HCL - Lenovo Thinkpad T480
bbrr...@gmail.com
The only glitch was consistent crash when resuming from suspend. I debugged by shutting down service vm's and narrowed it down to sys-usb. Then detached the second USB controller from sys-usb and everything seems to work fine. I did not seem to loose any devices/ports doing this but did not do an exhaustive test.
I have the high-res screen and text is pretty small. Haven't yet figure out how to scale things up in qubes?
vel...@tutamail.com
8th Generation Intel® Core™ i7-8550U Processor (1.80GHz, up to 4.0GHz with Turbo Boost, 8MB Cache)
or
8th Generation Intel® Core™ i7-8650U Processor with vPro (1.90GHz, up to 4.20GHz with Turbo Boost, 8MB Cache)
Your HCL states you have the vPro...
Would you or anybody know if you can get all the functionality including AEM with the i7-8550U (with out the vPro)?
Is there a higher risk of attack with the vPro?
Thanks for doing this HCL...
Ivan Mitev
https://github.com/Qubes-Community/Contents/blob/master/docs/customization/dpi-scaling.md
(if you have any issues with the instructions or remarks, please tell me
so that I can update the doc)
bbrr...@gmail.com
Thanks. Unfortunately it seems to have no effect:
echo Xft.dpi: XXX | xrdb -merge
xterm &
produces the same size text regardless of XXX
Is there a good application which definitely should honour this resource that I can use to test?
bbrr...@gmail.com
Ivan Mitev
On 04/16/2018 01:49 PM, bbrr...@gmail.com wrote:
> On Saturday, April 14, 2018 at 10:13:10 PM UTC+1, bbrr...@gmail.com wrote:
>> System basically works nicely out of the box with Q4.0. I recommend the laptop.
>>
>> The only glitch was consistent crash when resuming from suspend. I debugged by shutting down service vm's and narrowed it down to sys-usb. Then detached the second USB controller from sys-usb and everything seems to work fine. I did not seem to loose any devices/ports doing this but did not do an exhaustive test.
>>
>> I have the high-res screen and text is pretty small. Haven't yet figure out how to scale things up in qubes?
>
> Thanks. Unfortunately it seems to have no effect:
>
> echo Xft.dpi: XXX | xrdb -merge
> xterm &
>
> produces the same size text regardless of XXX
default fedora-26 template, while it works perfectly in templateVMs I've
customized from fedora-26-minimal. There's probably a package in
fedora-26 (that I don't have in my templates) which is messing up with
the dpi setting; I'll update the doc and I'll reply here if I find out
what's causing that.
BTW, did you try the gnome/gtk specific instructions (the 'gsettings'
instructions for R3.2) ?
>
> Is there a good application which definitely should honour this resource that I can use to test?
galculator, ...
Ivan Mitev
On 04/16/2018 02:23 PM, Ivan Mitev wrote:
>
>
> On 04/16/2018 01:49 PM, bbrr...@gmail.com wrote:
>> On Saturday, April 14, 2018 at 10:13:10 PM UTC+1, bbrr...@gmail.com wrote:
>>> System basically works nicely out of the box with Q4.0. I recommend the laptop.
>>>
>>> The only glitch was consistent crash when resuming from suspend. I debugged by shutting down service vm's and narrowed it down to sys-usb. Then detached the second USB controller from sys-usb and everything seems to work fine. I did not seem to loose any devices/ports doing this but did not do an exhaustive test.
>>>
>>> I have the high-res screen and text is pretty small. Haven't yet figure out how to scale things up in qubes?
>>
>> Thanks. Unfortunately it seems to have no effect:
>>
>> echo Xft.dpi: XXX | xrdb -merge
>> xterm &
>>
>> produces the same size text regardless of XXX
>
> hmm :( I see that the 'Xft.dpi: XXX' setting is indeed ignored on the
> default fedora-26 template, while it works perfectly in templateVMs I've
> customized from fedora-26-minimal. There's probably a package in
> fedora-26 (that I don't have in my templates) which is messing up with
> the dpi setting; I'll update the doc and I'll reply here if I find out
> what's causing that.
and fedora-26 (where it doesn't), it seems that gsd-settings (from the
gnome-settings-daemon package) overrides the dpi setting.
The following works:
- in VMs with gnome-settings-daemon:
gsettings set org.gnome.desktop.interface scaling-factor 2
gsettings set org.gnome.desktop.interface text-scaling-factor 0.75
- in VMs without gnome-settings-daemon (or when gsd-settings is
prevented from starting):
set the 'Xft.dpi: XXX' xresource
Note that by default glib applications (like xterm) use non xft fonts,
so if you want to have scaling in xterm you have to set an xft font like so:
XTerm*faceName: DejaVu Sans Mono:size=14:antialias=true
I'm attaching my $HOME/.Xresources file if you want to have a look.
Please let me know what works and what doesn't so that I update the doc
and the official issue...
bbrr...@gmail.com
Thanks. Both methods work. I can just kill the gsd process and the Xft resource is correctly picked up and gives a nice result.
The gsettings approach also works. I did not look into it in detail but the Xft seems to give visually better results.
aed...@gmail.com
Thanks for posting the HCL entry. Have you tried AEM since your last post?
I am considering acquiring a T480 and using it with AEM, but it seems to have TPM 2.0 which is a priori incompatible with AEM. However, I stumbled upon a blog post [1] which mentions (in the section "BIOS Configuration") that the TPM of a slightly older ThinkPad model (I think T460p) can be configured to work according to the TPM 1.2 specification and with TXT, so I thought that the newer models could also have such an option. Do you (or anyone else) know if this is the case for T480?
-- Aedin Copper
PS: Since we're at it: The blog post also mentions that Intel AMT can be disabled as well. Can anyone confirm that this is also the case for T480?
[1] https://medium.com/@securitystreak/living-with-qubes-os-r3-2-rc3-for-a-week-1a37e04c799e
aed...@gmail.com
> I am considering acquiring a T480 and using it with AEM, but it seems to have TPM 2.0 which is a priori incompatible with AEM. However, I stumbled upon a blog post [1] which mentions (in the section "BIOS Configuration") that the TPM of a slightly older ThinkPad model (I think T460p) can be configured to work according to the TPM 1.2 specification and with TXT, so I thought that the newer models could also have such an option. Do you (or anyone else) know if this is the case for T480?
> PS: Since we're at it: The blog post also mentions that Intel AMT can be disabled as well. Can anyone confirm that this is also the case for T480?
> [1] https://medium.com/@securitystreak/living-with-qubes-os-r3-2-rc3-for-a-week-1a37e04c799e
Well, looks like one just needs to RTFM: In the user guide for T480 [2], the option of switching to TPM 1.2 is not mentioned in the list of configuration options (cf. page 90 (72 in the internal numbering)) (whereas it is mentioned in the guide for T460 [3] (on page 98 (82)). As for AMT, T480 does seem to have an option to disable it (page 88 (70)).
I guess the availability of different options can vary between configurations (e.g. vPro vs. non-vPro) and I haven't checked any of these on real hardware, but it looks like it wouldn't be possible to use AEM on a T480.
-- Aedin Copper
[2]: https://download.lenovo.com/pccbbs/mobiles_pdf/t480_ug_en.pdf
[3]: https://download.lenovo.com/pccbbs/mobiles_pdf/t460_ug_en.pdf
sagi-qub...@rtsn.nl
On 2018-04-14 23:13, bbrr...@gmail.com wrote:
> System basically works nicely out of the box with Q4.0. I recommend
> the laptop.
> The only glitch was consistent crash when resuming from suspend. I
> debugged by shutting down service vm's and narrowed it down to
> sys-usb. Then detached the second USB controller from sys-usb and
> everything seems to work fine. I did not seem to loose any
> devices/ports doing this but did not do an exhaustive test.
https://github.com/QubesOS/qubes-issues/issues/3689
https://github.com/QubesOS/qubes-issues/issues/3705
In any case, I'd be interested to hear the details of your workaround.
> I have the high-res screen and text is pretty small. Haven't yet
> figure out how to scale things up in qubes?
kind regards, Sagi
bbrr...@gmail.com
> Hi,
>
> On 2018-04-14 23:13, bbrr...@gmail.com wrote:
> > System basically works nicely out of the box with Q4.0. I recommend
> > the laptop.
>
> That is my experience as well, save for your next point.
>
> > The only glitch was consistent crash when resuming from suspend. I
> > debugged by shutting down service vm's and narrowed it down to
> > sys-usb. Then detached the second USB controller from sys-usb and
> > everything seems to work fine. I did not seem to loose any
> > devices/ports doing this but did not do an exhaustive test.
>
> You may want to track and/or contribute to:
> https://github.com/QubesOS/qubes-issues/issues/3689
> https://github.com/QubesOS/qubes-issues/issues/3705
>
> In any case, I'd be interested to hear the details of your workaround.
As far as I recall it was simply:
qvm-pci detach sys-usb dom0:3c_00.0
This is the production machine now so can't investigate things further
sagi-qub...@rtsn.nl
> As far as I recall it was simply:
>
> qvm-pci detach sys-usb dom0:3c_00.0
>
> This is the production machine now so can't investigate things further
kind regards, Sagi
Zrubi
Hash: SHA256
As leaving potentially dangerous devices (and physical connectors) in
dom0 is not the best advice, and there is a BIOS option to solve this
issue at "hardware" level:
Thunderbolt BIOS Assist:
if enabled, the mentioned device - causing the hibernation issues -
are gone, then only one USB device remains, which is works without
problems.
Confirmation needed: As I do not have any Type-C devices, I can't
check if that is still working in this case or not.
Moreover, if you don't need the thunderbolt at all, it can be disabled
completely from BIOS. Hence then the USB-C connector lost its
functionality for sure.
- --
Zrubi
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmAe1Y2qfQjTIsHwdVjGlenYHFQ0FAlwvI+0ACgkQVjGlenYH
FQ0/vg//QWJ76wGz7O0UCC8yrPvgjHRYBjy6O+3YCKlGo72M48rOEV4zihy2X6z/
cjkImZkytwbY4JXGp3STCAafM/0X456DQqxTZYNZRNqa8H3HiSt3Iu5fCu90S3I/
eNTA2TWGy3MYheXhuRu5e1lf9zBwZ2yRbZoW076Y0hbS/Z0hNZPnIE7sEAZiZLHk
TsdSCyPqcoQA1J2yoA2VfR9XhTWbTDmxplyV6OCjKIM+v2KevmQOeFgsXyH7qKXV
O2lKbS+ZolFjIEYqh6+Fcnsjxgqrb3Fq00CczUbFLCe7kla4K9dJncvyxeiFlLiZ
l+1b19HAWCAXtbJKiqx19dRq/tj7mDQ3GXIQdjn8g0pRn1Cfpm1GtZUTPbOzLNzE
+L31eZwpC3yJm9WY9mNa4mQ0PDqnsuv7OGxjeW/6kXwdNkOzZL0+TW2jcCfsSLdC
vjwONknsnIbjmPgfaIdGWHfwPAW/7eLkiT2qvbPCUEFNktAkOUxDg3wH8fWFIDIH
C72bpqrXLXOvs7gmEzf5L1Vt89gAlokH4g67BZz9jGCrvv9RBbQN3mCL5Ftuf/d+
g3gBA7lfGY1NNg50s3CGsDUtuFDgJUU/K7Yq2SudQousARVymIbThEgGd8bPKcbU
xe6l9WUTtfSIOfwFh/uuSjfmyLbpSqVF3PtiCbecOpEH+tH4BS4=
=ft4g
-----END PGP SIGNATURE-----
Achim Patzner
> Thunderbolt BIOS Assist:
> if enabled, the mentioned device - causing the hibernation issues -
> are gone, then only one USB device remains, which is works without
> problems.
the bug that is hitting the P series affecting T series models, too.
> Confirmation needed: As I do not have any Type-C devices, I can't
> check if that is still working in this case or not.
up to date Arch) if you connect the Thunderbolt 3 Dock (and even worse
if you connect the Thunderbolt Graphics Dock should you have one).
Important point: Set Thunderbolt security in the setup, too. If you
leave it open it will be possible to attach any Thunderbolt device
without user intervention and use it to get full access to the
hardware.
> Moreover, if you don't need the thunderbolt at all, it can be
> disabled completely from BIOS. Hence then the USB-C connector lost
> its functionality for sure.
the physical connector so if you turn it off the USB subsystem and the
GPU will lose their access, too. Stupid design if you ask me.
Achim