Plan B for sys-gui / Non-administrative users: missunderstanding on VM autoboot procedure

The original question was caused by me misunderstanding when the VM autostart sequence happens. Finding out that hitting escape during the qubes boot up screen can show you when the vms actually start booting cleared up the confusion.

Orignal version starts here:
There are 2 topics here: My question is going to be “Is there a way to start VMs/qubes on boot before login?”. The other topic is “why?” (which people are probably more interested in, so I’ll start with that one).

WHY:
I would like to create a non-administrative user.

Plan A is to try to create a non-administrative user as sys-gui and give it certain VMs. However sys-gui is still in development and I can think of a hundred ways that it could not work out. But with risky plans it makes sense to make a backup plan, so I’m also working up a plan B.

So far, plan B is to pass-through the GPU to a particular HVM which requires a login, then connect the only monitor to that for the non-administrative user to log into.
The first problem that I see with this plan is that there is no way to get the HVM to boot up without requiring a administrator to be present at boot to do the initial log in, then lock the screen, and then put the monitor back on the correct output for the non-administrative user. There are many other things that would have to be figured out, but that one seems to be one that would have to be figured out for the plan to be at all feasible.

THE ACTUAL QUESTION:
Is there a way to automatically start qubes that are associated with “start on boot” for a particular user session (most likely the dom0 user session) on boot, but before the login happens? This would be after the disk encryption password, but before the dom0 user login password

Alternatively, is there a way to have the dom0 user “autologin” then immediately activate the lock (I.E. the screensaver) or automatically go to “switch user” as the “start on boot” qubes come up?

Out of curiosity, why would one want to do this?

To create a non-administrative user. I’ll explain:

Plan A is to try to create a non-administrative user as sys-gui and give it certain VMs. However sys-gui is still in development and I can think of a hundred ways that it could not work out. But with risky plans it makes sense to make a backup plan, so I’m also working up a plan B.

So far, plan B is to pass-through the GPU to a particular HVM which requires a login, then connect the only monitor to that for the non-administrative user to log into.
The first problem that I see with this plan is that there is no way to get the HVM to boot up without requiring a administrator to be present at boot to do the initial log in, then lock the screen, and then put the monitor back on the correct output for the non-administrative user. There are many other things that would have to be figured out, but that one seems to be one that would have to be figured out for the plan to be at all feasible.

(I’ll add it to the title as probably no one cares without knowing why)

(I added this all to the original post as well)

1 Like

IIUC that’s already how things work. If you enable the autostart property for a VM, its startup happens in parallel to the login screen startup, not after it.

Is that new in 4.1?
It definitely does not happen on my 4.0 system (which has a hard drive light and gets lots of reboots).
I’ll have to test it on 4.1

As I recall it did happen on my 4.0 also.

I should say that I dont autostart any qubes, but I did.

Strange. R4.0 should actually start VMs even earlier, showing the login screen only after their startup has finished (in the sense of qvm-start exiting). It’s a change in R4.1 to show the login screen in parallel.

I am still absolutely confused by this question watching my VMs autostarting before the login screen

Thanks for the link. Using that info, I was able on a 4.1 system to see logging evidence that qubes-vm@sys-net.service began a full 7 seconds before systemd-user-sessions.service began.

I’ll check the logs in the 4.0 system when I get access to it again to see if it does similar. Perhaps I’m misinterpreting why I have to wait after logging in before the sys-net 'Ethernet network connection “Wired connection 2” active" notification shows up (and the tray icon).

How are you “watching” your VMs autostarting before the login screen? The only piece of info I really have at that moment is the hard drive light.

Probably then I don’t understand the question, but after the disk encryption password (even before that actually), but before the dom0 user login password, I press esc button on Plymouth and there I follow autostarting qubes for which I selected that option?

Thanks! I was unaware of plymouth and the esc option. I should be able to gather better information now.

I have now confirmed that the VMs do begin their boot before the login screen through using “esc” during bootup, and by pinging the network VM from outside during the boot sequence.

I still have no idea why it takes so long to give the notification that the ethernet is connected if sys-net is already started before logging in, but that’s not really important.

Anyway, updating the original post and marking this one as solved.

1 Like