From 1fc7bc98beca642e75942c603beefa48c8698e31 Mon Sep 17 00:00:00 2001 From: ubestemt Date: Mon, 24 Apr 2017 14:06:01 +0000 Subject: [PATCH 001/214] Create w3m.md How to reduce the fingerprint of the text-based web browser w3m. --- configuration/w3m.md | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 configuration/w3m.md diff --git a/configuration/w3m.md b/configuration/w3m.md new file mode 100644 index 00000000..29198ad2 --- /dev/null +++ b/configuration/w3m.md @@ -0,0 +1,35 @@ +--- +layout: doc +title: Reducing the fingerprint of the text-based web browser w3m +permalink: /doc/w3m/ +redirect_from: +- /en/doc/mutt/ +- /doc/W3m/ +- /wiki/W3m/ +--- + +Reducing the fingerprint of the text-based web browser w3m +==== + +[w3m](http://w3m.sourceforge.net/) 'is a text-based web browser as well as a pager like `more` or `less`. With w3m you can browse web pages through a terminal emulator window (xterm, rxvt or something like that). Moreover, w3m can be used as a text formatting tool which typesets HTML into plain text.' + +You can reduce the [fingerprint](https://panopticlick.eff.org/about#browser-fingerprinting) of w3m by adjusting some settings to those of the Tor Browser Bunde (TBB) with JavaScript disabled. + +**BEWARE: As very few people use w3m for browsing chances are high that you will still be the only person with this fingerprint on your adversary's radar. Also, I am nothing but a wannabe security expert, so do not rely on my advise for anything critical.** + +Apply the following changes to `~/.w3m/config` in any AppVM you want to use w3m in. If you have not run w3m yet, you might need to copy the config file from elsewhere. You can also apply the same changes to `/etc/w3m/config` in the relevant TempVM(s) to have them apply to multiple AppVMs; but make sure they are not reversed by the contents of `~/.w3m/config` in any of the AppVMs. (w3m reads `~/.w3m/config` after `/etc/w3m/config`). + +* Set `user_agent` to `user_agent Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0`. +* Make w3m use the same HTTP_ACCEPT headers the TBB by adding the following lines at the end of the file: + + accept_language en-US,en;q=0.5 + accept_encoding gzip, deflate + accept_media text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 + +Testing the settings on ( does not work) returns a fingerprint that is destinguishable from that of the TBB (with JavaScript disabled) only by 'Screen Size (CSS)' and 'Browser supports HSTS?'.* Thus by using these settings (and browsing through a torified connection) you will be distinguishable from TBB users, but, if my assumptions are correct, not from me. That is, whoever uses these settings will have the same fingerprint as anyone else using w3m with the same configuration, but for the time being I am probably the only one. (According to Browserprint.info only I have this fingerprint.) + +PS: You still need to delete cookies manually (`~/.w3m/cookie`) if you are not running w3m in a DispVM anyway. If you set w3m to not accept cookies, its fingerprint will change. (You can configure w3m to not use store cookies or accept new ones (or both), but the setting `use_cookie` seems to really mean `accept_cookie` and vice-versa, so maybe it is best to delete them manually for now.) + +* * * + +\* Does someone know how to fix this? From 016f87759908360dca0c367570c83ac5e3dfe6d8 Mon Sep 17 00:00:00 2001 From: ubestemt Date: Mon, 24 Apr 2017 14:09:14 +0000 Subject: [PATCH 002/214] Add link to yet-to-be-accepted w3m.md --- doc.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc.md b/doc.md index 3ac75eb4..fcb07669 100644 --- a/doc.md +++ b/doc.md @@ -151,6 +151,7 @@ Configuration Guides * [Managing VM kernel](/doc/managing-vm-kernel/) * [Salt management stack](/doc/salt/) * [Adding SSD storage cache](https://groups.google.com/d/msgid/qubes-users/a08359c9-9eb0-4d1a-ad92-a8a9bc676ea6%40googlegroups.com) + * [Reducing the fingerprint of the text-based web browser w3m](/doc/w3m/) Customization Guides From 4d0252cfd510c71e910795a722ff0da943b1df3c Mon Sep 17 00:00:00 2001 From: ubestemt Date: Fri, 28 Apr 2017 12:02:40 +0000 Subject: [PATCH 003/214] Rewrite to make clearer what is does and does not --- configuration/w3m.md | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/configuration/w3m.md b/configuration/w3m.md index 29198ad2..4eeb3908 100644 --- a/configuration/w3m.md +++ b/configuration/w3m.md @@ -5,28 +5,35 @@ permalink: /doc/w3m/ redirect_from: - /en/doc/mutt/ - /doc/W3m/ -- /wiki/W3m/ +- /wiki/W3m/t --- Reducing the fingerprint of the text-based web browser w3m ==== +TL;DR: You can reduce the amount w3m tells about itself and the environment it is running in (and, by extension, you). **It will not make you anonymous; your fingerprint will still be unique.** But it may improve your privacy. + [w3m](http://w3m.sourceforge.net/) 'is a text-based web browser as well as a pager like `more` or `less`. With w3m you can browse web pages through a terminal emulator window (xterm, rxvt or something like that). Moreover, w3m can be used as a text formatting tool which typesets HTML into plain text.' -You can reduce the [fingerprint](https://panopticlick.eff.org/about#browser-fingerprinting) of w3m by adjusting some settings to those of the Tor Browser Bunde (TBB) with JavaScript disabled. +You can reduce the browser [fingerprint](https://panopticlick.eff.org/about#browser-fingerprinting) of w3m by adjusting some settings to those of the Tor Browser Bunde (TBB) with JavaScript disabled. -**BEWARE: As very few people use w3m for browsing chances are high that you will still be the only person with this fingerprint on your adversary's radar. Also, I am nothing but a wannabe security expert, so do not rely on my advise for anything critical.** - -Apply the following changes to `~/.w3m/config` in any AppVM you want to use w3m in. If you have not run w3m yet, you might need to copy the config file from elsewhere. You can also apply the same changes to `/etc/w3m/config` in the relevant TempVM(s) to have them apply to multiple AppVMs; but make sure they are not reversed by the contents of `~/.w3m/config` in any of the AppVMs. (w3m reads `~/.w3m/config` after `/etc/w3m/config`). +Apply the following changes to `~/.w3m/config` in any AppVM you want to use w3m in. If you have not run w3m yet, you might need to copy the config file from elsewhere. You can also apply the same changes to `/etc/w3m/config` in the relevant TemplateVM(s) to have them apply to multiple AppVMs; but make sure they are not reversed by the contents of `~/.w3m/config` in any of the AppVMs. (w3m reads `~/.w3m/config` after `/etc/w3m/config`). * Set `user_agent` to `user_agent Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0`. + + (By default w3m identifies itself as `w3m/` + version number. The user agent `Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0` is the most common and the one used by the TBB. One in fourteen browsers finderprinted by Panopticlick have this value.) + * Make w3m use the same HTTP_ACCEPT headers the TBB by adding the following lines at the end of the file: accept_language en-US,en;q=0.5 accept_encoding gzip, deflate accept_media text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 + + (These changes will hide your computer's locale and some other information that may or may not be unique to the VM in which it is running. With the modifications above the w3m will have the same headers as about one in fifteen browsers fingerprinted by Panopticlick.) + +Testing these settings on returns a fingerprint that is destinguishable from that of the TBB (with JavaScript disabled) only by 'Screen Size (CSS)' and 'Browser supports HSTS?'.\* ( does not work with w3m.) Due to the low number of w3m users it is highly likely that you will have an unique browser fingerprint among the visitors of a website using somewhat sofisticated browser fingerprinting technology. But at least your browser fingerprint will not reveal your computer's language settings or other specifics about it that could be contained in the HTTP_ACCEPT headers. And even if the browser you use may well be *inferred* from your fingerprint, it will not be explicitly stated in the User-Agent header. -Testing the settings on ( does not work) returns a fingerprint that is destinguishable from that of the TBB (with JavaScript disabled) only by 'Screen Size (CSS)' and 'Browser supports HSTS?'.* Thus by using these settings (and browsing through a torified connection) you will be distinguishable from TBB users, but, if my assumptions are correct, not from me. That is, whoever uses these settings will have the same fingerprint as anyone else using w3m with the same configuration, but for the time being I am probably the only one. (According to Browserprint.info only I have this fingerprint.) +**Reminder: Do not rely on these settings for anonymity. Using w3m is all but guaranteed to make you stand out in the crowd.** PS: You still need to delete cookies manually (`~/.w3m/cookie`) if you are not running w3m in a DispVM anyway. If you set w3m to not accept cookies, its fingerprint will change. (You can configure w3m to not use store cookies or accept new ones (or both), but the setting `use_cookie` seems to really mean `accept_cookie` and vice-versa, so maybe it is best to delete them manually for now.) From bac57503a3bb0e5f15de2073c9d7c5a494615bfc Mon Sep 17 00:00:00 2001 From: ubestemt Date: Fri, 28 Apr 2017 12:59:50 +0000 Subject: [PATCH 004/214] Minor edit. --- configuration/w3m.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/configuration/w3m.md b/configuration/w3m.md index 4eeb3908..76c7e6d4 100644 --- a/configuration/w3m.md +++ b/configuration/w3m.md @@ -11,17 +11,17 @@ redirect_from: Reducing the fingerprint of the text-based web browser w3m ==== -TL;DR: You can reduce the amount w3m tells about itself and the environment it is running in (and, by extension, you). **It will not make you anonymous; your fingerprint will still be unique.** But it may improve your privacy. +TL;DR: You can reduce the amount of information w3m gives about itself and the environment it is running in (and, by extension, you). **It will not make you anonymous; your fingerprint will still be unique.** But it may improve your privacy. [w3m](http://w3m.sourceforge.net/) 'is a text-based web browser as well as a pager like `more` or `less`. With w3m you can browse web pages through a terminal emulator window (xterm, rxvt or something like that). Moreover, w3m can be used as a text formatting tool which typesets HTML into plain text.' -You can reduce the browser [fingerprint](https://panopticlick.eff.org/about#browser-fingerprinting) of w3m by adjusting some settings to those of the Tor Browser Bunde (TBB) with JavaScript disabled. +You can reduce the [browser fingerprint](https://panopticlick.eff.org/about#browser-fingerprinting) of w3m by making it (the fingerprint) more like that of the Tor Browser Bunde (TBB) with JavaScript disabled. Apply the following changes to `~/.w3m/config` in any AppVM you want to use w3m in. If you have not run w3m yet, you might need to copy the config file from elsewhere. You can also apply the same changes to `/etc/w3m/config` in the relevant TemplateVM(s) to have them apply to multiple AppVMs; but make sure they are not reversed by the contents of `~/.w3m/config` in any of the AppVMs. (w3m reads `~/.w3m/config` after `/etc/w3m/config`). * Set `user_agent` to `user_agent Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0`. - (By default w3m identifies itself as `w3m/` + version number. The user agent `Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0` is the most common and the one used by the TBB. One in fourteen browsers finderprinted by Panopticlick have this value.) + By default w3m identifies itself as `w3m/` + version number. The user agent `Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0` is the most common and the one used by the TBB. One in fourteen browsers finderprinted by Panopticlick has this value. * Make w3m use the same HTTP_ACCEPT headers the TBB by adding the following lines at the end of the file: @@ -29,9 +29,9 @@ Apply the following changes to `~/.w3m/config` in any AppVM you want to use w3m accept_encoding gzip, deflate accept_media text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 - (These changes will hide your computer's locale and some other information that may or may not be unique to the VM in which it is running. With the modifications above the w3m will have the same headers as about one in fifteen browsers fingerprinted by Panopticlick.) + These changes will hide your computer's locale and some other information that may or may not be unique to the VM in which it is running. With the modifications above w3m will have the same headers as about one in fifteen browsers fingerprinted by Panopticlick. -Testing these settings on returns a fingerprint that is destinguishable from that of the TBB (with JavaScript disabled) only by 'Screen Size (CSS)' and 'Browser supports HSTS?'.\* ( does not work with w3m.) Due to the low number of w3m users it is highly likely that you will have an unique browser fingerprint among the visitors of a website using somewhat sofisticated browser fingerprinting technology. But at least your browser fingerprint will not reveal your computer's language settings or other specifics about it that could be contained in the HTTP_ACCEPT headers. And even if the browser you use may well be *inferred* from your fingerprint, it will not be explicitly stated in the User-Agent header. +Testing these settings on returns a fingerprint that is destinguishable from that of the TBB (with JavaScript disabled) only by 'Screen Size (CSS)' and 'Browser supports HSTS?'.\* ( does not work with w3m.) Due to the low number of w3m users it is highly likely that you will have an unique browser fingerprint among the visitors of a website using somewhat sofisticated browser fingerprinting technology. But at least your browser fingerprint will not reveal your computer's locale settings or other specifics about it in the HTTP_ACCEPT headers. And while it may be inferred from your fingerprint that you use w3m, it is not be explicitly stated in the User-Agent header. **Reminder: Do not rely on these settings for anonymity. Using w3m is all but guaranteed to make you stand out in the crowd.** From 0eab70bd636983a43aa490fa1d5422de4c81c02d Mon Sep 17 00:00:00 2001 From: ubestemt Date: Tue, 2 May 2017 21:13:41 +0000 Subject: [PATCH 005/214] Supplemented missing step; some rephrasing. --- building/building-archlinux-template.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/building/building-archlinux-template.md b/building/building-archlinux-template.md index a6b9948c..0f463ccb 100644 --- a/building/building-archlinux-template.md +++ b/building/building-archlinux-template.md @@ -77,7 +77,7 @@ redirect_from:

-## 4: Downloading and verifying the "Qubes Automated Build System" +## 4: Downloading and verifying the integrity the "Qubes Automated Build System" * Import the Qubes master key @@ -98,9 +98,10 @@ redirect_from: * Copy your gpg keyrings to your local copy of the repository. (Otherwise you will be asked to download the keys again.) - # Assuming qubes-builder is in your home directory - cp .gnupg/pubring.gpg qubes-builder/keyrings/git/ - cp .gnupg/trustdb.gpg qubes-builder/keyrings/git/ + # Execute the following commands in your home directory. + # It is assumed that the path to the repository is '~/qubes-builder'. + mkdir -p qubes-builder/keyrings/git + cp -t qubes-builder/keyrings/git/ .gnupg/pubring.gpg .gnupg/trustdb.gpg * Verify the integrity of the downloaded repository. The last line should read `gpg: Good signature from`... From 6d5a7e426e76c1e9327160b31a8122e1a3ac0e57 Mon Sep 17 00:00:00 2001 From: ubestemt Date: Tue, 9 May 2017 13:39:49 +0000 Subject: [PATCH 006/214] Minor edits. --- configuration/w3m.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/configuration/w3m.md b/configuration/w3m.md index 76c7e6d4..9586ef40 100644 --- a/configuration/w3m.md +++ b/configuration/w3m.md @@ -5,7 +5,7 @@ permalink: /doc/w3m/ redirect_from: - /en/doc/mutt/ - /doc/W3m/ -- /wiki/W3m/t +- /wiki/W3m/ --- Reducing the fingerprint of the text-based web browser w3m @@ -15,13 +15,11 @@ TL;DR: You can reduce the amount of information w3m gives about itself and the e [w3m](http://w3m.sourceforge.net/) 'is a text-based web browser as well as a pager like `more` or `less`. With w3m you can browse web pages through a terminal emulator window (xterm, rxvt or something like that). Moreover, w3m can be used as a text formatting tool which typesets HTML into plain text.' -You can reduce the [browser fingerprint](https://panopticlick.eff.org/about#browser-fingerprinting) of w3m by making it (the fingerprint) more like that of the Tor Browser Bunde (TBB) with JavaScript disabled. - -Apply the following changes to `~/.w3m/config` in any AppVM you want to use w3m in. If you have not run w3m yet, you might need to copy the config file from elsewhere. You can also apply the same changes to `/etc/w3m/config` in the relevant TemplateVM(s) to have them apply to multiple AppVMs; but make sure they are not reversed by the contents of `~/.w3m/config` in any of the AppVMs. (w3m reads `~/.w3m/config` after `/etc/w3m/config`). +You can reduce the [browser fingerprint](https://panopticlick.eff.org/about#browser-fingerprinting) by applying the following changes to `~/.w3m/config` in any AppVM you want to use w3m in. (If you have not run w3m yet, you might need to copy the config file from elsewhere.) You can also apply the same changes to `/etc/w3m/config` in the relevant TemplateVM(s) to have them apply to multiple AppVMs; but make sure they are not reversed by the contents of `~/.w3m/config` in any of the AppVMs. (w3m reads `~/.w3m/config` after `/etc/w3m/config`). * Set `user_agent` to `user_agent Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0`. - By default w3m identifies itself as `w3m/` + version number. The user agent `Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0` is the most common and the one used by the TBB. One in fourteen browsers finderprinted by Panopticlick has this value. + By default w3m identifies itself as `w3m/` + version number. The user agent `Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0` is the most common and the one used by the Tor Browser Bundle (TBB). One in fourteen browsers finderprinted by Panopticlick has this value. * Make w3m use the same HTTP_ACCEPT headers the TBB by adding the following lines at the end of the file: From d13f2a150b61080c0defdb64c56c697da69e6a70 Mon Sep 17 00:00:00 2001 From: ubestemt Date: Tue, 9 May 2017 13:41:04 +0000 Subject: [PATCH 007/214] Moved how-to to a more fitting section. --- doc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc.md b/doc.md index fcb07669..807a1177 100644 --- a/doc.md +++ b/doc.md @@ -124,6 +124,7 @@ Privacy Guides * [TorVM](/doc/torvm/) * [Martus](/doc/martus/) * [Signal](/doc/signal/) + * [Reducing the fingerprint of the text-based web browser w3m](/doc/w3m/) Configuration Guides @@ -151,7 +152,6 @@ Configuration Guides * [Managing VM kernel](/doc/managing-vm-kernel/) * [Salt management stack](/doc/salt/) * [Adding SSD storage cache](https://groups.google.com/d/msgid/qubes-users/a08359c9-9eb0-4d1a-ad92-a8a9bc676ea6%40googlegroups.com) - * [Reducing the fingerprint of the text-based web browser w3m](/doc/w3m/) Customization Guides From 22340ee8d9c969a22919de665f454d909bda8bbf Mon Sep 17 00:00:00 2001 From: ubestemt Date: Tue, 16 May 2017 11:39:29 +0000 Subject: [PATCH 008/214] Missing word. --- building/building-archlinux-template.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/building/building-archlinux-template.md b/building/building-archlinux-template.md index 0f463ccb..0601548b 100644 --- a/building/building-archlinux-template.md +++ b/building/building-archlinux-template.md @@ -77,7 +77,7 @@ redirect_from:

-## 4: Downloading and verifying the integrity the "Qubes Automated Build System" +## 4: Downloading and verifying the integrity of the "Qubes Automated Build System" * Import the Qubes master key From 7ce89cf1da4e82ceb0f913aa01f436595c50a4f5 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Wed, 27 Sep 2017 15:05:49 +0200 Subject: [PATCH 009/214] set Qubes policy to allow by default for USB Input --- common-tasks/usb.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/common-tasks/usb.md b/common-tasks/usb.md index dfddc3ed..de308de1 100644 --- a/common-tasks/usb.md +++ b/common-tasks/usb.md @@ -165,7 +165,7 @@ Edit the `qubes.InputKeyboard` policy file in dom0, which is located here: Add a line like this one to the top of the file: - sys-usb dom0 ask,user=root + sys-usb dom0 allow,user=root (Change `sys-usb` to your desired USB qube.) @@ -183,7 +183,7 @@ Edit the `qubes.InputMouse` policy file in dom0, which is located here: Add a line like this to the op of the file: - sys-usb dom0 ask,user=root + sys-usb dom0 allow,user=root (Change `sys-usb` to your desired USB qube.) From 47eb48bc868be4e4014071dca2fdab16a19bb6e8 Mon Sep 17 00:00:00 2001 From: NoobyNiceDev <33202028+NoobyNiceDev@users.noreply.github.com> Date: Sun, 29 Oct 2017 17:38:37 +0100 Subject: [PATCH 010/214] Warning Win10 Created usb On windows 10 machines created install USB drives can't accomplish media test. According to Issue 2051. --- installing/installation-guide.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/installing/installation-guide.md b/installing/installation-guide.md index e0b97bbd..10a111ce 100644 --- a/installing/installation-guide.md +++ b/installing/installation-guide.md @@ -76,6 +76,9 @@ partition (e.g., `/dev/sda1`). On Windows, you can use the [Rufus] tool. Be sure to select "DD image" mode (you need to do that **after** selecting the Qubes ISO): +**Warning:** If you do that on Windows 10, you can only install Qubes without +MediaTest, which isn't recommended. + Before proceeding with the installation, you are encouraged to first read all From 437cd39a0776ed319f42abd4be55de2a1e92433f Mon Sep 17 00:00:00 2001 From: Archjuna Date: Wed, 1 Nov 2017 18:52:03 +0100 Subject: [PATCH 011/214] Update signal.md --- privacy/signal.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/privacy/signal.md b/privacy/signal.md index a0fce3c2..b37363f9 100644 --- a/privacy/signal.md +++ b/privacy/signal.md @@ -38,6 +38,7 @@ If you're a Signal user on Android, you can now have Signal inside Qubes. this app with your phone. 6. Signal should now work in your AppVM. + Creating a Shortcut in the applications menu -------------------------------------------- @@ -101,6 +102,32 @@ This can also be used to add a application portable application/script from a ta 6. (optional, only on KDE:) Follow the `Q` menu once more, right-click on the new `Signal: Signal Private Messenger` menu item and select `Add to Panel`. +Use AppVM based on debian +--------------------------------------------------------------- + +If you don't use chromium, you can install signal with debian : + +1. (Optional)Create a TemplateVM (debian 8) + + [user@dom0 ~]$ sudo qubes-dom0-update qubes-template-debian-8 +2. Open a terminal in debian 8 + + [user@dom0 ~]$ qvm-run -a debian-8 gnome-terminal + +3. Use these commands in your terminal + + (Optional)[user@debian-8 ~]$ sudo apt-get install curl + [user@debian-8 ~]$ curl -s https://updates.signal.org/desktop/apt/keys.asc | sudo apt-key add - + [user@debian-8 ~]$ echo "deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main" | sudo tee -a /etc/apt/sources.list.d/signal-xenial.list + [user@debian-8 ~]$ sudo apt uptdate && sudo apt install signal-desktop + +5. Shutdown the TemplateVM : + + [user@dom0 ~]$ qvm-shutdown debian-8 + +6. Create a AppVM based on this TemplateVM +7. With your mouse select the `Q` menu -> `Domain: "AppVM Name"` -> `"AppVM Name": Add more shortcuts` + Select `Signal` from the left `Available` column, move it to the right `Selected` column by clicking the `>` button and then `OK` to apply the changes and close the window. ----- From 55cf63cc725cae216ebbce4c9ac43a545221cd0d Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Wed, 1 Nov 2017 22:31:00 -0500 Subject: [PATCH 012/214] Add warning about key verification (#476) --- privacy/signal.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/privacy/signal.md b/privacy/signal.md index b37363f9..bf80ba4b 100644 --- a/privacy/signal.md +++ b/privacy/signal.md @@ -105,6 +105,10 @@ This can also be used to add a application portable application/script from a ta Use AppVM based on debian --------------------------------------------------------------- +**CAUTION:** Before proceeding, please carefully read [On Digital Signatures and Key Verification][qubes-verifying-signatures]. +This website cannot guarantee that any PGP key you download from the Internet is authentic. +Always obtain a trusted key fingerprint via other channels, and always check any key you download against your trusted copy of the fingerprint. + If you don't use chromium, you can install signal with debian : 1. (Optional)Create a TemplateVM (debian 8) @@ -131,6 +135,7 @@ If you don't use chromium, you can install signal with debian : ----- +[qubes-verifying-signatures]: /security/verifying-signatures/ [Signal]: https://whispersystems.org/ [signal-wikipedia]: https://en.wikipedia.org/wiki/Signal_(software) [shortcut]: https://support.whispersystems.org/hc/en-us/articles/216839277-Where-is-Signal-Desktop-on-my-computer- From 0bb7473e1ffd7c75f6ff8a7780c2e183845febb2 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Wed, 1 Nov 2017 22:33:26 -0500 Subject: [PATCH 013/214] Clean up text (#476) --- privacy/signal.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/privacy/signal.md b/privacy/signal.md index bf80ba4b..5cc8ce0d 100644 --- a/privacy/signal.md +++ b/privacy/signal.md @@ -102,19 +102,20 @@ This can also be used to add a application portable application/script from a ta 6. (optional, only on KDE:) Follow the `Q` menu once more, right-click on the new `Signal: Signal Private Messenger` menu item and select `Add to Panel`. -Use AppVM based on debian ---------------------------------------------------------------- +Use an AppVM based on Debian +---------------------------- **CAUTION:** Before proceeding, please carefully read [On Digital Signatures and Key Verification][qubes-verifying-signatures]. This website cannot guarantee that any PGP key you download from the Internet is authentic. Always obtain a trusted key fingerprint via other channels, and always check any key you download against your trusted copy of the fingerprint. -If you don't use chromium, you can install signal with debian : +If you don't use Chromium, you can install signal with Debian: -1. (Optional)Create a TemplateVM (debian 8) +1. (Optional)Create a TemplateVM (Debian 8) [user@dom0 ~]$ sudo qubes-dom0-update qubes-template-debian-8 -2. Open a terminal in debian 8 + +2. Open a terminal in Debian 8 [user@dom0 ~]$ qvm-run -a debian-8 gnome-terminal @@ -123,13 +124,13 @@ If you don't use chromium, you can install signal with debian : (Optional)[user@debian-8 ~]$ sudo apt-get install curl [user@debian-8 ~]$ curl -s https://updates.signal.org/desktop/apt/keys.asc | sudo apt-key add - [user@debian-8 ~]$ echo "deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main" | sudo tee -a /etc/apt/sources.list.d/signal-xenial.list - [user@debian-8 ~]$ sudo apt uptdate && sudo apt install signal-desktop + [user@debian-8 ~]$ sudo apt update && sudo apt install signal-desktop 5. Shutdown the TemplateVM : [user@dom0 ~]$ qvm-shutdown debian-8 -6. Create a AppVM based on this TemplateVM +6. Create an AppVM based on this TemplateVM 7. With your mouse select the `Q` menu -> `Domain: "AppVM Name"` -> `"AppVM Name": Add more shortcuts` Select `Signal` from the left `Available` column, move it to the right `Selected` column by clicking the `>` button and then `OK` to apply the changes and close the window. From d8544f2d9c74aa9e27f30472e7c40f9b86a92412 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Mon, 6 Nov 2017 23:59:05 +0100 Subject: [PATCH 014/214] Update 4.0 release schedule --- releases/4.0/schedule.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/releases/4.0/schedule.md b/releases/4.0/schedule.md index 00bcf6af..b2cf0e4f 100644 --- a/releases/4.0/schedule.md +++ b/releases/4.0/schedule.md @@ -17,3 +17,6 @@ This schedule is based on [Version Scheme](/doc/version-scheme/#release-schedule | 28 Aug 2017
11 Sep 2017
9 Oct 2017
18 Oct 2017 | current-testing freeze before 4.0-rc2 | | 4 Sep 2017
18 Sep 2017
16 Oct 2017
23 Oct 2017 | 4.0-rc2 release | | 6 Nov 2017 | decide whether 4.0-rc2 is the final 4.0 | +| 20 Nov 2017 | current-testing freeze before 4.0-rc3 | +| 27 Nov 2017 | 4.0-rc3 release | +| 11 Dec 2017 | decide whether 4.0-rc3 is the final 4.0 | From 4b2d6119650321da1f46217d62f50e9c78d88fb9 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Tue, 14 Nov 2017 00:39:28 +0100 Subject: [PATCH 015/214] improve usage instructions --- security/yubi-key.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/security/yubi-key.md b/security/yubi-key.md index a01fff13..306e5316 100644 --- a/security/yubi-key.md +++ b/security/yubi-key.md @@ -88,9 +88,13 @@ To use this mode you need: ### Usage -When you want to unlock your screen, plug YubiKey into USB slot, then enter -password associated with YubiKey. If you configured so, YubiKey will request -confirmation by pressing button on it (it will blink). +When you want to unlock your screen... + +1) Plug YubiKey into USB slot. +2) Enter password associated with YubiKey. +3) Press Enter. +4) If you configured so, YubiKey will request confirmation by pressing button on it (it will blink). + When everything is ok, your screen will be unlocked. In any case you can still use your login password, but do it in secure location From 6c76f98d4562a89068e9fdb5a9b9965ee0db18d6 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Tue, 14 Nov 2017 00:46:52 +0100 Subject: [PATCH 016/214] more verbose instructions for Locking the screen when YubiKey is removed --- security/yubi-key.md | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/security/yubi-key.md b/security/yubi-key.md index a01fff13..77cd46e1 100644 --- a/security/yubi-key.md +++ b/security/yubi-key.md @@ -104,7 +104,9 @@ YubiKey. This will require creating simple qrexec service which will expose ability to lock the screen to your USB VM, and then adding udev hook to actually call that service. -1. First configure the qrexec service. Create `/etc/qubes-rpc/custom.LockScreen` (in dom0) +In dom0: + +1. First configure the qrexec service. Create `/etc/qubes-rpc/custom.LockScreen` with simple command to lock the screen. In case of xscreensaver (used in Xfce) it would be: @@ -115,7 +117,9 @@ would require creating `/etc/qubes-rpc/policy/custom.LockScreen` with: sys-usb dom0 allow -3. Create udev hook in your USB VM. Store it in `/rw/config` to have it +In your USB VM: + +3. Create udev hook. Store it in `/rw/config` to have it persistent across VM restarts. For example name the file `/rw/config/yubikey.rules`. Write there single line: @@ -126,8 +130,13 @@ persistent across VM restarts. For example name the file ln -s /rw/config/yubikey.rules /etc/udev/rules.d/ udevadm control --reload - Then make `/rw/config/rc.local` executable. For changes to take effect, you - need to call this script manually for the first time. +5. Then make `/rw/config/rc.local` executable. + + sudo chmod +x /rw/config/rc.local + +6. For changes to take effect, you need to call this script manually for the first time. + + sudo /rw/config/rc.local If you use KDE, the command(s) in first step would be different: From 353c8e841614c28029a2547ff0aea9c78fd6a193 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Wed, 15 Nov 2017 02:59:41 +0100 Subject: [PATCH 017/214] more useful link for USB keyboard --- security/yubi-key.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/yubi-key.md b/security/yubi-key.md index a01fff13..62032361 100644 --- a/security/yubi-key.md +++ b/security/yubi-key.md @@ -11,7 +11,7 @@ Using YubiKey to Qubes authentication ===================================== You can use YubiKey to enhance Qubes user authentication, for example to mitigate -risk of snooping the password. This can also slightly improve security when you have [USB keyboard](https://github.com/marmarek/qubes-app-linux-input-proxy). +risk of snooping the password. This can also slightly improve security when you have [USB keyboard](https://www.qubes-os.org/doc/usb/#security-warning-about-usb-input-devices). There (at least) two possible configurations: using OTP mode and using challenge-response mode. From a62f13f13c88aab7a11c060e9a8a60cc658b90f6 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Tue, 14 Nov 2017 21:15:14 -0600 Subject: [PATCH 018/214] Remove "unofficial" notice and fix typo QubesOS/qubes-issues#2876 --- basics_dev/package-contributions.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/basics_dev/package-contributions.md b/basics_dev/package-contributions.md index 56731da6..4665e0ec 100644 --- a/basics_dev/package-contributions.md +++ b/basics_dev/package-contributions.md @@ -7,8 +7,6 @@ permalink: /doc/package-contributions/ Package Contributions ===================== -**Notice:** *This is an unofficial draft. Once this information is official, this notice will be removed.* - We're very grateful to the talented and hard-working community members who contribute software packages to Qubes OS. This page explains the inclusion criteria and procedures for such packages, as well as the roles and responsibilities of those involved. @@ -23,7 +21,7 @@ In order to be accepted, packages must: * Have a clearly-defined use case for Qubes users. * Not be unduly burdensome to review. -(Please note that we always reserve the right add criteria to this list.) +(Please note that we always reserve the right to add criteria to this list.) Contribution Procedure ---------------------- From 9da16a9ee89898278d81ef517a3c278d88cb189f Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Tue, 14 Nov 2017 21:16:24 -0600 Subject: [PATCH 019/214] Add "Contribute packages" as a way to contribute QubesOS/qubes-issues#2876 --- basics_user/contributing.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/basics_user/contributing.md b/basics_user/contributing.md index 7af8c78f..b2ab9b59 100644 --- a/basics_user/contributing.md +++ b/basics_user/contributing.md @@ -17,6 +17,7 @@ ways in which you can help: * Audit the [source code] * [Report security issues] * [Send patches][patch] to fix bugs or implement features +* [Contribute packages] * [Report bugs] * [Test new releases and updates] * Submit [HCL reports] for your hardware @@ -60,6 +61,7 @@ be grateful to [receive your patch][patch]. [source code]: /doc/source-code/ [Report security issues]: /security/ [patch]: /doc/source-code/#how-to-send-patches +[Contribute packages]: /doc/package-contributions [Report bugs]: /doc/reporting-bugs/ [Test new releases and updates]: /doc/testing/ [HCL reports]: /doc/hcl/ From af529072cf6d460faede6b61c1a3647e34c95151 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Tue, 14 Nov 2017 21:17:19 -0600 Subject: [PATCH 020/214] Add Package Contributions page to doc index Closes QubesOS/qubes-issues#2876 --- doc.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc.md b/doc.md index e8f055e1..2f161a0a 100644 --- a/doc.md +++ b/doc.md @@ -207,6 +207,7 @@ The Basics * [Report a Security Issue](/security/) * [Report a Bug](/doc/reporting-bugs/) * [How to Contribute](/doc/contributing/) + * [Package Contributions](/doc/package-contributions/) * [Testing new releases and updates](/doc/testing/) * [Source Code](/doc/source-code/) * [Qubes OS License](/doc/license/) From 08d3c91c01bddc100c4f586a6b5c4de9e06322be Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Tue, 14 Nov 2017 21:35:29 -0600 Subject: [PATCH 021/214] Remove StackExchange link (QubesOS/qubes-issues#2880) --- basics_user/contributing.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/basics_user/contributing.md b/basics_user/contributing.md index b2ab9b59..b3e13b22 100644 --- a/basics_user/contributing.md +++ b/basics_user/contributing.md @@ -32,7 +32,6 @@ ways in which you can help: * Follow us on [Twitter] * Join us on [Reddit] * Like us on [Facebook] - * Support our [StackExchange] proposal * And last but not least, tell your friends and colleagues about how Qubes can help them secure their digital lives! @@ -74,7 +73,6 @@ be grateful to [receive your patch][patch]. [Twitter]: https://twitter.com/QubesOS [Reddit]: https://www.reddit.com/r/Qubes/ [Facebook]: https://www.facebook.com/QubesOS -[StackExchange]: https://area51.stackexchange.com/proposals/98519/qubes-os [GitHub issues]: https://github.com/QubesOS/qubes-issues/issues [qubes-devel]: /mailing-lists/#qubes-devel [Community-Developed Feature Tracker]: https://www.qubes-os.org/qubes-issues/ From e3c16ae26e69b8691be0d8607f3e0beba85b38da Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Wed, 15 Nov 2017 22:37:00 -0600 Subject: [PATCH 022/214] Consolidate FAQs into a single page (QubesOS/qubes-issues#2704) --- basics_user/user-faq.md => about/faq.md | 227 ++++++++++++------------ basics_dev/devel-faq.md | 62 ------- 2 files changed, 113 insertions(+), 176 deletions(-) rename basics_user/user-faq.md => about/faq.md (80%) delete mode 100644 basics_dev/devel-faq.md diff --git a/basics_user/user-faq.md b/about/faq.md similarity index 80% rename from basics_user/user-faq.md rename to about/faq.md index 8e55e191..8633c817 100644 --- a/basics_user/user-faq.md +++ b/about/faq.md @@ -1,75 +1,34 @@ --- -layout: doc -title: Users' FAQ -permalink: /doc/user-faq/ +layout: sidebar +title: FAQ +permalink: /faq/ redirect_from: +- /doc/user-faq/ - /en/doc/user-faq/ - /doc/UserFaq/ - /wiki/UserFaq/ +- /doc/devel-faq/ +- /en/doc/devel-faq/ +- /doc/DevelFaq/ +- /wiki/DevelFaq/ --- -Qubes Users' FAQ -================ +# Frequently Asked Questions -[General Questions](#general-questions) ---------------------------------------- - * [Is Qubes just another Linux distribution?](#is-qubes-just-another-linux-distribution) - * [How is Qubes different from other security solutions?](#how-is-qubes-different-from-other-security-solutions) - * [Does Qubes use full disk encryption (FDE)?](#does-qubes-use-full-disk-encryption-fde) - * [What is the main concept behind Qubes?](#what-is-the-main-concept-behind-qubes) - * [What about other approaches to security?](#what-about-other-approaches-to-security) - * [What about safe languages and formally verified microkernels?](#what-about-safe-languages-and-formally-verified-microkernels) - * [Why does Qubes use virtualization?](#why-does-qubes-use-virtualization) - * [What do all these terms mean?](#what-do-all-these-terms-mean) - * [Does Qubes run every app in a separate VM?](#does-qubes-run-every-app-in-a-separate-vm) - * [Why does Qubes use Xen instead of KVM or some other hypervisor?](#why-does-qubes-use-xen-instead-of-kvm-or-some-other-hypervisor) - * [What about this other/new (micro)kernel/hypervisor?](#what-about-this-othernew-microkernelhypervisor) - * [What's so special about Qubes' GUI virtualization?](#whats-so-special-about-qubes-gui-virtualization) - * [Can I watch YouTube videos in qubes?](#can-i-watch-youtube-videos-in-qubes) - * [Can I run applications, like games, which require 3D support?](#can-i-run-applications-like-games-which-require-3d-support) - * [Is Qubes a multi-user system?](#is-qubes-a-multi-user-system) - * [Why passwordless sudo?](#why-passwordless-sudo) - * [How should I report documentation issues?](#how-should-i-report-documentation-issues) - * [Will Qubes seek to get certified on the GNU Free System Distribution Guidelines (GNU FSDG)?](#will-qubes-seek-to-get-certified-under-the-gnu-free-system-distribution-guidelines-gnu-fsdg) - * [Should I trust this website?](#should-i-trust-this-website) - * [What does it mean to "distrust the infrastructure"?](#what-does-it-mean-to-distrust-the-infrastructure) - * [Why does this website use Cloudflare?](#why-does-this-website-use-cloudflare) - * [Why doesn't this website have security feature X?](#why-doesnt-this-website-have-security-feature-x) +## General & Security Questions -[Installation & Hardware Compatibility](#installation--hardware-compatibility) ------------------------------------------------------------------------------- - * [How much disk space does each qube require?](#how-much-disk-space-does-each-qube-require) - * [How much memory is recommended for Qubes?](#how-much-memory-is-recommended-for-qubes) - * [Can I install Qubes on a system without VT-x?](#can-i-install-qubes-on-a-system-without-vt-x) - * [Can I install Qubes on a system without VT-d?](#can-i-install-qubes-on-a-system-without-vt-d) - * [What is a DMA attack?](#what-is-a-dma-attack) - * [Can I use AMD-v instead of VT-x?](#can-i-use-amd-v-instead-of-vt-x) - * [Can I install Qubes in a virtual machine (e.g., on VMware)?](#can-i-install-qubes-in-a-virtual-machine-eg-on-vmware) - * [Why does my network adapter not work?](#why-does-my-network-adapter-not-work) - * [Can I install Qubes OS together with other operating system (dual-boot/multi-boot)?](#can-i-install-qubes-os-together-with-other-operating-system-dual-bootmulti-boot) +### What is the main concept behind Qubes? -[Common Problems](#common-problems) ------------------------------------ - * [Which version of Qubes am I running?](#which-version-of-qubes-am-i-running) - * [My qubes lost Internet access after a TemplateVM update. What should I do?](#my-qubes-lost-internet-access-after-a-templatevm-update-what-should-i-do) - * [My keyboard layout settings are not behaving correctly. What should I do?](#my-keyboard-layout-settings-are-not-behaving-correctly-what-should-i-do) - * [My dom0 and/or TemplateVM update stalls when attempting to update via …](#my-dom0-andor-templatevm-update-stalls-when-attempting-to-update-via-the-gui-tool-what-should-i-do) - * [How do I run a Windows HVM in non-seamless mode (i.e., as a single window)?](#how-do-i-run-a-windows-hvm-in-non-seamless-mode-ie-as-a-single-window) - * [I created a usbVM and assigned usb controllers to it. Now the usbVM wont boot.](#i-created-a-usbvm-and-assigned-usb-controllers-to-it-now-the-usbvm-wont-boot) - * [I assigned a PCI device to a qube, then unassigned it/shut down the …](#i-assigned-a-pci-device-to-a-qube-then-unassigned-itshut-down-the-qube-why-isnt-the-device-available-in-dom0) - * [How do I install Flash in a Debian qube?](#how-do-i-install-flash-in-a-debian-qube) - * [How do I play video files?](#how-do-i-play-video-files) - * [How do I access my external drive?](#how-do-i-access-my-external-drive) - * [My encrypted drive doesn't appear in Debian qube?](#my-encrypted-drive-doesnt-appear-in-debian-qube) - * [Windows Update is stuck.](#windows-update-is-stuck) - * [Fullscreen Firefox is frozen.](#fullscreen-firefox-is-frozen) - * [I have weird graphics glitches like the screen turning partially black.](#i-have-weird-graphics-glitches-like-the-screen-turning-partially-black) - ------------------ +To build security on the "Security by Compartmentalization (or Isolation)" principle. +### What about other approaches to security? -General Questions ------------------ +The other two popular [approaches](https://blog.invisiblethings.org/2008/09/02/three-approaches-to-computer-security.html) are “Security by Correctness” and “Security by Obscurity.” +We don't believe either of these approaches are capable of providing reasonable security today, nor do we believe that they will be capable of doing so in the foreseeable future. + +### How is Qubes different from other security solutions? + +Please see [this article](https://blog.invisiblethings.org/2012/09/12/how-is-qubes-os-different-from.html) for a thorough discussion. ### Is Qubes just another Linux distribution? @@ -77,26 +36,6 @@ If you really want to call it a distribution, then it's more of a "Xen distribut But Qubes is much more than just Xen packaging. It has its own VM management infrastructure, with support for template VMs, centralized VM updating, etc. It also has a very unique GUI virtualization infrastructure. -### How is Qubes different from other security solutions? - -Please see [this article](https://blog.invisiblethings.org/2012/09/12/how-is-qubes-os-different-from.html) for a thorough discussion. - -### Does Qubes use full disk encryption (FDE)? - -Yes, of course! -Full disk encryption is enabled by default. -Specifically, we use [`LUKS`](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup)/[`dm-crypt`](https://en.wikipedia.org/wiki/Dm-crypt). -You can even [manually configure your encryption parameters](/doc/encryption-config/), if you like! - -### What is the main concept behind Qubes? - -To build security on the “Security by Compartmentalization (or Isolation)” principle. - -### What about other approaches to security? - -The other two popular [approaches](https://blog.invisiblethings.org/2008/09/02/three-approaches-to-computer-security.html) are “Security by Correctness” and “Security by Obscurity.” -We don't believe either of these approaches are capable of providing reasonable security today, nor do we believe that they will be capable of doing so in the foreseeable future. - ### What about safe languages and formally verified microkernels? In short: these are non-realistic solutions today. We discuss this in further depth in our [Architecture Specification document](/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf). @@ -105,6 +44,13 @@ In short: these are non-realistic solutions today. We discuss this in further de We believe that this is currently the only practically viable approach to implementing strong isolation while simultaneously providing compatibility with existing applications and drivers. +### Does Qubes use full disk encryption (FDE)? + +Yes, of course! +Full disk encryption is enabled by default. +Specifically, we use [`LUKS`](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup)/[`dm-crypt`](https://en.wikipedia.org/wiki/Dm-crypt). +You can even [manually configure your encryption parameters](/doc/encryption-config/), if you like! + ### What do all these terms mean? All Qubes-specific terms are defined in the [glossary](/doc/glossary/). @@ -149,30 +95,6 @@ We have designed the GUI virtualization subsystem with two primary goals: securi Our GUI infrastructure introduces only about 2,500 lines of C code (LOC) into the privileged domain (Dom0), which is very little, and thus leaves little space for bugs and potential attacks. At the same time, due to the smart use of Xen shared memory, our GUI implementation is very efficient, so most virtualized applications really feel as if they were executed natively. -### Can I watch YouTube videos in qubes? - -Absolutely. - -### Can I run applications, like games, which require 3D support? - -Those won’t fly. -We do not provide OpenGL virtualization for Qubes. -This is mostly a security decision, as implementing such a feature would most likely introduce a great deal of complexity into the GUI virtualization infrastructure. -However, Qubes does allow for the use of accelerated graphics (OpenGL) in Dom0’s Window Manager, so all the fancy desktop effects should still work. - -For further discussion about the potential for GPU passthrough on Xen/Qubes, please see the following threads: - -- [GPU passing to HVM](https://groups.google.com/group/qubes-devel/browse_frm/thread/31f1f2da39978573?scoring=d&q=GPU&) -- [Clarifications on GPU security](https://groups.google.com/group/qubes-devel/browse_frm/thread/31e2d8a47c8b4474?scoring=d&q=GPU&) - -### Is Qubes a multi-user system? - -No. -Qubes does not pretend to be a multi-user system. -Qubes assumes that the user who controls Dom0 controls the whole system. -It would be very difficult to **securely** implement multi-user support. -See [here](https://groups.google.com/group/qubes-devel/msg/899f6f3efc4d9a06) for details. - ### Why passwordless sudo? Please refer to [this page](https://www.qubes-os.org/doc/vm-sudo/). @@ -227,11 +149,45 @@ So, if feature X isn't enabled, it's most likely for one of three reasons: 3. Our platform supports it, but we're not aware that we can enable it or have forgotten to do so. (If it seems like this is the case, let us know!) +---------- -Installation & Hardware Compatibility -------------------------------------- +## Users -(See also: [System Requirements](/doc/system-requirements/), [Hardware Compatibility List](/hcl/), and [Certified Laptops](/doc/certified-laptops/).) +### Can I watch YouTube videos in qubes? + +Absolutely. + +### Can I run applications, like games, which require 3D support? + +Those won’t fly. +We do not provide OpenGL virtualization for Qubes. +This is mostly a security decision, as implementing such a feature would most likely introduce a great deal of complexity into the GUI virtualization infrastructure. +However, Qubes does allow for the use of accelerated graphics (OpenGL) in Dom0’s Window Manager, so all the fancy desktop effects should still work. + +For further discussion about the potential for GPU passthrough on Xen/Qubes, please see the following threads: + +- [GPU passing to HVM](https://groups.google.com/group/qubes-devel/browse_frm/thread/31f1f2da39978573?scoring=d&q=GPU&) +- [Clarifications on GPU security](https://groups.google.com/group/qubes-devel/browse_frm/thread/31e2d8a47c8b4474?scoring=d&q=GPU&) + +### Is Qubes a multi-user system? + +No. +Qubes does not pretend to be a multi-user system. +Qubes assumes that the user who controls Dom0 controls the whole system. +It would be very difficult to **securely** implement multi-user support. +See [here](https://groups.google.com/group/qubes-devel/msg/899f6f3efc4d9a06) for details. + +### What are the system requirements for Qubes OS? + +See the [System Requirements](/doc/system-requirements/). + +### Is there a list of hardware that is compatible with Qubes OS? + +See the [Hardware Compatibility List](/hcl/). + +### Is there any certified hardware for Qubes OS? + +See [Certified Hardware](/doc/certified-hardware/). ### How much disk space does each qube require? @@ -296,9 +252,6 @@ You shouldn't do that, because it poses a security risk for your Qubes OS instal But if you understand the risk and accept it, read [documentation on multibooting](/doc/multiboot/), it begins with an explanation of the risks with such a setup. -Common Problems ---------------- - ### Which version of Qubes am I running? See [here](/doc/version-scheme/#check-installed-version). @@ -338,10 +291,8 @@ In your TemplateVMs, open a terminal and run `sudo yum upgrade`. Enable "debug mode" in the qube's settings, either by checking the box labeled "Run in debug mode" in the Qubes VM Manager qube settings menu or by running the [qvm-prefs command](/doc/dom0-tools/qvm-prefs/).) - ### I created a usbVM and assigned usb controllers to it. Now the usbVM wont boot. - This is probably because one of the controllers does not support reset. In Qubes R2 any such errors were ignored but in Qubes R3.0 they are not. A device that does not support reset is not safe and generally should not be assigned to a VM. @@ -385,8 +336,7 @@ or MODALIAS=`cat /sys/bus/pci/devices/0000:/modalias` MOD=`modprobe -R $MODALIAS | head -n 1` echo 0000: > /sys/bus/pci/drivers/$MOD/bind - - + ### How do I install Flash in a Debian qube? The Debian way is to install the flashplugin-nonfree package. @@ -472,3 +422,52 @@ If it seems like the issue described in [this thread](https://github.com/QubesOS - Q → System Tools → Window Manager Tweaks → Compositor → uncheck "Enable display compositing" Please report (via the mailing lists) if you experience this issue, and whether disabling the compositor fixes it for you or not. + +---------- + +## Developers + +### Why does dom0 need to be 64-bit? + +Since 2013 [Xen has not supported 32-bit x86 architecture](https://wiki.xenproject.org/wiki/Xen_Project_Release_Features) and Intel VT-d, which Qubes uses to isolate devices and drivers, is available on Intel 64-bit processors only. + +In addition, with features like improved ASLR, it is often more difficult to exploit a bug on x64 Linux than x86 Linux. +While we designed Qubes from the beginning to limit potential attack vectors, we still realize that some of the code running in Dom0, e.g. our GUI daemon or xen-store daemon, however simple, might contain some bugs. +Plus since we haven't implemented a separate storage domain, the disk backends are in Dom0 and are "reachable" from the VMs, which adds up to the potential attack surface. +So, having faced a choice between 32-bit and 64-bit OS for Dom0, it was almost a no-brainer. +The 64-bit option provides some (little perhaps, but some) more protection against some classes of attacks, and at the same time does not have any disadvantages except the extra requirement of a 64 bit processor. +And even though Qubes now "needs" a 64 bit processor, it didn't make sense to run Qubes on a system without 3-4GB of memory, and those have 64-bit CPUs anyway. + +### What is the recommended build environment for Qubes OS? + +Any rpm-based, 64-bit environment, the preferred OS being Fedora. + +### How do I build Qubes from sources? + +See [these instructions](/doc/qubes-builder/). + +### How do I submit a patch? + +See the [Qubes Source Code Repositories](/doc/source-code/) article. + +### What is Qubes' attitude toward changing guest distros? + +We try to respect each distro's culture, where possible. +See the discussion on issue [#1014](https://github.com/QubesOS/qubes-issues/issues/1014) for an example. + +The policy is there mostly to ease maintenance, on several levels: + + * Less modifications means easier migration to new upstream distribution + releases. + * The upstream documentation matches the distribution running in the Qubes VM. + * We're less likely to introduce Qubes-specific issues. + * Each officially supported distribution (ideally) should offer the same set of + Qubes-specific features - a change in one supported distribution should be + followed also in others, including new future distributions. + +### Is I/O emulation component (QEMU) part of the Trusted Computing Base (TCB)? + +No. Unlike many other virtualization systems, Qubes takes special effort to keep QEMU _outside_ of the TCB. +This has been achieved thanks to the careful use of Xen's stub domain feature. +For more details about how we improved on Xen's native stub domain use, see [here](https://blog.invisiblethings.org/2012/03/03/windows-support-coming-to-qubes.html). + diff --git a/basics_dev/devel-faq.md b/basics_dev/devel-faq.md deleted file mode 100644 index ba62c832..00000000 --- a/basics_dev/devel-faq.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -layout: doc -title: Developers' FAQ -permalink: /doc/devel-faq/ -redirect_from: -- /en/doc/devel-faq/ -- /doc/DevelFaq/ -- /wiki/DevelFaq/ ---- - -Qubes Developers' FAQ -===================== - -Why does dom0 need to be 64-bit? --------------------------------- - -Since 2013 [Xen has not supported 32-bit x86 architecture](https://wiki.xenproject.org/wiki/Xen_Project_Release_Features) and Intel VT-d, which Qubes uses to isolate devices and drivers, is available on Intel 64-bit processors only. - -In addition, with features like improved ASLR, it is often more difficult to exploit a bug on x64 Linux than x86 Linux. -While we designed Qubes from the beginning to limit potential attack vectors, we still realize that some of the code running in Dom0, e.g. our GUI daemon or xen-store daemon, however simple, might contain some bugs. -Plus since we haven't implemented a separate storage domain, the disk backends are in Dom0 and are "reachable" from the VMs, which adds up to the potential attack surface. -So, having faced a choice between 32-bit and 64-bit OS for Dom0, it was almost a no-brainer. -The 64-bit option provides some (little perhaps, but some) more protection against some classes of attacks, and at the same time does not have any disadvantages except the extra requirement of a 64 bit processor. -And even though Qubes now "needs" a 64 bit processor, it didn't make sense to run Qubes on a system without 3-4GB of memory, and those have 64-bit CPUs anyway. - -What is the recommended build environment for Qubes OS? ------------------------------------------- - -Any rpm-based, 64-bit environment, the preferred OS being Fedora. - -How do I build Qubes from sources? --------------------------------- - -See [these instructions](/doc/qubes-builder/). - -How do I submit a patch? ------------------------- - -See the [Qubes Source Code Repositories](/doc/source-code/) article. - -What is Qubes' attitude toward changing guest distros? ------------------------------------------------------- - -We try to respect each distro's culture, where possible. -See the discussion on issue [#1014](https://github.com/QubesOS/qubes-issues/issues/1014) for an example. - -The policy is there mostly to ease maintenance, on several levels: - - * Less modifications means easier migration to new upstream distribution - releases. - * The upstream documentation matches the distribution running in the Qubes VM. - * We're less likely to introduce Qubes-specific issues. - * Each officially supported distribution (ideally) should offer the same set of - Qubes-specific features - a change in one supported distribution should be - followed also in others, including new future distributions. - -Is I/O emulation component (QEMU) part of the Trusted Computing Base (TCB)? ------------------------- - -No. Unlike many other virtualization systems, Qubes takes special effort to keep QEMU _outside_ of the TCB. -This has been achieved thanks to the careful use of Xen's stub domain feature. -For more details about how we improved on Xen's native stub domain use, see [here](https://blog.invisiblethings.org/2012/03/03/windows-support-coming-to-qubes.html). From 57ef6d77791eba744183c739a8494f3780521523 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Wed, 15 Nov 2017 22:38:48 -0600 Subject: [PATCH 023/214] Update links to new FAQ (QubesOS/qubes-issues#2704) --- about/mailing-lists.md | 2 +- basics_user/intro.md | 4 ++-- common-tasks/usb.md | 2 +- doc.md | 6 ++++-- installing/upgrade/upgrade-to-r3.1.md | 2 +- security/security-guidelines.md | 2 +- 6 files changed, 10 insertions(+), 8 deletions(-) diff --git a/about/mailing-lists.md b/about/mailing-lists.md index a6b6dee6..063d10fc 100644 --- a/about/mailing-lists.md +++ b/about/mailing-lists.md @@ -369,7 +369,7 @@ You must be subscribed in order to post to this list. [HCL]: /doc/hcl/ [Installation Guide]: /doc/installation-guide/ [System Requirements]: /doc/system-requirements/ -[User FAQ]: /doc/user-faq/ +[User FAQ]: /faq/#users [documentation]: /doc/ [thunderbird-newsgroup]: https://support.mozilla.org/en-US/kb/creating-newsgroup-account [qubes-users-web]: https://groups.google.com/group/qubes-users diff --git a/basics_user/intro.md b/basics_user/intro.md index 71e2dc8d..ade01e72 100644 --- a/basics_user/intro.md +++ b/basics_user/intro.md @@ -228,9 +228,9 @@ technical details have been omitted here for the sake of presentation. [Xen]: https://www.xenproject.org [paper-compart]: https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf [doc]: /doc/ -[user-faq]: /doc/user-faq/ +[user-faq]: /faq/#users [system-doc]: /doc/system-doc/ -[devel-faq]: /doc/devel-faq/ +[devel-faq]: /faq/#developers [downloads]: /downloads/ [getting started]: /getting-started/ diff --git a/common-tasks/usb.md b/common-tasks/usb.md index d03e699b..8ac8e410 100644 --- a/common-tasks/usb.md +++ b/common-tasks/usb.md @@ -383,7 +383,7 @@ This feature is not yet available in Qubes Manager however, if you would like to [2270-comm23]: https://github.com/QubesOS/qubes-issues/issues/2270#issuecomment-242900312 [1082]: https://github.com/QubesOS/qubes-issues/issues/1082 [hide-usb]: #how-to-hide-all-usb-controllers-from-dom0 -[faq-usbvm]: /doc/user-faq/#i-created-a-usbvm-and-assigned-usb-controllers-to-it-now-the-usbvm-wont-boot +[faq-usbvm]: /faq/#i-created-a-usbvm-and-assigned-usb-controllers-to-it-now-the-usbvm-wont-boot [AEM]: /doc/anti-evil-maid/ [1618]: https://github.com/QubesOS/qubes-issues/issues/1618 [create a USB qube]: #creating-and-using-a-usb-qube diff --git a/doc.md b/doc.md index 2f161a0a..e1d67117 100644 --- a/doc.md +++ b/doc.md @@ -23,13 +23,14 @@ The Basics * [Video Tours](/video-tours/) * [Screenshots](/screenshots/) * [Getting Started](/getting-started/) - * [User FAQ](/doc/user-faq/) + * [User FAQ](/faq/#users) * [Mailing Lists](/mailing-lists/) * [How to Contribute](/doc/contributing/) Security Information -------------------- * [Security Center](/security/) + * [Security FAQ] (/faq/#general-security) * [Security Pack](/security/pack/) * [Security Bulletins](/security/bulletins/) * [Canaries](/security/canaries/) @@ -203,7 +204,7 @@ Developer Documentation The Basics ---------- - * [Developer FAQ](/doc/devel-faq/) + * [Developer FAQ](/faq/#developers) * [Report a Security Issue](/security/) * [Report a Bug](/doc/reporting-bugs/) * [How to Contribute](/doc/contributing/) @@ -222,6 +223,7 @@ The Basics Security Information -------------------- * [Security Center](/security/) + * [Security FAQ] (/faq/#general-security) * [Security Pack](/security/pack/) * [Security Bulletins](/security/bulletins/) * [Security Bulletin Checklist](/security/bulletins/checklist/) diff --git a/installing/upgrade/upgrade-to-r3.1.md b/installing/upgrade/upgrade-to-r3.1.md index b69852f8..e858c6b7 100644 --- a/installing/upgrade/upgrade-to-r3.1.md +++ b/installing/upgrade/upgrade-to-r3.1.md @@ -107,7 +107,7 @@ Maid passphrase to the new configuration. Please consult the Anti Evil Maid If you use USB VM, you may encounter problem with starting it on updated Xen version (because of strict default settings). Take a look at -[User FAQ](/doc/user-faq/#i-created-a-usbvm-and-assigned-usb-controllers-to-it-now-the-usbvm-wont-boot) +[User FAQ](/faq/#i-created-a-usbvm-and-assigned-usb-controllers-to-it-now-the-usbvm-wont-boot) for details. Once you have upgraded dom0, you can install new templates from Qubes R3.1 diff --git a/security/security-guidelines.md b/security/security-guidelines.md index 1bfa6551..125ba46b 100644 --- a/security/security-guidelines.md +++ b/security/security-guidelines.md @@ -129,7 +129,7 @@ It is preferable to avoid using **Bluetooth** if you travel or do not trust your Many laptops allow one to disable various hardware (Camera, BT, Mic, etc) **in BIOS**. This might or might not be a dependable way of getting rid of those devices, depending on how much you trust your BIOS vendor. -If the VM will not start after you have assigned a USB controller, look at [this faq](../user-faq/#i-created-a-usbvm-and-assigned-usb-controllers-to-it-now-the-usbvm-wont-boot). +If the VM will not start after you have assigned a USB controller, look at [this FAQ](/faq/#i-created-a-usbvm-and-assigned-usb-controllers-to-it-now-the-usbvm-wont-boot). Creating and Using a USBVM From 516197b97684a7d8550eb83b75c03fafba3ee44b Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Wed, 15 Nov 2017 23:42:30 -0600 Subject: [PATCH 024/214] Update page title and first section heading (QubesOS/qubes-issues#2704) --- about/faq.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/about/faq.md b/about/faq.md index 8633c817..8da6b2a8 100644 --- a/about/faq.md +++ b/about/faq.md @@ -1,6 +1,6 @@ --- layout: sidebar -title: FAQ +title: Frequently Asked Questions permalink: /faq/ redirect_from: - /doc/user-faq/ @@ -15,7 +15,7 @@ redirect_from: # Frequently Asked Questions -## General & Security Questions +## General & Security ### What is the main concept behind Qubes? From 3958e053d52fc1d1f3ab3539aed20c3c3ffc3797 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Wed, 15 Nov 2017 23:42:48 -0600 Subject: [PATCH 025/214] Fix links to Security FAQ (QubesOS/qubes-issues#2704) --- doc.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc.md b/doc.md index e1d67117..b2f09968 100644 --- a/doc.md +++ b/doc.md @@ -30,7 +30,7 @@ The Basics Security Information -------------------- * [Security Center](/security/) - * [Security FAQ] (/faq/#general-security) + * [Security FAQ](/faq/#general--security) * [Security Pack](/security/pack/) * [Security Bulletins](/security/bulletins/) * [Canaries](/security/canaries/) @@ -223,7 +223,7 @@ The Basics Security Information -------------------- * [Security Center](/security/) - * [Security FAQ] (/faq/#general-security) + * [Security FAQ](/faq/#general--security) * [Security Pack](/security/pack/) * [Security Bulletins](/security/bulletins/) * [Security Bulletin Checklist](/security/bulletins/checklist/) From be6f2877eaa39b6f35dd0f1af1db76bc326264e5 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Wed, 15 Nov 2017 23:56:54 -0600 Subject: [PATCH 026/214] Add FAQ entry about XSAs affecting Qubes (QubesOS/qubes-issues#2704) --- about/faq.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/about/faq.md b/about/faq.md index 8da6b2a8..5ec48656 100644 --- a/about/faq.md +++ b/about/faq.md @@ -65,6 +65,10 @@ A typical user would likely need around five qubes. Very paranoid users, or thos In short: we believe the Xen architecture allows for the creation of more secure systems (i.e. with a much smaller TCB, which translates to a smaller attack surface). We discuss this in much greater depth in our [Architecture Specification document](/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf). +### How is Qubes affected by Xen Security Advisories (XSAs)? + +See the [XSA Tracker](/security/xsa/). + ### What about this other/new (micro)kernel/hypervisor? Whenever starting a discussion about another (micro)kernel or hypervisor in relation to Qubes, we strongly suggest including answers to the following questions first: From 9612a861a64768ad10d196a4544d46cc9d726e91 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Thu, 16 Nov 2017 00:07:22 -0600 Subject: [PATCH 027/214] Add link to Security FAQ (QubesOS/qubes-issues#2704) --- security-info/security.md | 1 + 1 file changed, 1 insertion(+) diff --git a/security-info/security.md b/security-info/security.md index 77bcf7c4..b44c2136 100644 --- a/security-info/security.md +++ b/security-info/security.md @@ -17,6 +17,7 @@ redirect_from: Qubes OS Project Security Center ================================ +- [Security FAQ](/faq/#general--security) - [Security Goals](/security/goals/) - [Security Pack](/security/pack/) - [Security Bulletins](/security/bulletins/) From 95804be44c9d3fdca829664563eb89b9d59b8ed3 Mon Sep 17 00:00:00 2001 From: Jodie Miu Date: Sat, 18 Nov 2017 03:11:47 -0500 Subject: [PATCH 028/214] Initial changes completed, to address issue #3204 --- managing-os/hvm.md | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/managing-os/hvm.md b/managing-os/hvm.md index 602afe8f..d0999b25 100644 --- a/managing-os/hvm.md +++ b/managing-os/hvm.md @@ -17,26 +17,34 @@ What are HVM domains? HVM domains (Hardware VM), in contrast to PV domains (Paravirtualized domains), allow one to create domains based on any OS for which one has an installation ISO. For example, this allows one to have Windows-based VMs in Qubes. -Interested readers might want to check [this article](https://blog.invisiblethings.org/2012/03/03/windows-support-coming-to-qubes.html) to learn why it took so long for Qubes OS to support HVM domains (Qubes 1 only supported Linux based PV domains). +Interested readers might want to check [this article](https://blog.invisiblethings.org/2012/03/03/windows-support-coming-to-qubes.html) to learn why it took so long for Qubes OS to support HVM domains (Qubes 1 only supported Linux based PV domains). As of +Qubes 4, every VM is HVM by default ([see here](https://blog.invisiblethings.org/2017/07/31/qubes-40-rc1.html)). Creating an HVM domain ---------------------- -First, lets create a new HVM domain. Use the --hvm switch to qvm-create, or choose HVM type in the Qubes Manager VM creation dialog box: +First, let's create a new HVM domain. Use the `--hvm` switch to `qvm-create`, or choose HVM type in the Qubes Manager VM creation dialog box: ~~~ qvm-create win7 --hvm --label green ~~~ -(The name of the domain ("win7") as well as it's label ("green") are just exemplary of course). +(The name of the domain ("win7") as well as its label ("green") are just exemplary of course). + +It is unnecessary for Qubes 4 users to pass in the `--hvm` switch. To create a StandaloneVM in Qubes 4, use +the --class option, as VMs are template-based by default: + +~~~ +qvm-create win7 --class StandaloneVM --label green +~~~ If you receive an error like this one, then you must first enable VT-x in your BIOS: ~~~ -libvirt.libvirtError: invalid argument: could not find capabilities for arch=x86_64 +libvirt.libvirtError: invalid argument: could not find capabilities for arch=x86_64 ~~~ -Now we need to install an OS inside this VM. This can done by attaching an installation ISO to and starting the VM (this can currently only be done from command line, but in the future we will surely add an option to do this also from the manager): +Now we need to install an OS inside this VM. This can be done by attaching an installation ISO to and starting the VM (this can currently only be done from command line, but in the future we will surely add an option to do this also from the manager): ~~~ qvm-start win7 --cdrom=/usr/local/iso/win7_en.iso @@ -48,7 +56,7 @@ The above command assumes the installation ISO was transferred to Dom0 (copied u qvm-start win7 --cdrom=/dev/cdrom ~~~ -Next the VM will start booting from the attached CDROM device (which in the example above just happens to be a Windows 7 installation disk). Depending on the OS that is being installed in the VM one might be required to start the VM several times (as is the case with Windows 7 installations), because whenever the installer wants to "reboot the system" it actually shutdowns the VM and Qubes won't automatically start it. Several invocations of qvm-start command (as shown above) might be needed. +Next, the VM will start booting from the attached CDROM device (which in the example above just happens to be a Windows 7 installation disk). Depending on the OS being installed in the VM, one might be required to start the VM several times (as is the case with Windows 7 installations), because whenever the installer wants to "reboot the system" it actually shutdowns the VM and Qubes won't automatically start it. Several invocations of qvm-start command (as shown above) might be needed. **Note:** If your Windows installation gets stuck at the glowing Windows logo, you might want to read [Issue 2488](https://github.com/QubesOS/qubes-issues/issues/2488) for a solution. @@ -90,7 +98,7 @@ sudo apt install qemu-utils unzip Unzip VirtualBox zip file: ~~~ -unzip *.zip +unzip *.zip ~~~ Extract OVA tar archive: @@ -287,4 +295,3 @@ Further reading Other documents related to HVM: - [LinuxHVMTips](/doc/linux-hvm-tips/) - From 643a3c3af9a386384689cf74c59bf46a1f8420b8 Mon Sep 17 00:00:00 2001 From: Jodie Miu Date: Sat, 18 Nov 2017 03:15:00 -0500 Subject: [PATCH 029/214] Fixed formatting --- managing-os/hvm.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/managing-os/hvm.md b/managing-os/hvm.md index d0999b25..8d27c51b 100644 --- a/managing-os/hvm.md +++ b/managing-os/hvm.md @@ -29,10 +29,9 @@ First, let's create a new HVM domain. Use the `--hvm` switch to `qvm-create`, or qvm-create win7 --hvm --label green ~~~ -(The name of the domain ("win7") as well as its label ("green") are just exemplary of course). +The name of the domain ("win7") as well as its label ("green") are just exemplary of course. -It is unnecessary for Qubes 4 users to pass in the `--hvm` switch. To create a StandaloneVM in Qubes 4, use -the --class option, as VMs are template-based by default: +**Note:** It is unnecessary for Qubes 4 users to pass in the `--hvm` switch. To create a StandaloneVM in Qubes 4, use the --class option, as VMs are template-based by default: ~~~ qvm-create win7 --class StandaloneVM --label green From d40b0d03331f78d1c89b79beb718b810761e0437 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marta=20Marczykowska-G=C3=B3recka?= Date: Sat, 18 Nov 2017 23:52:54 +0100 Subject: [PATCH 030/214] Fixed some run-on sentences & minor improvements Minor fixes in grammar, added sudo to some commands for users who may not find it immediately evident they need to use it. --- common-tasks/usb.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/common-tasks/usb.md b/common-tasks/usb.md index 8ac8e410..71ca2baf 100644 --- a/common-tasks/usb.md +++ b/common-tasks/usb.md @@ -24,10 +24,10 @@ Using and Managing USB Devices Creating and Using a USB qube ----------------------------- -**Warning:** This has the potential to prevent you from connecting a keyboard to Qubes via USB. There are problems with doing this with a encrypted install (LUKS). If you find yourself in this situation, see this [issue][2270-comm23]. +**Warning:** This has the potential to prevent you from connecting a keyboard to Qubes via USB. There are problems with doing this in an encrypted install (LUKS). If you find yourself in this situation, see this [issue][2270-comm23]. -The connection of an untrusted USB device to dom0 is a security risk since dom0, -like almost every OS, reads partition tables automatically and since the whole +Connecting an untrusted USB device to dom0 is a security risk since dom0, +like almost every OS, reads partition tables automatically. The whole USB stack is put to work to parse the data presented by the USB device in order to determine if it is a USB mass storage device, to read its configuration, etc. This happens even if the drive is then assigned and mounted in another qube. @@ -46,18 +46,18 @@ steps as root in dom0: 1. Enable `sys-usb`: - qubesctl top.enable qvm.sys-usb + sudo qubesctl top.enable qvm.sys-usb 2. Apply the configuration: - qubesctl state.highstate + sudo qubesctl state.highstate Alternatively, you can create a USB qube manually as follows: 1. Read the [Assigning Devices] page to learn how to list and identify your USB controllers. Carefully check whether you have a USB controller that - would be appropriate to assign to a USB qube. Note that it should be free - of input devices, programmable devices, and any other devices that must be + would be appropriate to assign to a USB qube. Note that it should be have no + input devices, programmable devices, and any other devices that must be directly available to dom0. If you find a free controller, note its name and proceed to step 2. 2. Create a new qube. Give it an appropriate name and color label From 28f67b4a128293ed83c39e1ab2d769b9698f4547 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 18 Nov 2017 16:56:52 -0600 Subject: [PATCH 031/214] Fix typo --- common-tasks/usb.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common-tasks/usb.md b/common-tasks/usb.md index 71ca2baf..01ec1479 100644 --- a/common-tasks/usb.md +++ b/common-tasks/usb.md @@ -56,7 +56,7 @@ Alternatively, you can create a USB qube manually as follows: 1. Read the [Assigning Devices] page to learn how to list and identify your USB controllers. Carefully check whether you have a USB controller that - would be appropriate to assign to a USB qube. Note that it should be have no + would be appropriate to assign to a USB qube. Note that it should have no input devices, programmable devices, and any other devices that must be directly available to dom0. If you find a free controller, note its name and proceed to step 2. From 0d7b1875e8aa385c41df6e09cbf30d6f720cd782 Mon Sep 17 00:00:00 2001 From: ptitdoc Date: Sun, 19 Nov 2017 09:31:57 +0100 Subject: [PATCH 032/214] Archlinux documentation update for Qubes-4.0 Update Archlinux documentation as discussed in the following pull requests: https://github.com/QubesOS/qubes-core-agent-linux/pull/67 https://github.com/QubesOS/qubes-core-agent-linux/pull/66 --- managing-os/templates/archlinux.md | 44 ++++++++++++++++++++++-------- 1 file changed, 33 insertions(+), 11 deletions(-) diff --git a/managing-os/templates/archlinux.md b/managing-os/templates/archlinux.md index 3bb15f2f..5bd465aa 100644 --- a/managing-os/templates/archlinux.md +++ b/managing-os/templates/archlinux.md @@ -32,22 +32,23 @@ A prebuilt template is available only for Qubes 3.2. Before Qubes 3.2, it should ## Binary packages activation -The update repository is disabled when you install (signed) template package. You can however choose to trust it by registering it into pacman. +The Qubes update repository is disabled by default in the Archlinux template. You can however choose to trust it by registering it into pacman. -Enable the repository by running the following command: +Since November 2017, an activation package is present in the template. The update repository can thus be activated by running the following command inside the template: - # mv /etc/pacman.d/99-qubes-repository-3.2.disabled /etc/pacman.d/99-qubes-repository-3.2.conf + # pacman -sU /etc/pacman.d/qubes-vm-keyring*.pkg.tar.xz + +It should be noted to this command will create a trust for packages provided by [Olivier Médoc](mailto:o_medoc@yahoo.fr) and signed by the PGP key above. -Then you need to install and sign the public GPG key of the package maintainer (note that accessing to GPG servers requires to temporarily disable the firewall in your template): +If the qubes-vm-keyring package is not present in `/etc/pacman.d/`, please refer to the section #Activating binary packages manually. - # pacman-key --recv-key 2043E7ACC1833B9C - # pacman-key --finger 2043E7ACC1833B9C - -If the fingerprint is correct, you can then sign the key: +## Optional Qubes packages - # pacman-key --lsign-key 2043E7ACC1833B9C +Several Qubes packages are not necessarilly installed by default in the Archlinux Template. These packages can be installed to add additional functionnalities to the template: +* `qubes-vm-networking`: Contains Qubes tools and dependencies required to use the template as a NetVM/ProxyVM +* `qubes-vm-pulseaudio`: Contains Pulseaudio agent enabling sound support in the template -## Default packages +## Default template packages In order to keep the template as small and simple as possible, default installed package have been arbitrarily selected based on multiple subjective criterias that however essentially include libraries dependencies. This packages are: * Some font packages to keep good user experience @@ -60,6 +61,28 @@ In order to keep the template as small and simple as possible, default installed Note that Archlinux does not install GUI packages by default as this decision is left to users. This packages have only been selected to have a usable template. +## Activating binary packages manually + +Enable the repository by running the following command: + + # rm /etc/pacman.d/99-qubes-repository-3.2.conf + # ln -s /etc/pacman.d/99-qubes-repository-3.2.disabled /etc/pacman.d/99-qubes-repository-3.2.conf + +Then you need to install and sign the public GPG key of the package maintainer (note that accessing to GPG servers requires to temporarily disable the firewall in your template): + + # pacman-key --recv-key 2043E7ACC1833B9C + # pacman-key --finger 2043E7ACC1833B9C + +If the fingerprint is correct, you can then sign the key: + + # pacman-key --lsign-key 2043E7ACC1833B9C + +## Updating a Qubes-3.2 Archlinux Template + +Because of changes in the Qubes-4.0 partition layout, and usage of XEN HVMs instead of pv-guests. It is not straightforward to update a Qubes-3.2 template to Qubes-4.0. + +For this reason, it is recommended to start from a new template in Qubes-4.0. + ## Updating a Qubes-3.1 Archlinux Template If you decide to use binary packages but that you where using a Qubes-3.1 Template, your can follow these instructions to enable Qubes 3.2 agents. @@ -111,7 +134,6 @@ Finally, errors related to the GUI agent can be found inside the VM in `/home/us ## Packages manager wrapper - Powerpill is a full Pacman wrapper that not only give easy proxy configuration but further offers numerous other advantages. Please check out: From c2a9f16967c5e51b6ea609b19aae5bf8a7932188 Mon Sep 17 00:00:00 2001 From: ptitdoc Date: Sun, 19 Nov 2017 14:35:59 +0100 Subject: [PATCH 033/214] Fix failed travis check (typo) --- managing-os/templates/archlinux.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/managing-os/templates/archlinux.md b/managing-os/templates/archlinux.md index 5bd465aa..c3b40e8f 100644 --- a/managing-os/templates/archlinux.md +++ b/managing-os/templates/archlinux.md @@ -44,7 +44,7 @@ If the qubes-vm-keyring package is not present in `/etc/pacman.d/`, please refer ## Optional Qubes packages -Several Qubes packages are not necessarilly installed by default in the Archlinux Template. These packages can be installed to add additional functionnalities to the template: +Several Qubes packages are not necessarily installed by default in the Archlinux Template. These packages can be installed to add additional functionnalities to the template: * `qubes-vm-networking`: Contains Qubes tools and dependencies required to use the template as a NetVM/ProxyVM * `qubes-vm-pulseaudio`: Contains Pulseaudio agent enabling sound support in the template From 227f3ba87779378667ce55f4cb78199b74d7a82e Mon Sep 17 00:00:00 2001 From: ptitdoc Date: Sun, 19 Nov 2017 15:53:18 +0100 Subject: [PATCH 034/214] Properly use markdown for package names. --- managing-os/templates/archlinux.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/managing-os/templates/archlinux.md b/managing-os/templates/archlinux.md index c3b40e8f..87beb977 100644 --- a/managing-os/templates/archlinux.md +++ b/managing-os/templates/archlinux.md @@ -46,7 +46,7 @@ If the qubes-vm-keyring package is not present in `/etc/pacman.d/`, please refer Several Qubes packages are not necessarily installed by default in the Archlinux Template. These packages can be installed to add additional functionnalities to the template: * `qubes-vm-networking`: Contains Qubes tools and dependencies required to use the template as a NetVM/ProxyVM -* `qubes-vm-pulseaudio`: Contains Pulseaudio agent enabling sound support in the template +* `qubes-vm-pulseaudio`: Contains `Pulseaudio` agent enabling sound support in the template ## Default template packages From 37fa4d6bbc3936f6ad8fa39797873211ffbb3675 Mon Sep 17 00:00:00 2001 From: Steve Phillips Date: Tue, 21 Nov 2017 01:32:32 -0800 Subject: [PATCH 035/214] dispvm.md: fixed typo --- common-tasks/dispvm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common-tasks/dispvm.md b/common-tasks/dispvm.md index 45cbfc35..37416fd1 100644 --- a/common-tasks/dispvm.md +++ b/common-tasks/dispvm.md @@ -75,7 +75,7 @@ Customizing Disposable VMs --------------------------------------------------------- You can change the template used to generate the Disposable VM, and change settings used in the Disposable VM savefile. These changes will be reflected in every new Disposable VM. -Full instructions are [here](/doc/dispvm-customization/) +Full instructions are [here](/doc/dispvm-customization/). Disposable VMs and Local Forensics From f305a29dbdf546b9efca86a3f8ec143af5040b02 Mon Sep 17 00:00:00 2001 From: TomZ Date: Wed, 22 Nov 2017 00:05:56 +0100 Subject: [PATCH 036/214] The bug #230 states this is not an issue, removing from docs --- hardware/system-requirements.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/hardware/system-requirements.md b/hardware/system-requirements.md index 41aab85b..9e489837 100644 --- a/hardware/system-requirements.md +++ b/hardware/system-requirements.md @@ -76,8 +76,6 @@ redirect_from: (See [hcl-report] for advice on hardware compatibility testing.) Remember to change the devices assigned to your NetVM and USBVM if you move between different machines. * Installing Qubes in a virtual machine is not recommended, as it uses its own bare-metal hypervisor (Xen). - * Macintosh PCs are not currently supported due to keyboard and mouse problems. - (See [#230] for details. Patches welcome!) * [Advice on finding a VT-d capable notebook][vt-d-notebook]. From 5566927155abbdb59a2ad1b0c738bad4524e9b4e Mon Sep 17 00:00:00 2001 From: TomZ Date: Fri, 24 Nov 2017 13:19:21 +0100 Subject: [PATCH 037/214] Be consistent. The repo names are given above, but they have to actually have the 'qubes-' prefix to match what actually exists on github --- basics_dev/source-code.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/basics_dev/source-code.md b/basics_dev/source-code.md index f39a2460..ae1c884a 100644 --- a/basics_dev/source-code.md +++ b/basics_dev/source-code.md @@ -26,7 +26,7 @@ All of our repositories are available under the [QubesOS GitHub account]. To clone a repository: ~~~ -git clone https://github.com/QubesOS/.git +git clone https://github.com/QubesOS/qubes-.git ~~~ e.g.: From 9d317a482bb27fa4f51d9d5871567686b5faa670 Mon Sep 17 00:00:00 2001 From: TomZ Date: Sat, 25 Nov 2017 20:42:45 +0100 Subject: [PATCH 038/214] This was needed to make it work. --- building/building-archlinux-template.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/building/building-archlinux-template.md b/building/building-archlinux-template.md index a13d6378..2cf48842 100644 --- a/building/building-archlinux-template.md +++ b/building/building-archlinux-template.md @@ -81,7 +81,7 @@ redirect_from: * Import the Qubes master key - gpg --recv-keys 0xDDFA1A3E36879494 + gpg --keyserver pgp.mit.edu --recv-keys 0xDDFA1A3E36879494 * Verify its fingerprint, set as 'trusted'. [This is described here](https://www.qubes-os.org/doc/VerifyingSignatures). From 763155129f827233f8524afd2e6b4f9de8dcaf15 Mon Sep 17 00:00:00 2001 From: ebola-rock Date: Sat, 20 May 2017 21:48:23 +0000 Subject: [PATCH 039/214] Update debian.md Added some clarifying info about updating to Stretch Closes #426 --- managing-os/templates/debian.md | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/managing-os/templates/debian.md b/managing-os/templates/debian.md index 4e6c05df..8986d6d4 100644 --- a/managing-os/templates/debian.md +++ b/managing-os/templates/debian.md @@ -43,18 +43,22 @@ Debian 9 (stretch) - stable: A prebuilt template is not yet available, but there are two options for achieving a stretch template: -* Build an experimental stretch template from source. +1. Build an experimental stretch template from source. + +2. Clone a `debian-8` template and then modify in the cloned template `/etc/apt/sources.list` and `/etc/apt/sources.list.d/qubes-r3.list` to pull from stretch repos rather than jessie repos. +Simply replace all instances of "jessie" with "stretch". + + After that, an `apt-get dist-upgrade` followed by a reboot should "just work". + Unused packages will have to be removed or else it will conflict with the upgrade. + + Full instructions are on [this page][stretch] -* Clone a `debian-8` template and then modify `/etc/apt/sources.list` and -`/etc/apt/sources.list.d/qubes-r3.list` to pull from stretch repos rather -than jessie repos. After that, an `apt-get dist-upgrade` followed by a -reboot should "just work." Known issues ------------ -###Starting services +### Starting services The Debian way (generally) is to start daemons if they are installed. @@ -79,7 +83,7 @@ Where you **DO** want the service to run, put this in /rw/config/rc.local: Don't forget to make the file executable. -###Unattended Upgrades +### Unattended Upgrades Some users have noticed that on upgrading to Stretch, the unattended-upgrade package is installed. @@ -88,7 +92,8 @@ This package is pulled in as part of a Recommend chain, and can be purged. The lesson is that you should carefully look at what is being installed to your system, particularly if you run dist-upgrade. -###Contributing +Contributing +---------------- If you want to help in improving the template, feel free to [contribute](/wiki/ContributingHowto). @@ -96,3 +101,5 @@ More information ---------------- * [Debian wiki](https://wiki.debian.org/Qubes) + +[stretch]: https://www.qubes-os.org/doc/template/debian/upgrade-8-to-9/ From 8ace78524290086823d2a99d24acfec2697fa1a5 Mon Sep 17 00:00:00 2001 From: unman Date: Tue, 28 Nov 2017 00:52:39 +0000 Subject: [PATCH 040/214] Make it clear that Stretch template is available in Qubes 4.0 --- managing-os/templates/debian.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/managing-os/templates/debian.md b/managing-os/templates/debian.md index 8986d6d4..d43e1f90 100644 --- a/managing-os/templates/debian.md +++ b/managing-os/templates/debian.md @@ -40,7 +40,11 @@ Debian 8 (jessie) - oldstable: Debian 9 (stretch) - stable: -A prebuilt template is not yet available, but there are two options for +In Qubes 4.0 - + + [user@dom0 ~]$ sudo qubes-dom0-update qubes-template-debian-9 + +A prebuilt template is not available in Qubes 3.2, but there are two options for achieving a stretch template: 1. Build an experimental stretch template from source. From 144725535a43577b21f1897b938f0e624cd66ad5 Mon Sep 17 00:00:00 2001 From: s3bulba Date: Sun, 23 Apr 2017 10:21:06 +0000 Subject: [PATCH 041/214] Added information on Tails persistent storage Added HowTo for accessing persistent volume on existing Tails usb drive --- privacy/tails.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/privacy/tails.md b/privacy/tails.md index 0f8e8570..76136479 100644 --- a/privacy/tails.md +++ b/privacy/tails.md @@ -63,8 +63,13 @@ This seems to arise because Tails sizes to the height of the screen, but there i Either remove the title bar altogether, or move the window upwards using ALT+drag. ### Persistent Volume -The persistence tools will not work because Tails has not been launched from USB. -The HVM disk(s) can be configured and mounted from within Tails to provide persistent storage. +The persistence tools will not work because Tails has not been launched from USB. +The HVM disk(s) can be configured and mounted from within Tails to provide persistent storage. +If you want to use an existing USB persistent volume: + - Interrupt the Tails vm boot process with arrow-up when the grub boot menu appears. + - In dom0 attach the USB drive containing the persistent volume to the Tails vm. + - Continue booting Tails: Tails-greeter will detect the encrypted partition on the attached USB. + - Unlock the persistent volume in Tails-greeter and use it as normal. ### Shutdown The Tails qube will not shut down cleanly. From 11f00edaa13080f72c100bf24ea00da769d7cbe3 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Tue, 28 Nov 2017 09:24:41 -0600 Subject: [PATCH 042/214] Add QSB 36 --- security-info/security-bulletins.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/security-info/security-bulletins.md b/security-info/security-bulletins.md index 2b9b9ca6..01a01e49 100644 --- a/security-info/security-bulletins.md +++ b/security-info/security-bulletins.md @@ -81,5 +81,6 @@ Qubes Security Bulletins are published through the [Qubes Security Pack](/securi - [Qubes Security Bulletin \#32](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-032-2017.txt) (Xen hypervisor and Linux kernel vulnerabilities (XSA-226 through XSA-230)) - [Qubes Security Bulletin \#33](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-033-2017.txt) (Xen hypervisor (XSA-231 through XSA-234)) - [Qubes Security Bulletin \#34](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-034-2017.txt) (GUI issue and Xen vulnerabilities (XSA-237 through XSA-244)) -- [Qubes Security Bulletin \#34](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-035-2017.txt) (Xen hypervisor issue related to grant tables (XSA-236)) +- [Qubes Security Bulletin \#35](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-035-2017.txt) (Xen hypervisor issue related to grant tables (XSA-236)) +- [Qubes Security Bulletin \#36](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-036-2017.txt) (Xen hypervisor issue in populate-on-demand code (XSA-247)) From 4d1a30ccce5604459751b6e2a06c84892c36a08d Mon Sep 17 00:00:00 2001 From: Paras Chetal Date: Sat, 10 Jun 2017 11:37:29 +0530 Subject: [PATCH 043/214] Add solution to force USB ports to use USB 2.0 mode. Closes #432 --- about/faq.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/about/faq.md b/about/faq.md index 5ec48656..34eefc0e 100644 --- a/about/faq.md +++ b/about/faq.md @@ -303,7 +303,11 @@ A device that does not support reset is not safe and generally should not be ass Most likely the offending controller is a USB 3.0 device. You can remove this controller from the usbVM, and see if this allows the VM to boot. -Alternatively you may be able to disable USB 3.0 in the BIOS. +Alternatively you may be able to disable USB 3.0 in the BIOS. +If the BIOS does not have the option to disable USB 3.0, try running the following command in dom0 to [force USB 2.0 modes for the USB ports][force_usb2]: + + lspci -nn | grep USB | cut -d '[' -f3 | cut -d ']' -f1 | xargs -I@ setpci -H1 -d @ d0.l=0 + Errors suggesting this issue: @@ -475,3 +479,4 @@ No. Unlike many other virtualization systems, Qubes takes special effort to keep This has been achieved thanks to the careful use of Xen's stub domain feature. For more details about how we improved on Xen's native stub domain use, see [here](https://blog.invisiblethings.org/2012/03/03/windows-support-coming-to-qubes.html). +[force_usb2]: https://www.systutorials.com/qa/1908/how-to-force-a-usb-3-0-port-to-work-in-usb-2-0-mode-in-linux From 06f6550cb3ac28e53fa5d1efeaff6903cfda5151 Mon Sep 17 00:00:00 2001 From: voltylicious Date: Sat, 2 Dec 2017 11:44:56 -0800 Subject: [PATCH 044/214] Add instructions for newer UEFI systems Add instructions on how to create a USB installation medium that works on newer ThinkPad systems in UEFI-only mode. This is necessary because existing troubleshooting steps for ThinkPad and UEFI are no longer sufficient. The content was created based on the thread at https://groups.google.com/forum/#!topic/qubes-users/TEmVIozLJh0 --- troubleshooting/thinkpad-troubleshooting.md | 27 +++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/troubleshooting/thinkpad-troubleshooting.md b/troubleshooting/thinkpad-troubleshooting.md index 4e5ed82b..77009136 100644 --- a/troubleshooting/thinkpad-troubleshooting.md +++ b/troubleshooting/thinkpad-troubleshooting.md @@ -15,6 +15,33 @@ redirect_from: # Lenovo ThinkPad Troubleshooting # +## Instructions to create USB installation medium for newer (UEFI-only) ThinkPads ## +Newer ThinkPads (e.g. T470, T470p, ThinkPad 25) are likely to fail installation attempts made from a USB stick that was created with dd or Rufus, and even from a DVD burned using official ISO images - if the ThinkPad is configured for UEFI boot. If you don't want to use Legacy Mode as a workaround, the following instructions should help you create a Qubes Installation USB stick that works in UEFI-only mode. + +In a nutshell, you need to use the Fedora livecd-tools to make a Qubes Installation USB Stick from the Qubes ISO image, then update the label on the partition of that USB stick to "BOOT", and then update the BOOT/EFI/xen.cfg file on the USB stick so that all labels point to BOOT. In more detail: + +1. On your ThinkPad, enter the UEFI setup (press F1 at startup) and make sure to set at least the following options: + - *USB UEFI BIOS Support: Enabled* + - *UEFI/Legacy Boot: UEFI Only* + - *Secure Boot: Disabled* +2. On a different computer, create a "Fedora Live USB Stick": Download a current Fedora Live CD image, and put it onto a USB stick (e.g. using dd or Rufus). Start your ThinkPad from the Fedora Live USB Stick on your ThinkPad (Press F12 at startup to select boot device). Of course, you can alternatively start a different machine from the Fedora Live USB Stick, or use an existing Fedora installation. The next steps all occur within Fedora: +3. Install livecd-tools: `# dnf install livecd-tools` +4. Download the desired Qubes ISO image (or attach a storage device containing it), and verify the signatures as described in the Qubes installation guide. For these instructions, I assume the ISO image is at */run/media/liveuser/qsrc/Qubes-R4.0-rc3-x86_64.iso* (so whenever you see that path going forward in these instructions, replace it with whatever your own path is) +5. Within Fedora, attach the USB stick that you would like to turn into your Qubes Installation USB Stick. Use `dmesg` to figure out what the device name of that stick is. For these instructions, I assume it's */dev/sdd* (so whenever you see */dev/sdd* going forward in these instructions, replace it with whatever your actual device name is) +6. Make sure your target USB stick (presumed to be /dev/sdd) has no mounted partitions: ``# umount /dev/sdd*`` (the asterisk at the end makes sure to unmount all partitions if more than one exists). If none are mounted you'll get an error that you can ignore. +7. Use livecd-tools to copy the image: ``# livecd-iso-to-disk --format --efi /run/media/liveuser/qsrc/Qubes-R4.0-rc3-x86_64.iso /dev/sdd``. **This will erase everything on the drive. Make sure you specify the correct destination.** Then press ENTER when prompted to proceed. This process will take quite a while, be patient. +8. When imaging is complete, change the partition label to BOOT: ``# dosfslabel /dev/sdd1 BOOT`` +9. Now create a mount point and mount the partition: + + ``# mkdir /mnt/qinst`` + + ``# mount /dev/sdd1 /mnt/qinst/`` + +10. Use your favorite editor to edit the file */mnt/qinst/EFI/BOOT/xen.cfg*: Replace all instances of ``LABEL=Qubes-R4.0-rc3-x86_64`` with ``LABEL=BOOT``. There is typically no space in front of ``LABEL``, but there is a space at the end of the portion you replace. +11. Unmount the Qubes Installation USB stick: ``# umount /dev/sdd*`` and disconnect it. + +That's it! You can now reboot the machine with the Qubes USB Installation stick attached, and press F12 to select it as the boot device at startup. Proceed to install Qubes OS normally. Enjoy! + ## ThinkPads with Intel HD 3000 graphics ## Several ThinkPad models have Intel HD 3000 graphics, including the T420s and the From 0a39381dd30a45dd5fd94099aedfec7ab8a6d524 Mon Sep 17 00:00:00 2001 From: Yethal Date: Sun, 3 Dec 2017 03:01:34 +0100 Subject: [PATCH 045/214] Removed outdated instructions Instructions related to Chrome app were removed as the app is no longer supported. --- privacy/signal.md | 81 ----------------------------------------------- 1 file changed, 81 deletions(-) diff --git a/privacy/signal.md b/privacy/signal.md index 5cc8ce0d..73bf1cd8 100644 --- a/privacy/signal.md +++ b/privacy/signal.md @@ -26,91 +26,10 @@ What is [Signal]? How to install Signal in Qubes ------------------------------ -If you're a Signal user on Android, you can now have Signal inside Qubes. - -1. Install the Chromium browser in a TemplateVM. -2. Shut down the TemplateVM. -3. Create a new AppVM based on this TemplateVM. -4. Launch Chromium browser in the new AppVM, type `chrome://extensions/` in the - address bar, and follow the link to the Chrome app store. -4. In the app store, search for "Signal Private Messenger" and install the app. -5. The app launches automatically on first install. Follow the prompts to "link" - this app with your phone. -6. Signal should now work in your AppVM. - - -Creating a Shortcut in the applications menu --------------------------------------------- - -Let's make Signal a bit more usable by creating a shortcut in our desktop -panel that launches Signal directly. This assumes that you're using KDE or Xfce in Dom0, -you use Signal in an AppVM named `Signal`, and this AppVM uses `fedora-23` as its TemplateVM. - -1. Follow [these instructions][shortcut] to create a desktop shortcut on the Desktop of your Signal AppVM. - Let's assume the shortcut file you get is `/home/user/Desktop/chrome-bikioccmkafdpakkkcpdbhpfkkhcmohk-Default.desktop` -2. Copy this shortcut file to the AppVM's TemplateVM - in this case, to `fedora-23`. - - [user@Signal ~]$ qvm-copy-to-vm fedora-23 /home/user/Desktop/chrome-bikioccmkafdpakkkcpdbhpfkkhcmohk-Default.desktop - -3. You'll also want to copy across an icon for your new shortcut - you can find this at - `/home/user/.local/share/icons/hicolor/48x48/apps/chrome-bikioccmkafdpakkkcpdbhpfkkhcmohk-Default.png` - Copy this icon to the `fedora-23` TemplateVM in the same way as step 2. -4. Open a terminal in your `fedora-23` TemplateVM and `cd` to `/home/user/QubesIncoming/Signal/`. - You should find your shortcut and icon files just transferred across from the Signal AppVM. - Move these files to the following locations: - - [user@fedora-23 Signal]$ sudo mv chrome-bikioccmkafdpakkkcpdbhpfkkhcmohk-Default.desktop /usr/share/applications/ - [user@fedora-23 Signal]$ sudo mv chrome-bikioccmkafdpakkkcpdbhpfkkhcmohk-Default.png /usr/share/icons/hicolor/48x48/apps/ - -5. From a Dom0 terminal, instruct Qubes to synchronize the application menus of this TemplateVM: - - [user@dom0 ~]$ qvm-sync-appmenus fedora-23 - -6. Stop both the AppVM (`Signal`) and its TemplateVM (`fedora-23`). - The `Signal` VM will now see the desktop file in `/usr/share/applications` when it is next started. - -7. With your mouse select the `Q` menu -> `Domain: Signal` -> `Signal: Add more shortcuts` - Select `Signal Private Messenger` from the left `Available` column, move it to the right `Selected` column by clicking the `>` button and then `OK` to apply the changes and close the window. -8. (optional, only on KDE:) Follow the `Q` menu once more, right-click on the new `Signal: Signal Private Messenger` menu item and select `Add to Panel`. - -You can now launch the Signal messenger inside its own dedicated AppVM directly from the desktop. - -The same steps should work for any Chrome app. - -Creating a shortcut in the applications menu for a StandaloneVM ---------------------------------------------------------------- - -If you want to add to the standalone VM rather than a template, then follow below. -The following part will also assume that the .desktop file has been correctly made. -This can also be used to add a application portable application/script from a tar archive, also this part of the guide is assuming that the StandaloneVM is called `Signal`. - -1. First you will need to copy/move the .desktop file: `/home/user/Desktop/chrome-bikioccmkafdpakkkcpdbhpfkkhcmohk-Default.desktop`to the applications folder on the StandaloneVM: `/usr/share/applications/` - - [user@Signal ~]$ sudo mv /home/user/Desktop/chrome-bikioccmkafdpakkkcpdbhpfkkhcmohk-Default.desktop /usr/share/applications/ - -2. Now copy/move over the icon file to make it look all nice and pretty. - - [user@Signal ~]$ sudo mv /home/user/Desktop/chrome-bikioccmkafdpakkkcpdbhpfkkhcmohk-Default.desktop /usr/share/icons/hicolor/48x48/apps/ - -3. Now fire up the `dom0` Terminal Emulator from `Q` Menu -> `Terminal Emulator`. All you need to do now is run the command to sync the app menus `qvm-sync-appmenus` along with the Standalone VM name `Signal`. - - [user@dom0 ~]$ qvm-sync-appmenus Signal - -4. Now stop the StandaloneVM: `Signal`. - -5. With your mouse select the `Q` menu -> `Domain: Signal` -> `Signal: Add more shortcuts`. Select `Signal Private Messenger` from the left `Available` column, move it to the right `Selected` column by clicking the `>` button and then `OK` to apply the changes and close the window. - -6. (optional, only on KDE:) Follow the `Q` menu once more, right-click on the new `Signal: Signal Private Messenger` menu item and select `Add to Panel`. - -Use an AppVM based on Debian ----------------------------- - **CAUTION:** Before proceeding, please carefully read [On Digital Signatures and Key Verification][qubes-verifying-signatures]. This website cannot guarantee that any PGP key you download from the Internet is authentic. Always obtain a trusted key fingerprint via other channels, and always check any key you download against your trusted copy of the fingerprint. -If you don't use Chromium, you can install signal with Debian: - 1. (Optional)Create a TemplateVM (Debian 8) [user@dom0 ~]$ sudo qubes-dom0-update qubes-template-debian-8 From b43a452bcabd4b855803d41588eb52c665e63ae7 Mon Sep 17 00:00:00 2001 From: William Pierce <19642016+pierwill@users.noreply.github.com> Date: Mon, 4 Dec 2017 14:13:11 -0600 Subject: [PATCH 046/214] Edits to dispvm.md for style and clarity --- common-tasks/dispvm.md | 83 ++++++++++++++++++++++++++---------------- 1 file changed, 52 insertions(+), 31 deletions(-) diff --git a/common-tasks/dispvm.md b/common-tasks/dispvm.md index 37416fd1..250b7c60 100644 --- a/common-tasks/dispvm.md +++ b/common-tasks/dispvm.md @@ -11,74 +11,95 @@ redirect_from: Disposable VMs (DispVMs) ======================== -Background ----------- +A Disposable VM (DispVM) is a lightweight VM that can be created quickly and will disappear when closed. +Disposable VMs are usually created in order to host a single application, like a viewer, editor, or web browser. +Changes made to a file opened in a Disposable VM are passed back to the originating VM. +This means that you can safely work with untrusted files without risk of compromising your other VMs. +DispVMs can be created either directly from Dom0 or from within AppVMs. +Once a DispVM has been created it will appear in Qubes VM Manager with the name "dispX". -A Disposable VM (DispVM) is a lightweight VM that can be created quickly and which will disappear when it is finished with. Usually a Disposable VM is created in order to host a single application, like a viewer or an editor. This means that you can safely work with files without risk of compromising any of your VMs. Changes made to a file opened in a disposable VM are passed back to the originating VM. See [this article](https://blog.invisiblethings.org/2010/06/01/disposable-vms.html) for more on why would one want to use a Disposable VM. +See [this article](https://blog.invisiblethings.org/2010/06/01/disposable-vms.html) for more on why one would want to use a Disposable VM. -By default a DispVM will inherit the NetVM and firewall settings of the ancestor VM, that is the VM it is launched from. Thus if an AppVM uses sys-net as NetVM (instead of, say, sys-whonix), any DispVM launched from this AppVM will also have sys-net as its NetVM. You can change this behaviour for individual VMs: in Qubes VM Manager open VM Settings for the VM in question and go to the "Advanced" tab. Here you can edit the "NetVM for DispVM" setting to change the NetVM of any DispVM launched from that VM. +Disposable VMs and Networking +----------------------------- -A DispVM launched from the Start Menu inherits the NetVM of the [DVM Template](https://www.qubes-os.org/doc/glossary/#dvm-template). By default it is named `fedora-XX-dvm` (where `XX` is the Fedora version of the default TemplateVM) and, as a so-called internal VM, hidden in Qubes VM Manager; it can be shown by selecting "Show/Hide internal VMs". Notice that changing the "NetVM for DispVM" setting for the DVM Template does *not* affect the NetVM of DispVMs launched from the Start Menu; only changing the DVM Template's own NetVM does. +NetVM and firewall rules for Disposable VMs can be set as they can for a normal VM. +By default a DispVM will inherit the NetVM and firewall settings of the VM from which it is launched. +Thus if an AppVM uses sys-net as its NetVM, any DispVM launched from this AppVM will also have sys-net as its NetVM. +You can change this behaviour for individual VMs: in Qubes VM Manager open VM Settings for the VM in question and go to the "Advanced" tab. +Here you can edit the "NetVM for DispVM" setting to change the NetVM of any DispVM launched from that VM. -Once a DispVM has been created it will appear in Qubes VM Manager with the name "dispX", and NetVM and firewall rules can be set as for a normal VM. +A Disposable VM launched from the Start Menu inherits the NetVM of the [DVM Template](https://www.qubes-os.org/doc/glossary/#dvm-template). +By default the DMV template is called `fedora-XX-dvm` (where `XX` is the Fedora version of the default TemplateVM). +As an "internal" VM it is hidden in Qubes VM Manager, but can be shown by selecting "Show/Hide internal VMs". +Note that changing the "NetVM for DispVM" setting for the DVM Template does *not* affect the NetVM of DispVMs launched from the Start Menu; only changing the DVM Template's own NetVM does. +Opening a file in a Disposable VM via GUI +----------------------------------------- -Opening a file in a Disposable VM (via GUI) -------------------------------------------- - -In some AppVM, right click on the file you wish to open in a Disposable VM (in the Nautilus file manager), then choose "Open in Disposable VM". Wait a few seconds and the default application for this file type should appear displaying the file content. This app is running in a whole new VM -- a disposable VM created for the purpose of viewing or editing this very file. Once you close the viewing application the whole Disposable VM will be destroyed. If you have edited the file and saved the changes the changed file will be saved back to the original VM, overwriting the original. +In an AppVM's file manager, right click on the file you wish to open in a Disposable VM, then choose "Open in Disposable VM". +Wait a few seconds and the default application for this file type should appear displaying the file content. +This app is running in its own dedicated VM -- a Disposable VM created for the purpose of viewing or editing this very file. +Once you close the viewing application the whole Disposable VM will be destroyed. +If you have edited the file and saved the changes, the changed file will be saved back to the original AppVM, overwriting the original. ![r1-open-in-dispvm-1.png](/attachment/wiki/DisposableVms/r1-open-in-dispvm-1.png) ![r1-open-in-dispvm-2.png](/attachment/wiki/DisposableVms/r1-open-in-dispvm-2.png) Opening a fresh web browser instance in a new Disposable VM ----------------------------------------------------------- -Sometimes it is convenient to open a fresh instance of Firefox within a new fresh Disposable VM. This can be easily done by using the Start Menu: just go to Start -\> System Tools -\> DispVM:Firefox web browser . Wait a few seconds until a web browser starts. Once you close the viewing application the whole Disposable VM will get destroyed. +Sometimes it is desirable to open an instance of Firefox within a new fresh Disposable VM. +This can be done easily using the Start Menu: just go to Start -\> System Tools -\> DispVM:Firefox web browser. +Wait a few seconds until a web browser starts. +Once you close the viewing application the whole Disposable VM will be destroyed. ![r1-open-in-dispvm-3.png](/attachment/wiki/DisposableVms/r1-open-in-dispvm-3.png) Opening a file in a Disposable VM via command line (from AppVM) --------------------------------------------------------------- -Use the `qvm-open-in-dvm` command line (from your AppVM), e.g.: +Use the `qvm-open-in-dvm` command from a terminal in your AppVM: ~~~ [user@work-pub ~]$ qvm-open-in-dvm Downloads/apple-sandbox.pdf ~~~ -The qvm-open-in-dvm will not exit until you close the application in the Disposable VM. - -Starting an arbitrary application in a disposable VM via command line (from Dom0) ---------------------------------------------------------------------------------- - -**Note:** Normally there should be no need for doing this -- this is just for Qubes hackers ;) - -~~~ -[joanna@dom0 ~]$ echo xterm | /usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0 DEFAULT red -~~~ - -In fact the Disposable VM appmenu used for starting Firefox contains a very similar command to the above. Please note, however, that it generally makes little sense to start any other application other than a Web Browser this way... +Note that the `qvm-open-in-dvm` process will not exit until you close the application in the Disposable VM. Starting an arbitrary program in a Disposable VM from an AppVM -------------------------------------------------------------- -Sometimes it might be useful to start an arbitrary program, such as e.g. terminal in an Disposable VM from an AppVM. This could be simply done this way: +Sometimes it can be useful to start an arbitrary program in a DispVM. This can be done from an AppVM by running ~~~ [user@vault ~]$ qvm-run '$dispvm' xterm ~~~ -Note the above command is issued in an AppVM, not in Dom0. The created Disposable VM can be normally accessed via other tools, such as e.g. `qvm-copy-to-vm`, using its 'dispX' name, as shown by the Qubes Manager or `qvm-ls` tools. +The created Disposable VM can be accessed via other tools (such as `qvm-copy-to-vm`) using its "dispX" name as shown in the Qubes Manager or `qvm-ls`. +Starting an arbitrary application in a Disposable VM via command line (from Dom0) +--------------------------------------------------------------------------------- + +The Start Menu has shortcuts for opening a terminal and a web browser in dedicated DispVMs, since these are very common tasks. +However, it is possible to start an arbitrary application in a DispVM directly from Dom0 by running + +~~~ +[joanna@dom0 ~]$ echo xterm | /usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0 DEFAULT red +~~~ + +(The Disposable VM appmenu used for starting Firefox runs a very similar command to the one above.) Customizing Disposable VMs ---------------------------------------------------------- - -You can change the template used to generate the Disposable VM, and change settings used in the Disposable VM savefile. These changes will be reflected in every new Disposable VM. -Full instructions are [here](/doc/dispvm-customization/). +-------------------------- +You can change the template used to generate the Disposable VM, and change settings used in the Disposable VM savefile. +These changes will be reflected in every new Disposable VM. +Full instructions can be found [here](/doc/dispvm-customization/). Disposable VMs and Local Forensics ---------------------------------- -At this time, DispVMs should not be relied upon to circumvent local forensics, as they do not run entirely in RAM. For details, see [this thread](https://groups.google.com/d/topic/qubes-devel/QwL5PjqPs-4/discussion). +At this time, DispVMs should not be relied upon to circumvent local forensics, as they do not run entirely in RAM. +For details, see [this thread](https://groups.google.com/d/topic/qubes-devel/QwL5PjqPs-4/discussion). + +When it is essential to avoid leaving any trace, consider using [Tails](https://tails.boum.org/). From 4217ec492fc52bcd71de777b6753d951f23fe964 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Wed, 6 Dec 2017 21:37:04 -0600 Subject: [PATCH 047/214] Fix typo --- common-tasks/dispvm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common-tasks/dispvm.md b/common-tasks/dispvm.md index 250b7c60..3dc72eaa 100644 --- a/common-tasks/dispvm.md +++ b/common-tasks/dispvm.md @@ -30,7 +30,7 @@ You can change this behaviour for individual VMs: in Qubes VM Manager open VM Se Here you can edit the "NetVM for DispVM" setting to change the NetVM of any DispVM launched from that VM. A Disposable VM launched from the Start Menu inherits the NetVM of the [DVM Template](https://www.qubes-os.org/doc/glossary/#dvm-template). -By default the DMV template is called `fedora-XX-dvm` (where `XX` is the Fedora version of the default TemplateVM). +By default the DVM template is called `fedora-XX-dvm` (where `XX` is the Fedora version of the default TemplateVM). As an "internal" VM it is hidden in Qubes VM Manager, but can be shown by selecting "Show/Hide internal VMs". Note that changing the "NetVM for DispVM" setting for the DVM Template does *not* affect the NetVM of DispVMs launched from the Start Menu; only changing the DVM Template's own NetVM does. From 9408f8d2ee75d4a406bf981b4d9c01c48901d6fc Mon Sep 17 00:00:00 2001 From: William Pierce <19642016+pierwill@users.noreply.github.com> Date: Thu, 7 Dec 2017 22:34:54 -0600 Subject: [PATCH 048/214] Consistently use the term "third-party" --- basics_dev/coding-style.md | 2 +- common-tasks/software-update-dom0.md | 2 +- common-tasks/software-update-vm.md | 4 ++-- configuration/network-printer.md | 4 ++-- customization/dispvm-customization.md | 2 +- debugging/profiling.md | 2 +- security/security-guidelines.md | 2 +- services/dom0-secure-updates.md | 2 +- system/security-critical-code.md | 4 ++-- 9 files changed, 12 insertions(+), 12 deletions(-) diff --git a/basics_dev/coding-style.md b/basics_dev/coding-style.md index c7a18b80..35477e43 100644 --- a/basics_dev/coding-style.md +++ b/basics_dev/coding-style.md @@ -78,7 +78,7 @@ File naming conventions **File naming in Windows systems:** - All base qubes-related files in `C:\Program Files\Invisible Things Lab\Qubes\` (Exceptionally spaces are allowed here to adhere to Windows naming conventions) -- Other, 3rd party files, not Qubes-specific, such as e.g. Xen PV drivers might be in different vendor subdirs, e.g. `C:\Program Files\Xen PV Drivers` +- Other, third-party files, not Qubes-specific, such as e.g. Xen PV drivers might be in different vendor subdirs, e.g. `C:\Program Files\Xen PV Drivers` General programming style guidelines ------------------------------------ diff --git a/common-tasks/software-update-dom0.md b/common-tasks/software-update-dom0.md index 74d14336..1c59390f 100644 --- a/common-tasks/software-update-dom0.md +++ b/common-tasks/software-update-dom0.md @@ -14,7 +14,7 @@ Updating software in dom0 Why would one want to update software in dom0? ---------------------------------------------- -Normally, there should be few reasons for updating software in dom0. This is because there is no networking in dom0, which means that even if some bugs are discovered e.g. in the dom0 Desktop Manager, this really is not a problem for Qubes, because none of the 3rd party software running in dom0 is accessible from VMs or the network in any way. Some exceptions to this include: Qubes GUI daemon, Xen store daemon, and disk back-ends. (We plan move the disk backends to an untrusted domain in Qubes 2.0.) Of course, we believe this software is reasonably secure, and we hope it will not need patching. +Normally, there should be few reasons for updating software in dom0. This is because there is no networking in dom0, which means that even if some bugs are discovered e.g. in the dom0 Desktop Manager, this really is not a problem for Qubes, because none of the third-party software running in dom0 is accessible from VMs or the network in any way. Some exceptions to this include: Qubes GUI daemon, Xen store daemon, and disk back-ends. (We plan move the disk backends to an untrusted domain in Qubes 2.0.) Of course, we believe this software is reasonably secure, and we hope it will not need patching. However, we anticipate some other situations in which updating dom0 software might be necessary or desirable: diff --git a/common-tasks/software-update-vm.md b/common-tasks/software-update-vm.md index b205980a..1e06b2c4 100644 --- a/common-tasks/software-update-vm.md +++ b/common-tasks/software-update-vm.md @@ -123,7 +123,7 @@ There are several ways to deal with this problem: Some popular questions: -- So, why should we actually trust Fedora repos -- it also contains large amount of 3rd party software that might buggy, right? +- So, why should we actually trust Fedora repos -- it also contains large amount of third-party software that might buggy, right? As long as template's compromise is considered, it doesn't really matter whether /usr/bin/firefox is buggy and can be exploited, or not. What matters is whether its *installation* scripts (such as %post in the rpm.spec) are benign or not. Template VM should be used only for installation of packages, and nothing more, so it should never get a chance to actually run the /usr/bin/firefox and got infected from it, in case it was compromised. Also, some of your more trusted AppVMs, would have networking restrictions enforced by the [firewall VM](/doc/firewall/), and again they should not fear this proverbial /usr/bin/firefox being potentially buggy and easy to compromise. @@ -168,7 +168,7 @@ qvm-create --template --label