|
||||
[read more](https://groups.google.com/group/qubes-devel/msg/340afc6fc2d06d0e)
|
||||
|
||||
[Steven Collins](https://groups.google.com/group/qubes-devel/msg/340afc6fc2d06d0e)
|
||||
[Steven Collins](https://groups.google.com/group/qubes-devel/msg/340afc6fc2d06d0e)
|
||||
|
||||
Dell PowerEdge T110 II
|
||||
(onboard Matrox; Xeon E3-1230)
|
||||
@ -269,7 +269,7 @@ OK
|
||||
|
||||
OK
|
||||
|
||||
[Geoff](https://groups.google.com/group/qubes-devel/msg/8a894915909eeaee)
|
||||
[Geoff](https://groups.google.com/group/qubes-devel/msg/8a894915909eeaee)
|
||||
|
||||
Dell Precision M4600
|
||||
(i7-2860QM; NVIDIA Quadro 1000M)
|
||||
@ -278,7 +278,7 @@ OK
|
||||
|
||||
OK
|
||||
|
||||
[nqe](https://groups.google.com/group/qubes-devel/browse_thread/thread/ddf35d12a35f96a3)
|
||||
[nqe](https://groups.google.com/group/qubes-devel/browse_thread/thread/ddf35d12a35f96a3)
|
||||
|
||||
Dell XPS 13
|
||||
(i5; intel HD; sandy bridge; BIOS A03)
|
||||
@ -287,9 +287,9 @@ OK
|
||||
|
||||
OK
|
||||
|
||||
[read more](https://groups.google.com/d/msg/qubes-devel/jamRkZJDC0g/KTniY0Y3dioJ)
|
||||
[read more](https://groups.google.com/d/msg/qubes-devel/jamRkZJDC0g/KTniY0Y3dioJ)
|
||||
|
||||
[j](https://groups.google.com/d/msg/qubes-devel/7JumqdldVJM/n9TiDVxc2jkJ)
|
||||
[j](https://groups.google.com/d/msg/qubes-devel/7JumqdldVJM/n9TiDVxc2jkJ)
|
||||
|
||||
Dell XPS 13 (L322X)
|
||||
(i7-3537U; intel HD; Ivy Bridge; BIOS A09)
|
||||
@ -300,9 +300,9 @@ OK
|
||||
|
||||
X
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/21kqNBzJLPw/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/21kqNBzJLPw/discussion)
|
||||
|
||||
[Brian J Smith-Sweeney](https://groups.google.com/d/msg/qubes-users/21kqNBzJLPw/e74SMRweTMsJ)
|
||||
[Brian J Smith-Sweeney](https://groups.google.com/d/msg/qubes-users/21kqNBzJLPw/e74SMRweTMsJ)
|
||||
|
||||
Fujitsu S751
|
||||
(HD3000; QM67; i5-2520M; BIOS 1.18)
|
||||
@ -319,7 +319,7 @@ OK
|
||||
|
||||
needs kernel downgrade to 3.7.4
|
||||
|
||||
[Zrubi](https://groups.google.com/forum/#!msg/qubes-devel/xoyNCigBvFE/ER61L6TbVpwJ)
|
||||
[Zrubi](https://groups.google.com/forum/#!msg/qubes-devel/xoyNCigBvFE/ER61L6TbVpwJ)
|
||||
|
||||
HP EliteBook 8540p
|
||||
(Arrandale; NVIDIA GT216; i5-2540M; BIOS:F.0C)
|
||||
@ -330,7 +330,7 @@ OK
|
||||
|
||||
OK
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/o_FTsPW6GD8/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/o_FTsPW6GD8/discussion)
|
||||
|
||||
[Olivier Médoc](https://groups.google.com/d/msg/qubes-users/o_FTsPW6GD8/bjAD-CSpRKsJ)
|
||||
|
||||
@ -343,7 +343,7 @@ OK
|
||||
|
||||
OK
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/o_FTsPW6GD8/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/o_FTsPW6GD8/discussion)
|
||||
|
||||
[Olivier Médoc](https://groups.google.com/d/msg/qubes-users/o_FTsPW6GD8/bjAD-CSpRKsJ)
|
||||
|
||||
@ -378,7 +378,7 @@ OK
|
||||
|
||||
OK
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/LSVluAZ9Udo/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/LSVluAZ9Udo/discussion)
|
||||
|
||||
[Alex Dubois](https://groups.google.com/d/msg/qubes-devel/LSVluAZ9Udo/Fl3jmt4tWssJ)
|
||||
|
||||
@ -404,7 +404,7 @@ OK
|
||||
|
||||
OK
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/Z9M_k3i6dxU/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/Z9M_k3i6dxU/discussion)
|
||||
|
||||
[tigerbeard](https://groups.google.com/d/msg/qubes-devel/Z9M_k3i6dxU/09CqBppyMnsJ)
|
||||
|
||||
@ -415,9 +415,9 @@ OK
|
||||
|
||||
OK
|
||||
|
||||
[read more](https://groups.google.com/forum/#!msg/qubes-devel/TgDWwBs36yA/IUFZPHs716cJ)
|
||||
[read more](https://groups.google.com/forum/#!msg/qubes-devel/TgDWwBs36yA/IUFZPHs716cJ)
|
||||
|
||||
[Sebastian Hültenschmidt](https://groups.google.com/forum/#!msg/qubes-devel/TgDWwBs36yA/IUFZPHs716cJ)
|
||||
[Sebastian Hültenschmidt](https://groups.google.com/forum/#!msg/qubes-devel/TgDWwBs36yA/IUFZPHs716cJ)
|
||||
|
||||
Lenovo Thinkpad X1 Carbon (LENOVO 3444CTO)
|
||||
(i5-3427U)
|
||||
@ -441,10 +441,10 @@ OK
|
||||
|
||||
OK
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/-b8b9fpo0UU/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/-b8b9fpo0UU/discussion)
|
||||
|
||||
[Stefan Boresch](https://groups.google.com/group/qubes-devel/msg/f41578eef913446a)
|
||||
[Matt Tracy](https://groups.google.com/d/msg/qubes-users/-b8b9fpo0UU/RFh6HiWqt5oJ)
|
||||
[Stefan Boresch](https://groups.google.com/group/qubes-devel/msg/f41578eef913446a)
|
||||
[Matt Tracy](https://groups.google.com/d/msg/qubes-users/-b8b9fpo0UU/RFh6HiWqt5oJ)
|
||||
|
||||
Lenovo Thinkpad x230
|
||||
(Ivy Bridge; HD Graphics; i5-3320M; BIOS:2.51)
|
||||
@ -453,7 +453,7 @@ Lenovo Thinkpad x230
|
||||
|
||||
OK
|
||||
|
||||
[read more](https://groups.google.com/d/msg/qubes-devel/XN6JrEXVOVA/lkxGRA00EqgJ)
|
||||
[read more](https://groups.google.com/d/msg/qubes-devel/XN6JrEXVOVA/lkxGRA00EqgJ)
|
||||
|
||||
\*
|
||||
|
||||
@ -461,10 +461,10 @@ OK
|
||||
|
||||
OK
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/hf0vkL3TE7k/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/hf0vkL3TE7k/discussion)
|
||||
|
||||
[Chris](https://groups.google.com/d/msg/qubes-devel/XN6JrEXVOVA/lkxGRA00EqgJ)
|
||||
[mgflax](https://groups.google.com/d/msg/qubes-users/hf0vkL3TE7k/VOtrW3wEbtMJ)
|
||||
[Chris](https://groups.google.com/d/msg/qubes-devel/XN6JrEXVOVA/lkxGRA00EqgJ)
|
||||
[mgflax](https://groups.google.com/d/msg/qubes-users/hf0vkL3TE7k/VOtrW3wEbtMJ)
|
||||
|
||||
Toshiba Tecra S11
|
||||
|
||||
@ -472,9 +472,9 @@ OK
|
||||
|
||||
OK
|
||||
|
||||
[read more](https://groups.google.com/group/qubes-devel/browse_thread/thread/fdec0ec165a87726)
|
||||
[read more](https://groups.google.com/group/qubes-devel/browse_thread/thread/fdec0ec165a87726)
|
||||
|
||||
[Jan Beerden](https://groups.google.com/group/qubes-devel/browse_thread/thread/fdec0ec165a87726)
|
||||
[Jan Beerden](https://groups.google.com/group/qubes-devel/browse_thread/thread/fdec0ec165a87726)
|
||||
|
||||
Toshiba Tecra A11-15X
|
||||
(i7-M620)
|
||||
@ -483,7 +483,7 @@ OK
|
||||
|
||||
OK
|
||||
|
||||
[PirBoazo](https://groups.google.com/group/qubes-devel/browse_thread/thread/c0d5f6a33d672b62)
|
||||
[PirBoazo](https://groups.google.com/group/qubes-devel/browse_thread/thread/c0d5f6a33d672b62)
|
||||
|
||||
Toshiba M780 S7240
|
||||
(BIOS latest)
|
||||
@ -492,14 +492,14 @@ OK
|
||||
|
||||
OK
|
||||
|
||||
[Franz](https://groups.google.com/group/qubes-devel/browse_thread/thread/66e97c990a08d8e2)
|
||||
[Franz](https://groups.google.com/group/qubes-devel/browse_thread/thread/66e97c990a08d8e2)
|
||||
|
||||
Samsung Series 7 Chronos NP700Z5C
|
||||
(nVidia Optimus; i7-3635QM; BIOS P04ABJ)
|
||||
|
||||
OK
|
||||
|
||||
[read more](https://groups.google.com/d/msg/qubes-devel/0xBeX8NZFiU/bUqxGdn6KOMJ)
|
||||
[read more](https://groups.google.com/d/msg/qubes-devel/0xBeX8NZFiU/bUqxGdn6KOMJ)
|
||||
|
||||
OK
|
||||
|
||||
@ -507,9 +507,9 @@ OK
|
||||
|
||||
X
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/Wu1mn9f1qgM/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/Wu1mn9f1qgM/discussion)
|
||||
|
||||
[Outback Dingo](https://groups.google.com/d/msg/qubes-devel/0xBeX8NZFiU/bUqxGdn6KOMJ)
|
||||
[Outback Dingo](https://groups.google.com/d/msg/qubes-devel/0xBeX8NZFiU/bUqxGdn6KOMJ)
|
||||
|
||||
Sony Vaio Z2
|
||||
(2011 edition)
|
||||
@ -518,9 +518,9 @@ OK
|
||||
|
||||
OK
|
||||
|
||||
[read more](https://groups.google.com/d/msg/qubes-devel/xoyNCigBvFE/fkC6em-Wqd0J)
|
||||
[read more](https://groups.google.com/d/msg/qubes-devel/xoyNCigBvFE/fkC6em-Wqd0J)
|
||||
|
||||
[Danny Fullerton](https://groups.google.com/d/msg/qubes-devel/xoyNCigBvFE/fkC6em-Wqd0J)
|
||||
[Danny Fullerton](https://groups.google.com/d/msg/qubes-devel/xoyNCigBvFE/fkC6em-Wqd0J)
|
||||
|
||||
Zareason Ultra Lap 420
|
||||
(Ivy Bridge; HD Graphics; i5-3317U)
|
||||
@ -529,7 +529,7 @@ OK
|
||||
|
||||
OK
|
||||
|
||||
[Ant](https://groups.google.com/d/msg/qubes-users/uKI-VBtKWxg/uKjsdGNSpSQJ)
|
||||
[Ant](https://groups.google.com/d/msg/qubes-users/uKI-VBtKWxg/uKjsdGNSpSQJ)
|
||||
|
||||
**User Reported Desktops and Workstations**
|
||||
|
||||
|
||||
250
HCL.md
250
HCL.md
@ -135,9 +135,9 @@ Yes
|
||||
|
||||
R2B2
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/ZbjrseLxuPQ/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/ZbjrseLxuPQ/discussion)
|
||||
|
||||
[ph145h](https://groups.google.com/d/msg/qubes-users/ZbjrseLxuPQ/5Jx5DvpnwMMJ)
|
||||
[ph145h](https://groups.google.com/d/msg/qubes-users/ZbjrseLxuPQ/5Jx5DvpnwMMJ)
|
||||
|
||||
Apple MacBookPro
|
||||
(i7-620M, HD Graphics + GT 330M)
|
||||
@ -148,9 +148,9 @@ No
|
||||
|
||||
R2B2
|
||||
|
||||
No Network, Chipset doesn't support VT-d! [read more](https://groups.google.com/d/topic/qubes-devel/hag-MQDH_Vs/discussion) [read more](https://groups.google.com/d/topic/qubes-devel/hag-MQDH_Vs/discussion)
|
||||
No Network, Chipset doesn't support VT-d! [read more](https://groups.google.com/d/topic/qubes-devel/hag-MQDH_Vs/discussion) [read more](https://groups.google.com/d/topic/qubes-devel/hag-MQDH_Vs/discussion)
|
||||
|
||||
[Alex Dubois](https://groups.google.com/d/msg/qubes-devel/hag-MQDH_Vs/pmJ7TIWUWAsJ)
|
||||
[Alex Dubois](https://groups.google.com/d/msg/qubes-devel/hag-MQDH_Vs/pmJ7TIWUWAsJ)
|
||||
|
||||
ASUS N56VZ
|
||||
(CPU, HM67 Express, HD Graphics)
|
||||
@ -178,9 +178,9 @@ No
|
||||
|
||||
R2B2
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/2csjvHia9Rw/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/2csjvHia9Rw/discussion)
|
||||
|
||||
[Zrubi](https://groups.google.com/d/msg/qubes-devel/2csjvHia9Rw/NRsqR0g6wIMJ)
|
||||
[Zrubi](https://groups.google.com/d/msg/qubes-devel/2csjvHia9Rw/NRsqR0g6wIMJ)
|
||||
|
||||
ASUS X750JA
|
||||
(i7-4700HQ, HM86, HD Graphics 4600)
|
||||
@ -208,9 +208,9 @@ Yes
|
||||
|
||||
R2B2
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/6I07Bbzn5M4/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/6I07Bbzn5M4/discussion)
|
||||
|
||||
[Stephen Boyd](https://groups.google.com/d/topic/qubes-devel/6I07Bbzn5M4/discussion)
|
||||
[Stephen Boyd](https://groups.google.com/d/topic/qubes-devel/6I07Bbzn5M4/discussion)
|
||||
|
||||
ASUS Zenbook UX31A
|
||||
(i5-3317U, Ivy Bridge, HD4000)
|
||||
@ -261,7 +261,7 @@ R2B3
|
||||
|
||||
Most features work on 3.7 and 3.11, but for best results use 3.9.
|
||||
|
||||
[AndrewX192](https://groups.google.com/d/msg/qubes-users/Ol6v6xSla4Y/vFgIHeObF-8J)
|
||||
[AndrewX192](https://groups.google.com/d/msg/qubes-users/Ol6v6xSla4Y/vFgIHeObF-8J)
|
||||
|
||||
Clevo P151HM1
|
||||
(i7-2720QM, Sandy Bridge, GeForce GTX 460M)
|
||||
@ -278,7 +278,7 @@ R2rc1
|
||||
|
||||
3.12.14-4
|
||||
|
||||
[David Kennedy](https://groups.google.com/d/msg/qubes-users/a5dspO8wRCU/RC12tcxtaCcJ)
|
||||
[David Kennedy](https://groups.google.com/d/msg/qubes-users/a5dspO8wRCU/RC12tcxtaCcJ)
|
||||
|
||||
Clevo W150ER
|
||||
(i7-3612QM, Ivy Bridge, Geforce GT 650M)
|
||||
@ -293,7 +293,7 @@ R2rc1
|
||||
|
||||
3.12.14-4
|
||||
|
||||
[chymian](https://groups.google.com/d/msg/qubes-users/YOE2ds6RVWc/n24INxfu11gJ)
|
||||
[chymian](https://groups.google.com/d/msg/qubes-users/YOE2ds6RVWc/n24INxfu11gJ)
|
||||
|
||||
Dell Inspiron 3521
|
||||
(i3-3217U, HM76, HD Graphics)
|
||||
@ -308,9 +308,9 @@ R2rc1
|
||||
|
||||
3.12.14-4
|
||||
|
||||
[NetVM hangs computer](https://groups.google.com/d/msg/qubes-users/SgUAMvUizp0/WND6yZtYP5cJ)
|
||||
[NetVM hangs computer](https://groups.google.com/d/msg/qubes-users/SgUAMvUizp0/WND6yZtYP5cJ)
|
||||
|
||||
[Nikita Mikhailov](https://groups.google.com/d/msg/qubes-users/SgUAMvUizp0/WND6yZtYP5cJ)
|
||||
[Nikita Mikhailov](https://groups.google.com/d/msg/qubes-users/SgUAMvUizp0/WND6yZtYP5cJ)
|
||||
|
||||
Dell Latitude E4300
|
||||
(P9600, GMA 4500MHD, Mobile 4 Series Chipset)
|
||||
@ -323,17 +323,17 @@ Yes
|
||||
|
||||
R2B2
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/LNJqSbH0cOQ/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/LNJqSbH0cOQ/discussion)
|
||||
|
||||
[Pablo Costa](https://groups.google.com/d/msg/qubes-devel/LNJqSbH0cOQ/VC9EwEDrXMQJ)
|
||||
[Pablo Costa](https://groups.google.com/d/msg/qubes-devel/LNJqSbH0cOQ/VC9EwEDrXMQJ)
|
||||
|
||||
R2B3
|
||||
|
||||
3.9
|
||||
|
||||
Runs only with kernel 3.9 [read more](https://groups.google.com/d/topic/qubes-devel/LNJqSbH0cOQ/discussion)
|
||||
Runs only with kernel 3.9 [read more](https://groups.google.com/d/topic/qubes-devel/LNJqSbH0cOQ/discussion)
|
||||
|
||||
[Pablo Costa](https://groups.google.com/d/msg/qubes-devel/LNJqSbH0cOQ/VC9EwEDrXMQJ)
|
||||
[Pablo Costa](https://groups.google.com/d/msg/qubes-devel/LNJqSbH0cOQ/VC9EwEDrXMQJ)
|
||||
|
||||
Dell Latitude 5520
|
||||
()
|
||||
@ -342,9 +342,9 @@ Yes
|
||||
|
||||
R1
|
||||
|
||||
[read more](https://groups.google.com/group/qubes-devel/msg/7418e7084c2de99f?hl=en)
|
||||
[read more](https://groups.google.com/group/qubes-devel/msg/7418e7084c2de99f?hl=en)
|
||||
|
||||
[Erik Edin](https://groups.google.com/group/qubes-devel/msg/7418e7084c2de99f?hl=en)
|
||||
[Erik Edin](https://groups.google.com/group/qubes-devel/msg/7418e7084c2de99f?hl=en)
|
||||
|
||||
Dell Latitude E6320
|
||||
(i5-2540M, Sandy Bridge, HD graphics)
|
||||
@ -357,9 +357,9 @@ Yes
|
||||
|
||||
R2B2
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/FyA7_Kzw1WA/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/FyA7_Kzw1WA/discussion)
|
||||
|
||||
[Alex](https://groups.google.com/d/msg/qubes-users/F-jVh62ANak/s57rqUWTY7kJ)
|
||||
[Alex](https://groups.google.com/d/msg/qubes-users/F-jVh62ANak/s57rqUWTY7kJ)
|
||||
|
||||
Dell Latitude E6410
|
||||
(i5-M560, Arrandale, HD Graphics)
|
||||
@ -408,7 +408,7 @@ R1
|
||||
|
||||
needs kernel 3.4.17+
|
||||
|
||||
[Qubes core developers]()
|
||||
[Qubes core developers]()
|
||||
|
||||
R2B1
|
||||
|
||||
@ -416,7 +416,7 @@ R2B1
|
||||
|
||||
needs kernel 3.4.17+
|
||||
|
||||
[Qubes core developers]()
|
||||
[Qubes core developers]()
|
||||
|
||||
R2B2
|
||||
|
||||
@ -424,7 +424,7 @@ R2B2
|
||||
|
||||
Suspend doesn't work on 3.7.6 kernel, but work on 3.7.4
|
||||
|
||||
[Qubes core developers]()
|
||||
[Qubes core developers]()
|
||||
|
||||
R2B3
|
||||
|
||||
@ -447,7 +447,7 @@ R2
|
||||
|
||||
The optional nVidia Optimus VGA is (still) not working.
|
||||
|
||||
[Zrubi](https://groups.google.com/d/msg/qubes-users/sfV4-pMWrBY/qiHlnnza9a0J)
|
||||
[Zrubi](https://groups.google.com/d/msg/qubes-users/sfV4-pMWrBY/qiHlnnza9a0J)
|
||||
|
||||
Dell Latitude E6520
|
||||
()
|
||||
@ -456,9 +456,9 @@ Yes
|
||||
|
||||
R1
|
||||
|
||||
[read more](https://groups.google.com/group/qubes-devel/msg/340afc6fc2d06d0e)
|
||||
[read more](https://groups.google.com/group/qubes-devel/msg/340afc6fc2d06d0e)
|
||||
|
||||
[Steven Collins](https://groups.google.com/group/qubes-devel/msg/340afc6fc2d06d0e)
|
||||
[Steven Collins](https://groups.google.com/group/qubes-devel/msg/340afc6fc2d06d0e)
|
||||
|
||||
Dell Latitude E7440
|
||||
(i7-4600U, Haswell, embedded VGA)
|
||||
@ -486,7 +486,7 @@ Yes
|
||||
|
||||
R1
|
||||
|
||||
[nqe](https://groups.google.com/group/qubes-devel/browse_thread/thread/ddf35d12a35f96a3)
|
||||
[nqe](https://groups.google.com/group/qubes-devel/browse_thread/thread/ddf35d12a35f96a3)
|
||||
|
||||
Dell XPS 13
|
||||
(i5, Sandy Bridge, Intel HD)
|
||||
@ -495,19 +495,19 @@ A03
|
||||
|
||||
R1
|
||||
|
||||
[j](https://groups.google.com/d/msg/qubes-devel/7JumqdldVJM/n9TiDVxc2jkJ)
|
||||
[j](https://groups.google.com/d/msg/qubes-devel/7JumqdldVJM/n9TiDVxc2jkJ)
|
||||
|
||||
R2B1
|
||||
|
||||
[read more](https://groups.google.com/d/msg/qubes-devel/7JumqdldVJM/n9TiDVxc2jkJ)
|
||||
[read more](https://groups.google.com/d/msg/qubes-devel/7JumqdldVJM/n9TiDVxc2jkJ)
|
||||
|
||||
[j](https://groups.google.com/d/msg/qubes-devel/7JumqdldVJM/n9TiDVxc2jkJ)
|
||||
[j](https://groups.google.com/d/msg/qubes-devel/7JumqdldVJM/n9TiDVxc2jkJ)
|
||||
|
||||
R2B2
|
||||
|
||||
[read more](https://groups.google.com/d/msg/qubes-devel/jamRkZJDC0g/KTniY0Y3dioJ)
|
||||
[read more](https://groups.google.com/d/msg/qubes-devel/jamRkZJDC0g/KTniY0Y3dioJ)
|
||||
|
||||
[j](https://groups.google.com/d/msg/qubes-devel/7JumqdldVJM/n9TiDVxc2jkJ)
|
||||
[j](https://groups.google.com/d/msg/qubes-devel/7JumqdldVJM/n9TiDVxc2jkJ)
|
||||
|
||||
Dell XPS 13 (L322X)
|
||||
(i7-3537U, Ivy Bridge, Intel HD)
|
||||
@ -520,9 +520,9 @@ No
|
||||
|
||||
R2B2
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/21kqNBzJLPw/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/21kqNBzJLPw/discussion)
|
||||
|
||||
[Brian J Smith-Sweeney](https://groups.google.com/d/msg/qubes-users/21kqNBzJLPw/e74SMRweTMsJ)
|
||||
[Brian J Smith-Sweeney](https://groups.google.com/d/msg/qubes-users/21kqNBzJLPw/e74SMRweTMsJ)
|
||||
|
||||
Dell XPS 15 (9530)
|
||||
(i7-4702HQ, Haswell, embedded VGA)
|
||||
@ -588,11 +588,11 @@ Yes
|
||||
|
||||
R1
|
||||
|
||||
[Zrubi](https://groups.google.com/forum/#!msg/qubes-devel/xoyNCigBvFE/ER61L6TbVpwJ)
|
||||
[Zrubi](https://groups.google.com/forum/#!msg/qubes-devel/xoyNCigBvFE/ER61L6TbVpwJ)
|
||||
|
||||
R2B1
|
||||
|
||||
[Zrubi](https://groups.google.com/forum/#!msg/qubes-devel/xoyNCigBvFE/ER61L6TbVpwJ)
|
||||
[Zrubi](https://groups.google.com/forum/#!msg/qubes-devel/xoyNCigBvFE/ER61L6TbVpwJ)
|
||||
|
||||
R2B2
|
||||
|
||||
@ -600,13 +600,13 @@ R2B2
|
||||
|
||||
needs kernel downgrade to 3.7.4
|
||||
|
||||
[Zrubi](https://groups.google.com/forum/#!msg/qubes-devel/xoyNCigBvFE/ER61L6TbVpwJ)
|
||||
[Zrubi](https://groups.google.com/forum/#!msg/qubes-devel/xoyNCigBvFE/ER61L6TbVpwJ)
|
||||
|
||||
R2B3
|
||||
|
||||
3.7.4
|
||||
|
||||
[Zrubi](https://groups.google.com/forum/#!msg/qubes-devel/xoyNCigBvFE/ER61L6TbVpwJ)
|
||||
[Zrubi](https://groups.google.com/forum/#!msg/qubes-devel/xoyNCigBvFE/ER61L6TbVpwJ)
|
||||
|
||||
HP Chromebook 14
|
||||
(Celeron 2955U, Haswell, Intel HD Graphics)
|
||||
@ -621,7 +621,7 @@ R2
|
||||
|
||||
3.12.23-1
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/oWLkwl8vY0A/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/oWLkwl8vY0A/discussion)
|
||||
|
||||
[Andrew B](https://groups.google.com/d/msg/qubes-users/oWLkwl8vY0A/QaHRacZgM70J)
|
||||
|
||||
@ -638,7 +638,7 @@ R2rc2
|
||||
|
||||
3.12.23-1
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/8s98SegfdbI/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/8s98SegfdbI/discussion)
|
||||
|
||||
[Mihai Genescu](https://groups.google.com/d/msg/qubes-users/8s98SegfdbI/pIOWgeJSuSAJ)
|
||||
|
||||
@ -655,7 +655,7 @@ R2
|
||||
|
||||
3.17.1-1
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/Bfikyrwhoc8/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/Bfikyrwhoc8/discussion)
|
||||
|
||||
[Olivier Médoc](https://groups.google.com/d/msg/qubes-users/Bfikyrwhoc8/q-zhFrA0SK4J)
|
||||
|
||||
@ -672,7 +672,7 @@ R2rc2
|
||||
|
||||
3.12.23-1
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/q5M9KbPatEA/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/q5M9KbPatEA/discussion)
|
||||
|
||||
[Dimiter Georgiev](https://groups.google.com/d/msg/qubes-users/q5M9KbPatEA/fXIZ-yvJVA8J)
|
||||
|
||||
@ -702,7 +702,7 @@ Yes
|
||||
|
||||
R2B2
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/o_FTsPW6GD8/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/o_FTsPW6GD8/discussion)
|
||||
|
||||
[Olivier Médoc](https://groups.google.com/d/msg/qubes-users/o_FTsPW6GD8/bjAD-CSpRKsJ)
|
||||
|
||||
@ -717,7 +717,7 @@ Yes
|
||||
|
||||
R2B2
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/o_FTsPW6GD8/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/o_FTsPW6GD8/discussion)
|
||||
|
||||
[Olivier Médoc](https://groups.google.com/d/msg/qubes-users/o_FTsPW6GD8/bjAD-CSpRKsJ)
|
||||
|
||||
@ -745,9 +745,9 @@ Yes
|
||||
|
||||
R2B1
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/ZC_SQJhXVOM/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/ZC_SQJhXVOM/discussion)
|
||||
|
||||
[Stephen Boyd](https://groups.google.com/d/msg/qubes-devel/ZC_SQJhXVOM/4aLjEc7GIsUJ)
|
||||
[Stephen Boyd](https://groups.google.com/d/msg/qubes-devel/ZC_SQJhXVOM/4aLjEc7GIsUJ)
|
||||
|
||||
R2B2
|
||||
|
||||
@ -829,17 +829,17 @@ No
|
||||
|
||||
R1
|
||||
|
||||
[Qubes core developers]()
|
||||
[Qubes core developers]()
|
||||
|
||||
R2B1
|
||||
|
||||
[Qubes core developers]()
|
||||
[Qubes core developers]()
|
||||
|
||||
R2B3
|
||||
|
||||
3.11.1-2
|
||||
|
||||
[Qubes core developers]()
|
||||
[Qubes core developers]()
|
||||
|
||||
Lenovo Thinkpad T410 (2522AC1)
|
||||
(i5-520M, Arrandale, HD graphics)
|
||||
@ -858,7 +858,7 @@ R2rc1
|
||||
|
||||
AEM works
|
||||
|
||||
[Vincent Penquerc'h](https://groups.google.com/d/msg/qubes-users/68PRfx5FteY/H6rvQ6ojEysJ)
|
||||
[Vincent Penquerc'h](https://groups.google.com/d/msg/qubes-users/68PRfx5FteY/H6rvQ6ojEysJ)
|
||||
|
||||
Lenovo Thinkpad T410 (2516CTO)
|
||||
(i7-620M, Arrandale, HD graphics)
|
||||
@ -873,7 +873,7 @@ R2B3
|
||||
|
||||
3.9
|
||||
|
||||
[Vincent Penquerc'h](https://groups.google.com/d/msg/qubes-users/WsHQ_GqXdT4/63xtC0iqXXEJ)
|
||||
[Vincent Penquerc'h](https://groups.google.com/d/msg/qubes-users/WsHQ_GqXdT4/63xtC0iqXXEJ)
|
||||
|
||||
Lenovo Thinkpad T420
|
||||
()
|
||||
@ -886,13 +886,13 @@ Yes
|
||||
|
||||
R1
|
||||
|
||||
[Qubes core developers]()
|
||||
[Qubes core developers]()
|
||||
|
||||
R2B1
|
||||
|
||||
AEM works
|
||||
|
||||
[Qubes core developers]()
|
||||
[Qubes core developers]()
|
||||
|
||||
Lenovo Thinkpad T420s
|
||||
(i5-2520M, Sandy Bridge, Intel HD graphics)
|
||||
@ -905,25 +905,25 @@ Yes
|
||||
|
||||
R1
|
||||
|
||||
[Qubes core developers]()
|
||||
[Qubes core developers]()
|
||||
|
||||
R2B1
|
||||
|
||||
AEM works
|
||||
|
||||
[Qubes core developers]()
|
||||
[Qubes core developers]()
|
||||
|
||||
R2B2
|
||||
|
||||
Requires kernel 3.2.30 to support S3 sleep (the default kernel S3 sleep causes system reboot)
|
||||
|
||||
[Qubes core developers]()
|
||||
[Qubes core developers]()
|
||||
|
||||
R2B3
|
||||
|
||||
3.11
|
||||
|
||||
[Qubes core developers]()
|
||||
[Qubes core developers]()
|
||||
|
||||
Lenovo Thinkpad T430
|
||||
(i5-3320)
|
||||
@ -934,7 +934,7 @@ Yes
|
||||
|
||||
R2B1
|
||||
|
||||
[Tunguuz](https://groups.google.com/d/msg/qubes-devel/S_VG_jgtpBo/VngCPK2W5FcJ)
|
||||
[Tunguuz](https://groups.google.com/d/msg/qubes-devel/S_VG_jgtpBo/VngCPK2W5FcJ)
|
||||
|
||||
Lenovo Thinkpad T430
|
||||
(i5-3360M, Ivy Bridge, HD Graphics)
|
||||
@ -947,7 +947,7 @@ Yes
|
||||
|
||||
R2B2
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/LSVluAZ9Udo/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/LSVluAZ9Udo/discussion)
|
||||
|
||||
[Alex Dubois](https://groups.google.com/d/msg/qubes-devel/LSVluAZ9Udo/Fl3jmt4tWssJ)
|
||||
|
||||
@ -981,9 +981,9 @@ Yes
|
||||
|
||||
R2B1
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/Z9seyOT46Ro/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/Z9seyOT46Ro/discussion)
|
||||
|
||||
[cprise](https://groups.google.com/d/msg/qubes-devel/Z9seyOT46Ro/wX6tsrxE84sJ)
|
||||
[cprise](https://groups.google.com/d/msg/qubes-devel/Z9seyOT46Ro/wX6tsrxE84sJ)
|
||||
|
||||
R2B2
|
||||
|
||||
@ -995,7 +995,7 @@ R2B3
|
||||
|
||||
3.11
|
||||
|
||||
[cprise](https://groups.google.com/d/msg/qubes-users/Ll_pPP7glwI/jtRbKtQO_rMJ)
|
||||
[cprise](https://groups.google.com/d/msg/qubes-users/Ll_pPP7glwI/jtRbKtQO_rMJ)
|
||||
|
||||
2.58
|
||||
|
||||
@ -1005,7 +1005,7 @@ R2rc1
|
||||
|
||||
AEM works
|
||||
|
||||
[cprise](https://groups.google.com/d/msg/qubes-users/452tkVCzvOw/_dQ8DXaDzp0J)
|
||||
[cprise](https://groups.google.com/d/msg/qubes-users/452tkVCzvOw/_dQ8DXaDzp0J)
|
||||
|
||||
Lenovo Thinkpad T430u
|
||||
(i7-3517M, Ivy Bridge, HD Graphics + GT 620M)
|
||||
@ -1018,7 +1018,7 @@ Yes
|
||||
|
||||
R2B1
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/Z9M_k3i6dxU/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/Z9M_k3i6dxU/discussion)
|
||||
|
||||
[tigerbeard](https://groups.google.com/d/msg/qubes-devel/Z9M_k3i6dxU/09CqBppyMnsJ)
|
||||
|
||||
@ -1037,7 +1037,7 @@ R2B3
|
||||
|
||||
802.11 ac doesn't work with Fedora 18, but with Fedora 20
|
||||
|
||||
[7v5w7go9ub0o](https://groups.google.com/d/msg/qubes-users/r6kC4YHgDjM/yJXpvIdoWkUJ)
|
||||
[7v5w7go9ub0o](https://groups.google.com/d/msg/qubes-users/r6kC4YHgDjM/yJXpvIdoWkUJ)
|
||||
|
||||
Lenovo Thinkpad T440p (20AN00C1MD)
|
||||
(i7-4900MQ, QM87, GeForce GT 730M)
|
||||
@ -1081,7 +1081,7 @@ R2B3
|
||||
|
||||
activated VT-d BIOS option not recognized in Qubes
|
||||
|
||||
[Jens Porup](https://groups.google.com/d/msg/qubes-users/EoG4VffajRw/-oeSfNCA-KIJ)
|
||||
[Jens Porup](https://groups.google.com/d/msg/qubes-users/EoG4VffajRw/-oeSfNCA-KIJ)
|
||||
|
||||
Lenovo Thinkpad T510 (4384-WGZ)
|
||||
(i5-520M, Arrandale, Intel HD graphics)
|
||||
@ -1096,7 +1096,7 @@ R2B3
|
||||
|
||||
3.9.2
|
||||
|
||||
[pete](https://groups.google.com/d/msg/qubes-users/UP9BK_yn-Pk/DR6PBVF4GlgJ)
|
||||
[pete](https://groups.google.com/d/msg/qubes-users/UP9BK_yn-Pk/DR6PBVF4GlgJ)
|
||||
|
||||
R2rc1
|
||||
|
||||
@ -1104,7 +1104,7 @@ R2rc1
|
||||
|
||||
Audio is always muted after reboot
|
||||
|
||||
[pete](https://groups.google.com/d/msg/qubes-users/4ASK0cBfMM0/11U7Zx-f7HwJ)
|
||||
[pete](https://groups.google.com/d/msg/qubes-users/4ASK0cBfMM0/11U7Zx-f7HwJ)
|
||||
|
||||
Lenovo Thinkpad W510
|
||||
(i7-Q820, nVidia)
|
||||
@ -1113,9 +1113,9 @@ Yes
|
||||
|
||||
R1
|
||||
|
||||
[read more](https://groups.google.com/forum/#!msg/qubes-devel/TgDWwBs36yA/IUFZPHs716cJ)
|
||||
[read more](https://groups.google.com/forum/#!msg/qubes-devel/TgDWwBs36yA/IUFZPHs716cJ)
|
||||
|
||||
[Sebastian Hültenschmidt](https://groups.google.com/forum/#!msg/qubes-devel/TgDWwBs36yA/IUFZPHs716cJ)
|
||||
[Sebastian Hültenschmidt](https://groups.google.com/forum/#!msg/qubes-devel/TgDWwBs36yA/IUFZPHs716cJ)
|
||||
|
||||
Lenovo Thinkpad W530 (24385JU)
|
||||
(i7-3740QM, nVidia Optimus)
|
||||
@ -1130,9 +1130,9 @@ R2rc1
|
||||
|
||||
3.12.18-1
|
||||
|
||||
display issues[read more](https://groups.google.com/d/msg/qubes-users/ReLqPcsvDwk/WbJdDUBqgTsJ)
|
||||
display issues[read more](https://groups.google.com/d/msg/qubes-users/ReLqPcsvDwk/WbJdDUBqgTsJ)
|
||||
|
||||
[Lab Man](https://groups.google.com/d/msg/qubes-users/ReLqPcsvDwk/WbJdDUBqgTsJ)
|
||||
[Lab Man](https://groups.google.com/d/msg/qubes-users/ReLqPcsvDwk/WbJdDUBqgTsJ)
|
||||
|
||||
Lenovo ThinkPad X1 Carbon (3444AZU)
|
||||
(i5-3317U, Ivy Bridge, HD4000)
|
||||
@ -1175,7 +1175,7 @@ R2B3
|
||||
|
||||
needs iwl7260-firmware in netvm
|
||||
|
||||
[Patrick Schless](https://groups.google.com/d/msg/qubes-users/cu_mJa4iDHk/v1FdT3ZGofEJ)
|
||||
[Patrick Schless](https://groups.google.com/d/msg/qubes-users/cu_mJa4iDHk/v1FdT3ZGofEJ)
|
||||
|
||||
Lenovo Thinkpad X1 Carbon Gen 2
|
||||
(i7-4600U, Haswell-ULT, HD4000)
|
||||
@ -1192,7 +1192,7 @@ R2B3
|
||||
|
||||
needs iwl7260-firmware in netvm
|
||||
|
||||
[Jean-François Rioux](https://groups.google.com/d/msg/qubes-users/cu_mJa4iDHk/v1FdT3ZGofEJ)
|
||||
[Jean-François Rioux](https://groups.google.com/d/msg/qubes-users/cu_mJa4iDHk/v1FdT3ZGofEJ)
|
||||
|
||||
Lenovo Thinkpad X1 Carbon (20BSCTO1WW)
|
||||
(i5-5200U, Broadwell-U, HD5500)
|
||||
@ -1218,7 +1218,7 @@ Lenovo Thinkpad X61t
|
||||
|
||||
R2B1
|
||||
|
||||
[George Walker](https://groups.google.com/d/msg/qubes-devel/4IrF1A6sa3U/QIQe-dNc4tEJ)
|
||||
[George Walker](https://groups.google.com/d/msg/qubes-devel/4IrF1A6sa3U/QIQe-dNc4tEJ)
|
||||
|
||||
Lenovo Thinkpad X121e
|
||||
(i3-2367M, Sandy Bridge, HD 3000)
|
||||
@ -1252,7 +1252,7 @@ R2rc1
|
||||
|
||||
X problem with activated VT-d on all other kernel versions
|
||||
|
||||
[Joonas Lehtonen](https://groups.google.com/d/msg/qubes-users/z5BEjSuR7VE/CD2JMeAhDaoJ)
|
||||
[Joonas Lehtonen](https://groups.google.com/d/msg/qubes-users/z5BEjSuR7VE/CD2JMeAhDaoJ)
|
||||
|
||||
Lenovo Thinkpad X220 (4290-W3W)
|
||||
(i5-2520M, QM67, HD3000)
|
||||
@ -1265,19 +1265,19 @@ Yes
|
||||
|
||||
R1
|
||||
|
||||
[Stefan Boresch](https://groups.google.com/group/qubes-devel/msg/f41578eef913446a)
|
||||
[Stefan Boresch](https://groups.google.com/group/qubes-devel/msg/f41578eef913446a)
|
||||
|
||||
R2B2
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/-b8b9fpo0UU/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/-b8b9fpo0UU/discussion)
|
||||
|
||||
[Matt Tracy](https://groups.google.com/d/msg/qubes-users/-b8b9fpo0UU/RFh6HiWqt5oJ)
|
||||
[Matt Tracy](https://groups.google.com/d/msg/qubes-users/-b8b9fpo0UU/RFh6HiWqt5oJ)
|
||||
|
||||
R2B3
|
||||
|
||||
3.11.1-2
|
||||
|
||||
[Matt Tracy](https://groups.google.com/d/msg/qubes-users/5tNavg4MhT4/dFXsYHXOgu4J)
|
||||
[Matt Tracy](https://groups.google.com/d/msg/qubes-users/5tNavg4MhT4/dFXsYHXOgu4J)
|
||||
|
||||
Lenovo Thinkpad X230
|
||||
(i5-3320M, Ivy Bridge, HD Graphics)
|
||||
@ -1292,15 +1292,15 @@ Yes
|
||||
|
||||
R1
|
||||
|
||||
[read more](https://groups.google.com/d/msg/qubes-devel/XN6JrEXVOVA/lkxGRA00EqgJ)
|
||||
[read more](https://groups.google.com/d/msg/qubes-devel/XN6JrEXVOVA/lkxGRA00EqgJ)
|
||||
|
||||
[Chris](https://groups.google.com/d/msg/qubes-devel/XN6JrEXVOVA/lkxGRA00EqgJ)
|
||||
[Chris](https://groups.google.com/d/msg/qubes-devel/XN6JrEXVOVA/lkxGRA00EqgJ)
|
||||
|
||||
R2B2
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/hf0vkL3TE7k/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-users/hf0vkL3TE7k/discussion)
|
||||
|
||||
[mgflax](https://groups.google.com/d/msg/qubes-users/hf0vkL3TE7k/VOtrW3wEbtMJ)
|
||||
[mgflax](https://groups.google.com/d/msg/qubes-users/hf0vkL3TE7k/VOtrW3wEbtMJ)
|
||||
|
||||
Lenovo Thinkpad X230 (2306CTO)
|
||||
(i7-3520M, Ivy Bridge, HD Graphics)
|
||||
@ -1317,9 +1317,9 @@ R2rc1
|
||||
|
||||
3.12.14-4
|
||||
|
||||
[read more](https://groups.google.com/d/msg/qubes-users/NXIL5rEh65o/rCBf1PYr2jsJ)
|
||||
[read more](https://groups.google.com/d/msg/qubes-users/NXIL5rEh65o/rCBf1PYr2jsJ)
|
||||
|
||||
[Franz Felix](https://groups.google.com/d/msg/qubes-users/NXIL5rEh65o/rCBf1PYr2jsJ)
|
||||
[Franz Felix](https://groups.google.com/d/msg/qubes-users/NXIL5rEh65o/rCBf1PYr2jsJ)
|
||||
|
||||
Lenovo Thinkpad Yoga
|
||||
(i5-4200U, Haswell, embedded VGA)
|
||||
@ -1402,7 +1402,7 @@ R2rc1
|
||||
|
||||
3.12.18-1
|
||||
|
||||
[Rudd-O](https://groups.google.com/d/msg/qubes-users/Sz0Nuhi4N0o/jIjFnf2XCKUJ)
|
||||
[Rudd-O](https://groups.google.com/d/msg/qubes-users/Sz0Nuhi4N0o/jIjFnf2XCKUJ)
|
||||
|
||||
MSI GX660
|
||||
(i5-460M, PM55, Radeon HD5870)
|
||||
@ -1417,7 +1417,7 @@ R2B3
|
||||
|
||||
3.11.1-2
|
||||
|
||||
[Avant Garden](https://groups.google.com/d/msg/qubes-users/UrWYjkHwon8/TPE0XSBiPDQJ)
|
||||
[Avant Garden](https://groups.google.com/d/msg/qubes-users/UrWYjkHwon8/TPE0XSBiPDQJ)
|
||||
|
||||
Purism Librem 15
|
||||
(i7-4712MQ, HM87, NVIDIA GT840M)
|
||||
@ -1426,7 +1426,7 @@ Yes
|
||||
|
||||
No
|
||||
|
||||
[read more](https://groups.google.com/d/msg/qubes-users/WX1IXBFkUwk/M-Xg1e3kieMJ)
|
||||
[read more](https://groups.google.com/d/msg/qubes-users/WX1IXBFkUwk/M-Xg1e3kieMJ)
|
||||
|
||||
[Todd Weaver](https://www.crowdsupply.com/purism/librem-laptop)
|
||||
|
||||
@ -1437,7 +1437,7 @@ Yes
|
||||
|
||||
Yes
|
||||
|
||||
[read more](https://groups.google.com/d/msg/qubes-users/WX1IXBFkUwk/M-Xg1e3kieMJ)
|
||||
[read more](https://groups.google.com/d/msg/qubes-users/WX1IXBFkUwk/M-Xg1e3kieMJ)
|
||||
|
||||
[Todd Weaver](https://www.crowdsupply.com/purism/librem-laptop)
|
||||
|
||||
@ -1454,7 +1454,7 @@ R2B3
|
||||
|
||||
3.11.1-2
|
||||
|
||||
[Marc](https://groups.google.com/d/msg/qubes-users/dzYwiYzvWYM/iOyq3V2y5L4J)
|
||||
[Marc](https://groups.google.com/d/msg/qubes-users/dzYwiYzvWYM/iOyq3V2y5L4J)
|
||||
|
||||
Samsung Series 7 Chronos NP700Z5C
|
||||
(i7-3635QM, nVidia Optimus)
|
||||
@ -1467,21 +1467,21 @@ No
|
||||
|
||||
R1
|
||||
|
||||
[read more](https://groups.google.com/d/msg/qubes-devel/0xBeX8NZFiU/bUqxGdn6KOMJ)
|
||||
[read more](https://groups.google.com/d/msg/qubes-devel/0xBeX8NZFiU/bUqxGdn6KOMJ)
|
||||
|
||||
[Outback Dingo](https://groups.google.com/d/msg/qubes-devel/0xBeX8NZFiU/bUqxGdn6KOMJ)
|
||||
[Outback Dingo](https://groups.google.com/d/msg/qubes-devel/0xBeX8NZFiU/bUqxGdn6KOMJ)
|
||||
|
||||
R2B1
|
||||
|
||||
[read more](https://groups.google.com/d/msg/qubes-devel/0xBeX8NZFiU/bUqxGdn6KOMJ)
|
||||
[read more](https://groups.google.com/d/msg/qubes-devel/0xBeX8NZFiU/bUqxGdn6KOMJ)
|
||||
|
||||
[Outback Dingo](https://groups.google.com/d/msg/qubes-devel/0xBeX8NZFiU/bUqxGdn6KOMJ)
|
||||
[Outback Dingo](https://groups.google.com/d/msg/qubes-devel/0xBeX8NZFiU/bUqxGdn6KOMJ)
|
||||
|
||||
R2B2
|
||||
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/Wu1mn9f1qgM/discussion)
|
||||
[read more](https://groups.google.com/d/topic/qubes-devel/Wu1mn9f1qgM/discussion)
|
||||
|
||||
[Outback Dingo](https://groups.google.com/d/msg/qubes-devel/0xBeX8NZFiU/bUqxGdn6KOMJ)
|
||||
[Outback Dingo](https://groups.google.com/d/msg/qubes-devel/0xBeX8NZFiU/bUqxGdn6KOMJ)
|
||||
|
||||
Samsung X460
|
||||
(P8600, PM45, GeForce 9200M GS)
|
||||
@ -1494,11 +1494,11 @@ No
|
||||
|
||||
R1
|
||||
|
||||
[Qubes core developers]()
|
||||
[Qubes core developers]()
|
||||
|
||||
R2B1
|
||||
|
||||
[Qubes core developers]()
|
||||
[Qubes core developers]()
|
||||
|
||||
R2B3
|
||||
|
||||
@ -1548,9 +1548,9 @@ Yes
|
||||
|
||||
R1
|
||||
|
||||
[read more](https://groups.google.com/d/msg/qubes-devel/xoyNCigBvFE/fkC6em-Wqd0J)
|
||||
[read more](https://groups.google.com/d/msg/qubes-devel/xoyNCigBvFE/fkC6em-Wqd0J)
|
||||
|
||||
[Danny Fullerton](https://groups.google.com/d/msg/qubes-devel/xoyNCigBvFE/fkC6em-Wqd0J)
|
||||
[Danny Fullerton](https://groups.google.com/d/msg/qubes-devel/xoyNCigBvFE/fkC6em-Wqd0J)
|
||||
|
||||
R0170H5
|
||||
|
||||
@ -1562,7 +1562,7 @@ R2B3
|
||||
|
||||
BIOS has to be patched to activate VT-d, external Radeon HD 6700M
|
||||
|
||||
[Danny Fullerton](https://groups.google.com/d/msg/qubes-users/8urk8ZNeblg/jCD2iQyQQZwJ)
|
||||
[Danny Fullerton](https://groups.google.com/d/msg/qubes-users/8urk8ZNeblg/jCD2iQyQQZwJ)
|
||||
|
||||
Toshiba M780 S7240
|
||||
()
|
||||
@ -1573,7 +1573,7 @@ Yes
|
||||
|
||||
R1
|
||||
|
||||
[Franz](https://groups.google.com/d/msg/qubes-devel/Zul8mQoI2OI/-jzfJL2fV84J)
|
||||
[Franz](https://groups.google.com/d/msg/qubes-devel/Zul8mQoI2OI/-jzfJL2fV84J)
|
||||
|
||||
Toshiba Tecra A11-15X
|
||||
(i7-M620)
|
||||
@ -1582,7 +1582,7 @@ Yes
|
||||
|
||||
R1
|
||||
|
||||
[PirBoazo](https://groups.google.com/d/msg/qubes-devel/wNX2oz1nK2I/YI5ro4NMppgJ)
|
||||
[PirBoazo](https://groups.google.com/d/msg/qubes-devel/wNX2oz1nK2I/YI5ro4NMppgJ)
|
||||
|
||||
Toshiba Tecra S11
|
||||
()
|
||||
@ -1591,9 +1591,9 @@ Yes
|
||||
|
||||
R1
|
||||
|
||||
[read more](https://groups.google.com/group/qubes-devel/browse_thread/thread/fdec0ec165a87726)
|
||||
[read more](https://groups.google.com/group/qubes-devel/browse_thread/thread/fdec0ec165a87726)
|
||||
|
||||
[Jan Beerden](https://groups.google.com/group/qubes-devel/browse_thread/thread/fdec0ec165a87726)
|
||||
[Jan Beerden](https://groups.google.com/group/qubes-devel/browse_thread/thread/fdec0ec165a87726)
|
||||
|
||||
Zareason Ultra Lap 420
|
||||
(i5-3317U, Ivy Bridge, HD Graphics)
|
||||
@ -1604,7 +1604,7 @@ Yes
|
||||
|
||||
R2B2
|
||||
|
||||
[Ant](https://groups.google.com/d/msg/qubes-users/uKI-VBtKWxg/uKjsdGNSpSQJ)
|
||||
[Ant](https://groups.google.com/d/msg/qubes-users/uKI-VBtKWxg/uKjsdGNSpSQJ)
|
||||
|
||||
|
||||
|
||||
@ -1684,7 +1684,7 @@ R2
|
||||
|
||||
3.12.23-1
|
||||
|
||||
[Nate Bedrossian](https://groups.google.com/d/msg/qubes-users/JQ-EQfuQIXA/Xg1uEMJyplcJ)
|
||||
[Nate Bedrossian](https://groups.google.com/d/msg/qubes-users/JQ-EQfuQIXA/Xg1uEMJyplcJ)
|
||||
|
||||
Dell Optiplex 780
|
||||
(Q6600, Q45, HD Graphics)
|
||||
@ -1710,7 +1710,7 @@ Yes
|
||||
|
||||
R1
|
||||
|
||||
[Geoff](https://groups.google.com/group/qubes-devel/msg/8a894915909eeaee)
|
||||
[Geoff](https://groups.google.com/group/qubes-devel/msg/8a894915909eeaee)
|
||||
|
||||
Dell Precision T3400 Workstation
|
||||
(Intel Q6600, NVIDIA Quadro NVS 290)
|
||||
@ -1755,9 +1755,9 @@ R2B3
|
||||
|
||||
3.9.2-2
|
||||
|
||||
IGP won't work with activated VT-d (3.12,3.11,3.7), [3,9 works](https://groups.google.com/d/msg/qubes-users/QmshQ6aHsCM/LTyn6mL0kFkJ), TPM not tested.
|
||||
IGP won't work with activated VT-d (3.12,3.11,3.7), [3,9 works](https://groups.google.com/d/msg/qubes-users/QmshQ6aHsCM/LTyn6mL0kFkJ), TPM not tested.
|
||||
|
||||
[Rob Townley](https://groups.google.com/d/msg/qubes-users/QmshQ6aHsCM/nJv69i3jbWYJ)
|
||||
[Rob Townley](https://groups.google.com/d/msg/qubes-users/QmshQ6aHsCM/nJv69i3jbWYJ)
|
||||
|
||||
HP Compaq dc7900 Convertible Minitower
|
||||
(E8400, Q45/Q43)
|
||||
@ -1776,7 +1776,7 @@ R2B3
|
||||
|
||||
Problem with graphics on 3.11,3.7, only 2GB RAM.
|
||||
|
||||
[Nukama](https://groups.google.com/d/msg/qubes-users/RYzkSFoMsxQ/ukXhBW4ybqQJ)
|
||||
[Nukama](https://groups.google.com/d/msg/qubes-users/RYzkSFoMsxQ/ukXhBW4ybqQJ)
|
||||
|
||||
R2rc1
|
||||
|
||||
@ -1784,7 +1784,7 @@ R2rc1
|
||||
|
||||
Problem with graphics on 3,12,3.11,3.7, only 2GB RAM stock, TPM not tested
|
||||
|
||||
[Nukama](https://groups.google.com/d/msg/qubes-users/RYzkSFoMsxQ/ukXhBW4ybqQJ)
|
||||
[Nukama](https://groups.google.com/d/msg/qubes-users/RYzkSFoMsxQ/ukXhBW4ybqQJ)
|
||||
|
||||
HP ProLiant DL360 G5
|
||||
(E5440, 5000P, ATI ES1000)
|
||||
@ -1801,7 +1801,7 @@ R2B3
|
||||
|
||||
Some video glitches, no audio hardware.
|
||||
|
||||
[Nukama](https://groups.google.com/d/msg/qubes-users/1CyVEStoVCI/RTRw8-aalsUJ)
|
||||
[Nukama](https://groups.google.com/d/msg/qubes-users/1CyVEStoVCI/RTRw8-aalsUJ)
|
||||
|
||||
Lenovo ThinkCentre M71e
|
||||
(G620, H61, HD2000)
|
||||
@ -1816,7 +1816,7 @@ R2B3
|
||||
|
||||
3.11.1-2
|
||||
|
||||
[Nukama](https://groups.google.com/d/msg/qubes-users/YcqMDcVYQh8/pk0B_9RfGQMJ)
|
||||
[Nukama](https://groups.google.com/d/msg/qubes-users/YcqMDcVYQh8/pk0B_9RfGQMJ)
|
||||
|
||||
Lenovo ThinkCentre M93p
|
||||
(i7-4770, Haswell, GeForce GT 720)
|
||||
@ -1850,7 +1850,7 @@ R2rc1
|
||||
|
||||
Issue with sound, network and marvel raid. AEM untested.
|
||||
|
||||
[Hans Walter](https://groups.google.com/d/msg/qubes-users/EDxALP9GNFo/gAH7nZXd0CkJ)
|
||||
[Hans Walter](https://groups.google.com/d/msg/qubes-users/EDxALP9GNFo/gAH7nZXd0CkJ)
|
||||
|
||||
|
||||
|
||||
@ -1889,7 +1889,7 @@ R2rc1
|
||||
|
||||
using Q6600 and GeForce 8600 GT
|
||||
|
||||
[fb900c26](https://groups.google.com/d/msg/qubes-users/jxVnfMnU4s4/5t_lbe3oA7IJ)
|
||||
[fb900c26](https://groups.google.com/d/msg/qubes-users/jxVnfMnU4s4/5t_lbe3oA7IJ)
|
||||
|
||||
ASRock Q87M Vpro
|
||||
(LGA1150, Q87)
|
||||
@ -1908,7 +1908,7 @@ R2B3
|
||||
|
||||
Problems with Power Saving, Audio and USB3, TPM not tested
|
||||
|
||||
[suricabile](https://groups.google.com/d/msg/qubes-users/oExJBIDsAwQ/lwAzNNe7OcYJ)
|
||||
[suricabile](https://groups.google.com/d/msg/qubes-users/oExJBIDsAwQ/lwAzNNe7OcYJ)
|
||||
|
||||
ASRock Z77 Pro4
|
||||
(i7-3770, Ivy Bridge, HD Graphics 4000)
|
||||
@ -1991,7 +1991,7 @@ R2B3
|
||||
|
||||
[\#762](/trac/ticket/762)
|
||||
|
||||
[clewis](https://groups.google.com/d/msg/qubes-users/DTot3wX1-nQ/cpCsRfs5PfgJ)
|
||||
[clewis](https://groups.google.com/d/msg/qubes-users/DTot3wX1-nQ/cpCsRfs5PfgJ)
|
||||
|
||||
Biostar TA790GX A3+
|
||||
(AM3, 790GX/SB750)
|
||||
@ -2010,7 +2010,7 @@ R2B3
|
||||
|
||||
[\#762](/trac/ticket/762)
|
||||
|
||||
[Nukama](https://groups.google.com/d/msg/qubes-users/DTot3wX1-nQ/229c20xWrdQJ)
|
||||
[Nukama](https://groups.google.com/d/msg/qubes-users/DTot3wX1-nQ/229c20xWrdQJ)
|
||||
|
||||
R2rc1
|
||||
|
||||
@ -2018,7 +2018,7 @@ R2rc1
|
||||
|
||||
USB-Devices are working in 3.12 installer and luks prompt again.
|
||||
|
||||
[Nukama](https://groups.google.com/d/msg/qubes-users/DTot3wX1-nQ/229c20xWrdQJ)
|
||||
[Nukama](https://groups.google.com/d/msg/qubes-users/DTot3wX1-nQ/229c20xWrdQJ)
|
||||
|
||||
EVGA Z68
|
||||
(LGA1150, Z68)
|
||||
@ -2037,7 +2037,7 @@ R2B3
|
||||
|
||||
Problems with Audio
|
||||
|
||||
[jeff](https://groups.google.com/d/msg/qubes-users/wSCL-4VL2Ew/cU8-2qyT008J)
|
||||
[jeff](https://groups.google.com/d/msg/qubes-users/wSCL-4VL2Ew/cU8-2qyT008J)
|
||||
|
||||
GIGABYTE GA-6PXSV4
|
||||
(Xeon E5, C604, Aspeed AST2300)
|
||||
@ -2135,10 +2135,10 @@ R1
|
||||
|
||||
TPM header
|
||||
|
||||
[Qubes Fan](https://groups.google.com/d/msg/qubes-users/V9BLpdf4xCs/v4XcOjLT6uUJ)
|
||||
[Qubes Fan](https://groups.google.com/d/msg/qubes-users/V9BLpdf4xCs/v4XcOjLT6uUJ)
|
||||
|
||||
R2B2
|
||||
|
||||
[Qubes Fan](https://groups.google.com/d/msg/qubes-users/V9BLpdf4xCs/v4XcOjLT6uUJ)
|
||||
[Qubes Fan](https://groups.google.com/d/msg/qubes-users/V9BLpdf4xCs/v4XcOjLT6uUJ)
|
||||
|
||||
|
||||
|
||||
28
HCLR1.md
28
HCLR1.md
@ -24,7 +24,7 @@ Minimum:
|
||||
Additional requirements:
|
||||
|
||||
- Intel VT-d or AMD IOMMU technology (this is needed for effective isolation of your network VMs)
|
||||
- TPM with proper BIOS support if you want to use option [Anti Evil Maid](http://theinvisiblethings.blogspot.com/2011/09/anti-evil-maid.html)
|
||||
- TPM with proper BIOS support if you want to use option [Anti Evil Maid](http://theinvisiblethings.blogspot.com/2011/09/anti-evil-maid.html)
|
||||
|
||||
If you don't meet the additional criteria, you can still install and use Qubes. It still offers significant security improvement over traditional OSes, because things such as GUI isolation, or kernel protection do not require special hardware.
|
||||
|
||||
@ -48,21 +48,21 @@ Specific systems known to work tested by Qubes core developers
|
||||
Specific systems known to work tested by the Qubes community
|
||||
------------------------------------------------------------
|
||||
|
||||
- Fujitsu S751 seems to work well, but requires BIOS update to get VT-d working. Reported by [Zrubecz Laszlo](https://groups.google.com/forum/#!msg/qubes-devel/xoyNCigBvFE/ER61L6TbVpwJ).
|
||||
- Sony Vaio Z2 (2011 edition) works fine but requires some BIOS mod to enable VT-d. Reported by [Danny Fullerton](https://groups.google.com/d/msg/qubes-devel/xoyNCigBvFE/fkC6em-Wqd0J).
|
||||
- Lenovo Thinkpad W510 with core I7 Q820, with proprietary Nvidia driver works fine. Reported by [Sebastian Hültenschmidt](https://groups.google.com/forum/#!msg/qubes-devel/TgDWwBs36yA/IUFZPHs716cJ).
|
||||
- Lenovo Thinkpad x220 8GB RAM, Intel graphics (core i5), VT-d is working. Reported by [Stefan Boresch](https://groups.google.com/group/qubes-devel/msg/f41578eef913446a)
|
||||
- Dell Latitude 5520, requires some minor fixes for networking to work. Reported by [Erik Edin](https://groups.google.com/group/qubes-devel/msg/7418e7084c2de99f?hl=en).
|
||||
- Dell Latitude E6520 with i7-2760QM CPU. VT-d works fine. nVidia graphics not working, but integrated Intel does. Reported by [Steven Collins](https://groups.google.com/group/qubes-devel/msg/340afc6fc2d06d0e)
|
||||
- Dell [PowerEdge?](/wiki/PowerEdge) T110 II, onboard Matrox graphics (Intel Xeon E3-1230), VT-d is working. Reported by [Geoff](https://groups.google.com/group/qubes-devel/msg/8a894915909eeaee)
|
||||
- Toshiba Tecra S11. Requires [some tinkering](https://groups.google.com/group/qubes-devel/browse_thread/thread/fdec0ec165a87726) to enable 3G modem. Reported by Jan Beerden
|
||||
- Toshiba M780 S7240, requires latest BIOS to have VT-d working, [some problems](https://groups.google.com/group/qubes-devel/browse_thread/thread/2b89d2dc5f999ab7) with card reader. Reported by [Franz](https://groups.google.com/group/qubes-devel/browse_thread/thread/66e97c990a08d8e2)
|
||||
- Dell Precision M4600 Intel Core i7-2860QM, 16GB ram, NVIDIA Quadro 1000M, EMEA Intel Pro Wireless 6300. Reported by [nqe](https://groups.google.com/group/qubes-devel/browse_thread/thread/ddf35d12a35f96a3)
|
||||
- Tecra A11-15X: RAM 8GB CPU I7 M620 2.67 ghz. Reported by [PirBoazo](https://groups.google.com/group/qubes-devel/browse_thread/thread/c0d5f6a33d672b62)
|
||||
- Fujitsu S751 seems to work well, but requires BIOS update to get VT-d working. Reported by [Zrubecz Laszlo](https://groups.google.com/forum/#!msg/qubes-devel/xoyNCigBvFE/ER61L6TbVpwJ).
|
||||
- Sony Vaio Z2 (2011 edition) works fine but requires some BIOS mod to enable VT-d. Reported by [Danny Fullerton](https://groups.google.com/d/msg/qubes-devel/xoyNCigBvFE/fkC6em-Wqd0J).
|
||||
- Lenovo Thinkpad W510 with core I7 Q820, with proprietary Nvidia driver works fine. Reported by [Sebastian Hültenschmidt](https://groups.google.com/forum/#!msg/qubes-devel/TgDWwBs36yA/IUFZPHs716cJ).
|
||||
- Lenovo Thinkpad x220 8GB RAM, Intel graphics (core i5), VT-d is working. Reported by [Stefan Boresch](https://groups.google.com/group/qubes-devel/msg/f41578eef913446a)
|
||||
- Dell Latitude 5520, requires some minor fixes for networking to work. Reported by [Erik Edin](https://groups.google.com/group/qubes-devel/msg/7418e7084c2de99f?hl=en).
|
||||
- Dell Latitude E6520 with i7-2760QM CPU. VT-d works fine. nVidia graphics not working, but integrated Intel does. Reported by [Steven Collins](https://groups.google.com/group/qubes-devel/msg/340afc6fc2d06d0e)
|
||||
- Dell [PowerEdge?](/wiki/PowerEdge) T110 II, onboard Matrox graphics (Intel Xeon E3-1230), VT-d is working. Reported by [Geoff](https://groups.google.com/group/qubes-devel/msg/8a894915909eeaee)
|
||||
- Toshiba Tecra S11. Requires [some tinkering](https://groups.google.com/group/qubes-devel/browse_thread/thread/fdec0ec165a87726) to enable 3G modem. Reported by Jan Beerden
|
||||
- Toshiba M780 S7240, requires latest BIOS to have VT-d working, [some problems](https://groups.google.com/group/qubes-devel/browse_thread/thread/2b89d2dc5f999ab7) with card reader. Reported by [Franz](https://groups.google.com/group/qubes-devel/browse_thread/thread/66e97c990a08d8e2)
|
||||
- Dell Precision M4600 Intel Core i7-2860QM, 16GB ram, NVIDIA Quadro 1000M, EMEA Intel Pro Wireless 6300. Reported by [nqe](https://groups.google.com/group/qubes-devel/browse_thread/thread/ddf35d12a35f96a3)
|
||||
- Tecra A11-15X: RAM 8GB CPU I7 M620 2.67 ghz. Reported by [PirBoazo](https://groups.google.com/group/qubes-devel/browse_thread/thread/c0d5f6a33d672b62)
|
||||
|
||||
Specific systems known to not work well with Qubes
|
||||
--------------------------------------------------
|
||||
|
||||
- All systems based on Ivy Bridge processors with the Intel integrated GPU used as the primary display. Currently our Xorg drivers in Dom0 do not support the latest Intel integrated GPUs from Ivy Bridge line. For instructions on possible workarounds see [this message](https://groups.google.com/d/msg/qubes-devel/XN6JrEXVOVA/GMTjUM2J6QEJ).
|
||||
- Specific system in above category: Lenovo x230 reported by [Chris](https://groups.google.com/d/msg/qubes-devel/XN6JrEXVOVA/lkxGRA00EqgJ) - with detailed list of working and not working components
|
||||
- All systems based on Ivy Bridge processors with the Intel integrated GPU used as the primary display. Currently our Xorg drivers in Dom0 do not support the latest Intel integrated GPUs from Ivy Bridge line. For instructions on possible workarounds see [this message](https://groups.google.com/d/msg/qubes-devel/XN6JrEXVOVA/GMTjUM2J6QEJ).
|
||||
- Specific system in above category: Lenovo x230 reported by [Chris](https://groups.google.com/d/msg/qubes-devel/XN6JrEXVOVA/lkxGRA00EqgJ) - with detailed list of working and not working components
|
||||
|
||||
|
||||
@ -13,7 +13,7 @@ What are HVM domains?
|
||||
|
||||
HVM domains (Hardware VM), in contrast to PV domains (Paravirtualized domains), allow to create domains based on any OS, if one only has its installation ISO. E.g. this allows to have Windows-based VMs in Qubes.
|
||||
|
||||
Interested readers might want to check [this article](http://theinvisiblethings.blogspot.com/2012/03/windows-support-coming-to-qubes.html) to learn why it took so long for Qubes OS to support HVM domains (Qubes 1 only supported Linuxed-based PV domains).
|
||||
Interested readers might want to check [this article](http://theinvisiblethings.blogspot.com/2012/03/windows-support-coming-to-qubes.html) to learn why it took so long for Qubes OS to support HVM domains (Qubes 1 only supported Linuxed-based PV domains).
|
||||
|
||||
Creating an HVM domain
|
||||
----------------------
|
||||
@ -65,7 +65,7 @@ Of course the AppVM where the ISO is kept must also be running for this to work
|
||||
Setting up networking for HVM domains
|
||||
-------------------------------------
|
||||
|
||||
Just like standard (paravirtualized) AppVMs, the HVM domains got fixed IP addresses centrally assigned by Qubes. Normally Qubes agent scripts, running within each AppVM, are responsible for setting up networking within the VM according the configuration created by Qubes. Such centrally managed networking infrastructure allows for [advanced networking configuration](http://theinvisiblethings.blogspot.com/2011/09/playing-with-qubes-networking-for-fun.html).
|
||||
Just like standard (paravirtualized) AppVMs, the HVM domains got fixed IP addresses centrally assigned by Qubes. Normally Qubes agent scripts, running within each AppVM, are responsible for setting up networking within the VM according the configuration created by Qubes. Such centrally managed networking infrastructure allows for [advanced networking configuration](http://theinvisiblethings.blogspot.com/2011/09/playing-with-qubes-networking-for-fun.html).
|
||||
|
||||
However, a generic HVM domain, e.g. a standard Windows or Ubuntu installation, has (at least initially) no Qubes agent scripts running inside it, and thus requires manual networking configuration, so that it match the values assigned by Qubes for this domain.
|
||||
|
||||
|
||||
@ -81,7 +81,7 @@ Known Issues
|
||||
|
||||
- If you don't enable Composition (System Setting -\> Desktop -\> Enable desktop effects), which you really should do, then the KDE task bar might get somehow ugly (e.g. half of it might be black). This is some KDE bug that we don't plan to fix.
|
||||
|
||||
- Some keyboard layout set by KDE System Settings can cause [keyboard not working at all](https://groups.google.com/group/qubes-devel/browse_thread/thread/77d076b65dda7226). If you hit this issue, you can switch to console (by console login option) and manually edit `/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf` (and `/etc/sysconfig/keyboard`) and place correct keyboard layout settings (details in linked thread). You can check if specific keyboard layout settings are proper using `setxkbmap` tool.
|
||||
- Some keyboard layout set by KDE System Settings can cause [keyboard not working at all](https://groups.google.com/group/qubes-devel/browse_thread/thread/77d076b65dda7226). If you hit this issue, you can switch to console (by console login option) and manually edit `/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf` (and `/etc/sysconfig/keyboard`) and place correct keyboard layout settings (details in linked thread). You can check if specific keyboard layout settings are proper using `setxkbmap` tool.
|
||||
|
||||
- On systems with more than 8GB of RAM there is problem with Disposable VM. To fix it, limit maximum memory allocation for DispVM to 3GB
|
||||
|
||||
@ -100,6 +100,6 @@ Getting Help
|
||||
- Developers documentation (normally not needed by users) is [here](/wiki/SystemDoc)
|
||||
|
||||
- If you don't find answer in the sources given above, write to the *qubes-devel* mailing list:
|
||||
- [http://groups.google.com/group/qubes-devel](http://groups.google.com/group/qubes-devel)
|
||||
- [http://groups.google.com/group/qubes-devel](http://groups.google.com/group/qubes-devel)
|
||||
- `qubes-devel@googlegroups.com`
|
||||
|
||||
|
||||
@ -43,7 +43,7 @@ If you prefer to use USB as a source for installation, then you just need to cop
|
||||
dd if=Qubes-R2-x86_64-DVD.iso of=/dev/sdX
|
||||
{% endhighlight %}
|
||||
|
||||
On windows you can use [this](http://www.chrysocome.net/dd) tool. Example command would be (as Administrator):
|
||||
On windows you can use [this](http://www.chrysocome.net/dd) tool. Example command would be (as Administrator):
|
||||
|
||||
{% highlight trac-wiki %}
|
||||
dd if=Qubes-R2-x86_64-DVD.iso of=\\?\Device\Harddisk1\Partition0 bs=1M --size --progress
|
||||
@ -88,7 +88,7 @@ Known Issues
|
||||
|
||||
- System shutdown sometimes is very slow (\#903). To mitigate the problem, shutdown all the VMs first.
|
||||
|
||||
- For other known issues take a look at [our trac tickets](https://wiki.qubes-os.org/query?status=accepted&status=assigned&status=new&status=reopened&type=defect&milestone=Release+2.1+(post+R2)&col=id&col=summary&col=status&col=type&col=priority&col=milestone&col=component&order=priority)
|
||||
- For other known issues take a look at [our trac tickets](https://wiki.qubes-os.org/query?status=accepted&status=assigned&status=new&status=reopened&type=defect&milestone=Release+2.1+(post+R2)&col=id&col=summary&col=status&col=type&col=priority&col=milestone&col=component&order=priority)
|
||||
|
||||
It is advised to install updates just after system installation to apply bug fixes for (some of) the above problems.
|
||||
|
||||
@ -100,7 +100,7 @@ Getting Help
|
||||
- Developers documentation (normally not needed by users) is [here](/wiki/SystemDoc)
|
||||
|
||||
- If you don't find answer in the sources given above, write to the *qubes-users* mailing list (you don't need to be subscribed to the list, just send email to the address given below):
|
||||
- [https://groups.google.com/group/qubes-users](https://groups.google.com/group/qubes-users)
|
||||
- [https://groups.google.com/group/qubes-users](https://groups.google.com/group/qubes-users)
|
||||
- `qubes-users@googlegroups.com`
|
||||
|
||||
- Please do not write email to individual developers (Marek, Joanna, etc) asking questions about installation or other problems. Please send all such questions to the mailing list.
|
||||
|
||||
@ -71,7 +71,7 @@ Known Issues
|
||||
|
||||
- If you don't enable Composition (System Setting -\> Desktop -\> Enable desktop effects), which you really should do, then the KDE task bar might get somehow ugly (e.g. half of it might be black). This is some KDE bug that we don't plan to fix.
|
||||
|
||||
- Some keyboard layout set by KDE System Settings can cause [keyboard not working at all](https://groups.google.com/group/qubes-devel/browse_thread/thread/77d076b65dda7226). If you hit this issue, you can switch to console (by console login option) and manually edit `/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf` (and `/etc/sysconfig/keyboard`) and place correct keyboard layout settings (details in linked thread). You can check if specific keyboard layout settings are proper using `setxkbmap` tool.
|
||||
- Some keyboard layout set by KDE System Settings can cause [keyboard not working at all](https://groups.google.com/group/qubes-devel/browse_thread/thread/77d076b65dda7226). If you hit this issue, you can switch to console (by console login option) and manually edit `/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf` (and `/etc/sysconfig/keyboard`) and place correct keyboard layout settings (details in linked thread). You can check if specific keyboard layout settings are proper using `setxkbmap` tool.
|
||||
|
||||
- On systems with more than 8GB of RAM there is problem with Disposable VM. To fix it, limit maximum memory allocation for DispVM to 3GB
|
||||
|
||||
@ -82,7 +82,7 @@ Known Issues
|
||||
|
||||
- Qubes installer/system won't boot from a USB3-attached disks due to missing modules in initramfs (\#691). Please use USB2 port/device instead for now.
|
||||
|
||||
- Systems with AMD graphics needs additional firmware (missing in default installation), details [here](http://groups.google.com/group/qubes-devel/browse_thread/thread/e27a57b0eda62f76).
|
||||
- Systems with AMD graphics needs additional firmware (missing in default installation), details [here](http://groups.google.com/group/qubes-devel/browse_thread/thread/e27a57b0eda62f76).
|
||||
|
||||
Getting Help
|
||||
------------
|
||||
@ -92,7 +92,7 @@ Getting Help
|
||||
- Developers documentation (normally not needed by users) is [here](/wiki/SystemDoc)
|
||||
|
||||
- If you don't find answer in the sources given above, write to the *qubes-devel* mailing list (you don't need to be subscribed to the list, just send email to the address given below):
|
||||
- [http://groups.google.com/group/qubes-devel](http://groups.google.com/group/qubes-devel)
|
||||
- [http://groups.google.com/group/qubes-devel](http://groups.google.com/group/qubes-devel)
|
||||
- `qubes-devel@googlegroups.com`
|
||||
|
||||
- Please do not write email to individual developers (Marek, Joanna, etc) asking questions about installation or other problems. Please send all such questions to the mailing list.
|
||||
|
||||
@ -83,7 +83,7 @@ Getting Help
|
||||
- Developers documentation (normally not needed by users) is [here](/wiki/SystemDoc)
|
||||
|
||||
- If you don't find answer in the sources given above, write to the *qubes-devel* mailing list (you don't need to be subscribed to the list, just send email to the address given below):
|
||||
- [http://groups.google.com/group/qubes-devel](http://groups.google.com/group/qubes-devel)
|
||||
- [http://groups.google.com/group/qubes-devel](http://groups.google.com/group/qubes-devel)
|
||||
- `qubes-devel@googlegroups.com`
|
||||
|
||||
- Please do not write email to individual developers (Marek, Joanna, etc) asking questions about installation or other problems. Please send all such questions to the mailing list.
|
||||
|
||||
@ -44,7 +44,7 @@ If you prefer to use USB as a source for installation, then you just need to cop
|
||||
dd if=Qubes-R2-Beta3-x86_64-DVD.iso of=/dev/sdX
|
||||
{% endhighlight %}
|
||||
|
||||
On windows you can use [this](http://www.chrysocome.net/dd) tool. Example command would be (as Administrator):
|
||||
On windows you can use [this](http://www.chrysocome.net/dd) tool. Example command would be (as Administrator):
|
||||
|
||||
{% highlight trac-wiki %}
|
||||
dd if=Qubes-R2-Beta3-x86_64-DVD.iso of=\\?\Device\Harddisk1\Partition0 bs=1M --size --progress
|
||||
@ -113,7 +113,7 @@ Getting Help
|
||||
- Developers documentation (normally not needed by users) is [here](/wiki/SystemDoc)
|
||||
|
||||
- If you don't find answer in the sources given above, write to the *qubes-users* mailing list (you don't need to be subscribed to the list, just send email to the address given below):
|
||||
- [http://groups.google.com/group/qubes-users](http://groups.google.com/group/qubes-users)
|
||||
- [http://groups.google.com/group/qubes-users](http://groups.google.com/group/qubes-users)
|
||||
- `qubes-users@googlegroups.com`
|
||||
|
||||
- Please do not write email to individual developers (Marek, Joanna, etc) asking questions about installation or other problems. Please send all such questions to the mailing list.
|
||||
|
||||
@ -43,7 +43,7 @@ If you prefer to use USB as a source for installation, then you just need to cop
|
||||
dd if=Qubes-R2-rc1-x86_64-DVD.iso of=/dev/sdX
|
||||
{% endhighlight %}
|
||||
|
||||
On windows you can use [this](http://www.chrysocome.net/dd) tool. Example command would be (as Administrator):
|
||||
On windows you can use [this](http://www.chrysocome.net/dd) tool. Example command would be (as Administrator):
|
||||
|
||||
{% highlight trac-wiki %}
|
||||
dd if=Qubes-R2-rc1-x86_64-DVD.iso of=\\?\Device\Harddisk1\Partition0 bs=1M --size --progress
|
||||
@ -98,7 +98,7 @@ Getting Help
|
||||
- Developers documentation (normally not needed by users) is [here](/wiki/SystemDoc)
|
||||
|
||||
- If you don't find answer in the sources given above, write to the *qubes-users* mailing list (you don't need to be subscribed to the list, just send email to the address given below):
|
||||
- [https://groups.google.com/group/qubes-users](https://groups.google.com/group/qubes-users)
|
||||
- [https://groups.google.com/group/qubes-users](https://groups.google.com/group/qubes-users)
|
||||
- `qubes-users@googlegroups.com`
|
||||
|
||||
- Please do not write email to individual developers (Marek, Joanna, etc) asking questions about installation or other problems. Please send all such questions to the mailing list.
|
||||
|
||||
@ -43,7 +43,7 @@ If you prefer to use USB as a source for installation, then you just need to cop
|
||||
dd if=Qubes-R2-rc2-x86_64-DVD.iso of=/dev/sdX
|
||||
{% endhighlight %}
|
||||
|
||||
On windows you can use [this](http://www.chrysocome.net/dd) tool. Example command would be (as Administrator):
|
||||
On windows you can use [this](http://www.chrysocome.net/dd) tool. Example command would be (as Administrator):
|
||||
|
||||
{% highlight trac-wiki %}
|
||||
dd if=Qubes-R2-rc2-x86_64-DVD.iso of=\\?\Device\Harddisk1\Partition0 bs=1M --size --progress
|
||||
@ -92,7 +92,7 @@ Getting Help
|
||||
- Developers documentation (normally not needed by users) is [here](/wiki/SystemDoc)
|
||||
|
||||
- If you don't find answer in the sources given above, write to the *qubes-users* mailing list (you don't need to be subscribed to the list, just send email to the address given below):
|
||||
- [https://groups.google.com/group/qubes-users](https://groups.google.com/group/qubes-users)
|
||||
- [https://groups.google.com/group/qubes-users](https://groups.google.com/group/qubes-users)
|
||||
- `qubes-users@googlegroups.com`
|
||||
|
||||
- Please do not write email to individual developers (Marek, Joanna, etc) asking questions about installation or other problems. Please send all such questions to the mailing list.
|
||||
|
||||
@ -75,7 +75,7 @@ Known Issues
|
||||
|
||||
- If your GPU is not correctly supported by the Dom0 kernel (e.g. the 3D desktop effects do not run smoothly) then you might experience "heaviness" with Windows 7-based AppVMs. In that case, please solve the problem with your GPU support in Dom0 in the first place (by using a different kernel), or install Qubes OS on a different system.
|
||||
|
||||
- For other known issues take a look at [our tickets](https://github.com/QubesOS/qubes-issues/issues?q=is%3Aopen+is%3Aissue+milestone%3A%22Release+3%22+label%3Abug)
|
||||
- For other known issues take a look at [our tickets](https://github.com/QubesOS/qubes-issues/issues?q=is%3Aopen+is%3Aissue+milestone%3A%22Release+3%22+label%3Abug)
|
||||
|
||||
It is advised to install updates just after system installation to apply bug fixes for (some of) the above problems.
|
||||
|
||||
|
||||
@ -8,14 +8,14 @@ redirect_from: /wiki/InstallationIsoBuilding/
|
||||
How to build Qubes installation ISO
|
||||
===================================
|
||||
|
||||
Qubes uses [FedoraUnity?](/wiki/FedoraUnity) [Revisor](http://revisor.fedoraunity.org/) to build the installation ISO.
|
||||
Qubes uses [FedoraUnity?](/wiki/FedoraUnity) [Revisor](http://revisor.fedoraunity.org/) to build the installation ISO.
|
||||
|
||||
You may want to get familiar with [Revisor documentation](http://revisor.fedoraunity.org/documentation).
|
||||
You may want to get familiar with [Revisor documentation](http://revisor.fedoraunity.org/documentation).
|
||||
|
||||
Build installer packages
|
||||
------------------------
|
||||
|
||||
Get [Qubes Installer repository](http://git.qubes-os.org/?p=smoku/installer) and build its packages:
|
||||
Get [Qubes Installer repository](http://git.qubes-os.org/?p=smoku/installer) and build its packages:
|
||||
|
||||
{% highlight trac-wiki %}
|
||||
cd installer
|
||||
|
||||
@ -5,4 +5,4 @@ permalink: /doc/LanguageLocalization/
|
||||
redirect_from: /wiki/LanguageLocalization/
|
||||
---
|
||||
|
||||
For digiting with special alphabets, please see this [thread](https://groups.google.com/forum/#!searchin/qubes-users/languge/qubes-users/VcNPlhdgVQM/iF9PqSzayacJ)
|
||||
For digiting with special alphabets, please see this [thread](https://groups.google.com/forum/#!searchin/qubes-users/languge/qubes-users/VcNPlhdgVQM/iF9PqSzayacJ)
|
||||
|
||||
@ -53,4 +53,4 @@ Now you should get at least 1280x1024 and be able to choose other modes.
|
||||
Qubes agents
|
||||
------------
|
||||
|
||||
Linux Qubes agents are written with PV domain in mind, but it looks to be possible to run them also in HVM domain. However some work is required to achieve it. Check [this thread](https://groups.google.com/group/qubes-devel/browse_thread/thread/081df4a43e49e7a5).
|
||||
Linux Qubes agents are written with PV domain in mind, but it looks to be possible to run them also in HVM domain. However some work is required to achieve it. Check [this thread](https://groups.google.com/group/qubes-devel/browse_thread/thread/081df4a43e49e7a5).
|
||||
|
||||
@ -25,7 +25,7 @@ The above image shows that Windows HVMs are also supported (provided that Qubes
|
||||
Behind the scenes
|
||||
-----------------
|
||||
|
||||
List of installed applications for each AppVM is stored in its template's `/var/lib/qubes/vm-templates/templatename/apps.templates` (or in case of StandaloneVM: `/var/lib/qubes/appvms/vmname/apps.templates`). Each menu entry is a file that follows the [.desktop file format](http://standards.freedesktop.org/desktop-entry-spec/desktop-entry-spec-latest.html) with some wildcards (*%VMNAME%*, *%VMDIR%*). Applications selected to appear in the menu are stored in `/var/lib/qubes/appvms/vmname/apps`.
|
||||
List of installed applications for each AppVM is stored in its template's `/var/lib/qubes/vm-templates/templatename/apps.templates` (or in case of StandaloneVM: `/var/lib/qubes/appvms/vmname/apps.templates`). Each menu entry is a file that follows the [.desktop file format](http://standards.freedesktop.org/desktop-entry-spec/desktop-entry-spec-latest.html) with some wildcards (*%VMNAME%*, *%VMDIR%*). Applications selected to appear in the menu are stored in `/var/lib/qubes/appvms/vmname/apps`.
|
||||
|
||||
Actual command lines for the menu shortcuts involve `qvm-run` command which starts a process in another domain. Example: `qvm-run -q --tray -a w7s 'cmd.exe /c "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Calculator.lnk"'` or `qvm-run -q --tray -a untrusted 'firefox %u'`
|
||||
|
||||
|
||||
@ -13,7 +13,7 @@ Rationale
|
||||
|
||||
Traditionally, Xen VMs are assigned a fixed amount of memory. It is not the optimal solution, as some VMs may require more memory than assigned initially, while others underutilize memory. Thus, there is a need for solution capable of shifting free memory from VM to another VM.
|
||||
|
||||
The [tmem](http://oss.oracle.com/projects/tmem/) project provides a "pseudo-RAM" that is assigned on per-need basis. However this solution has some disadvantages:
|
||||
The [tmem](http://oss.oracle.com/projects/tmem/) project provides a "pseudo-RAM" that is assigned on per-need basis. However this solution has some disadvantages:
|
||||
|
||||
- It does not provide real RAM, just an interface to copy memory to/from fast, RAM-based storage. It is perfect for swap, good for file cache, but not ideal for many tasks.
|
||||
- It is deeply integrated with the Linux kernel. When Qubes will support Windows guests natively, we would have to port *tmem* to Windows, which may be challenging.
|
||||
|
||||
@ -95,7 +95,7 @@ Be very careful when coding and adding a new RPC service! Any vulnerability in a
|
||||
Requesting VM-VM (and VM-Dom0) services execution (without cmdline helper)
|
||||
--------------------------------------------------------------------------
|
||||
|
||||
Connect directly to `/var/run/qubes/qrexec-agent-fdpass` socket as described [here](https://wiki.qubes-os.org/wiki/Qrexec2Implementation#Allthepiecestogetheratwork).
|
||||
Connect directly to `/var/run/qubes/qrexec-agent-fdpass` socket as described [here](https://wiki.qubes-os.org/wiki/Qrexec2Implementation#Allthepiecestogetheratwork).
|
||||
|
||||
### Revoking "Yes to All" authorization
|
||||
|
||||
|
||||
@ -25,14 +25,14 @@ Qubes Release 3.0
|
||||
Qubes Release 2
|
||||
---------------
|
||||
|
||||
- [Qubes-R2-x86\_64-DVD.iso](http://sourceforge.net/projects/qubesos/files/Qubes-R2-x86_64-DVD.iso/download) (via sourceforge.net)
|
||||
- [Digital Signature](http://sourceforge.net/projects/qubesos/files/Qubes-R2-x86_64-DVD.iso.asc/download) (via sourceforge.net)
|
||||
- [Qubes-R2-x86\_64-DVD.iso](http://sourceforge.net/projects/qubesos/files/Qubes-R2-x86_64-DVD.iso/download) (via sourceforge.net)
|
||||
- [Digital Signature](http://sourceforge.net/projects/qubesos/files/Qubes-R2-x86_64-DVD.iso.asc/download) (via sourceforge.net)
|
||||
|
||||
- **[Installation Guide for Qubes R2](/wiki/InstallationGuideR2)**
|
||||
- [Upgrading to Qubes R2](/wiki/InstallationGuideR2#Upgrading)
|
||||
|
||||
- [Qubes-R2-rc2-x86\_64-DVD.iso](http://sourceforge.net/projects/qubesos/files/Qubes-R2-rc2-x86_64-DVD.iso/download) (via sourceforge.net)
|
||||
- [Digital Signature](http://sourceforge.net/projects/qubesos/files/Qubes-R2-rc2-x86_64-DVD.iso.asc/download) (via sourceforge.net)
|
||||
- [Qubes-R2-rc2-x86\_64-DVD.iso](http://sourceforge.net/projects/qubesos/files/Qubes-R2-rc2-x86_64-DVD.iso/download) (via sourceforge.net)
|
||||
- [Digital Signature](http://sourceforge.net/projects/qubesos/files/Qubes-R2-rc2-x86_64-DVD.iso.asc/download) (via sourceforge.net)
|
||||
|
||||
- **[Installation Guide for Qubes R2 rc2](/wiki/InstallationGuideR2rc2)**
|
||||
- [Upgrading to Qubes R2 rc2](/wiki/InstallationGuideR2rc2#Upgrading)
|
||||
@ -42,8 +42,8 @@ Qubes Release 1
|
||||
|
||||
(This is mainly for historical reference, we strongly recommend Qubes R2 above)
|
||||
|
||||
- [Qubes-R1-x86\_64-DVD.iso](http://sourceforge.net/projects/qubesos/files/Qubes-R1-x86_64-DVD.iso/download) (via sourceforge.net)
|
||||
- [Digital Signature](http://sourceforge.net/projects/qubesos/files/Qubes-R1-x86_64-DVD.iso.asc/download) (via sourceforge.net)
|
||||
- [Qubes-R1-x86\_64-DVD.iso](http://sourceforge.net/projects/qubesos/files/Qubes-R1-x86_64-DVD.iso/download) (via sourceforge.net)
|
||||
- [Digital Signature](http://sourceforge.net/projects/qubesos/files/Qubes-R1-x86_64-DVD.iso.asc/download) (via sourceforge.net)
|
||||
|
||||
- **[Installation Guide](/wiki/InstallationGuide)**
|
||||
|
||||
@ -52,7 +52,7 @@ Mirrors
|
||||
|
||||
Qubes ISOs are also available from the following mirrors:
|
||||
|
||||
- [http://ftp.fsn.hu/pub/linux/distributions/qubes/](http://ftp.fsn.hu/pub/linux/distributions/qubes/)
|
||||
- [http://linuxtracker.org/index.php?page=torrent-details&id=3bdf893771d63bdbe3d83f31e064360ee10f30ec](http://linuxtracker.org/index.php?page=torrent-details&id=3bdf893771d63bdbe3d83f31e064360ee10f30ec)
|
||||
- [http://burnbit.com/torrent/303367/Qubes\_R2\_rc2\_x86\_64\_DVD\_iso](http://burnbit.com/torrent/303367/Qubes_R2_rc2_x86_64_DVD_iso)
|
||||
- [http://ftp.fsn.hu/pub/linux/distributions/qubes/](http://ftp.fsn.hu/pub/linux/distributions/qubes/)
|
||||
- [http://linuxtracker.org/index.php?page=torrent-details&id=3bdf893771d63bdbe3d83f31e064360ee10f30ec](http://linuxtracker.org/index.php?page=torrent-details&id=3bdf893771d63bdbe3d83f31e064360ee10f30ec)
|
||||
- [http://burnbit.com/torrent/303367/Qubes\_R2\_rc2\_x86\_64\_DVD\_iso](http://burnbit.com/torrent/303367/Qubes_R2_rc2_x86_64_DVD_iso)
|
||||
|
||||
|
||||
@ -15,8 +15,8 @@ Every AppVM in Qubes is connected to the network via a FirewallVM, which is used
|
||||
|
||||
For more information, see the following:
|
||||
|
||||
- [https://groups.google.com/group/qubes-devel/browse\_thread/thread/9e231b0e14bf9d62](https://groups.google.com/group/qubes-devel/browse_thread/thread/9e231b0e14bf9d62)
|
||||
- [http://theinvisiblethings.blogspot.com/2011/09/playing-with-qubes-networking-for-fun.html](http://theinvisiblethings.blogspot.com/2011/09/playing-with-qubes-networking-for-fun.html)
|
||||
- [https://groups.google.com/group/qubes-devel/browse\_thread/thread/9e231b0e14bf9d62](https://groups.google.com/group/qubes-devel/browse_thread/thread/9e231b0e14bf9d62)
|
||||
- [http://theinvisiblethings.blogspot.com/2011/09/playing-with-qubes-networking-for-fun.html](http://theinvisiblethings.blogspot.com/2011/09/playing-with-qubes-networking-for-fun.html)
|
||||
|
||||
How to edit rules
|
||||
-----------------
|
||||
|
||||
@ -10,7 +10,7 @@ Qubes OS License
|
||||
|
||||
Qubes is a compilation of software packages, each under its own license. The compilation is made available under the GNU General Public License version 2.
|
||||
|
||||
The full text of the GPL v2 license can be found [here](http://www.gnu.org/licenses/gpl-2.0.html).
|
||||
The full text of the GPL v2 license can be found [here](http://www.gnu.org/licenses/gpl-2.0.html).
|
||||
|
||||
Parts of the Qubes OS under proprietary license
|
||||
-----------------------------------------------
|
||||
@ -24,4 +24,4 @@ The following software is licensed under a proprietary license:
|
||||
Note on rights to double-licensing of the Qubes code
|
||||
----------------------------------------------------
|
||||
|
||||
Invisible Things Lab (ITL), who has funded and run the Qubes project since the beginning, and who has contributed majority of Qubes-specific code (specifically: `core-*`, `gui-*`, and `qubes-*` repositories) would like to have a right to redistribute parts of this code under proprietary licenses. This is especially important for Qubes R3 and later, where the new architecture allows the creation of many editions of Qubes, using different hypervisors, some of which might not be open source. That's why we ask every developer who contributes code to Qubes project to grant ITL permission to reuse the code under a different license, and to express this consent by including the [standard signed-off line](http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/SubmittingPatches?id=HEAD#n358) in the commit.
|
||||
Invisible Things Lab (ITL), who has funded and run the Qubes project since the beginning, and who has contributed majority of Qubes-specific code (specifically: `core-*`, `gui-*`, and `qubes-*` repositories) would like to have a right to redistribute parts of this code under proprietary licenses. This is especially important for Qubes R3 and later, where the new architecture allows the creation of many editions of Qubes, using different hypervisors, some of which might not be open source. That's why we ask every developer who contributes code to Qubes project to grant ITL permission to reuse the code under a different license, and to express this consent by including the [standard signed-off line](http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/SubmittingPatches?id=HEAD#n358) in the commit.
|
||||
|
||||
@ -15,7 +15,7 @@ Mailing List Rules
|
||||
|
||||
- Send your message to the correct list. Read the sections below to determine which list is correct for your message.
|
||||
|
||||
- Do not [top-post](https://en.wikipedia.org/wiki/Posting_style).
|
||||
- Do not [top-post](https://en.wikipedia.org/wiki/Posting_style).
|
||||
|
||||
- Include a precise and informative subject line. This will allow others to easily find your thread in the future and use it as a reference.
|
||||
- Bad: "Help! Qubes problems!"
|
||||
@ -55,7 +55,7 @@ You don't have to subscribe in order to post to this list. However, subscribing
|
||||
- To subscribe to the list, send a blank mail to `qubes-users+subscribe@googlegroups.com`. (Note: A Gmail account is not required. Any email address should work.)
|
||||
- To post a message to the list, address your email to `qubes-users@googlegroups.com`. (Note: You don't have to be subscribed in order to post.)
|
||||
- To unsubscribe, send a blank email to `qubes-users+unsubscribe@googlegroups.com`.
|
||||
- This list has a Google Groups web interface: [https://groups.google.com/group/qubes-users](https://groups.google.com/group/qubes-users)
|
||||
- This list has a Google Groups web interface: [https://groups.google.com/group/qubes-users](https://groups.google.com/group/qubes-users)
|
||||
- Some users prefer to interact with the mailing list through the Google Groups web interface. This has the advantage that it allows you to search and reply to messages which were sent prior to your subscription to the list. However, a Google account is required in order to post through this interface.
|
||||
|
||||
The `qubes-devel` mailing list
|
||||
@ -78,6 +78,6 @@ You must be subscribed in order to post to this list.
|
||||
- To subscribe to the list, send a blank mail to `qubes-devel+subscribe@googlegroups.com`. (Note: A Gmail account is not required. Any email address should work.)
|
||||
- To post a message to the list, address your email to `qubes-devel@googlegroups.com`. (Note: You must be subscribed in order to post. If your post does not appear, please allow time for moderation to occur.)
|
||||
- To unsubscribe, send a blank email to `qubes-devel+unsubscribe@googlegroups.com`.
|
||||
- This list has a Google Groups web interface: [https://groups.google.com/group/qubes-devel](https://groups.google.com/group/qubes-devel)
|
||||
- This list has a Google Groups web interface: [https://groups.google.com/group/qubes-devel](https://groups.google.com/group/qubes-devel)
|
||||
- Some users prefer to interact with the mailing list through the Google Groups web interface. This has the advantage that it allows you to search and reply to messages which were sent prior to your subscription to the list. However, a Google account is required in order to post through this interface.
|
||||
|
||||
|
||||
@ -9,25 +9,25 @@ Here are some links to various papers/research projects that somehow relate to Q
|
||||
|
||||
### Attacks on Intel TXT
|
||||
|
||||
- [Attacking Intel® Trusted Execution Technology](http://invisiblethingslab.com/resources/bh09dc/Attacking%20Intel%20TXT%20-%20paper.pdf) by Rafal Wojtczuk, Joanna Rutkowska
|
||||
- [ACPI: Design Principles and Concerns](http://www.ssi.gouv.fr/IMG/pdf/article_acpi.pdf) by Loic Duflot, Olivier Levillain, and Benjamin Morin
|
||||
- [Another Way to Circumvent Intel® Trusted Execution Technology](http://invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf) by Rafal Wojtczuk, Joanna Rutkowska, Alex Tereshkin
|
||||
- [Attacking Intel TXT® via SINIT code execution hijacking](http://www.invisiblethingslab.com/resources/2011/Attacking_Intel_TXT_via_SINIT_hijacking.pdf) by Rafal Wojtczuk and Joanna Rutkowska
|
||||
- [Attacking Intel® Trusted Execution Technology](http://invisiblethingslab.com/resources/bh09dc/Attacking%20Intel%20TXT%20-%20paper.pdf) by Rafal Wojtczuk, Joanna Rutkowska
|
||||
- [ACPI: Design Principles and Concerns](http://www.ssi.gouv.fr/IMG/pdf/article_acpi.pdf) by Loic Duflot, Olivier Levillain, and Benjamin Morin
|
||||
- [Another Way to Circumvent Intel® Trusted Execution Technology](http://invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf) by Rafal Wojtczuk, Joanna Rutkowska, Alex Tereshkin
|
||||
- [Attacking Intel TXT® via SINIT code execution hijacking](http://www.invisiblethingslab.com/resources/2011/Attacking_Intel_TXT_via_SINIT_hijacking.pdf) by Rafal Wojtczuk and Joanna Rutkowska
|
||||
|
||||
### Software attacks coming through devices
|
||||
|
||||
- [Can you still trust your network card?](http://www.ssi.gouv.fr/IMG/pdf/csw-trustnetworkcard.pdf) by Loïc Duflot, Yves-Alexis Perez and others
|
||||
- [Remotely Attacking Network Cards (or why we do need VT-d and TXT)](http://theinvisiblethings.blogspot.com/2010/04/remotely-attacking-network-cards-or-why.html) by Joanna Rutkowska
|
||||
- [On Formally Verified Microkernels (and on attacking them)](http://theinvisiblethings.blogspot.com/2010/05/on-formally-verified-microkernels-and.html) by Joanna Rutkowska
|
||||
- [Following the White Rabbit: Software Attacks against Intel® VT-d](http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf) by Rafal Wojtczuk and Joanna Rutkowska
|
||||
- [Can you still trust your network card?](http://www.ssi.gouv.fr/IMG/pdf/csw-trustnetworkcard.pdf) by Loïc Duflot, Yves-Alexis Perez and others
|
||||
- [Remotely Attacking Network Cards (or why we do need VT-d and TXT)](http://theinvisiblethings.blogspot.com/2010/04/remotely-attacking-network-cards-or-why.html) by Joanna Rutkowska
|
||||
- [On Formally Verified Microkernels (and on attacking them)](http://theinvisiblethings.blogspot.com/2010/05/on-formally-verified-microkernels-and.html) by Joanna Rutkowska
|
||||
- [Following the White Rabbit: Software Attacks against Intel® VT-d](http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf) by Rafal Wojtczuk and Joanna Rutkowska
|
||||
|
||||
### Application-level security
|
||||
|
||||
- [Virtics: A System for Privilege Separation of Legacy Desktop Applications](http://radlab.cs.berkeley.edu/wiki/Virtics) by Matt Piotrowski
|
||||
- [Virtics: A System for Privilege Separation of Legacy Desktop Applications](http://radlab.cs.berkeley.edu/wiki/Virtics) by Matt Piotrowski
|
||||
(We plan to implement some ideas from Matt's thesis in Qubes very soon -- stay tuned for details)
|
||||
|
||||
### VMM/Xen disagregation
|
||||
|
||||
- [[http://tjd.phlegethon.org/words/sosp11-xoar.pdf](http://tjd.phlegethon.org/words/sosp11-xoar.pdf) "Breaking Up is Hard to Do: Security and Functionality in a Commodity Hypervisor] by Patrick Colp at el.
|
||||
(Also see [this thread on xen-devel](http://www.gossamer-threads.com/lists/xen/devel/230011))
|
||||
- [[http://tjd.phlegethon.org/words/sosp11-xoar.pdf](http://tjd.phlegethon.org/words/sosp11-xoar.pdf) "Breaking Up is Hard to Do: Security and Functionality in a Commodity Hypervisor] by Patrick Colp at el.
|
||||
(Also see [this thread on xen-devel](http://www.gossamer-threads.com/lists/xen/devel/230011))
|
||||
|
||||
|
||||
@ -82,7 +82,7 @@ Qubes' unique Disposable VMs (DispVMs) allow the user to open any file in a disp
|
||||
|
||||
[](/attachment/wiki/QubesScreenshots/r2b2-convert-to-trusted-pdf-3.png) [](/attachment/wiki/QubesScreenshots/r2b2-converting-pdf-2.png)
|
||||
|
||||
Qubes provides an advanced infrastructure for programming inter-VM services, such as a PDF converter for untrusted files (which is described in [this article](http://theinvisiblethings.blogspot.com/2013/02/converting-untrusted-pdfs-into-trusted.html)).
|
||||
Qubes provides an advanced infrastructure for programming inter-VM services, such as a PDF converter for untrusted files (which is described in [this article](http://theinvisiblethings.blogspot.com/2013/02/converting-untrusted-pdfs-into-trusted.html)).
|
||||
|
||||
* * * * *
|
||||
|
||||
|
||||
@ -14,5 +14,5 @@ Qubes Security
|
||||
- [Qubes Security Goals](/wiki/SecurityGoals)
|
||||
- [On digital signatures and how to verify Qubes keys and downloads](/wiki/VerifyingSignatures)
|
||||
|
||||
- [Qubes Keys](http://keys.qubes-os.org/keys/)
|
||||
- [Qubes Keys](http://keys.qubes-os.org/keys/)
|
||||
|
||||
|
||||
@ -18,35 +18,35 @@ Qubes Security Bulletins are published through the [Qubes Security Pack](/wiki/S
|
||||
2011
|
||||
----
|
||||
|
||||
- [Qubes Security Bulletin \#01](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-001-2011.txt) (Gui daemon bug, Intel VT-d escape on non-IR hardware)
|
||||
- [Qubes Security Bulletin \#01](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-001-2011.txt) (Gui daemon bug, Intel VT-d escape on non-IR hardware)
|
||||
|
||||
2012
|
||||
----
|
||||
|
||||
- [Qubes Security Bulletin \#02](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-002-2012.txt) (Intel SYSRET bug)
|
||||
- [Qubes Security Bulletin \#03](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-003-2012.txt) (Xen hypervisor bugs: XSA 13, others with DoS potential)
|
||||
- [Qubes Security Bulletin \#04](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-004-2012.txt) (Qubes firewall misconfiguration: ipv6 allowed)
|
||||
- [Qubes Security Bulletin \#05](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-005-2012.txt) (Xen hypervisor bugs: XSA 29, others with DoS potential)
|
||||
- [Qubes Security Bulletin \#02](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-002-2012.txt) (Intel SYSRET bug)
|
||||
- [Qubes Security Bulletin \#03](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-003-2012.txt) (Xen hypervisor bugs: XSA 13, others with DoS potential)
|
||||
- [Qubes Security Bulletin \#04](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-004-2012.txt) (Qubes firewall misconfiguration: ipv6 allowed)
|
||||
- [Qubes Security Bulletin \#05](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-005-2012.txt) (Xen hypervisor bugs: XSA 29, others with DoS potential)
|
||||
|
||||
2013
|
||||
----
|
||||
|
||||
- [Qubes Security Bulletin \#06](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-006-2013.txt) (Xen hypervisor bugs: XSA 50, others with DoS potential)
|
||||
- [Qubes Security Bulletin \#07](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-007-2013.txt) (Xen hypervisor bugs: XSA 57 potential escalation, also XSA 52-54 with potential leaks)
|
||||
- [Qubes Security Bulletin \#08](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-008-2013.txt) (Xen hypervisor bugs: XSA 45,58 potential DoS)
|
||||
- [Qubes Security Bulletin \#06](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-006-2013.txt) (Xen hypervisor bugs: XSA 50, others with DoS potential)
|
||||
- [Qubes Security Bulletin \#07](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-007-2013.txt) (Xen hypervisor bugs: XSA 57 potential escalation, also XSA 52-54 with potential leaks)
|
||||
- [Qubes Security Bulletin \#08](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-008-2013.txt) (Xen hypervisor bugs: XSA 45,58 potential DoS)
|
||||
|
||||
2014
|
||||
----
|
||||
|
||||
- [Qubes Security Bulletin \#09](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-009-2014.txt) (Qubes qvm-open-in-[d]vm environment inter-VM leak)
|
||||
- [Qubes Security Bulletin \#10](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-010-2014.txt) (Qubes pulseaudio & vchan bugs, Xen XSA 87)
|
||||
- [Qubes Security Bulletin \#11](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-011-2014.txt) (Qubes clipboard inter-VM leak)
|
||||
- [Qubes Security Bulletin \#12](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-012-2014.txt) (Memory leak in Xen hypervisor via RDMSR emulation bug (XSA 108))
|
||||
- [Qubes Security Bulletin \#09](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-009-2014.txt) (Qubes qvm-open-in-[d]vm environment inter-VM leak)
|
||||
- [Qubes Security Bulletin \#10](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-010-2014.txt) (Qubes pulseaudio & vchan bugs, Xen XSA 87)
|
||||
- [Qubes Security Bulletin \#11](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-011-2014.txt) (Qubes clipboard inter-VM leak)
|
||||
- [Qubes Security Bulletin \#12](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-012-2014.txt) (Memory leak in Xen hypervisor via RDMSR emulation bug (XSA 108))
|
||||
|
||||
2015
|
||||
----
|
||||
|
||||
- [Qubes Security Bulletin \#13](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-013-2015.txt) (Qubes Clipboard Timing Attacks and Qubes Core Python API Inconsistency)
|
||||
- [Qubes Security Bulletin \#14](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-014-2015.txt) (Race condition in Qubes Inter-VM File-Copy Mechanism)
|
||||
- [Qubes Security Bulletin \#15](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-015-2015.txt) (Critical Xen Hypervisor Vulnerability (XSA 109))
|
||||
- [Qubes Security Bulletin \#13](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-013-2015.txt) (Qubes Clipboard Timing Attacks and Qubes Core Python API Inconsistency)
|
||||
- [Qubes Security Bulletin \#14](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-014-2015.txt) (Race condition in Qubes Inter-VM File-Copy Mechanism)
|
||||
- [Qubes Security Bulletin \#15](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-015-2015.txt) (Critical Xen Hypervisor Vulnerability (XSA 109))
|
||||
|
||||
|
||||
@ -20,7 +20,7 @@ Security Guidelines
|
||||
9. [Creating and Using a USBVM](#CreatingandUsingaUSBVM)
|
||||
10. [Dom0 Precautions](#Dom0Precautions)
|
||||
|
||||
The [Qubes introduction](http://theinvisiblethings.blogspot.com/2012/09/introducing-qubes-10.html) makes clear that without some active and responsible participation of the user, no real security is possible. So, for example, Qubes does not automagically make your Firefox (or any other app) running in one of the AppVMs suddenly more secure. It is just as [secure (or insecure)](https://en.wikipedia.org/wiki/Computer_insecurity) as on a normal Linux or Windows OS. But what drastically changes is the context in which your applications are used. [This context](/wiki/QubesArchitecture) is a [responsibility of the user](/wiki/SecurityGoals). But participation requires knowledge. So it is worth stressing some basic items:
|
||||
The [Qubes introduction](http://theinvisiblethings.blogspot.com/2012/09/introducing-qubes-10.html) makes clear that without some active and responsible participation of the user, no real security is possible. So, for example, Qubes does not automagically make your Firefox (or any other app) running in one of the AppVMs suddenly more secure. It is just as [secure (or insecure)](https://en.wikipedia.org/wiki/Computer_insecurity) as on a normal Linux or Windows OS. But what drastically changes is the context in which your applications are used. [This context](/wiki/QubesArchitecture) is a [responsibility of the user](/wiki/SecurityGoals). But participation requires knowledge. So it is worth stressing some basic items:
|
||||
|
||||
Download Verification
|
||||
---------------------
|
||||
@ -35,7 +35,7 @@ sudo yum install <program>
|
||||
|
||||
on template terminal already accomplishes verification, for fedora and qubes repositories.
|
||||
|
||||
If you install new repositories, they might have gpgcheck disabled. [Check the config files](http://docs.fedoraproject.org/en-US/Fedora/12/html/Deployment_Guide/sec-Configuring_Yum_and_Yum_Repositories.html) and be sure to check that
|
||||
If you install new repositories, they might have gpgcheck disabled. [Check the config files](http://docs.fedoraproject.org/en-US/Fedora/12/html/Deployment_Guide/sec-Configuring_Yum_and_Yum_Repositories.html) and be sure to check that
|
||||
|
||||
{% highlight trac-wiki %}
|
||||
gpgcheck=1
|
||||
@ -50,7 +50,7 @@ But if you need to download programs that cannot be verified, then it is certain
|
||||
Observing Security Contexts
|
||||
---------------------------
|
||||
|
||||
To each VM is associated a specific colour of window borders in Qubes. They are how Qubes communicates the **security context** of applications and data so that users can be easily aware of this at all times. So be sure to check the colour of window borders before taking any action, particularly if related to security, [see blog](http://theinvisiblethings.blogspot.com/2011/05/app-oriented-ui-model-and-its-security.html).
|
||||
To each VM is associated a specific colour of window borders in Qubes. They are how Qubes communicates the **security context** of applications and data so that users can be easily aware of this at all times. So be sure to check the colour of window borders before taking any action, particularly if related to security, [see blog](http://theinvisiblethings.blogspot.com/2011/05/app-oriented-ui-model-and-its-security.html).
|
||||
|
||||
Also, be sure to use **Expose-like effect** when dealing with a smaller window displayed on top of a larger window. Remember that a "red" Firefox, can always draw a "green" password prompt box, and you don't want to enter your password there!
|
||||
|
||||
@ -114,7 +114,7 @@ Assigning USB keyboard will **deprive Dom0 VM of a keyboard**. Since a USB contr
|
||||
|
||||
But **if you need to use a USB keyboard or mouse**, identify the USB controller in which you have your keyboard/mouse plugged in and do NOT assign it to a VM. Also makes sure you know all the other USB ports for that controller, and use them carefully, with the knowledge **you are exposing Dom0** (ie NO bluetooth device on it).
|
||||
|
||||
All USB devices should be assumed as **side channel attack vectors** (mic via sound), others via power usage so user may prefer to remove them. [See this about rootkits](https://www.networkworld.com/news/2007/080207-black-hat-virtual-machine-rootkit-detection.html)
|
||||
All USB devices should be assumed as **side channel attack vectors** (mic via sound), others via power usage so user may prefer to remove them. [See this about rootkits](https://www.networkworld.com/news/2007/080207-black-hat-virtual-machine-rootkit-detection.html)
|
||||
|
||||
The **web-cam** also may involve a risk, so better to physically cover it with a adhesive tape if you do not use it. If you need it, you have **to assign it to a VM** and cover it with a cap or an elastic band when not in use. Attaching a **microphone** using Qubes VM Manager also may be risky, so attach it only when required.
|
||||
|
||||
@ -155,7 +155,7 @@ As explained [here](/wiki/GettingStarted#AppVMsDomainsandTemplateVMs), dom0 shou
|
||||
|
||||
1. Secure isolation among domUs (i.e., AppVMs, StandaloneVMs, HVMs, etc.) is the *raison d'être* of Qubes. This is the primary reason that we recommend the delegation of all user activities to some number of AppVMs. In the event that any given VM is compromised, only that particular VM is compromised. (TemplateVMs are the exception to this. If a TemplateVM were compromised, then every AppVM based on it might also be compromised. Even in this case, however, the entire system would not necessarily have been compromised, since StandaloneVM(s), HVM(s), and/or multiple TemplateVMs might be in use.) By contrast, if dom0 were ever compromised, the entire system would thereby be compromised.
|
||||
2. Due to the absence of convenience mechanisms in dom0 such as the inter-VM clipboard and inter-VM file copying, it is significantly less convenient to attempt to use dom0 for user operations (e.g., password management) in conjunction with AppVMs than it is to use another dedicated AppVM (e.g., a "vault" VM).
|
||||
3. Dom0 has access to every VM's data in the form of its private image file, including untrusted (e.g., red-bordered) VMs. If the user were to make a mistake (or be tricked into making one) and thereby inadvertently access untrusted files from dom0, those files could exploit the application which accessed them (e.g., a file manager) and gain control over dom0 and, therefore, the entire system. Even simply displaying the data in a [terminal emulator](http://securityvulns.com/docs4128.html) can be dangerous. For example, some file managers (such as the Thunar File Manager, which is pre-installed by default in the Xfce4 version of dom0) list loop devices used by running VMs. When one of these devices is selected in the file manager, the loop device is mounted to dom0, effectively [transferring the contents](https://groups.google.com/d/msg/qubes-users/_tkjmBa9m9w/9BbKh94PVtcJ) of the home directory of a (by definition less trusted) AppVM to dom0.
|
||||
3. Dom0 has access to every VM's data in the form of its private image file, including untrusted (e.g., red-bordered) VMs. If the user were to make a mistake (or be tricked into making one) and thereby inadvertently access untrusted files from dom0, those files could exploit the application which accessed them (e.g., a file manager) and gain control over dom0 and, therefore, the entire system. Even simply displaying the data in a [terminal emulator](http://securityvulns.com/docs4128.html) can be dangerous. For example, some file managers (such as the Thunar File Manager, which is pre-installed by default in the Xfce4 version of dom0) list loop devices used by running VMs. When one of these devices is selected in the file manager, the loop device is mounted to dom0, effectively [transferring the contents](https://groups.google.com/d/msg/qubes-users/_tkjmBa9m9w/9BbKh94PVtcJ) of the home directory of a (by definition less trusted) AppVM to dom0.
|
||||
4. There is a (hopefully small but non-zero) chance that any given program which runs in dom0 (or anywhere, for that matter) is malicious. (For example, an attacker may have stolen a third-party developer's keys and used them to sign a malicious package, which has then been downloaded as part of a standard yum update.) For this reason, it is very important that as few programs as possible be run in dom0 in as restricted a manner as possible. For example, although GnuPG is used in dom0 for verifying updates received from the firewallvm, it does not follow that GnuPG should be used for regular user operations (e.g., key management) in dom0. This is because only a single GnuPG operation, the "verify signature" operation" (which is believed to be the most bulletproof operation in GnuPG), is used by default in dom0. No other key management operations (e.g., importing unverified keys) or any other data parsing takes place in dom0 by default.
|
||||
5. Any VM can be shut down in order to make it even more difficult for an adversary to access, and shutting down one VM does not restrict the user of other VMs. By contrast, one cannot shut down dom0 and use other VMs at the same time.
|
||||
6. As far as we are aware, there are no special mechanisms in Xen which make dom0 more protected than any other VM, so there is no inherent security advantage to performing any user operations in dom0.
|
||||
|
||||
@ -19,18 +19,18 @@ Introduction
|
||||
The **Qubes Security Pack (QSP)** is a Git repository which contains:
|
||||
|
||||
- [All Qubes Security Bulletins (QSBs)](/wiki/SecurityBulletins)
|
||||
- [All PGP keys](https://keys.qubes-os.org/keys/)
|
||||
- [Warrant canaries](https://en.wikipedia.org/wiki/Warrant_canary)
|
||||
- [All PGP keys](https://keys.qubes-os.org/keys/)
|
||||
- [Warrant canaries](https://en.wikipedia.org/wiki/Warrant_canary)
|
||||
- Other security-related information and announcements (such as key revocations)
|
||||
|
||||
The QSP is located here:
|
||||
|
||||
> [https://github.com/QubesOS/qubes-secpack](https://github.com/QubesOS/qubes-secpack)
|
||||
> [https://github.com/QubesOS/qubes-secpack](https://github.com/QubesOS/qubes-secpack)
|
||||
|
||||
History and Rationale
|
||||
---------------------
|
||||
|
||||
On 2013-01-05, Joanna Rutkowska announced the QSP and explained its rationale in an [email](https://groups.google.com/d/msg/qubes-devel/twkOEaMLtNI/lZyGx6_jFCEJ) to the Qubes mailing lists:
|
||||
On 2013-01-05, Joanna Rutkowska announced the QSP and explained its rationale in an [email](https://groups.google.com/d/msg/qubes-devel/twkOEaMLtNI/lZyGx6_jFCEJ) to the Qubes mailing lists:
|
||||
|
||||
{% highlight trac-wiki %}
|
||||
Hello,
|
||||
|
||||
@ -26,7 +26,7 @@ security at qubes-os dot org
|
||||
Qubes Security Team GPG Key
|
||||
---------------------------
|
||||
|
||||
Please use the [this GPG key](http://keys.qubes-os.org/keys/qubes-os-security-team-key.asc) for encrypting any emails send to this address. Like all the GPG keys used by the Qubes project, this key is signed with the Qubes Master key. Please see [this page](/wiki/VerifyingSignatures) for more information on how to verify the keys.
|
||||
Please use the [this GPG key](http://keys.qubes-os.org/keys/qubes-os-security-team-key.asc) for encrypting any emails send to this address. Like all the GPG keys used by the Qubes project, this key is signed with the Qubes Master key. Please see [this page](/wiki/VerifyingSignatures) for more information on how to verify the keys.
|
||||
|
||||
Members of the Security Team
|
||||
----------------------------
|
||||
|
||||
@ -35,14 +35,14 @@ In general, Qubes takes an approach called **security by isolation**, which in t
|
||||
How does Qubes compare to using a "live CD" OS?
|
||||
-----------------------------------------------
|
||||
|
||||
Booting your computer from a live CD (or DVD) when you need to perform sensitive activities can certainly be more secure than simply using your main OS, but this method still preserves many of the risks of conventional OSes. For example, popular live OSes (such as [Tails](https://tails.boum.org/) and other Linux distributions) are still **monolithic** in the sense that all software is still running in the same OS. This means, once again, that if your session is compromised, then all the data and activities performed within that same session are also potentially compromised.
|
||||
Booting your computer from a live CD (or DVD) when you need to perform sensitive activities can certainly be more secure than simply using your main OS, but this method still preserves many of the risks of conventional OSes. For example, popular live OSes (such as [Tails](https://tails.boum.org/) and other Linux distributions) are still **monolithic** in the sense that all software is still running in the same OS. This means, once again, that if your session is compromised, then all the data and activities performed within that same session are also potentially compromised.
|
||||
|
||||
How does Qubes compare to running VMs in a convential OS?
|
||||
---------------------------------------------------------
|
||||
|
||||
Not all virtual machine software is equal when it comes to security. You may have used or heard of VMs in relation to software like VirtualBox or VMware Workstation. These are known as "Type 2" or "hosted" hypervisors. (The **hypervisor** is the software, firmare, or hardware that creates and runs virtual machines.) These programs are popular because they're designed primarily to be easy to use and run under popular OSes like Windows (which is called the **host** OS, since it "hosts" the VMs). However, the fact that Type 2 hypervisors run under the host OS means that they're really only as secure as the host OS itself. If the host OS is ever compromised, then any VMs it hosts are also effectivley compromised.
|
||||
|
||||
By contrast, Qubes uses a "Type 1" or "bare metal" hypervisor called [Xen](http://www.xenproject.org). Instead of running inside an OS, Type 1 hypervisors run directly on the "bare metal" of the hardware. This means that an attacker must be capable of subverting the hypervisor itself in order to compromise the entire system, which is vastly more difficult.
|
||||
By contrast, Qubes uses a "Type 1" or "bare metal" hypervisor called [Xen](http://www.xenproject.org). Instead of running inside an OS, Type 1 hypervisors run directly on the "bare metal" of the hardware. This means that an attacker must be capable of subverting the hypervisor itself in order to compromise the entire system, which is vastly more difficult.
|
||||
|
||||
Qubes makes it so that multiple VMs running under a Type 1 hypervisor can be securely used as an integrated OS. For example, it puts all of your application windows on the same desktop with special colored borders indicating the trust levels of their respective VMs. It also allows for things like secure copy/paste operations between VMs, securely copying and transferring files between VMs, and secure networking between VMs and the Internet.
|
||||
|
||||
@ -63,7 +63,7 @@ Cons:
|
||||
- Physically separate computers running conventional OSes are still independently vulnerable to most conventional attacks due to their monolithic nature.
|
||||
- Malware which can bridge air gaps has existed for several years now and is becoming increasingly common.
|
||||
|
||||
(For more on this topic, please see the paper [Software compartmentalization vs. physical separation](http://www.invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf).)
|
||||
(For more on this topic, please see the paper [Software compartmentalization vs. physical separation](http://www.invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf).)
|
||||
|
||||
More information
|
||||
----------------
|
||||
|
||||
@ -19,7 +19,7 @@ One solution that actually worked for me was to reflash the BIOS (I know, I know
|
||||
|
||||
If you think you are ready to reflash you BIOS, here are the instructions that worked for me:
|
||||
|
||||
[http://forum.notebookreview.com/sony/473226-insyde-hacking-new-vaio-z-advanced-menu-bios.html](http://forum.notebookreview.com/sony/473226-insyde-hacking-new-vaio-z-advanced-menu-bios.html)
|
||||
[http://forum.notebookreview.com/sony/473226-insyde-hacking-new-vaio-z-advanced-menu-bios.html](http://forum.notebookreview.com/sony/473226-insyde-hacking-new-vaio-z-advanced-menu-bios.html)
|
||||
|
||||
**WARNING**: We take absolutely no responsibility that the BIOS relflashing instructions given at the referenced forum are 1) valid, 2) non-malicious, and 3) work at all. Do this step on your own risk. Keep in mind that reflashing your BIOS might yield your system unusable. If you don't feel like taking this risk (which is a reasonable state of mind), look for a different notebook, or ask Sony Support to enable this option for you.
|
||||
|
||||
|
||||
@ -8,7 +8,7 @@ redirect_from: /wiki/StickMounting/
|
||||
How to Mount USB Sticks to AppVMs
|
||||
=================================
|
||||
|
||||
(**Note:** In the present context, the term "USB stick" denotes any [USB mass storage device](https://en.wikipedia.org/wiki/USB_mass_storage_device_class). In addition to smaller flash memory sticks, this includes things like USB external hard drives.)
|
||||
(**Note:** In the present context, the term "USB stick" denotes any [USB mass storage device](https://en.wikipedia.org/wiki/USB_mass_storage_device_class). In addition to smaller flash memory sticks, this includes things like USB external hard drives.)
|
||||
|
||||
Qubes supports the ability to mount a USB stick to any AppVM easily, no matter which VM actually handles the USB controller. (The USB controller may be assigned on the **Devices** tab of an AppVM's settings page in Qubes VM Manager or by using the [qvm-pci command](/wiki/AssigningDevices).)
|
||||
|
||||
|
||||
@ -9,11 +9,11 @@ System Documentation for Developers
|
||||
===================================
|
||||
|
||||
1. Fundamentals:
|
||||
1. Qubes OS Architecture v0.3 [(pdf)](http://files.qubes-os.org/files/doc/arch-spec-0.3.pdf) (The original 2009 document that started this all...)
|
||||
1. Qubes OS Architecture v0.3 [(pdf)](http://files.qubes-os.org/files/doc/arch-spec-0.3.pdf) (The original 2009 document that started this all...)
|
||||
2. [Security-critical elements of Qubes OS](/wiki/SecurityCriticalCode)
|
||||
3. Qubes RPC framework (qrexec):
|
||||
1. [The Qubes RPC/Service API](/wiki/Qrexec)
|
||||
2. Example for writing a qrexec service in Qubes OS [blog post](http://theinvisiblethings.blogspot.com/2013/02/converting-untrusted-pdfs-into-trusted.html)
|
||||
2. Example for writing a qrexec service in Qubes OS [blog post](http://theinvisiblethings.blogspot.com/2013/02/converting-untrusted-pdfs-into-trusted.html)
|
||||
3. [qrexec implementation in Qubes R2](/wiki/Qrexec2Implementation)
|
||||
4. [qrexec implementation in Qubes R3/Odyssey](/wiki/Qrexec3Implementation)
|
||||
|
||||
@ -25,7 +25,7 @@ System Documentation for Developers
|
||||
1. [Inter-domain file copying](/wiki/Qfilecopy)
|
||||
2. [Dynamic memory management in Qubes](/wiki/Qmemman)
|
||||
3. [Implementation of DisposableVMs](/wiki/DVMimpl)
|
||||
4. [Article about disposable VMs](http://theinvisiblethings.blogspot.com/2010/06/disposable-vms.html)
|
||||
4. [Article about disposable VMs](http://theinvisiblethings.blogspot.com/2010/06/disposable-vms.html)
|
||||
5. [Dom0 secure update mechanism](/wiki/Dom0SecureUpdates)
|
||||
6. [VM secure update mechanism?](/wiki/VMSecureUpdates)
|
||||
|
||||
|
||||
@ -25,7 +25,7 @@ Recommended
|
||||
- ATI GPUs have not been formally tested (but see the [Hardware Compatibility List](/hcl/)).
|
||||
- Intel VT-x or AMD-v technology (required for running HVM domains, such as Windows-based AppVMs)
|
||||
- Intel VT-d or AMD IOMMU technology (required for effective isolation of network VMs)
|
||||
- TPM with proper BIOS support (required for [Anti Evil Maid](http://theinvisiblethings.blogspot.com/2011/09/anti-evil-maid.html))
|
||||
- TPM with proper BIOS support (required for [Anti Evil Maid](http://theinvisiblethings.blogspot.com/2011/09/anti-evil-maid.html))
|
||||
|
||||
Important Notes
|
||||
---------------
|
||||
@ -34,5 +34,5 @@ Important Notes
|
||||
- Qubes **can** be installed on a USB flash drive or external disk, and testing has shown that this works very well. A fast USB 3.0 flash drive is recommended for this. (As a reminder, its capacity must be at least 32 GB.) Simply plug the flash drive into the computer before booting into the Qubes installer from a separate installation medium, choose the flash drive as the target installation disk, and proceed with the installation normally. After Qubes has been installed on the flash drive, it can then be plugged into other computers in order to boot into Qubes. In addition to the convenience of having a portable copy of Qubes, this allows users to test for hardware compatibility on multiple machines (e.g., at a brick-and-mortar computer store) before deciding on which computer to purchase. (See [here](/hcl/#GeneratingandSubmittingNewReports) for advice on hardware compatibility testing.) Keep in mind to also change assigned devices for your netvm and usbvm, if you move between different machines.
|
||||
- Installing Qubes in a virtual machine is not recommended, as it uses its own bare-metal hypervisor (Xen).
|
||||
- Macintosh PCs are not currently supported due to keyboard and mouse problems - details in \#230. (Patches welcome!)
|
||||
- [Advice on finding a VT-d capable notebook](https://groups.google.com/d/msg/qubes-users/Sz0Nuhi4N0o/ZtpJdoc0OY8J).
|
||||
- [Advice on finding a VT-d capable notebook](https://groups.google.com/d/msg/qubes-users/Sz0Nuhi4N0o/ZtpJdoc0OY8J).
|
||||
|
||||
|
||||
4
USBVM.md
4
USBVM.md
@ -10,9 +10,9 @@ USB Pass through: USBVM
|
||||
|
||||
**WARNING:** This is experimental and very broken.
|
||||
|
||||
Source: [https://groups.google.com/d/msg/qubes-devel/4AKulABh2Jc/\_R7SRSC4peYJ](https://groups.google.com/d/msg/qubes-devel/4AKulABh2Jc/_R7SRSC4peYJ)
|
||||
Source: [https://groups.google.com/d/msg/qubes-devel/4AKulABh2Jc/\_R7SRSC4peYJ](https://groups.google.com/d/msg/qubes-devel/4AKulABh2Jc/_R7SRSC4peYJ)
|
||||
|
||||
You'll need the patch tagged abb\_e58b432 from [git://github.com/grwl/qubes-core.git](git://github.com/grwl/qubes-core.git).
|
||||
You'll need the patch tagged abb\_e58b432 from [git://github.com/grwl/qubes-core.git](git://github.com/grwl/qubes-core.git).
|
||||
|
||||
The rest is in RPMs, yes. I roughly follow this procedure to have pvusb on Qubes 1.0:
|
||||
|
||||
|
||||
@ -61,7 +61,7 @@ $ sudo -s
|
||||
# umount /mnt/cdrom
|
||||
{% endhighlight %}
|
||||
|
||||
If you already have fedora-17-x64, you can also upgrade it to fedora-18-x64 following [standard Fedora upgrade procedure](http://fedoraproject.org/wiki/Upgrading_Fedora_using_yum) (only "yum" method will work in Qubes VM).
|
||||
If you already have fedora-17-x64, you can also upgrade it to fedora-18-x64 following [standard Fedora upgrade procedure](http://fedoraproject.org/wiki/Upgrading_Fedora_using_yum) (only "yum" method will work in Qubes VM).
|
||||
|
||||
Upgrade Dom0
|
||||
------------
|
||||
|
||||
20
UserDoc.md
20
UserDoc.md
@ -42,17 +42,17 @@ Qubes User Documentation
|
||||
4. [How to set up a ProxyVM as a VPN Gateway](/wiki/VPN/)
|
||||
5. [Adding Bridge Support to the NetVM (EXPERIMENTAL)](/wiki/NetworkBridgeSupport/)
|
||||
6. External Links
|
||||
1. [Creating Custom NetVMs and ProxyVMs](http://theinvisiblethings.blogspot.com/2011/09/playing-with-qubes-networking-for-fun.html)
|
||||
2. [How to run TorBrowser using external tor proxy (from TorVM)](https://groups.google.com/group/qubes-devel/msg/34f67194d3422bfa)
|
||||
3. [How to make proxy for individual tcp connection from networkless VM](https://groups.google.com/group/qubes-devel/msg/4ca950ab6d7cd11a)
|
||||
4. [HTTP filtering proxy in Qubes firewall VM](https://groups.google.com/group/qubes-devel/browse_thread/thread/5252bc3f6ed4b43e/d881deb5afaa2a6c#39c95d63fccca12b)
|
||||
1. [Creating Custom NetVMs and ProxyVMs](http://theinvisiblethings.blogspot.com/2011/09/playing-with-qubes-networking-for-fun.html)
|
||||
2. [How to run TorBrowser using external tor proxy (from TorVM)](https://groups.google.com/group/qubes-devel/msg/34f67194d3422bfa)
|
||||
3. [How to make proxy for individual tcp connection from networkless VM](https://groups.google.com/group/qubes-devel/msg/4ca950ab6d7cd11a)
|
||||
4. [HTTP filtering proxy in Qubes firewall VM](https://groups.google.com/group/qubes-devel/browse_thread/thread/5252bc3f6ed4b43e/d881deb5afaa2a6c#39c95d63fccca12b)
|
||||
|
||||
5. **[TemplateVMs](/doc/Templates/)**
|
||||
1. [Updating and Installing Software in VMs](/wiki/SoftwareUpdateVM/)
|
||||
2. [Templates: Fedora - minimal](/wiki/Templates/FedoraMinimal/)
|
||||
3. [Templates: Debian](/wiki/Templates/Debian/)
|
||||
4. External Links
|
||||
1. [Extending \`root.img\` Size](https://groups.google.com/group/qubes-devel/msg/9d1ac581236ca9b4)
|
||||
1. [Extending \`root.img\` Size](https://groups.google.com/group/qubes-devel/msg/9d1ac581236ca9b4)
|
||||
|
||||
6. **DispVMs**
|
||||
1. [Disposable VMs](/wiki/DisposableVms/)
|
||||
@ -63,8 +63,8 @@ Qubes User Documentation
|
||||
2. [Tips for Using Linux in an HVM](/wiki/LinuxHVMTips/)
|
||||
3. [Creating and Using HVM and Windows Domains (Qubes R2 Only)](/wiki/HvmCreate/)
|
||||
4. External Links
|
||||
1. [Creating Whonix HVMs in Qubes](https://www.whonix.org/wiki/Qubes)
|
||||
2. [Creating NetBSD VM](https://groups.google.com/group/qubes-devel/msg/4015c8900a813985)
|
||||
1. [Creating Whonix HVMs in Qubes](https://www.whonix.org/wiki/Qubes)
|
||||
2. [Creating NetBSD VM](https://groups.google.com/group/qubes-devel/msg/4015c8900a813985)
|
||||
|
||||
8. **Windows VMs**
|
||||
1. [Installing and Using Windows-based AppVMs (Qubes R2 Beta 3 and Later)](/wiki/WindowsAppVms/)
|
||||
@ -90,8 +90,8 @@ Qubes User Documentation
|
||||
2. [Getting Sony Vaio Z laptop to work with Qubes](/wiki/SonyVaioTinkering/)
|
||||
|
||||
8. External Links
|
||||
1. [Installing on system with new AMD GPU (missing firmware problem)](https://groups.google.com/group/qubes-devel/browse_thread/thread/e27a57b0eda62f76)
|
||||
2. [Solving problems with Macbook Air 2012](https://groups.google.com/group/qubes-devel/browse_thread/thread/b8b0d819d2a4fc39/d50a72449107ab21#8a9268c09d105e69)
|
||||
3. [Booting with GRUB2 and GPT](https://groups.google.com/group/qubes-devel/browse_thread/thread/e4ac093cabd37d2b/d5090c20d92c4128#d5090c20d92c4128)
|
||||
1. [Installing on system with new AMD GPU (missing firmware problem)](https://groups.google.com/group/qubes-devel/browse_thread/thread/e27a57b0eda62f76)
|
||||
2. [Solving problems with Macbook Air 2012](https://groups.google.com/group/qubes-devel/browse_thread/thread/b8b0d819d2a4fc39/d50a72449107ab21#8a9268c09d105e69)
|
||||
3. [Booting with GRUB2 and GPT](https://groups.google.com/group/qubes-devel/browse_thread/thread/e4ac093cabd37d2b/d5090c20d92c4128#d5090c20d92c4128)
|
||||
|
||||
|
||||
|
||||
20
UserFaq.md
20
UserFaq.md
@ -48,7 +48,7 @@ If you really want to call it a distribution, then it's more of a "Xen distribut
|
||||
|
||||
### How is Qubes different from other security solutions?
|
||||
|
||||
Please see [this article](http://theinvisiblethings.blogspot.com/2012/09/how-is-qubes-os-different-from.html) for a thorough discussion.
|
||||
Please see [this article](http://theinvisiblethings.blogspot.com/2012/09/how-is-qubes-os-different-from.html) for a thorough discussion.
|
||||
|
||||
### What is the main concept behind Qubes?
|
||||
|
||||
@ -56,11 +56,11 @@ To build security on the “Security by Isolation” principle.
|
||||
|
||||
### What about other approaches to security?
|
||||
|
||||
The other two popular [approaches](http://theinvisiblethings.blogspot.com/2008/09/three-approaches-to-computer-security.html) are “Security by Correctness” and “Security by Obscurity.” We don't believe either of these approaches are capable of providing reasonable security today, nor do we believe that they will be capable of doing so in the foreseeable future.
|
||||
The other two popular [approaches](http://theinvisiblethings.blogspot.com/2008/09/three-approaches-to-computer-security.html) are “Security by Correctness” and “Security by Obscurity.” We don't believe either of these approaches are capable of providing reasonable security today, nor do we believe that they will be capable of doing so in the foreseeable future.
|
||||
|
||||
### What about safe languages and formally verified microkernels?
|
||||
|
||||
In short: these are non-realistic solutions today. We discuss this in further depth in our [Architecture Specification document](http://files.qubes-os.org/files/doc/arch-spec-0.3.pdf).
|
||||
In short: these are non-realistic solutions today. We discuss this in further depth in our [Architecture Specification document](http://files.qubes-os.org/files/doc/arch-spec-0.3.pdf).
|
||||
|
||||
### Why does Qubes use virtualization?
|
||||
|
||||
@ -72,7 +72,7 @@ No! This would not make much sense. Qubes uses lightweight VMs to create securit
|
||||
|
||||
### Why does Qubes use Xen instead of KVM or some other hypervisor?
|
||||
|
||||
In short: we believe the Xen architecture allows for the creation of more secure systems (i.e. with a much smaller TCB, which translates to a smaller attack surface). We discuss this in much greater depth in our [Architecture Specification document](http://files.qubes-os.org/files/doc/arch-spec-0.3.pdf).
|
||||
In short: we believe the Xen architecture allows for the creation of more secure systems (i.e. with a much smaller TCB, which translates to a smaller attack surface). We discuss this in much greater depth in our [Architecture Specification document](http://files.qubes-os.org/files/doc/arch-spec-0.3.pdf).
|
||||
|
||||
### What about this other/new (micro)kernel/hypervisor?
|
||||
|
||||
@ -112,12 +112,12 @@ Those won’t fly. We do not provide OpenGL virtualization for AppVMs. This is m
|
||||
|
||||
For further discussion about the potential for GPU passthorugh on Xen/Qubes, please see the following threads:
|
||||
|
||||
- [GPU passing to HVM](https://groups.google.com/group/qubes-devel/browse_frm/thread/31f1f2da39978573?scoring=d&q=GPU&)
|
||||
- [Clarifications on GPU security](https://groups.google.com/group/qubes-devel/browse_frm/thread/31e2d8a47c8b4474?scoring=d&q=GPU&)
|
||||
- [GPU passing to HVM](https://groups.google.com/group/qubes-devel/browse_frm/thread/31f1f2da39978573?scoring=d&q=GPU&)
|
||||
- [Clarifications on GPU security](https://groups.google.com/group/qubes-devel/browse_frm/thread/31e2d8a47c8b4474?scoring=d&q=GPU&)
|
||||
|
||||
### Is Qubes a multi-user system?
|
||||
|
||||
No. Qubes does not pretend to be a multi-user system. Qubes assumes that the user who controls Dom0 controls the whole system. It would be very difficult to **securely** implement multi-user support. See [here](https://groups.google.com/group/qubes-devel/msg/899f6f3efc4d9a06) for details.
|
||||
No. Qubes does not pretend to be a multi-user system. Qubes assumes that the user who controls Dom0 controls the whole system. It would be very difficult to **securely** implement multi-user support. See [here](https://groups.google.com/group/qubes-devel/msg/899f6f3efc4d9a06) for details.
|
||||
|
||||
Installation & Hardware Compatibility
|
||||
-------------------------------------
|
||||
@ -142,7 +142,7 @@ Yes. You can even run a NetVM, but you will not benefit from DMA protection for
|
||||
|
||||
### Can I use AMD-v instead of VT-x?
|
||||
|
||||
See [this message](http://groups.google.com/group/qubes-devel/msg/6412170cfbcb4cc5).
|
||||
See [this message](http://groups.google.com/group/qubes-devel/msg/6412170cfbcb4cc5).
|
||||
|
||||
### Can I install Qubes in a virtual machine (e.g., on VMWare)?
|
||||
|
||||
@ -159,11 +159,11 @@ Common Problems
|
||||
|
||||
### My AppVMs lost Internet access after a TemplateVM update. What should I do?
|
||||
|
||||
Run `systemctl enable NetworkManager-dispatcher.service` in the TemplateVM upon which your NetVM is based. You may have to reboot afterward for the change to take effect. (Note: This is an upstream problem. See [here](https://bugzilla.redhat.com/show_bug.cgi?id=974811). For details, see the qubes-users mailing list threads [here](https://groups.google.com/d/topic/qubes-users/xPLGsAJiDW4/discussion) and [here](https://groups.google.com/d/topic/qubes-users/uN9G8hjKrGI/discussion).)
|
||||
Run `systemctl enable NetworkManager-dispatcher.service` in the TemplateVM upon which your NetVM is based. You may have to reboot afterward for the change to take effect. (Note: This is an upstream problem. See [here](https://bugzilla.redhat.com/show_bug.cgi?id=974811). For details, see the qubes-users mailing list threads [here](https://groups.google.com/d/topic/qubes-users/xPLGsAJiDW4/discussion) and [here](https://groups.google.com/d/topic/qubes-users/uN9G8hjKrGI/discussion).)
|
||||
|
||||
### My keyboard layout settings are not behaving correctly. What should I do?
|
||||
|
||||
Please read [this disccusion](https://groups.google.com/d/topic/qubes-devel/d8ZQ_62asKI/discussion).
|
||||
Please read [this disccusion](https://groups.google.com/d/topic/qubes-devel/d8ZQ_62asKI/discussion).
|
||||
|
||||
### My dom0 and/or TemplateVM update stalls when attempting to update via the GUI tool. What should I do?
|
||||
|
||||
|
||||
@ -8,7 +8,7 @@ redirect_from: /wiki/VMSudo/
|
||||
Password-less root access in VM
|
||||
===============================
|
||||
|
||||
Background ([/etc/sudoers.d/qubes](http://git.qubes-os.org/?p=qubes-r2/core-agent-linux.git;a=blob;f=misc/qubes.sudoers;hb=HEAD) in VM):
|
||||
Background ([/etc/sudoers.d/qubes](http://git.qubes-os.org/?p=qubes-r2/core-agent-linux.git;a=blob;f=misc/qubes.sudoers;hb=HEAD) in VM):
|
||||
|
||||
{% highlight trac-wiki %}
|
||||
user ALL=(ALL) NOPASSWD: ALL
|
||||
|
||||
2
VPN.md
2
VPN.md
@ -8,7 +8,7 @@ redirect_from: /wiki/VPN/
|
||||
How To make a VPN Gateway in Qubes
|
||||
----------------------------------
|
||||
|
||||
The simplest case if you set up a VPN connection using the Network Manager inside one of your VMs. Setting up such a connection is really not Qubes specific and it is documented in Your Operating system documentation. If you using the Qubes default Guest OS (Fedora): [Establishing a VPN Connection](http://docs.fedoraproject.org/en-US/Fedora/18/html/System_Administrators_Guide/sec-Establishing_a_VPN_Connection.html)
|
||||
The simplest case if you set up a VPN connection using the Network Manager inside one of your VMs. Setting up such a connection is really not Qubes specific and it is documented in Your Operating system documentation. If you using the Qubes default Guest OS (Fedora): [Establishing a VPN Connection](http://docs.fedoraproject.org/en-US/Fedora/18/html/System_Administrators_Guide/sec-Establishing_a_VPN_Connection.html)
|
||||
|
||||
The Qubes specific part is choose the right VM for the VPN client:
|
||||
|
||||
|
||||
@ -28,15 +28,15 @@ However, for digital signatures to make any sense, we must ensure that the publi
|
||||
Importing Qubes Signing Keys
|
||||
----------------------------
|
||||
|
||||
Every file published by the Qubes Project (ISO, RPM, TGZ files and git repositories) is digitally signed by one of the developer or release signing keys. Each such key is signed by the Qubes Master Signing Key ([\`0x36879494\`](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc)).
|
||||
Every file published by the Qubes Project (ISO, RPM, TGZ files and git repositories) is digitally signed by one of the developer or release signing keys. Each such key is signed by the Qubes Master Signing Key ([\`0x36879494\`](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc)).
|
||||
|
||||
The public portion of the Qubes Master Signing Key can be imported directly from a [ keyserver](https://en.wikipedia.org/wiki/Key_server_%28cryptographic%29#Keyserver_examples) (specified on first use with --keyserver URI, keyserver saved in \~/.gnupg/gpg.conf), e.g.,
|
||||
The public portion of the Qubes Master Signing Key can be imported directly from a [ keyserver](https://en.wikipedia.org/wiki/Key_server_%28cryptographic%29#Keyserver_examples) (specified on first use with --keyserver URI, keyserver saved in \~/.gnupg/gpg.conf), e.g.,
|
||||
|
||||
{% highlight trac-wiki %}
|
||||
gpg --keyserver pool.sks-keyservers.net --recv-keys 0x427F11FD0FAA4B080123F01CDDFA1A3E36879494
|
||||
{% endhighlight %}
|
||||
|
||||
or downloaded [here](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc) and imported with gpg,
|
||||
or downloaded [here](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc) and imported with gpg,
|
||||
|
||||
{% highlight trac-wiki %}
|
||||
$ gpg --import ./qubes-master-signing-key.asc
|
||||
@ -48,7 +48,7 @@ or fetched directly with gpg.
|
||||
$ gpg --fetch-keys https://keys.qubes-os.org/keys/qubes-master-signing-key.asc
|
||||
{% endhighlight %}
|
||||
|
||||
For additional security we also publish the fingerprint of the Qubes Master Signing Key ([\`0x36879494\`](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc)) here in this document:
|
||||
For additional security we also publish the fingerprint of the Qubes Master Signing Key ([\`0x36879494\`](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc)) here in this document:
|
||||
|
||||
{% highlight trac-wiki %}
|
||||
pub 4096R/36879494 2010-04-01
|
||||
@ -56,9 +56,9 @@ pub 4096R/36879494 2010-04-01
|
||||
uid Qubes Master Signing Key
|
||||
{% endhighlight %}
|
||||
|
||||
There should also be a copy of this key at the project's main website, in the [Qubes Security Pack](/wiki/SecurityPack), and in the archives of the project's [developer](https://groups.google.com/forum/#!msg/qubes-devel/RqR9WPxICwg/kaQwknZPDHkJ) and [user](https://groups.google.com/d/msg/qubes-users/CLnB5uFu_YQ/ZjObBpz0S9UJ) mailing lists.
|
||||
There should also be a copy of this key at the project's main website, in the [Qubes Security Pack](/wiki/SecurityPack), and in the archives of the project's [developer](https://groups.google.com/forum/#!msg/qubes-devel/RqR9WPxICwg/kaQwknZPDHkJ) and [user](https://groups.google.com/d/msg/qubes-users/CLnB5uFu_YQ/ZjObBpz0S9UJ) mailing lists.
|
||||
|
||||
Once you have obtained the Qubes Master Signing Key ([\`0x36879494\`](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc)), you should verify the fingerprint of this key very carefully by obtaining copies of the fingerprint from trustworthy independent sources and comparing them to the downloaded key's fingerprint to ensure they match. Then set its trust level to "ultimate" (oh, well), so that it can be used to automatically verify all the keys signed by the Qubes Master Signing Key:
|
||||
Once you have obtained the Qubes Master Signing Key ([\`0x36879494\`](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc)), you should verify the fingerprint of this key very carefully by obtaining copies of the fingerprint from trustworthy independent sources and comparing them to the downloaded key's fingerprint to ensure they match. Then set its trust level to "ultimate" (oh, well), so that it can be used to automatically verify all the keys signed by the Qubes Master Signing Key:
|
||||
|
||||
{% highlight trac-wiki %}
|
||||
$ gpg --edit-key 0x36879494
|
||||
@ -104,7 +104,7 @@ gpg> q
|
||||
|
||||
Now you can easily download any of the developer or release signing keys that happen to be used to sign particular ISO, RPM, TGZ files or git tags.
|
||||
|
||||
For example: Qubes OS Release 2 Signing Key ([\`0x0A40E458\`](https://keys.qubes-os.org/keys/qubes-release-2-signing-key.asc)) is used for all Release 2 ISO images.
|
||||
For example: Qubes OS Release 2 Signing Key ([\`0x0A40E458\`](https://keys.qubes-os.org/keys/qubes-release-2-signing-key.asc)) is used for all Release 2 ISO images.
|
||||
|
||||
{% highlight trac-wiki %}
|
||||
$ gpg --recv-keys 0x3F01DEF49719158EF86266F80C73B9D40A40E458
|
||||
@ -117,9 +117,9 @@ gpg: Total number processed: 1
|
||||
gpg: imported: 1 (RSA: 1)
|
||||
{% endhighlight %}
|
||||
|
||||
You can also download all the currently used developers' signing keys and current and older release signing keys (and also a copy of the Qubes Master Signing Key) from the [keys directory on our server](https://keys.qubes-os.org/keys/) and from the [Qubes Security Pack](/wiki/SecurityPack).
|
||||
You can also download all the currently used developers' signing keys and current and older release signing keys (and also a copy of the Qubes Master Signing Key) from the [keys directory on our server](https://keys.qubes-os.org/keys/) and from the [Qubes Security Pack](/wiki/SecurityPack).
|
||||
|
||||
The developer signing keys are set to be valid for 1 year only, while the Qubes Master Signing Key ([\`0x36879494\`](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc)) has no expiration date. This latter key was generated and is kept only within a dedicated, air-gapped "vault" machine, and the private portion will (hopefully) never leave this isolated machine.
|
||||
The developer signing keys are set to be valid for 1 year only, while the Qubes Master Signing Key ([\`0x36879494\`](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc)) has no expiration date. This latter key was generated and is kept only within a dedicated, air-gapped "vault" machine, and the private portion will (hopefully) never leave this isolated machine.
|
||||
|
||||
You can now verify the ISO image (Qubes-R2-x86\_64-DVD.iso) matches its signature (Qubes-R2-x86\_64-DVD.iso.asc):
|
||||
|
||||
@ -133,7 +133,7 @@ gpg: Good signature from "Qubes OS Release 2 Signing Key"
|
||||
gpg: binary signature, digest algorithm SHA1
|
||||
{% endhighlight %}
|
||||
|
||||
The Release 2 Signing Key ([\`0x0A40E458\`](https://keys.qubes-os.org/keys/qubes-release-2-signing-key.asc)) used to sign this ISO image should be signed by the Qubes Master Signing Key ([\`0x36879494\`](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc)):
|
||||
The Release 2 Signing Key ([\`0x0A40E458\`](https://keys.qubes-os.org/keys/qubes-release-2-signing-key.asc)) used to sign this ISO image should be signed by the Qubes Master Signing Key ([\`0x36879494\`](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc)):
|
||||
|
||||
{% highlight trac-wiki %}
|
||||
$ gpg --list-sig 0A40E458
|
||||
@ -145,7 +145,7 @@ sig 3 0A40E458 2012-11-15 Qubes OS Release 2 Signing Key
|
||||
|
||||
Having problems verifying the ISO images? Make sure you have the corresponding release signing key and see this thread:
|
||||
|
||||
[https://groups.google.com/group/qubes-devel/browse\_thread/thread/4bdec1cd19509b38/9f8e219c41e1b232](https://groups.google.com/group/qubes-devel/browse_thread/thread/4bdec1cd19509b38/9f8e219c41e1b232)
|
||||
[https://groups.google.com/group/qubes-devel/browse\_thread/thread/4bdec1cd19509b38/9f8e219c41e1b232](https://groups.google.com/group/qubes-devel/browse_thread/thread/4bdec1cd19509b38/9f8e219c41e1b232)
|
||||
|
||||
Verifying Qubes Code
|
||||
--------------------
|
||||
|
||||
@ -40,4 +40,4 @@ We mark each component version in the repository by tag containing `v<version>`.
|
||||
|
||||
At the release of some release we create branches named like `release2`. Only bugfixes and compatible improvements are backported to these branches. These branches should compile. All new development is done in `master` branch. This branch is totally unsupported and may not even compile depending on maintainer of repository.
|
||||
|
||||
All version and release tags should be made and signed by someone from ITL staff. Public keys are included in `qubes-builder` and available at [http://keys.qubes-os.org/keys/](http://keys.qubes-os.org/keys/).
|
||||
All version and release tags should be made and signed by someone from ITL staff. Public keys are included in `qubes-builder` and available at [http://keys.qubes-os.org/keys/](http://keys.qubes-os.org/keys/).
|
||||
|
||||
36
WikiStart.md
36
WikiStart.md
@ -18,30 +18,30 @@ Qubes is an open-source operating system designed to provide strong security for
|
||||
|
||||
- [A Simple Introduction to Qubes](/wiki/SimpleIntro)
|
||||
- [Getting Started](/wiki/GettingStarted)
|
||||
- [Qubes OS Tutorial slides by ITL](http://www.invisiblethingslab.com/resources/2014/LinuxCon_2014_Qubes_Tutorial.pdf) (LinuxCon October 2014)
|
||||
- [Qubes OS Tutorial slides by ITL](http://www.invisiblethingslab.com/resources/2014/LinuxCon_2014_Qubes_Tutorial.pdf) (LinuxCon October 2014)
|
||||
- [Screenshots](/wiki/QubesScreenshots)
|
||||
- [Architecture Overview](/wiki/QubesArchitecture), and also the more recent: [Why Qubes OS is more than a bunch of VMs?](http://www.invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf)
|
||||
- [Architecture Overview](/wiki/QubesArchitecture), and also the more recent: [Why Qubes OS is more than a bunch of VMs?](http://www.invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf)
|
||||
- [Security](/wiki/QubesSecurity)
|
||||
- [FAQ](/wiki/UserFaq)
|
||||
- [User Documentation](/wiki/UserDoc)
|
||||
- [How is Qubes OS different from...?](http://theinvisiblethings.blogspot.com/2012/09/how-is-qubes-os-different-from.html)
|
||||
- Beyond Qubes R2 -- the [Qubes Odyssey Framework](http://theinvisiblethings.blogspot.com/2013/03/introducing-qubes-odyssey-framework.html)
|
||||
- [How is Qubes OS different from...?](http://theinvisiblethings.blogspot.com/2012/09/how-is-qubes-os-different-from.html)
|
||||
- Beyond Qubes R2 -- the [Qubes Odyssey Framework](http://theinvisiblethings.blogspot.com/2013/03/introducing-qubes-odyssey-framework.html)
|
||||
|
||||
Recent News
|
||||
-----------
|
||||
|
||||
- `Mar 21, 2013` Introducing Qubes Odyssey Framework [article](http://theinvisiblethings.blogspot.com/2013/03/introducing-qubes-odyssey-framework.html)
|
||||
- `Jun 21, 2013` Qubes OS R3 Alpha preview: Odyssey HAL in action! [announcement](http://theinvisiblethings.blogspot.com/2013/06/qubes-os-r3-alpha-preview-odyssey-hal.html)
|
||||
- `Nov 26, 2013` Windows 7 seamless GUI integration coming to Qubes OS! [article](http://theinvisiblethings.blogspot.com/2013/11/windows-7-seamless-gui-integration.html)
|
||||
- `Dec 11, 2013` Qubes OS R2 Beta 3 has been released! [announcement](http://theinvisiblethings.blogspot.com/2013/12/qubes-r2-beta-3-has-been-released.html)
|
||||
- `Feb 16, 2014` Qubes OS selected as a finalist of Access Innovation Prize 2014 for Endpoint Security Solution [announcement](https://www.accessnow.org/blog/2014/02/13/endpoint-security-prize-finalists-announced?utm_content=buffere803e&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer)
|
||||
- `Mar 28, 2014` [Article about Qubes OS](http://www.economist.com/blogs/babbage/2014/03/computer-security) in The Economist
|
||||
- `Apr 12, 2014` [Article about Qubes OS](https://pressfreedomfoundation.org/blog/2014/04/operating-system-can-protect-you-even-if-you-get-hacked) by the [Freedom of the Press Foundation](https://pressfreedomfoundation.org/about/board)
|
||||
- `Apr 21, 2014` Qubes OS R2 rc1 has been released! [announcement](http://theinvisiblethings.blogspot.com/2014/04/qubes-os-r2-rc1-has-been-released.html)
|
||||
- `Jul 03, 2014` ITL to present on Qubes OS at LinuxCon Europe: a keynote by Joanna Rutkowska and hands-on training by the core dev team! [conference website](http://events.linuxfoundation.org/events/linuxcon-europe)
|
||||
- `Jul 16, 2014` Qubes Wiki now uses a CA-signed SSL cert (but you might also want to [read](https://groups.google.com/forum/#!topic/qubes-users/LsDpKnwN6w8) also why this is mostly irrelevant)
|
||||
- `Aug 06, 2014` Qubes OS R2 rc2 has been released! [announcement](http://theinvisiblethings.blogspot.com/2014/08/qubes-os-r2-rc2-debian-template-ssled.html)
|
||||
- `Sep 26, 2014` **Qubes OS R2** has been released! [announcement](http://theinvisiblethings.blogspot.com/2014/09/announcing-qubes-os-release-2.html)
|
||||
- `Oct 19, 2014` LinuxCon EU 2014 slides: [keynote](http://www.invisiblethingslab.com/resources/2014/LinuxCon_2014_Qubes_Keynote.pdf) and [tutorial](http://www.invisiblethingslab.com/resources/2014/LinuxCon_2014_Qubes_Tutorial.pdf)
|
||||
- `Nov 20, 2014` [Article about Qubes OS](http://www.wired.com/2014/11/protection-from-hackers/) in Wired
|
||||
- `Mar 21, 2013` Introducing Qubes Odyssey Framework [article](http://theinvisiblethings.blogspot.com/2013/03/introducing-qubes-odyssey-framework.html)
|
||||
- `Jun 21, 2013` Qubes OS R3 Alpha preview: Odyssey HAL in action! [announcement](http://theinvisiblethings.blogspot.com/2013/06/qubes-os-r3-alpha-preview-odyssey-hal.html)
|
||||
- `Nov 26, 2013` Windows 7 seamless GUI integration coming to Qubes OS! [article](http://theinvisiblethings.blogspot.com/2013/11/windows-7-seamless-gui-integration.html)
|
||||
- `Dec 11, 2013` Qubes OS R2 Beta 3 has been released! [announcement](http://theinvisiblethings.blogspot.com/2013/12/qubes-r2-beta-3-has-been-released.html)
|
||||
- `Feb 16, 2014` Qubes OS selected as a finalist of Access Innovation Prize 2014 for Endpoint Security Solution [announcement](https://www.accessnow.org/blog/2014/02/13/endpoint-security-prize-finalists-announced?utm_content=buffere803e&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer)
|
||||
- `Mar 28, 2014` [Article about Qubes OS](http://www.economist.com/blogs/babbage/2014/03/computer-security) in The Economist
|
||||
- `Apr 12, 2014` [Article about Qubes OS](https://pressfreedomfoundation.org/blog/2014/04/operating-system-can-protect-you-even-if-you-get-hacked) by the [Freedom of the Press Foundation](https://pressfreedomfoundation.org/about/board)
|
||||
- `Apr 21, 2014` Qubes OS R2 rc1 has been released! [announcement](http://theinvisiblethings.blogspot.com/2014/04/qubes-os-r2-rc1-has-been-released.html)
|
||||
- `Jul 03, 2014` ITL to present on Qubes OS at LinuxCon Europe: a keynote by Joanna Rutkowska and hands-on training by the core dev team! [conference website](http://events.linuxfoundation.org/events/linuxcon-europe)
|
||||
- `Jul 16, 2014` Qubes Wiki now uses a CA-signed SSL cert (but you might also want to [read](https://groups.google.com/forum/#!topic/qubes-users/LsDpKnwN6w8) also why this is mostly irrelevant)
|
||||
- `Aug 06, 2014` Qubes OS R2 rc2 has been released! [announcement](http://theinvisiblethings.blogspot.com/2014/08/qubes-os-r2-rc2-debian-template-ssled.html)
|
||||
- `Sep 26, 2014` **Qubes OS R2** has been released! [announcement](http://theinvisiblethings.blogspot.com/2014/09/announcing-qubes-os-release-2.html)
|
||||
- `Oct 19, 2014` LinuxCon EU 2014 slides: [keynote](http://www.invisiblethingslab.com/resources/2014/LinuxCon_2014_Qubes_Keynote.pdf) and [tutorial](http://www.invisiblethingslab.com/resources/2014/LinuxCon_2014_Qubes_Tutorial.pdf)
|
||||
- `Nov 20, 2014` [Article about Qubes OS](http://www.wired.com/2014/11/protection-from-hackers/) in Wired
|
||||
|
||||
|
||||
@ -12,12 +12,12 @@ Debugging Windows code can be tricky in a virtualized environment. The guide bel
|
||||
|
||||
User-mode debugging is usually straightforward if it can be done on one machine. Just duplicate your normal debugging environment in the VM.
|
||||
|
||||
Things get complicated if you need to perform kernel debugging or troubleshoot problems that only manifest on system boot, user logoff or similar. For that you need two Windows VMs: the *host* and the *target*. The *host* will contain [WinDbg](http://msdn.microsoft.com/en-us/library/windows/hardware/ff551063(v=vs.85).aspx) installation, your source code and private symbols. The *target* will run the code being debugged. Both will be linked by virtual serial ports.
|
||||
Things get complicated if you need to perform kernel debugging or troubleshoot problems that only manifest on system boot, user logoff or similar. For that you need two Windows VMs: the *host* and the *target*. The *host* will contain [WinDbg](http://msdn.microsoft.com/en-us/library/windows/hardware/ff551063(v=vs.85).aspx) installation, your source code and private symbols. The *target* will run the code being debugged. Both will be linked by virtual serial ports.
|
||||
|
||||
- First, you need to prepare separate copies of both *target* and *host* VM configuration files with some changes. Copy the files from **/var/lib/qubes/appvms/vmname/vmname.conf** to some convenient location, let's call them **host.conf** and **target.conf**.
|
||||
- In both copied files add the following line at the end: `serial = 'pty'`. This will make Xen connect VM's serial ports to dom0's ptys.
|
||||
- From now on you need to start both VMs like this: `qvm-start --custom-config=/your/edited/host.conf host`
|
||||
- To connect both VM serial ports together you will either need [socat](http://www.dest-unreach.org/socat/) or a custom utility described later.
|
||||
- To connect both VM serial ports together you will either need [socat](http://www.dest-unreach.org/socat/) or a custom utility described later.
|
||||
- To determine which dom0 pty corresponds to VM's serial port you need to read xenstore, example script below:
|
||||
|
||||
#!/bin/sh
|
||||
@ -28,7 +28,7 @@ Things get complicated if you need to perform kernel debugging or troubleshoot p
|
||||
|
||||
Pass it a running VM name and it will output the corresponding pty name.
|
||||
|
||||
- To connect both ptys you can use [socat](http://www.dest-unreach.org/socat/) like that:
|
||||
- To connect both ptys you can use [socat](http://www.dest-unreach.org/socat/) like that:
|
||||
|
||||
#!/bin/sh
|
||||
|
||||
@ -41,7 +41,7 @@ Things get complicated if you need to perform kernel debugging or troubleshoot p
|
||||
...but there is a catch. Xen seems to process the traffic that goes through serial ports and changes all **0x0a** bytes into **0x0d, 0x0a** pairs (newline conversion). I didn't find a way to turn that off (setting ptys to raw mode didn't change anything) and it's not mentioned anywhere on the Internet, so maybe it's something on my system. If the above script works for you then you don't need anything more in dom0.
|
||||
|
||||
- On the *target* system, run `bcdedit /set debug on` on the console to turn on kernel debugging. It defaults to the first serial port.
|
||||
- On the *host* system, install [WinDbg](http://msdn.microsoft.com/en-us/library/windows/hardware/ff551063(v=vs.85).aspx) and start the kernel debug (Ctrl-K), choose **com1** as the debug port.
|
||||
- On the *host* system, install [WinDbg](http://msdn.microsoft.com/en-us/library/windows/hardware/ff551063(v=vs.85).aspx) and start the kernel debug (Ctrl-K), choose **com1** as the debug port.
|
||||
- Reboot the *target* VM.
|
||||
- Run the above shell script in dom0.
|
||||
- If everything is fine you should see the proper kernel debugging output in [WinDbg?](/wiki/WinDbg). However, if you see something like that:
|
||||
|
||||
10
ZFS.md
10
ZFS.md
@ -18,7 +18,7 @@ Install ZFS in Dom0
|
||||
Install DKMS style packages for Fedora <sup>(defunct\\ in\\ 0.6.2\\ due\\ to\\ spl/issues/284)</sup>
|
||||
----------------------------------------------------------------------------------------------------
|
||||
|
||||
Fetch and install repository for DKMS style packages for your Dom0 Fedora version [http://zfsonlinux.org/fedora.html](http://zfsonlinux.org/fedora.html):
|
||||
Fetch and install repository for DKMS style packages for your Dom0 Fedora version [http://zfsonlinux.org/fedora.html](http://zfsonlinux.org/fedora.html):
|
||||
|
||||
{% highlight trac-wiki %}
|
||||
disp1# wget http://archive.zfsonlinux.org/fedora/zfs-release-1-1$(rpm -E %dist).noarch.rpm
|
||||
@ -32,7 +32,7 @@ dom0# sudo qubes-dom0-update zfs
|
||||
Install DKMS style packages from git-repository
|
||||
-----------------------------------------------
|
||||
|
||||
Build and install your DKMS or KMOD packages as described in [http://zfsonlinux.org/generic-rpm.html](http://zfsonlinux.org/generic-rpm.html).
|
||||
Build and install your DKMS or KMOD packages as described in [http://zfsonlinux.org/generic-rpm.html](http://zfsonlinux.org/generic-rpm.html).
|
||||
|
||||
### Prerequisites steps in AppVM <sup>(i.e.\\ disp1)</sup>
|
||||
|
||||
@ -44,7 +44,7 @@ git clone https://github.com/zfsonlinux/spl.git
|
||||
git clone https://github.com/zfsonlinux/zfs.git
|
||||
{% endhighlight %}
|
||||
|
||||
Revert changes in SPL repository due to this bug: [https://github.com/zfsonlinux/spl/issues/284](https://github.com/zfsonlinux/spl/issues/284)
|
||||
Revert changes in SPL repository due to this bug: [https://github.com/zfsonlinux/spl/issues/284](https://github.com/zfsonlinux/spl/issues/284)
|
||||
|
||||
{% highlight trac-wiki %}
|
||||
cd ~/repositories/spl
|
||||
@ -189,6 +189,6 @@ Specifying a keyfile is especially useful, if ZFS should be ready during boot.
|
||||
Further Reading
|
||||
---------------
|
||||
|
||||
- [http://www.open-zfs.org](http://www.open-zfs.org)
|
||||
- [http://zfsonlinux.org](http://zfsonlinux.org)
|
||||
- [http://www.open-zfs.org](http://www.open-zfs.org)
|
||||
- [http://zfsonlinux.org](http://zfsonlinux.org)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user