First pass for all titles still using the old '=====' syntax https://github.com/QubesOS/qubes-issues/issues/6701#issuecomment-862060759
6.3 KiB
lang | layout | redirect_from | ref | title | |
---|---|---|---|---|---|
en | doc |
|
23 | Qubes R4.0 release notes |
========================
New features since 3.2
- Core management scripts rewrite with better structure and extensibility, API documentation
- Admin API allowing strictly controlled managing from non-dom0
- All
qvm-*
command-line tools rewritten, some options have changed - Renaming VM directly is prohibited, there is GUI to clone under new name and remove old VM
- Use PVH and HVM by default to mitigate Meltdown & Spectre and lower the attack surface on Xen
- Create USB VM by default
- Multiple DisposableVMs templates support
- New backup format using scrypt key-derivation function
- Non-encrypted backups no longer supported
- split VM packages, for better support minimal, specialized templates
- Qubes Manager decomposition - domains and devices widgets instead of full Qubes Manager; devices widget support also USB
- More flexible firewall interface for ease unikernel integration
- Template VMs do not have network interface by default, qrexec-based updates proxy is used instead
- More flexible IP addressing for VMs - custom IP, hidden from the IP
- More flexible Qubes RPC policy - related ticket, documentation
- New Qubes RPC confirmation window, including option to specify destination VM
- New storage subsystem design
- Dom0 update to Fedora 25 for better hardware support
- Kernel 4.9.x
You can get detailed description in completed github issues
Security Notes
-
PV VMs migrated from 3.2 to 4.0-rc4 or later are automatically set to PVH mode in order to protect against Meltdown (see QSB #37). However, PV VMs migrated from any earlier 4.0 release candidate (RC1, RC2, or RC3) are not automatically set to PVH mode. These must be set manually.
-
The following steps may need to be applied in dom0 and Fedora 26 TemplateVMs in order to receive updates (see #3737).
Steps for dom0 updates:
-
Open the Qubes Menu by clicking on the "Q" icon in the top-left corner of the screen.
-
Select
Terminal Emulator
. -
In the window that opens, enter this command:
sudo nano /etc/yum.repos.d/qubes-dom0.repo
-
This opens the nano text editor. Change all four instances of
http
tohttps
. -
Press
CTRL+X
, thenY
, thenENTER
to save changes and exit. -
Check for updates normally.
Steps for Fedora 26 TemplateVM updates:
-
Open the Qubes Menu by clicking on the "Q" icon in the top-left corner of the screen.
-
Select
Template: fedora-26
, thenfedora-26: Terminal
. -
In the window that opens, enter the command for your version:
[Qubes 3.2] sudo gedit /etc/yum.repos.d/qubes-r3.repo [Qubes 4.0] sudo gedit /etc/yum.repos.d/qubes-r4.repo
-
This opens the gedit text editor in a window. Change all four instances of
http
tohttps
. -
Click the "Save" button in the top-right corner of the window.
-
Close the window.
-
Check for updates normally.
-
Shut down the TemplateVM.
-
Known issues
-
Locale using coma as decimal separator crashes qubesd. Either install with different locale (English (United States) for example), or manually apply fix explained in that issue.
-
In the middle of installation, keyboard layout reset to US. Be careful what is the current layout while setting default user password (see upper right screen corner).
-
On some laptops (for example Librem 15v2), touchpad do not work directly after installation. Reboot the system to fix the issue.
-
List of USB devices may contain device identifiers instead of name
-
With R4.0.1, which ships kernel-4.19, you may never reach the anaconda startup and be block on an idle black screen with blinking cursor. You can try to add
plymouth.ignore-serial-consoles
in the grub installer boot menu right afterquiet rhgb
. With legacy mode, you can do it directly when booting the DVD or USB key. In UEFI mode, follow the same procedure described for disablingnouveau
module (related solved issue in further version of Qubes). -
For other known issues take a look at our tickets
It is advised to install updates just after system installation to apply bug fixes for (some of) the above problems.
Downloads
See Qubes Downloads.
Installation instructions
See Installation Guide.
Upgrading
There is no in-place upgrade path from earlier Qubes versions. The only supported option to upgrade to Qubes R4.0 is to install it from scratch and use qubes backup and restore tools for migrating of all of the user VMs. We also provide detailed instruction for this procedure.