suzanne.soy/qubes-doc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Clean up Live USB page

Browse Source
This commit is contained in:
Axon 2015-12-13 01:51:22 +00:00
parent 1387751739
commit 4f76c47c7f
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
1 changed files with 40 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
installing/live-usb.md
View File

@ -20,16 +20,14 @@ We have faced several challenges when making this Live USB edition of Qubes OS,
which traditional Linux distros don't have to bother with: which traditional Linux distros don't have to bother with:
1. We needed to ensure Xen is properly started when booting the stick. In fact 1. We needed to ensure Xen is properly started when booting the stick. In fact
we still don't support UEFI boot for the sitck for this reason, even though the we still don't support UEFI boot for the sitck for this reason, even though
Fedora liveusb creator we used does support it. Only legacy boot for this the Fedora liveusb creator we used does support it. Only legacy boot for this
version, sorry. version, sorry.
2. We discovered that the Fedora liveusb-create does *not* verify signatures on 2. We discovered that the Fedora liveusb-create does *not* verify signatures on
downloaded packages. We have temporarily fixed that by creating a local repo, downloaded packages. We have temporarily fixed that by creating a local repo,
verifying the signatures manually (ok, with a script ;) and then building from verifying the signatures manually (ok, with a script ;) and then building
there. Sigh. from there. Sigh.
3. We had to solve the problem of Qubes too easily triggering an Out Of Memory
3. We had to solve the problem of Qubes too easily triggering an `Out Of Memory`
condition in Dom0 when running as Live OS. condition in Dom0 when running as Live OS.
This last problem has been a result of Qubes using the copy-on-write backing for This last problem has been a result of Qubes using the copy-on-write backing for
@ -60,13 +58,14 @@ install on the main disk. Also, ensure UEFI boot works well.
stick. This would be achieved by allowing (select) VMs' private images to be stick. This would be achieved by allowing (select) VMs' private images to be
stored on the r/w partition (or on another stick). stored on the r/w partition (or on another stick).
2a. A nice variant of this persistence option, especially for frequent A nice variant of this persistence option, especially for frequent
travellers, I think, would be to augment our backup tools so that it was travellers, would be to augment our backup tools so that it was
possible to create a LiveUSB-hosted backups of select VMs. One could then pick a possible to create a LiveUSB-hosted backups of select VMs. One could then
few of their VMs, necessary for a specific travel, back them to a LiveUSB stick, pick a few of their VMs, necessary for a specific travel, back them to a
and take this stick when traveling to a hostile country (not risking taking LiveUSB stick, and take this stick when traveling to a hostile country (not
other, more sensitive ones for the travel). This should make life a bit simpler risking taking other, more sensitive ones for the travel). This should make
[for some...](https://twitter.com/rootkovska/status/541980196849872896) life a bit simpler
[for some](https://twitter.com/rootkovska/status/541980196849872896).
3. Introduce more useful preconfigured VMs setup, especially including 3. Introduce more useful preconfigured VMs setup, especially including
Whonix/Tor VMs. Whonix/Tor VMs.
@ -75,30 +74,24 @@ Whonix/Tor VMs.
Current limitations Current limitations
------------------- -------------------
0. It's considered an alpha currently, so meter your expectations (Remember that Qubes Live USB is currently in alpha, so please meter your
accordingly... expectations accordingly.)
1. Currently just the 3 example VMs (untrusted, personal, work), plus the 1. Currently just the 3 example VMs (untrusted, personal, work), plus the
default net and firewall VMs are created automatically. default net and firewall VMs are created automatically.
2. The user has an option to manually (i.e. via command line) create an 2. The user has an option to manually (i.e. via command line) create an
additional partition, e.g. for storing GPG keyring, and then mounting it to a additional partition, e.g. for storing GPG keyring, and then mounting it to a
select VMs. This is to add poor-man's persistence. We will be working on select VMs. This is to add poor-man's persistence. We will be working on
improving/automating that, of course. improving/automating that, of course.
3. Currently there is no option of "install to disk". We will be adding this 3. Currently there is no option of "install to disk". We will be adding this
in the future. in the future.
4. The amount of "disk" space is limited by the amount of RAM the laptop 4. The amount of "disk" space is limited by the amount of RAM the laptop
has. This has a side effect of e.g. not being able to restore (even few) VMs has. This has a side effect of e.g. not being able to restore (even few) VMs
from a large Qubes backup blob. from a large Qubes backup blob.
5. It's easy to generate Out Of Memory (OOM) in Dom0 rather easily by creating 5. It's easy to generate Out Of Memory (OOM) in Dom0 rather easily by creating
lots of VMs which are writing a lot into the VMs filesystem. lots of VMs which are writing a lot into the VMs filesystem.
6. There is no DispVM savefile, so if one starts one the savefile must be 6. There is no DispVM savefile, so if one starts one the savefile must be
regenerated which takes about 1-2 minutes. regenerated which takes about 1-2 minutes.
7. UEFI boot doesn't work, and if you try booting it via UEFI Xen will not be 7. UEFI boot doesn't work, and if you try booting it via UEFI Xen will not be
started, rendering the whole experiment unusable. started, rendering the whole experiment unusable.
@ -108,7 +101,6 @@ Downloading and burning
1. Download the ISO (and its signature for verification) from the 1. Download the ISO (and its signature for verification) from the
[downloads page](/downloads/#qubes-live-usb-alpha/). [downloads page](/downloads/#qubes-live-usb-alpha/).
2. "Burn" (copy) the ISO onto a USB drive (replace `/dev/sdX` with your USB 2. "Burn" (copy) the ISO onto a USB drive (replace `/dev/sdX` with your USB
drive device): drive device):
@ -117,6 +109,6 @@ Downloading and burning
Note that you should specify the whole device, (e.g. `/dev/sdc`, not a single Note that you should specify the whole device, (e.g. `/dev/sdc`, not a single
partition, e.g. `/dev/sdc1`). partition, e.g. `/dev/sdc1`).
**Caution:** It is very easy to misuse the `dd` command. If you mix up `if` and **Caution:** It is very easy to misuse the `dd` command. If you mix up `if`
`of` or specify an incorrect device, you could accidentally overwrite your and `of` or specify an incorrect device, you could accidentally overwrite
primary system drive. Please be careful! your primary system drive. Please be careful!