Switching from UEFI to BIOS after installation...

[mara.k...@gmail.com]

Hi,

I just discovered that AEM needs a BIOS boot.
Is there a way to install grub into the MBR of an USB drive after Qubes was already installed in UEFI mode? If so... How? Like any other Linux distribution or does Qubes need something special?

I would want to avoid re-installing Qubes if possible.

Thanks!

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Just installing grub2 package and calling grub2-install should be
enough. At least in theory...

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJX6EEvAAoJENuP0xzK19cshs0H/3YSRCfl4eTGRiZaYgor1cOb
lLfywbI5WMlJnICZkvpj5cwd3Ar1MxfEAHkWv+yvqPq9YH+80yxYPv3QyyrMsA8t
IfwWJXLFc0Av5L3wkO5CN7BrKdLlbQf4J/LAb/QEWpbTKz9odLxoXLPkuNOKgm3/
r5yWbkQOisGuHiK66ao6Hdn1pCCthLub1+4dA/vtSzai/37rv5LFOU1TbwLktd+J
JmglqpA5WUNqmgX2QtzILWTOhdeHPb0CepGv61x58g2SP4OqOVUKs6cqETZkjLCc
0BX8haa/D8/gWoFjU3/+Af4xKBWom8uWJG7H0dBee7e6pbUqtigYoQGGWixeeFc=
=QEHr
-----END PGP SIGNATURE-----

[Mara Kuenster]

Hmm yeah with that I managed to boot through BIOS mode, unfortunately the VMs don’t start (randomly, different ones fail on each boot attempt). So basically something seems to go wrong. The disks get decrypted and I can login with the manager etc. but the system is more or less a complete failure ^^. When I go back and boot in UEFI mode, everything works just fine…

This seems kinda odd xD.

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Mon, Sep 26, 2016 at 12:02:01AM +0200, Mara Kuenster wrote:
> Hmm yeah with that I managed to boot through BIOS mode, unfortunately the VMs don’t start (randomly, different ones fail on each boot attempt). So basically something seems to go wrong. The disks get decrypted and I can login with the manager etc. but the system is more or less a complete failure ^^. When I go back and boot in UEFI mode, everything works just fine…
>
> This seems kinda odd xD.

Just to clarify - does any VM start at all?
If not, check if Xen is started. The easiest way is to call `xl info` in
dom0. If not, make sure you select grub boot entry containing "Xen".

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJX6F72AAoJENuP0xzK19csLNcIAIJry9faT2BpdtxRqthd2QuK
ZE+jWf93MBDydoMX0vvGUptFBobYfRb4Qzyu0yihXT/a+uH2UbDKI7RskGISVU3I
BlhXbRcspfG1evnykOcOWAQ5wyPXDZrwB9+cztR4FuB48n6Ib3zLrPuJzqSFDiVZ
LrEg5OvUO+I1e1Bj//PyTCYTzApNWFmVcsC1+6DOchkeoNfnHNqtZlkhNGj+3580
2Se3XYCgTaLQ26MEoi1HYXJe5Gf9P3XLFdmiCoc7Ehjs3Cv3jK0Xq/knILiLvuV/
o8xGFxMHHseTVfyQUUafE4xt1PoqOp28aziWMJf6MY7EHpVNhaZmFe0zAh6oIKw=
=dsD5
-----END PGP SIGNATURE-----

[Mara Kuenster]

Yes, SOME VMs work sometimes ☺.

I will just reinstall, it’s better anyway to have no unsupervised downtime between installing qubes and AEM, especially since I used Windows already on the same PC before activating AEM.
Still this is a weird issue. Maybe one of the developers could try to reproduce by installing with UEFI then activating BIOS and confirm this messed up system? It is especially weird since the SAME system is just fine when booting in UEFI.

Btw, maybe you could add a warning to the installer that UEFI will not allow AEM to be used, this would save a lot of time. I think I am not the only one who didn’t read the AEM documentation that carefully :D.

Cheers
Chris

[motech man]

On Monday, September 26, 2016 at 2:40:51 AM UTC-5, Mara Kuenster wrote:
> Yes, SOME VMs work sometimes ☺.
>
> I will just reinstall, it’s better anyway to have no unsupervised downtime between installing qubes and AEM, especially since I used Windows already on the same PC before activating AEM.
> Still this is a weird issue. Maybe one of the developers could try to reproduce by installing with UEFI then activating BIOS and confirm this messed up system? It is especially weird since the SAME system is just fine when booting in UEFI.
>
> Btw, maybe you could add a warning to the installer that UEFI will not allow AEM to be used, this would save a lot of time. I think I am not the only one who didn’t read the AEM documentation that carefully :D.
>
> Cheers
> Chris
>
>
> On 26/09/16 01:34, "Marek Marczykowski-Górecki" wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----

> Hash: SHA256in

>
> On Mon, Sep 26, 2016 at 12:02:01AM +0200, Mara Kuenster wrote:
> > Hmm yeah with that I managed to boot through BIOS mode, unfortunately the VMs don’t start (randomly, different ones fail on each boot attempt). So basically something seems to go wrong. The disks get decrypted and I can login with the manager etc. but the system is more or less a complete failure ^^. When I go back and boot in UEFI mode, everything works just fine…
> >
> > This seems kinda odd xD.
>
> Just to clarify - does any VM start at all?
> If not, check if Xen is started. The easiest way is to call `xl info` in
> dom0. If not, make sure you select grub boot entry containing "Xen".
>
> - --
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQEcBAEBCAAGBQJX6F72AAoJENuP0xzK19csLNcIAIJry9faT2BpdtxRqthd2QuK
> ZE+jWf93MBDydoMX0vvGUptFBobYfRb4Qzyu0yihXT/a+uH2UbDKI7RskGISVU3I
> BlhXbRcspfG1evnykOcOWAQ5wyPXDZrwB9+cztR4FuB48n6Ib3zLrPuJzqSFDiVZ
> LrEg5OvUO+I1e1Bj//PyTCYTzApNWFmVcsC1+6DOchkeoNfnHNqtZlkhNGj+3580
> 2Se3XYCgTaLQ26MEoi1HYXJe5Gf9P3XLFdmiCoc7Ehjs3Cv3jK0Xq/knILiLvuV/
> o8xGFxMHHseTVfyQUUafE4xt1PoqOp28aziWMJf6MY7EHpVNhaZmFe0zAh6oIKw=
> =dsD5
> -----END PGP SIGNATURE-----

Indeed. I don't understand why AEM can't be used with UEFI. The docs should also mention the reliance on TPM for AEM and the use of AEM prevents ability to swap drives in mobo easily, such as hot swapable SATA. That is probably not an important consideration in the majority of cases I suspect.

Also, the conversion process should probably discuss GPT vs MBR partitioning. I was under the impression UEFI required GPT, but even if not, I do know booting an OS that resides on a GPT drive via BIOS (i.e. legacy) mode has problems. Most BIOS / legacy code doesn't even recognize a GPT drive. Often BIOS booting on a GPT drive relies on the protected partition region which isn't recognized across the board and is far from being well recognized my all Op Systems.

[cooloutac]

oh, I don't use aem but I thought it was the other way around, thought it was for uefi...lol Should be already understood you need tpm, but I don't think nescessarily txt. Man, I always learn things make me like the itl team so much they aren't influenced by anything.

I don't understand why people want to use uefi if not using secure boot. I know eventually Qubes will have to fully support uefi and legacy boot gonna be old news cause they will have no choice from hardware manufactures. But is there any other benefits? To me I see it as making my machine more vulnerable without any benefits but headache.

You say GPT is that cause you running windows? Well when you do decide to go to Qubes-os only machine reformat the drive and hope for the best. If you ever update your pc hardware though don't put anything else on it. And your Hardware should be safe for at least a year lol. I'm starting to think real security is only for rich people. but 1-2 years reasonable secure pc is pretty good compared to windows. which I would give 1-2 months. and linux which is shot in one day. Ignore my fud.

[motech man]

On Tuesday, June 20, 2017 at 10:09:33 PM UTC-5, cooloutac wrote:
> > Indeed. I don't understand why AEM can't be used with UEFI. The docs should also mention the reliance on TPM for AEM and the use of AEM prevents ability to swap drives in mobo easily, such as hot swapable SATA. That is probably not an important consideration in the majority of cases I suspect.
> >
> > Also, the conversion process should probably discuss GPT vs MBR partitioning. I was under the impression UEFI required GPT, but even if not, I do know booting an OS that resides on a GPT drive via BIOS (i.e. legacy) mode has problems. Most BIOS / legacy code doesn't even recognize a GPT drive. Often BIOS booting on a GPT drive relies on the protected partition region which isn't recognized across the board and is far from being well recognized my all Op Systems.
>
>

> I don't understand why people want to use uefi if not using secure boot.

>...

> You say GPT is that cause you running windows? Well when you do decide to go to Qubes-os only machine reformat the drive and hope for the best. If you ever update your pc hardware though don't put anything else on it. And your Hardware should be safe for at least a year lol. I'm starting to think real security is only for rich people. but 1-2 years reasonable secure pc is pretty good compared to windows. which I would give 1-2 months. and linux which is shot in one day. Ignore my fud.

We've had this discussion in another thread. I reiterated the main points above. GPT is the superior partitioning format, far more flexible. Mixing legacy BIOS with GPT is a very difficult combination to get working, certainly for windoze. I have no intention of installing that OS on my Qubes box, no way.

But please do your research on GPT and you will see BIOS boot is obsolete and will be a thing of the past before you know it. The sooner you realize that the better off you'll be.

[cooloutac]

well I have it installed on mind windows 10 on a machine I also boot with qubes. main machine is qubes only though. I use legacy mode for both.