Since booting with the latest QubesOS 4.2.3 USB fails with blackened screen, I found this post suggesting booting with an older Qubes 4.1.2 USB, succeeding in installing Qubes OS.
When upgrading Qubes to 4.2.3, whonix templates fails since the older versions are not maintained, so you might have to delete them and recreate these afterwards.
When finishing the installation and upgrading dom0 for the final time, remember to put the above kernel parameters into the /etc/grub2.cfg. I believe this might be a struggle after every kernel update from here on 🙂
Suspend is not working either. Screen turns dark and nothing happens
Enjoy!
Update: recommend to exchange battery when dealing with an older laptop. Got 2+ hours instead of 30 minutes buying a cheap battery on amazon: Amazon 7xinbox battery
Suspending the laptop is not working. even closing the lid just turns screen black, even with every power management tool I know set on not doing anything. Also, after running for some time, sound turns awful and a reboot is needed, so I tried Ubuntu on this device and everything just works. I absolutely adore QubesOS on my Intel NUC, but this laptop is not a sensible choice for QubesOS. Other hardware is recommended, sadly. The support is non-existing.
unman has provided templates for Kali-enthusiasts to QubesOS (v. 4.1 only) and you need to enable the repository in /etc/qubes/repo-templates/qubes-templates.repo. The mentioned command using “enable-repo …” mentioned in the forum did not work for me, so I had to edit the 1 directly in the file 🙂
Edit the repo-file:
Install the template:
Then I created an AppVM based on the Kali template and vupti, everything works perfectly.
That is except for reverse shell 🙂
I had an issue with reverse shell’s not working on Qubes Kali AppVM, due to firewall restrictions even though I disabled the firewall following these instructions(Spoiler:NOT working in Qubes AppVM).
I got no SYN-ACK to my SYN’s, and with the firewall “disabled” I tried searching elsewhere for answers. It turned out that disabling the local firewall in Kali is not enough and I am afraid to mess up security by following the guides incorrectly.
To resolve the issue, clean out the firewall rules on the local AppVM (or template VM for persistance):
This can be done in a more optimal way opening up only for the specific endpoints/IP-range’s from TryHackMe, but this just gets your reverse shells working right now.
The other, safer way, that works (if there is no inbound firewall on target host), is to change the payload in metasploit from reverse_tcp to bind_tcp with a sample:
set PAYLOAD payload/linux/x86/meterpreter/bind_tcp
My daily patching of my Qubes fedora-32 template failed, and I just found our that Skype might be the reason. I tried starting skype, and found it to be requiring of an update:
Update, pretty please…
This proved faulty, since Microsoft might have given up on Skype, their last update was unsigned and broke updates on one of my fedora-32 templates.
Has the trainee Linux enthusiast been responsible for the full delivery?
Then I tried forcing the install, since I trusted the package origin, but I saw that the quality of the package might be below par(it does work, though), so I chose to part with Skype for now:
Updating / installing… 1:skypeforlinux-8.62.0.83-1 ################################# [100%] Redirecting to /bin/systemctl start atd.service Failed to start atd.service: Unit atd.service not found.
Goodbye Skype. Maybe we will meet again some day out of nostalgia alone.
Remember to remove the repo also, if you really mean it 🙂
So, instead of just downloading the package from keepassxc.org and miss any updates coming in the future, I decided to install from testing repository, and hope that the package will be sent to stable in the near future. I accept the risk that seems to be close non-existing, compared to trusting the stable/testing repo:
Do this in your qubes template, if the above install and usage of the app is successful. If you’re paranoid, you can test in a small appvm with network capture on, etc. 🙂
The above shows success and the version is as follows on fedora-30:
Less than 10 days later we had the same issue, so contemplating on how it is possible to have 1 package using the “updates-testing” repository and the rest run stable (without having the below running in a cron job)
Sharing my experiences, installing Windows 10 Enterprise on Qubes 4.0, maybe spiced up with the infamous QWT(Qubes Windows Tools 4.0.1.3) installation(Spoiler alert: NOT Working!).
Following this guide, I will try to describe the issues I’ve been encountering accompanied with screenshots. The big issue is getting the Qubes Windows tools to install properly. All my installations have failed, so even though Invisible Things Lab has worked on QWT tirelessly for years, corporate clients, understandably, is more important than a few backers and the community. The backers are apparently not contributing enough, although I might believe that backer numbers would go through the roof, if the tools would work, flawlessly on windows 10. If you want to contribute to Qubes OS, please donate either once or continuously here. And if you have the skills and tools to make QWT v.4.0.2.0, then please create an indiegogo(or similar) crowdfunding campaign. I’m sure it will be backed.
But, let’s go and take som challenges. The first one is that fedora doesn’t support exFAT (crazy as it sounds, and I wrote about this before here), and debian does. That means I have to use a debian appVM to share the ISO file to the new Windows 10 VM. unless, there is another way.
mounting usb with my debianWe begin with creating the VM and starting it with the ISO attachedHere is via the qubes manager, browsing to the usb iso, in the VM settings tab. Actually the “block device” option seems neat, too. Very neat, indeed.It takes quite a while to get this screen, depending on the circumstances of hardware and drivers. Be patient…Goes without sayingSelect here what your license key matches or continue with your favorite flavor if on a company network with a KMS setup.Don’t use pirated software. It’s highly likely to be infected with malware.Fresh install is #2Select the disc you have created at firstWait for the copy of windows install filesAlmost there…After reboot, the install continues.As a danish person, using a completely messed up laptop, keyboardwise, I need more than 1 keyboard layout)And the magic continuesand continuesChange the video and timeout settings, before booting again.If not using a cloud account(who would want that?, type in stuff, that does not exist, to get the other optionClick on “set up Windows with a local account”Type a passwordand confirm itAnnoying waste of time.answer annoying questionsdo it againagainand why can’t you select “none” ?I need to craete an unattended install.Enough with the annoyances, alreadysigh….Now, thing look promisingtadaaa, now we have a bare system with no updates and no QWT. Shut down and clone.Install updates and activate windows! I had to download some updates manually and choose troubleshoot updates, since errors occurred. I really admire Microsoft on the troubles of updating their systems. I bet, with the Microsoft “contribution” to open source, the problems will start emerging in the linux community over time, also.always adjust for performance on VM’s. Recommended settings are herepagefile adjustments per instructions.After installing all updates, reboot and clone the machine. Then we will be ready for Qubes Crash Tools for Windows.
Start the Windows appVM with the QWT for installation.Doubleclick on it…Accept the licenseAllow changEverything but the troublesome selections are to be installed. That is the default settinThe install also demands the install of .NET framework.The setup requires a restart, and after a restart everything works for a brief moment until next restart.
When the restart is performed, Qubes does a bunch of things, such as moving the user directory from C: to the newly created private drive of 2GB(E:). That fails horribly, btw:
It might be a great day or a sad day. Now Marek is taking over, it will be interesting to see if a guy who works a lot already, can take on yet another hat. Will strategic partnerships, fundraising, etc. drown in a developer tunnel-vision mindset?
Hope not. Please DONATE! to ensure vision and development.
As advertised in qubes-users mailing list, the templates of whonix version 14 is now available and flawlessly installed on my Qubes 4.0, without much effort.
To use the great benefits derived from Qubes VM’s, Micah Lee recommended the use of Katoolin, instead of HVM based Kali, I normally use, so let’s try it out:
I have tried both yes and no to “restarting services automatically”, but the terminal crashes and remains unresponsive. i cannot get in contact with the VM. The latest screenshot was:
It seems the install is running, since my fan speeds up and down continuously.
I tried following this tutorial, and found out that you can install some stuff from the menus, but you have to remove the sources before updating or it will crash. That means no software from Kali will be updated?
For now, I’m continuing to work with my Kali rolling standalone HVM.