2013-12-31

Dell Latitude E6430 #QubesOS #xen #security&freedom

12.31: summary:
. I feel secure on Chromebook with its verified boot;
but that is very limited in what it can do .
. the Qubes OS provides virtualization of linux
that is needed to isolate computer activities
into separate linux virtual machines .
. by providing this "security by isolation"
your web surfing of unsafe sites
can't be exploited to steal your bank's password
because they run on virtually separate machines .
. there is an hcl (hardware compatibility list)
to help you find a computer that Qubes works with;
and it says a Dell Latitude E6430 does work,
but doesn't work out-of-the-box
(it needs some sort of unspecified "tweaking").

news.cyb/qubes/compatible hardware/Dell Latitude E6430:
10.6: aq.cyb#dell: getting the right options:
Welcome to Dell  US Small Office Chat. 
My name is Jose and I will be your 
Dell.com Sales Chat Expert.
I can be reached at jose_nino_romero@dell.com.
 10:47:01 AM   Customer phil torrance
Upgradable to Intel® vPro™ technology) ?
how do I get this preinstalled?
I'm not seeing how to add it to
Dell Latitude E6430
when it mentions i5-3340M,
what does the 3340M mean?
I had a friend specify that
and the current offering differs
 10:49:52 AM   Agent Jose_N_R
Its the model number.
Check out that link
its for the E6430 fully custommizable
Theres an option on the inter vpro
[ and there's also the model number I need .]
6: the vPro is an option:
Dell's help for the Intel® vPro technology enabled:
The system is delivered with Intel® vPro enabled
and is ready for customer provisioning
The Intel® vPro option requires Intel® vPro processors
Dell offers an exclusive set of Intel® vPro extension
that enables state-of-the-art systems manageability:
One-to-many BIOS updates
Scriptable BIOS management
Battery management (notebooks only)
Use SCCM to check for health state of batteries and warranties
Get deep-level inventory from all Dell batteries,
regardless of power state
Remote BIOS management for client hypervisors
Most tools cannot work backward through a hypervisor
to modify hardware settings,
but paired with core Intel® vPro and the Dell-unique extensions,
admins can easily modify all BIOS settings
* The functionality described herein requires
the appropriate systems management console software.
Stefan Boresch 2011:
Recently, to do 'plain'  Xen hardware based virtualization
I was looking for desktop PC based 'servers'
that support vt-d,
and in this process I learned that
Intel vPro is a 'magic' word to search for;
i.e., all (desktop) boards that claimed vPro support/capability
turned out to also have vt-d support
 (Obviously, your cpu needs to support it,
but most sandybridge i5 and higher are fine,
so on that end the choice is large).
Incidentally, while the normal specs of the thinkpad x220
do not mention vt-d; they mention vpro support.
news.cyb/qubes/compatible hardware
/what is the vPro option?:
[ like qubes, ] XenClient is a
Type 1 Client-Hypervisor based on Xen,
and is intended for use on a client
(desktop system) rather than a server .
XenClient's bare metal architecture
is offloading as much as possible
to the underlying Intel hardware.
Intel's Trusted Execution Technology (TXT)
lets every boot verify the integrity of
the hypervisor and its support components .
Intel Virtualization Technology (VT):
VT-x provides virtualization of unmodified vm's
and is required to run Windows .
. VT-d accelerates graphics [and
enhances hardware-enforced
control of which vm can access
which peripheral device .] 
8: wifi is certified citrix-ready:
Dell Latitude E6430 is verified to be compatible with:
XenClient XT 3.1, 2.1
. associated component configurations
are supported with XenClient Enterprise:
Intel Core i7 , Intel Core i5
(Graphics) Intel HD Graphics
(WiFi/Network):
Intel Centrino Advanced-N 6235,
Intel Centrino Ultimate N 6300,Intel Centrino Advanced N 6205
XenClient XT requires Intel® vPro processors
for Hardware-enforced security.
. for feature requirements refer to the
 XenClient XT 3.1 Engine Administrator Guide 

24: what are choices of dell's wifi?:
here's what I need: [see above]
. here are my dell choices:
# Dell Wireless™ 1504 802.11g/n Single Band
Wi-Fi Half Mini Card [Included in Price]
# Intel® Centrino® Advanced-N 6205 
802.11n 2x2 Half Mini Card [add $14.00]
# Intel® Centrino® Ultimate-N 6300
 802.11n 3x3 Half Mini Card [add $28.00]

8: fedora vs dell's port replicator:
. with Fedora linux like Qubes has,
your dell's port replicator will cause fedora to
turn your computer back on right after you turn it off .
7: web: user or dev info:
several dell's used with qubes:
alex has E6320
Zrubecz Laszlo @zrubi.hu has E6430
12.15:
marmarek (Qubes core dev) has E6420
-- .the E6420 is currently unavailable
"As of the moment, we still don't know
 if this will be available again or not"

7: wifi or misused qubes trouble:
co.qubes#LV 5.16:
I have a Dell Latitude E6430 and
it's working except for Wifi:
Broadcomm BCM 43228 802.11a/b/g/n. ...
he's still having problems and not getting help;
[12.15:
. if the E6430 still has that model of wifi,
then it also goes by the name: Dell Wireless 1504
-- known not to work with XenClient;
(that poster never posted again ) .]

so what's up with other dell's ?
Erik Edin 9/9/12 Dell Latitude 5520
solving network issues
In all three versions, RC2, RC3, and 1.0,
I've had to manually add my network card's
PCI device id to the netvm
for it to pick up the network card.
I check the lspci output
and then I add the device to the netvm, as below.
$ lspci
0a:00.0 Ethernet controller:
Broadcom Corporation NetXtreme BCM5761
Gigabit Ethernet PCIe (rev 10)
$ qvm-pci -a netvm 0a:00.0

owner of a Dell Latitude E5500. 
> with lspci i can see my networkcard:
> [rowie@dom0 ~]$ lspci
> ...
First of all, dom0 is network-isolated,
there is no network by design.
You can use network in any other VM.
You should also see
NetworkManager tray icon,
which will allow you to setup the connection.

First of all you should
check if all network devices are
connected to netvm:
issue lspci in netvm terminal.
If you don't see your devices there, use qubes manager
to attach it (select netvm, open settings
and assign devices in "Devices" tab);
then restart netvm.
You can also use qvm-pci tool here
(if you  prefer cmdline instead of GUI).

If your devices are already connected to netvm,
check netvm kernel messages
(/var/log/messages, dmesg). 
There should be some info about initializing drivers.
There is also one known issue:
for Realtek RTL8111DL Gigabit Ethernet Controller.
VMs with assigned PCI devices in Qubes
have allocated a small buffer for
DMA operations (called swiotlb).
By default it is 2MB, but some devices need a larger buffer.
To change this allocation, edit VM's kernel parameters
(this is expressed in 512B chunks):
# qvm-prefs netvm | grep kernelopts
kernelopts       : iommu=soft swiotlb=2048 (default)
# qvm-prefs -s netvm kernelopts "iommu=soft swiotlb=4096"

news.cyb/qubes/compatible hardware
/testing your unit:
 I don't see any indication from Qubes
that the hardware virty features are being employed.
Is there a way to tell? 
"xl info" in dom0 console.
You should have "hvm" (for VT-x) and
 "hvm_directio" (for VT-d) in virt_caps field.
I've a t430s, and I only have 'hvm' for virt_caps.
VT-d is enabled in the bios,
any tips on debugging this? 
try disabling VT-d in the bios, rebooting, then re-enabling it
xl info now correctly has "hvm hvm_directio"
indicating VT-d is enabled. 
12.15: web.cyb/qubes/compatible hardware/lenovo:
. searched for site:citrix.com/ready/en
for any lenovo models -- there are plenty .
. it warned I would have to ensure
my particular version supported vpro;
and, one thing I liked about Dell
was they made it easy to select that feature .
. the hcl says my chosen Dell, E6430,
works with the latest Qubes version after tweaking .
-- using the earliest available kernel only .
dev#marmarek says every kernel works on
his Dell, the "currently not available" E6420 .