So I’ve produced a set of instructions to apply this patch on a new install of 4.2.4, and install it to dom0.
PLEASE NOTE
I make no guarantees regarding the security of this process. I don’t understand how all these moving pieces interact with each other.
These instructions will likely need to be updated in the event of a security update for xen-hypervisor. They almost certainly will not work for any later release of Qubes.
Building a patched xen-hypervisor to fix the Lenovo ACPI power-supply disconnect crash
This is based mostly on: https://github.com/QubesOS/qubes-builderv2/
Unfortunately, that page contains a million details for things that are not relevant for this task, so here's my boiled-down instructions
*** Setting up the environment and host for qubes-builderv2
* Open Qubes Manager
* Clone your fedora template as work-qubesos-template
* Clone your default-dvm to work-qubesos-dvm
* Adjust settings for work-qubesos-dvm
* Change the template to work-qubesos-template
* Set private volume storage to 32GB <-- double check this. There's a UI quirk in Qube Manager that means it might not take
* Create a new AppVM Qube, call it work-qubesos (This name is important!). Set it to the work-qubesos-template template.
* Launch a Terminal in work-qubesos, and run these commands:
* git clone https://github.com/QubesOS/qubes-builderv2/
* cd qubes-builderv2
* qvm-copy dependencies-fedora.txt
* Select work-qubesos-template from the popup
* qvm-copy dependencies-qubes-executor.txt
* Select work-qubesos-template from the popup
* git submodule update --init
* Open a terminal in work-qubesos-template
* sudo dnf install $(cat QubesIncoming/work-qubesos/dependencies-fedora-qubes-executor.txt)
* sudo dnf install $(cat QubesIncoming/work-qubesos/dependencies-fedora.txt)
* In a dom0 terminal, run the following:
* sudo qvm-run --pass-io work-qubesos -- 'cat /home/user/qubes-builderv2/rpc/policy/50-qubesbuilder.policy' > /etc/qubes/policy.d/50-qubesbuilder.policy
* qvm-prefs work-qubesos default_dispvm work-qubesos-dvm
* Open a terminal in work-qubesos-dvm
* sudo su
* mkdir -p /rw/bind-dirs/builder /rw/config/qubes-bind-dirs.d
* echo "binds+=('/builder')" > /rw/config/qubes-bind-dirs.d/builder.conf
* echo "mount /builder -o dev,suid,remount" >> /rw/config/rc.local
* Shutdown work-qubesos-template, work-qubesos-dvm, work-qubesos
*** Configuring and invoking qubes-builder
* Launch a terminal in work-qubesos
* cd qubes-builderv2
* cp example-configs/qubes-os-r4.2.yml builder.yml
* ./qb -c vmm-xen -d host-fc37 package fetch
* nano artifacts/sources/vmm-xen/xen.spec.in
* After the line starting 'Patch1202:', add a new line. Add a few newlines around here if you want to keep things readable. Feel free to add a comment if you like.
* Patch2000: 2000-lenovo-acpi-crash-fix.patch
* <Ctrl-x>, y, <enter>
* nano artifacts/sources/vmm-xen/2000-lenovo-acpi-crash-fix.patch
* Paste in the ACPI patch
* <Ctrl-x>, y, <enter>
* ./qb -c vmm-xen -d host-fc37 package prep build
*** Pulling the binary package into dom0 and installing it
* Open a dom0 terminal
* sudo qvm-run --pass-io work-qubesos -- 'cat /home/user/qubes-builderv2/artifacts/components/vmm-xen/4.17.5-6/host-fc37/build/rpm/xen-hypervisor-4.17.5-6.fc37.x86_64.rpm' > xen-hypervisor-4.17.5-6.fc37.x86_64.rpm
* sudo dnf reinstall ./xen-hypervisor-4.17.5-6.fc37.x86_64.rpm
Shutdown and restart the computer
Go ahead and disconnect the power supply, and enjoy your computer not crashing!