Can I install Qubes 4.0 rc3 on external hard drive?
bill...@gmail.com
So, here I go again. I'm a newbie with Qubes, but I love the idea. I tried installing 3.2 some time ago, but had hardware difficulties, so I decided to give 4.0 a try.
I currently have a Dell Inspiron 5759 laptop, System BIOS 1.3.0, ePSA build 4304.09 UEFI ROM, Intel i7-6500u cpu, secure boot disabled, Intel SGX disasbled, fast boot set to "thorough" (though the same results occur with it set ot "auto"). It is set up as dual boot with KDE Neon linux and Windows 10.
I decided to give Qubes 4.0 rc3 a go. When I play with a new distro, I usually start by installing it on an external hard drive, so I can make sure it plays well with others without having to destroy my current working setup. That's what I tried here. I attempted to install it on a Western Digital 2 TB external portable drive.
I downloaded the OS, created the installation flash drive, and chose the external drive as the drive to install on. It seemed to go fine. No warnings, no hangs. I installed using the default partitioning, with the exception that I resized the / directory to make it a little smaller and added a vfat /data partition.
When I rebooted and hit F12 for the boot sequence options, sure enough "Qubes" was one of them. Qubes *doesn't* show up in the boot options if it gets to the grub boot list, that's still just neon and windows. But, if I use the BIOS boot sequence, Qubes is an option.
I chose "Qubes" as the option, and it dumped me into a BIOS screen that said it was checking the safety of hardware, which it apparently passed, but then came up and said it couldn't boot (though I did not write down the exact error message, unfortunately). I rebooted again, did the boot sequence thing, and it came up with a black screen with the options:
"Press F1 to reboot"
"Press F2 to reboot into setup"
"Press F5 to run onboard diagnostics"
And each button did exactly that.
I then tried to boot on USB using legacy boot, but that came up with "no boot device found."
Booting into neon or windows still works fine. I can mount the external drive and see all the normal linux stuff that a distro should have. I can read and write to both the / and /data partitions on the drive with root permissions.
I tried changing usb ports, and that didn't do anything. I tried installing with and without disk encryption, and that didn't change anything except that I couldn't mount the encrypted / partition in neon.
Is this some problem with having a /boot/efi on the external drive *and* a /boot/efi on the internal drive? If so, why does it not work on an installation but seems to work on the installation flash drive?
Anybody have pointers to what I should try next?
Thanks!
billo
Yuraeitha
You may want to opt to use LegacyBIOS/Grub instead of UEFI/EFI to install. One reason out of multiple, is that if you ever need to move the external drive to another machine, do an UEFI update, or similar, you might encounter issues with having to re-build the EFI path to UEFI. This is on some setups easier, and on others downright annoying or buggy. It can get more troublesome if you have secureboot, but luckily it's not part of the solution anyway without a Qubes SecureBoot key, which has not been made yet.
Either way, having it with Grub, makes it easier, and also more intuitive if you need to use an older kernel/xen after having issues with a kernel/xen update.
You can also install Qubes on another machine, update it, and then bring your drive back to the machine you intend to use it for. Just be careful not to use bad hardware, keep it to hardware you trust. Also don't install with UEFI/EFI on another computer, unless you know your way around re-building EFI paths to UEFI, which can harm both computers in terms of existing EFI paths, as well as making new EFI path each time you move the drive around.
Unfortunately I'm out of time now, I gotta go. But for now I hope these thoughts can help you in some way.
Yuraeitha
aight, sorry I had to leave so abruptly on the previous post.
To answer your question directly, yes it's very possible to install on an external drive. I've even installed Qubes on a thumb-drive. Fun times, albeit it was a bit slow :')
It's really no different than normal install either, so whatever issue you have, is likely not involved in the settings of normal setup. It's probably more likely to be a bug, lack of hardware support, lack of kernel support, wrong UEFI/BIOS settings, wrong EFI/Grub settings, out-of-date UEFI/BIOS or buggy UEFI/BIOS which no update has been made available yet, and probably some other aspects I forgot to mention here, and I'm no expert either, so probably some things I don't know about too.
I would check if you can update your UEFI/BIOS in your current situation. Just be careful, you can brick your motherboard if the update process goes badly. Especially if its interrupted before its done (power-outage, system-freezes, user-choice-to-restart-when-not-supposed-to, etc.), wrong update-version (although most motherboards should detect if its wrong version, some might not though). If you encounter questions regarding UEFI/BIOS updating process, then definitely don't forward without getting solid answers first. Think twice, or better yet, triple, before you do something here, as it's a sensitive update with bad consequences by any mistakes or accidents. Not trying to spread scaremongering here, just underlying to be careful and knowing the risk before deciding. Also EFI paths or SecureBoot keys might be lost in an UEFI update, in case you have other OS's on the machine.
Also how far do you get with the LegacyBIOS/Grub install, do you encounter the initial Grub menu for the installer (and not the installed Qubes grub)? For example if you do, then it might be some missing Grub settings you need to adjust, for example some people have a graphic card driver which the installer does not work well with, which can be changed in the grub code by pressing the E key on the selected boot option. Xen might be using a different graphic driver, and thereby it can boot up the installer unlike Grub. This is one possibility, maybe it's another driver, another grub setting, or perhaps VT-d issues.
Did you enable VT-d in your UEFI/BIOS? Also make sure there isn't a second "Virtualization" to VT-d to enable, sometimes an extra one might hide, for example in "Advanced --> CPU" settings in the UEFI/BIOS.
Sometimes other settings go wrong, like in your case, it might be that UEFI/EFI is not handling the USB correctly, disallowing you to install on the external drive.
Maybe LegacyBIOS/Grub handles it right, but you got other issues before that to fix.
It could also be the hand-off of USB drivers setting in UEFI? I'm actually not entirely sure how this one works.
Alas, it's hard to say for sure what's wrong without some error codes/messages, even though I can't read code too well, others more knowledgeable than I might be able to. Although some errors I can read. Any chance you can post them here?
bill...@gmail.com
However, in lieu of killing myself with UEFI, since this works, I'll stick with it and am a happy camper. Maybe in the next week I'll play around more with UEFI, but I'm going to have to learn a bit more about it, I think.
Anyway, you made my weekend! Thanks again for your reply.
Yuraeitha
Try run 'qubes-hcl-report' in dom0, and check if HVM, I/O MMU, HAP/SLAT, TPM, and Remapping, is working properly in your Qubes setup. The top one, HVM, as far as I know is the most important one. The lowest, remapping, should with my limited knowledge as far as I can tell, be the least important of the 5. All of them are relevant for security, and to some extent, proper working features.
If I'm not mistaken, I haven't ventured into these waters before, and someone might correct me here. But I believe if a Qubes (or Linux in general) uses the same partition table as UEFI/EFI (GPT), over the old out-dated MBR), then it might be possible to switch between UEFI/EFI and Legacy/BIOS without re-installing a system if retaining the modern GTR partition table. But it can be tricky if something goes wrong, especially if you have precious data you don't want to loose. Also UEFI/EFI is heavily reliant on not having a buggy motherboard firmware, which many unfortunately have. I also recall having issues not being able to restore an EFI path for Qubes 4, which used to always work on the same machine on Qubes 3.2. I'm not sure if this got fixed, it was some months back and Qubes 4 has rapidly been updated on many ways since then. But this issue is likely to be Qubes related, or at least partly Qubes related. So it's not always the hardware that is causing it, although the hardware in this case might be part-reason still.
Remember to take frequent AppVM backups. If you're learning with the trial and error method like I do, many things can end up going wrong. For example, burned my fingers more than a few times my self there before I got into proper backup habits. Never take that risk, it will eventually go wrong :')