qvm-create-windows-qube 2.0 is Here!

[Elliot Killick]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello, all!

Not too long ago I released qvm-create-windows-qube but quit pushing
changes for a while because I realized there was still a of work to be
done and I wanted to get it out of the dev/beta phase before releasing a
new version.

Well, it's over 200 commits later and I would say it's well out of
beta now.

Biggest new features include:

  * Use a much newer Windows 7 7601 ISO for Windows 7
  * Support Windows 8.1-10 Pro/Enterprise (ISO downloads from Microsoft
    included)
  * Support Windows 10 Enterprise LTSC (Also download provided)
  * Support Windows Server 2008 R2 - Windows Server 2019 (Also downloads
    provided)
  * Chocolatey integration
  * Option to slim down Windows installation (Similar to the following
    but much more refined due to especially the disabling of services I
    found could break things in a way that would result in a bad UX,
    also expanded for Windows 10:
    https://www.qubes-os.org/doc/windows-template-customization/)
  * Test signing Qubes GUI driver is now enabled during Windows
    installation process to skip a reboot
  * Hardcoding trial product key in answer files (or anywhere) is no
    longer necessary, Windows will use embedded trial key without any
    user interaction by default
  * windows-mgmt is air gapped
  * Travis CI is being used for integration testing
  * Tons of code cleanup, reorganization and refactoring  (I'm of the
    OpenBSD mindset where having clean (correct) code is just as
    important as having functional code, so a lot of stuff just got
    rewritten)
  * Everything is much more stable (No more lame sleeps for arbitrary
    amounts of time)
  * MIT license

Additionally, I made a PGP key (also using Qubes Split GPG) so hopefully
my code and anything I else I make can reach you a lot more securely.

Repo can be found here, please star if you find it useful

https://github.com/elliotkillick/qvm-create-windows-qube

I'm working towards having this project be similar (or superior) to
VMWare's Windows "Easy Install" feature but on Qubes:
https://www.youtube.com/watch?v=1OpDXlttmE0

Regards,

Elliot

P.S. I received a delivery failure last time I sent this to qubes-devel because I wasn't subscribed to the mailing list yet, hopefully this sends successfully now
-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQQBj7nebfoT+xj7VVL5uQ1E+D3V8gUCXhzj0gAKCRD5uQ1E+D3V
8ngnAQCzZRvKU1dTAshQgEf4sKOddZEz2onj3qEfQ0nPHg2hTAEA8a/E/iW9otmR
jkQOdCxpsDzPuEc2kYMf3FFOO0wkeAo=
=Z2WT
-----END PGP SIGNATURE-----

[Elliot Killick]

On 2020-01-28 16:05, Pietro Enpax wrote:
> Good work. Any chance that Windows 10 can be made full screen now? I
> currently use rdesktop on another fedora based VM to get Windows 10 full
> screen. A work-around for sure. Not a perfect solution.

Thanks but no, unfortunately not from me. I don't have the required
skills to do that.

And even if I did, as has been described before, the issue with porting
the Qubes Video driver to Windows 8+ is that they no longer support the
XPDM graphics architecture. For this to happen someone would have to
write a Windows Display Driver Model (WDDM) driver which is much more
complex and not to mention time consuming. Not likely to anytime soon
without external intervention considering I'm sure the Qubes Core Team
already has their hands full. @omeg use to be working on it
(https://github.com/QubesOS/qubes-issues/issues/1861) but in the mailing
list thread mentioned in that issue @andrewdavidwong that he's working
on corporate projects now which I understand, Qubes has to make money
somehow. I would like to know where the code he has so far is just to
check out how it works though. (Maybe I'm just not looking hard enough?)
That and to know how far along it is, perhaps it can do full screen mode
but not seamless mode quite yet?


VirtualBox already supports full screen and seamless mode for Windows 8+
guests though and their code is licensed under GPLv2 so perhaps we could
just borrow some of that? Although, the code does look very tightly
integrated with VirtualBox. (I have no experience in driver development
so please take all this with a grain of salt)

See "4.6. Seamless Windows": https://www.virtualbox.org/manual/ch04.html

Source code:
https://www.virtualbox.org/svn/vbox/trunk/src/VBox/Additions/WINNT/Graphics/Video/mp/wddm/


Anyway, at least I'm making a tool to help facilitate the further
development of Qubes Windows Tools.

I recommend using FreeRDP instead of rdesktop. FreeRDP is a much more
actively maintained and performant fork of rdesktop.

Also, please email the group not me directly. :)


Regards,

Elliot

[Frank]

> On 29. Jan 2020, at 03:23, 'Elliot Killick' via qubes-devel qubes-devel-at-googlegroups.com |qubes-mailing-list/Example Allow| <6bxzh...@sneakemail.com> wrote:
>
> 

>> On 2020-01-28 16:05, Pietro Enpax wrote:
>> Good work. Any chance that Windows 10 can be made full screen now? I
>> currently use rdesktop on another fedora based VM to get Windows 10 full
>> screen. A work-around for sure. Not a perfect solution.
>
> Thanks but no, unfortunately not from me. I don't have the required
> skills to do that.

Hhmmm... I am a bit confused now...

I am using Windows 10 without any QWT for quite a while now. I installed it from ISO and never even tried installing the qubes Windows tools, as far as I remember. And I have no trouble using it in fullscreen mode after configuring Qubes to allow fullscreen mode for this particular Qube... The drawback is the missing copy/paste and two mouse pointers, but I got used to it...

Can it be, that you actually mean seamless mode!?!?

> --
> You received this message because you are subscribed to the Google Groups "qubes-devel" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/50ac1607-a02e-15a6-95a1-6bd6873d7e16%40zohomail.eu.

[Elliot Killick]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2020-01-29 03:28, Frank wrote

> Hhmmm... I am a bit confused now...
>
> I am using Windows 10 without any QWT for quite a while now. I installed it from ISO and never even tried installing the qubes Windows tools, as far as I remember. And I have no trouble using it in fullscreen mode after configuring Qubes to allow fullscreen mode for this particular Qube... The drawback is the missing copy/paste and two mouse pointers, but I got used to it...
>
> Can it be, that you actually mean seamless mode!?!?

Alright, after some testing I've figured out the problem. I was able to make your suggestion work by adjusting my Dom0 resolution to 1920 x 1080 (In XFCE display settings), adjusting my Windows 10 resolution to 1920x1080 (in Windows 10 Settings app display settings) and then upon right-click the title bar of the Windows 10 VM and clicking "Fullscreen" the Windows 10 VM did indeed go full screen. (Exit full screen by doing ALT+Space then clicking "Fullscreen" again)

It wasn't working for me before because I have an ultra wide monitor with a resolution bigger than 1920x1080. Before when I clicked "Fullscreen" nothing happened.

Also to note, this worked successfully on a Windows 10 VM with and without QWT installed as well as without making changes to the /etc/qubes/guid.conf as documented here <https://www.qubes-os.org/doc/full-screen-mode/>.

The available resolutions in my Windows 10 VM top out at 2560 x 1600 (too big for my screen height wise), 1920 x 1200 and 1920 x 1080. There is no option to support my resolution of 3440 x 1440. I went to Settings app > System > Display > Advanced display settings > "Display adapter properties for Display 1" and found that the display adapter is provided by SeaBIOS:

Adapter Information:

Chip Type: SeaBIOS VBE(C) 2011

DAC Type: SeaBIOS Developers

Adapter String: Microsoft Basic Display Adapter

Bios Information: SeaBIOS VBE Adapter

Then it listed information about the available graphic memory which was 1015 MB.

Below that there was a button saying "List All Modes" and when I clicked it, it listed all the available resolutions, colors depths (all "True Color (32 bit)") and hertz (all "64 Hertz") the display adapter could provide. Again, I didn't see my resolution listed anywhere there.

Does anybody know how to add a resolution as a mode to this display adapter? Ideally it would just be something we can change in a configuration file somewhere. Or would this require a source code change and recompilation?

Perhaps in libvirt configurations or "init" file in /usr/lib/xen/boot/stubdom-linux-rootfs or something like that. Closest thing I have found so far is by doing a "sudo find / -iname *seabios*" in Dom0, finding "/usr/lib/xen/boot/seabios-256k.bin" then running "strings" on it to find a few relating to "display" (not cap sensitive). I noticed in the VMWare video linked in the original post they have the option to set higher resolutions up to 4K (3840 x 2160), however still not my specific resolution (https://www.youtube.com/watch?v=1OpDXlttmE0&t=580).

The SeaBIOS display driver should support all the resolutions listed here (Which includes my resolution):

https://en.wikipedia.org/wiki/Graphics_display_resolution

Anybody have some ideas?


Elliot

-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQQBj7nebfoT+xj7VVL5uQ1E+D3V8gUCXjIvWAAKCRD5uQ1E+D3V
8m0yAQCyqugJW+kbRGPsBM/QlZczBwifI8lVEnjDuOR0nKU1pgEAk3kUMqPE2+de
bjSh9Ckp2u+Vffqxyo+7bUn3CKtRQww=
=UEqu
-----END PGP SIGNATURE-----

[Foppe de Haan]

this may be useful? https://adangel.org/2015/09/11/qemu-kvm-custom-resolutions/

[Elliot Killick]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2020-01-30 09:47, Foppe de Haan wrote:
> this may be useful?
> https://adangel.org/2015/09/11/qemu-kvm-custom-resolutions/

A resounding success, thank you Foppe!


Here are the only things I would add to that article (For a debian-10
DispVM):

1. Uncomment Debain sources repo in /etc/apt/sources.list && sudo
apt-get update

2. You must export NAME and EMAIL variables for dch/debchange program

3. Replace dquilt with quilt command (Maybe this seems obvious for some
but I've never done any kind of Debian/RPM packaging so it wasn't for me)
  -
https://askubuntu.com/questions/656122/what-is-dquilt-and-how-do-i-get-it

4. dpkg-buildpackage will tell you any Debian packages required to
build, just install the packages it tells you to with apt-get

5. If there is an error from dpkg-buildpackage talking about .swp files
then make sure you delete any .swps your text editing program created
(Due to not exiting properly)


After that you will have a Debian (.deb) package, problem is Dom0 is
Fedora and does not use QEMU directly but instead QEMU inside Xen
(qemu-xen):

1. mkdir deb

2. cp <seabios_package_name>.deb deb

3. dpkg -x <seabios_package_name>.deb (Extract Debian package)

4. Go into usr/share/seabios in current directory

5. You only need one file: vgabios-stdvga.bin

  - Copy that file to Dom0


Now to use the new vgabios-stdvga.bin:

Note: /usr/share/qemu does not exist in Dom0 (It's contained to a stub
domain for security reasons)

Note: /usr/share/qemu-xen/qemu (which has a vgabios-stdvga.bin) does
nothing, ignore it (I moved the qemu folder to qemu.old then tried
starting HVMs and there were no problem)

Important: Before beginning, backup your stub domain:

  - cp /usr/lib/xen/boot/stubdom-linux-rootfs stubdom-linux-rootfs-backup

1. What you need to do is modify the the stub domain

  - Follow this documentation except don't modify the init script on
step 2 as it says:
https://www.qubes-os.org/doc/windows-debugging/#debugging-hvms-in-the-qubes-r40

2. After extracting the stub domain into the stubroot folder on step 1
you will edit it on step 2 by doing:

  - cd stubroot/share/qemu

  - Replace the vgabios-Foppe de Haan <0spstdvga.bin in that folder with
the one you created

3. Proceed to step 3 of the aforementioned documentation to put your
newly modified stub domain into action


You're done! The new resolution will now appear in HVMs, tested working
on Windows 7 (Without Qubes GUI driver installed) and Windows 10
(Doesn't support Qubes GUI driver).


Important: If you are using an already created Windows 7 qube then I
noticed a glitch where the slider for changing your resolution doesn't
update to account for the additional resolution you've just added. This
can be fixed by going to:

Control Panel\Appearance and Personalization\Display\Screen Resolution >
Advanced Settings > List All Modes > Select your new resolution

Your resolution will now change. Once you do that the resolution slider
will also update with your new resolution and you will be able to use
that too.


Note: You will have to reapply your new vgabios-stdvga.bin every time
Dom0 receives an updates for qemu-xen, so keep it around


I may submit a patch containing all the standard resolutions mentioned
in the Wikipedia article from earlier to SeaBIOS. I don't see any reason
why they shouldn't be there by default. Looks like somebody submitted a
couple here recently but hardly all the standard ones there should be:

Patches (Oldest to newest):

https://mail.coreboot.org/hyperkitty/list/sea...@seabios.org/thread/BTTYP2LBOXN6RGATJEQPAXO244ZYHYPM/

https://mail.coreboot.org/hyperkitty/list/sea...@seabios.org/thread/Z6FPBB7WAX4EJ4ZGFSHKJ2GOBKDDBVPN/

https://mail.coreboot.org/hyperkitty/list/sea...@seabios.org/thread/QLBBA35ZIPDF5FYNDZHSBQMV5ORVVYW3/

Made it into SeaBIOS 1.13.0 (Announcement):
https://mail.coreboot.org/hyperkitty/list/sea...@seabios.org/message/CHTK23PNYHHVS7VA4L5RTYFGJ5Q7Y2UJ/

-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQQBj7nebfoT+xj7VVL5uQ1E+D3V8gUCXjkxTwAKCRD5uQ1E+D3V
8vqNAQCioGdWoxHcxyafLq/WFQjazHK6KLVoCXJAWwyD9fpyRAD9FxtnAtoyI3xu
lnZbw222D8FtRyrbLj3oihlBcuhejQQ=
=N2+8
-----END PGP SIGNATURE-----

[Foppe de Haan]

happy I could point you in the right direction. :) Thanks for your work updating QWT. :)