========================
Qubes R4.0 release notes
========================
New features since 3.2
----------------------
- Core management scripts rewrite with better structure and
extensibility, `API documentation `__
- `Admin API `__ allowing strictly
controlled managing from non-dom0
- All ``qvm-*`` command-line tools rewritten, some options have changed
- Renaming VM directly is prohibited, there is GUI to clone under new
name and remove old VM
- Use
`PVH `__
and `HVM `__ by
default to `mitigate Meltdown & Spectre `__
and lower the `attack surface on Xen `__
- Create USB VM by default
- `Multiple DisposableVMs templates support `__
- New :doc:`backup format ` using
scrypt key-derivation function
- Non-encrypted backups no longer supported
- `split VM packages `__,
for better support minimal, specialized templates
- `Qubes Manager decomposition `__
- domains and devices widgets instead of full Qubes Manager; devices
widget support also USB
- :doc:`More flexible firewall interface ` for ease
unikernel integration
- Template VMs do not have network interface by default, `qrexec-based updates proxy `__ is
used instead
- More flexible IP addressing for VMs - `custom IP `__, `hidden from the IP `__
- More flexible Qubes RPC policy - `related ticket `__,
:ref:`documentation `
- `New Qubes RPC confirmation window `__,
including option to specify destination VM
- `New storage subsystem design `__
- Dom0 update to Fedora 25 for better hardware support
- Kernel 4.9.x
You can get detailed description in `completed github issues `__
Security Notes
--------------
- PV VMs migrated from 3.2 to 4.0-rc4 or later are automatically set to
PVH mode in order to protect against Meltdown (see `QSB #37 `__).
However, PV VMs migrated from any earlier 4.0 release candidate (RC1,
RC2, or RC3) are not automatically set to PVH mode. These must be set
manually.
- The following steps may need to be applied in dom0 and Fedora 26
TemplateVMs in order to receive updates (see
`#3737 `__).
Steps for dom0 updates:
1. Open the Qubes Menu by clicking on the “Q” icon in the top-left
corner of the screen.
2. Select ``Terminal Emulator``.
3. In the window that opens, enter this command:
.. code:: bash
sudo nano /etc/yum.repos.d/qubes-dom0.repo
4. This opens the nano text editor. Change all four instances of
``http`` to ``https``.
5. Press ``CTRL+X``, then ``Y``, then ``ENTER`` to save changes and
exit.
6. Check for updates normally.
Steps for Fedora 26 TemplateVM updates:
1. Open the Qubes Menu by clicking on the “Q” icon in the top-left
corner of the screen.
2. Select ``Template: fedora-26``, then ``fedora-26: Terminal``.
3. In the window that opens, enter the command for your version:
.. code:: bash
[Qubes 3.2] sudo gedit /etc/yum.repos.d/qubes-r3.repo
[Qubes 4.0] sudo gedit /etc/yum.repos.d/qubes-r4.repo
4. This opens the gedit text editor in a window. Change all four
instances of ``http`` to ``https``.
5. Click the “Save” button in the top-right corner of the window.
6. Close the window.
7. Check for updates normally.
8. Shut down the TemplateVM.
Known issues
------------
- Locale using coma as decimal separator `crashes qubesd `__.
Either install with different locale (English (United States) for
example), or manually apply fix explained in that issue.
- In the middle of installation, `keyboard layout reset to US `__. Be
careful what is the current layout while setting default user
password (see upper right screen corner).
- On some laptops (for example Librem 15v2), touchpad do not work
directly after installation. Reboot the system to fix the issue.
- List of USB devices may contain device identifiers instead of name
- With R4.0.1, which ships kernel-4.19, you may never reach the
anaconda startup and be block on an idle black screen with blinking
cursor. You can try to add ``plymouth.ignore-serial-consoles`` in the
grub installer boot menu right after ``quiet rhgb``. With legacy
mode, you can do it directly when booting the DVD or USB key. In UEFI
mode, follow the same procedure described for
:ref:`disabling `
``nouveau`` module (related `solved issue `__ in
further version of Qubes).
- For other known issues take a look at `our tickets `__
It is advised to install updates just after system installation to apply
bug fixes for (some of) the above problems.
Downloads
---------
See :doc:`Qubes Downloads `.
Installation instructions
-------------------------
See :doc:`Installation Guide `.
Upgrading
---------
There is no in-place upgrade path from earlier Qubes versions. The only
supported option to upgrade to Qubes R4.0 is to install it from scratch
and use :doc:`qubes backup and restore tools ` for
migrating of all of the user VMs. We also provide :doc:`detailed instruction ` for this procedure.