After reboot wifi password forgotten
need to enter it again
After reboot wifi password forgotten
is your sys-net a disposable machine?
You likely checked the “make sys-net disposable” checkbox during installation. That means your sys-net will forget everything on every restart.
Is that what happened?
If so, what do you want:
- make sys-net non-disposable
- keep sys-net disposable, but have it know (a) specific WiFi password(s) like home or work?
It forgets randomly on few restarts.
Maybe it does depending of if it enter Qubes load password immidiattly or later when system has loaded.
This happened to me a few times, too. I don’t know why it happens nor how to replicate it.
Turns out in installation process. If you dont turn off computer but put to sleep, then it remembers. If restart then forgets IF you choose such option in install process
Personally I was going to do some digging on this. I’d like it to remember two networks I trust, beyond that I’d like it disposable. I started to look into it and I’m guessing I may have to grab two config files from sys-net after I connect and transfer them to the template? Hence not connecting the template directly to wifi.
I thought of another possibility that might work without changing the core template? Like bridging the wifi temporarily to a dedicated appvm and then a disposable using that as a template for sys-net?
well there is the DVM template you could utilize, mind that every DVM then has access to your wifi credentials so its possible to deanonymize, if you care about that.
I am not sure how you wouldn’t be deanonymized in sys-net connected to wifi, but in its dvm template connected to wifi?
What I’d exactly do is just what the user was thinking of, with the method @Suspicious_Actions changed his mind to propose:
But, this had to be asked in a separate topic in order to help other users to find it more easily.
thought about that, but this does not apply to dispvms iirc, only appvms. you can do that in the dispvm template (that is just an appvm with an extra flag). Has some usability constraints and in my opinion the provided security is negligible compared to appvms.
I moved my thing about deanonymization to another post
oh. didn’t read that. maybe i should create another thread for that topic.
i mean having wifi credentials in every disp spawned from that dvm template might denanoymize you.
if someone inside that disp is looking for them. and can make a link between your surfing and a wifi name (from said credentials) or so.
the hardware parts of wifi are probably also problematic but beyond my understanding.
Well you would use this disp vm template for only your sys-net templates, right?
Another thing to mention: You can read out hardware information on any dispvm, for example
sudo cat /proc/cpuinfo. Not as bad as direct mac addresses, but add enough of such entropy and you got uniqueness.
Qubes is mainly for security, not anonymity, although it works quite well for that too.
If you main goal is anonymity, take a look at whonix.
probably the best solution.
well maybe anonymizing wasnt the right term, but wifi names might give away geo location, that was my main concern.
Yes. This however is hard to mitigate. Much easier with qubes of course, but still a hassle. I wrote something about that problem here
You can do that much easier. All you have to do is to train the AppVM that serves as a template for your sys-net. So let’s say your disposable sys-net is based on fedora-34-dvm which in turn is based on fedora-34.
- shutdown all qubes
virt_modeof fedora-dvm to
- make sure the
provides_networkof fedora-dvm is
- add the WiFi PCI device to fedora-dvm
- run fedora-dvm with
- once it started you’ll see the network manager icon in the tray; now train it the passwords you like it to know by connecting to those networks (e.g. home and phone hotspot)
- shutdown fedora-dvm
- remove the PCI device and undo the
Next time you start your sys-net, it will know the passwords for those networks because they are now stored in the AppVM/disposable template that is the template for it.
I never connects even my dvm-templates to internet. Each dispVM has to be manually attached to desired netVM
You’re attaching hardware to the disposables template, make sure you really trust your hardware before doing this. (sorry for nagging and pointing that out)
The “Qubes OS way” is to distrust the network, the hardware and certainly any qube that hardware is connected to. One wouldn’t reuse the disposable template for any other purpose once it was connected to the hardware. It becomes untrusted.