Documentation on how to install on X230 needs to be updated #302
Comments
n13
changed the title
|
The build is also going to change as a result of merging the nerf branch back into master (issue #305), as well as with the nearly ready Qubes 4.0 release. We'll need to bump the Xen version to match, which I think #238 is tracking. The unsafe Yubikeys were recalled and replaced, so recent ones should be ok: https://www.yubico.com/support/security-advisories/ysa-2017-01/ |
|
@osresearch : I can take a lead on this. |
|
#375 has been merged. Thanks for taking the lead on docs! |
|
Better docs are clearly needed. Doing tpm-reset and seal-totp works (normal boot and displaying a TOTP). Booting in an unsigned boot option (default Debian installation) also works. But what is available to do from there? How to sign boot options? Also I thought there is a red terminal background if booting an unsigned kernel? and so on :) thanks a lot |
|
On 05/23/18 10:16, Martin Kepplinger wrote:
Booting in an unsigned boot option (default Debian installation)
doesn't work though. heads boots it, but the boot process fails as if
the filesystem is corrupt or something. If this is not expected, I'll
provide logs...
Thank you, but please in a separate issue. ;-)
|
|
Hi @merge - there's a big PR starting the doc update process (linuxboot/heads-wiki#13). PTAL and suggest changes you think you'll need. I also look forward to the debian logs (I'll try a clean debian install at home later tonight as well). |
|
The doc PR is here: linuxboot/heads-wiki#13. PTAL and offer feedback for doc updates there. I tested Debian 9.4.0 live and it was fine, but yes I ran into problems with the installer that I couldn't debug immediately :( |
|
linuxboot/heads-wiki#13 was merged, so I think this is resolved. |
This documentation is fairly outdated:
http://osresearch.net/Installing-Heads
I followed the steps, flashed the Rom... and then... the instructions are pretty unclear as to what to do next.
I followed some older instructions to get the TPM set up, that didn't work. (here: https://github.com/mfc/flashing-docs/blob/master/walkthrough%20for%20flashing%20heads%20on%20an%20x230.md)
I tried to run start-xen, that doesn't exist
There's instructions on how to get a patched Xen from USB, but not sure that is still needed (as per one closed issue)
There's instructions about using a Yubikey to set up a pgp key; but yubikeys are considered unsafe now so I'd like to use my own key. Also kind of confused as the key is needed in "initrd.cpio" file, but the yubikey generated result is then in initrd/.gnupg - not initrd.cpio.
I did tpm-reset, which seemed to work.
I did seal-totp, which worked, but unseal failed with an error message; maybe because of the missing gpg key?
I'd like to be able to run my existing Qubes install, or recover it somehow. Prior to flashing the ROM I had coreboot installed and was running Qubes 4 rc3.
I'd be happy to document the process, but currently nothing is really working. It's late so I will try to recover my qubes install tomorrow.
Configuration
Hardware Thinkpad X230
ROM: coreboot, intel ME neutered with intel ME cleaner.
Software: Qubes 4 rc3
I cloned the github repo and did a build from that (latest as per yesterday). Build worked fine, I built x230.flash.rom and also the "make xen.intermediary" xen version.
The text was updated successfully, but these errors were encountered: