diff --git a/basics_user/doc-guidelines.md b/basics_user/doc-guidelines.md index e8df3b06..4c8f6035 100644 --- a/basics_user/doc-guidelines.md +++ b/basics_user/doc-guidelines.md @@ -225,26 +225,6 @@ Good general content that was submitted only to one branch would effectively dis For further discussion about version-specific documentation in Qubes, see [here][version-thread]. -Contribution Suggestions ------------------------- - - * If you find any inaccuracies in the documentation, please correct them! - - * If you find an inaccuracy but don't know how to correct it, you can still help - by documenting the inaccuracy. For example, if you have *thoroughly* tested - a set of steps in the documentation and know *for certain* that they no - longer work on a certain version of Qubes (maybe because the steps are - out-of-date), then please add a note to the documentation indicating this. - You may also wish to provide a link to a relevant thread on the [mailing - lists]. - - * Where appropriate, specify the version of the software to which your - contribution applies. For example, if you're contributing a set of - instructions for doing something in dom0, specify the version(s) of Qubes OS - with which you know these instructions to work. This allows future readers to - more easily estimate the accuracy and applicability of information. - - Style Guidelines ---------------- diff --git a/common-tasks/full-screen-mode.md b/common-tasks/full-screen-mode.md index e5542918..3ebd6a94 100644 --- a/common-tasks/full-screen-mode.md +++ b/common-tasks/full-screen-mode.md @@ -32,16 +32,6 @@ Enabling full screen mode for select VMs If you want to enable full screen mode for select VMs, you can do that by creating the following entry in the `/etc/qubes/guid.conf` file in Dom0: -**Note:** Regardless of the settings below, you can always put a window into -fullscreen mode in Xfce4 using the trusted window manager by right-clicking on -a window's title bar and selecting "Fullscreen". This functionality should still -be considered safe, since a VM window still can't voluntarily enter fullscreen -mode. The user must select this option from the trusted window manager in dom0. -To exit fullscreen mode from here, press `alt` + `space` to bring up the title -bar menu again, then select "Leave Fullscreen". - -**Note:** There should be only one `VM: {}` block in the file (or you will [get into problems](https://groups.google.com/d/msg/qubes-users/-Yf9yNvTsVI/xXsEm8y2lrYJ)) - ~~~ VM: { personal: { @@ -52,6 +42,8 @@ VM: { The string 'personal' above is an example only and should be replaced by the actual name of the VM for which you want to enable this functionality. +**Note:** There should be only one `VM: {}` block in the file (or you will [get into problems](https://groups.google.com/d/msg/qubes-users/-Yf9yNvTsVI/xXsEm8y2lrYJ)) + One can also enable this functionality for all the VMs globally in the same file, by modifying the 'global' section: ~~~ @@ -66,3 +58,13 @@ global: { ~~~ Be sure to restart the VM(s) after modifying this file, for the changes to take effect. + + +**Note:** Regardless of the settings above, you can always put a window into +fullscreen mode in Xfce4 using the trusted window manager by right-clicking on +a window's title bar and selecting "Fullscreen". This functionality should still +be considered safe, since a VM window still can't voluntarily enter fullscreen +mode. The user must select this option from the trusted window manager in dom0. +To exit fullscreen mode from here, press `alt` + `space` to bring up the title +bar menu again, then select "Leave Fullscreen". +For StandaloneHVMs, you should set the screen resolution in the qube to that of the host, (or larger), *before* setting fullscreen mode in Xfce4. diff --git a/security/split-gpg.md b/security/split-gpg.md index cba62a39..5b3f8d51 100644 --- a/security/split-gpg.md +++ b/security/split-gpg.md @@ -74,14 +74,16 @@ signed before the operation gets approved. Perhaps the GPG backend domain could start a Disposable VM and have the to-be-signed document displayed there? To Be Determined. -- The Split GPG client will fail to sign or encrypt if the private key in the -GnuPG backend is protected by a passphrase, it will give a *"Inappropriate ioctl -for device"* error. Avoid setting passphrases for the private keys in the GPG -backend domain, it won't provide extra security anyway, as explained before. If -you have a private key that already has a passphrase set use -`gpg2 --edit-key {key_id}`, then `passwd` to set an empty passphrase. Be aware -that `pinentry-ncurses` doesn't allow setting empty passphrases, so you would need -to install `pinentry-gtk` for it to work. +- The Split GPG client will fail to sign or encrypt if the private key in the +GnuPG backend is protected by a passphrase. It will give an `Inappropriate ioctl +for device` error. Do not set passphrases for the private keys in the GPG +backend domain. Doing so won't provide any extra security anyway, as explained +[above][intro] and [below][using split GPG with subkeys]. If you are generating +a new key pair, or if you have a private key that already has a passphrase, you +can use `gpg2 --edit-key ` then `passwd` to set an empty passphrase. +Note that `pinentry` might show an error when you try to set an empty +passphrase, but it will still make the change. (See [this StackExchange +answer][se-pinentry] for more information.) ## Configuring Split GPG ## @@ -396,6 +398,8 @@ exercise caution and use your good judgment.) [#474]: https://github.com/QubesOS/qubes-issues/issues/474 [using split GPG with subkeys]: #advanced-using-split-gpg-with-subkeys +[intro]: #what-is-split-gpg-and-why-should-i-use-it-instead-of-the-standard-gpg +[se-pinentry]: https://unix.stackexchange.com/a/379373 [​subkeys]: https://wiki.debian.org/Subkeys [copied]: /doc/copying-files#on-inter-qube-file-copy-security [pasted]: /doc/copy-paste#on-copypaste-security