One step foerward, two steps back on Macbook 11,1 - can't boot into Qubes

[dumbcyber]

From the beginning I have to ask for forgiveness - I am new to Qubes and have no knowledge of changing boot managers beyond trial and error.

My hardware is a Macbook 11,1. In fact I don't have any other machines at home.

I want to create a bootable USB drive with Qubes R3.2. I had the usual problem of seeing the 4-item menu to install but nothing working regardless of option chosen. I tried some forum suggestions like adding /noexitboot=1 to the cfg file. No luck.

I created a working Qubes USB on a Lenovo computer at work. I was able to create new VM's and set firewall rules. So I know it works.

Then my uninformed head took over. What if I took that USB and tried booting it on my Macbook? The Macbook does not even recognise the USB at boot time. If I boot into OSX I can get to the USB drive through terminal and mount it.

I then tried copying rEFInd to the Qubes USB stick but that just hangs the Macbook after selecting the EFI boot option. I'm resisting installing rEFInd on the Macbook itself until I know more about it especially the need to disable SIP.

My question is: would that even work - copying rEFInd to the working USB drive built on a Lenovo? Are there any other options I could try?

Many thanks.

[Chris Laprise]

Macs are not a good fit for Qubes, but some have gotten the combination
to work.

I've also found booting non-OSX USB drives to be uncertain. Not sure
what the EFI options are here, but I do know that Linux is much easier
to boot on a Mac from DVD.

Chris

[dumbcyber]

I also tried copying the EFI/qubes folder to EFI/BOOT and renaming the two xen files to BOOTX64 - this hangs after selecting the EFI boot option on Mac startup.

[dumbcyber]

Stupidly, when I copied EFI/qubes to EFI/BOOT I left the /noexitboot options in the CFG file. I removed them from EFI/BOOT/bootx64.cfg and retried.

I can now boot into Qubes as far as the disk password prompt. The progress bar on the bottom centre of the screen progresses all the way across but I can not enter any characters into the password field.

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Macs have USB keyboard, which makes them incompatible with USB VM (at
least in default configuration). In particular, enabling USB VM prevent
USB controllers being initialized in dom0 - even during disk passphrase
prompt. To disable this part, you need to remove 'rd.qubes.hide_all_usb'
from kernel parameters.
Also the problem may be caused by missing USB controller (or keyboard
itself) driver in initramfs, but AFAIR it was fixed long ago.

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJYKkivAAoJENuP0xzK19csPKUIAJjnVSSSTj1oJGyisBEFhNZk
56thercS0SFlvMpdBmY4xXF+F+TuEuoK8VPFXJeQGUhyH8UtjuWYavC0wzWTsl2H
c3yMucbxHVvzmTTwth3ToYvfcaQUO+Zu89J9CfwsfzRsr2p53n4x6OECfuhuc/Hs
ftqPUDWOG87jXzaJVKS3SbWdg/8ifrDkEWgYCpXy/jTZiC3Zpd3K50aU0dFSG6Ww
Xv61SKSZjRbZNtrjBVgkUXxXgw5lD0rRuddlsUNqJJX4r+n/VlF7acukjYXfyfRM
TMvFoR9k5RH4leniSTMNTeQqQcSUgGAbPaa+dJ/OdyY+x5y6djtCBb72izQVY0k=
=5rjy
-----END PGP SIGNATURE-----

[dumbcyber]

Thanks for the info. For me a noob, how do I remove that parameter from kernel? Thank you.

[Jean-Philippe Ouellet]

On Tue, Nov 15, 2016 at 12:17 AM, dumbcyber <dumb...@riseup.net> wrote:
> On Tuesday, 15 November 2016 10:28:52 UTC+11, Marek Marczykowski-Górecki wrote:
>> you need to remove 'rd.qubes.hide_all_usb' from kernel parameters.
>

> Thanks for the info. For me a noob, how do I remove that parameter from kernel? Thank you.

From the installer, use your favorite editor on
/boot/efi/EFI/qubes/xen.cfg to remove just the rd.qubes.hide_all_usb
parameter from the kernel= line. It will probably be at the end of the
line.

Note that your EFI partition might be mounted somewhere other than
/boot/efi (I don't remember). The `mount` command should tell you
where. Look for something like:
/dev/nvme0n1p1 on /boot/efi type vfat (rw,relatime,fmask=0077,dmask=...

[Jean-Philippe Ouellet]

Alternatively, if you just want to see if things will work at all,
IIRC you should also be able to un-check a "use sys-usb" (or similar)
checkbox in the installer somewhere, and IIRC rd.qubes.hide_all_usb is
only set if this box is checked.

[dumbcyber]

On Tuesday, 15 November 2016 18:14:00 UTC+11, Jean-Philippe Ouellet wrote:

Thanks for the guide. My boot64x.cfg does not contain this parameter. Here is the full CFG file....

[global]
default=4.4.14-11.pvops.qubes.x86_64

[4.4.14-11.pvops.qubes.x86_64]
options=loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M
kernel=vmlinuz-4.4.14-11.pvops.qubes.x86_64 root=/dev/mapper/qubes_dom0-root rd.luks.uuid=luks-9b163fd2-93d9-4498-a83d-712baae8432e rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap i915.preliminary_hw_support=1 rhgb quiet
ramdisk=initramfs-4.4.14-11.pvops.qubes.x86_64.img

[4.4.14-11.pvops.qubes.x86_64]
options=loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M
kernel=vmlinuz-4.4.14-11.pvops.qubes.x86_64 root=/dev/mapper/qubes_dom0-root rd.luks.uuid=luks-9b163fd2-93d9-4498-a83d-712baae8432e rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap i915.preliminary_hw_support=1 rhgb quiet
ramdisk=initramfs-4.4.14-11.pvops.qubes.x86_64.img


Thanks for your help.
PS I'm building another Qubes install where I'll uncheck "use sys-usb" later today

[dumbcyber]

Finally its working. I rebuilt everything from the beginning making sure sys-usb was unchecked during installation. Qubes boots on the Mac fine - little slow but gets there in the end. I can log, keyboard works. Now the next challenge, getting it networked but thats not for this post. Thanks for your help everyone.

[dumbcyber]

I'm very sorry to revive this thread. I've been trying to build another Qubes environment on an SSD drive and have run into the same problem. I'm building R3.2 for a Macbook Pro. I know Macbook's are not very well supported but I've had my original Qubes environment running really well now for some time on the Macbook Pro and want to move away from the USB stick to something more long term.

I've built a new Qubes on an SSD which boots fine on the Macbook Pro but the keyboard does not work. I've completed the installation making sure the sys-usb option is not checked, and there is no rd.qubes.hide_all_usb parameter on any kernel lines in xen.cfg. The same SSD boots and keyboard works fine on a Lenovo X1 (if I add the mapbs and noexitboot params).

Any help is much appreciated again!

[Dave C]

On Thursday, December 22, 2016 at 3:39:23 AM UTC-8, dumbcyber wrote:
> I'm very sorry to revive this thread. I've been trying to build another Qubes environment on an SSD drive and have run into the same problem. I'm building R3.2 for a Macbook Pro. I know Macbook's are not very well supported but I've had my original Qubes environment running really well now for some time on the Macbook Pro and want to move away from the USB stick to something more long term.

My experience with Qubes on USB stick: I've had the USB become unresponsive, and hot to the touch. I've had much better luck on a portable SSD.

I sometimes boot a mac to that SSD drive. I find that holding the `option` key at boot time it is detected (labeled "Windows"). And I've had the same problem with the USB keyboard being unusable at boot time.

I work around that problem by preventing the hostonly optimizations in the initramfs. In dom0, create a file /etc/dracut.conf.d/no-hostonly.conf, with this line:

hostonly="no"

Run `dracut -f` to build initramfs with the new configuration. Then try booting on the mac.

This is what I stumbled upon. While it works for the USB keyboard, it might have other consequences. One that I know of is the booting on the mac includes a *really* long pause that I haven't figured out how to get rid of. I read something once that made me believe it might be waiting for a PS/2 connection that doesn't exist. Not sure, but would love help with that if anyone reading has any ideas.

The next hurdle you'll have with the macbook pro is getting broadcom wireless to work. I've posted my experience there to https://groups.google.com/forum/#!msg/qubes-users/VVwWqvz5dX4/4byUgfp3EgAJ;context-place=forum/qubes-users