We have just published Qubes Security Bulletin (QSB) 078: Linux kernel
PV driver issues and LVM misconfiguration. The text of this QSB is
reproduced below. This QSB and its accompanying signatures will always
be available in the Qubes Security Pack (qubes-secpack).
In addition, advanced users with customized setups are advised that the
LVM patch changes the LVM's default value for "global_filter" [5]. This
means you must ensure that the device that contains the LVM with Qubes'
rootfs is allowed, or else your system will not boot.
I don't like changing how config file is interpreted - is rather
unfriendly and confusing for those who know what they are doing and
change their lvm.conf. The specific filter syntax is describe in the
comment just above the this option.
The great majority of users do not need to change it (unless we missed
some common device? but then we should update the default filter), so
the risk of messing it up by novice user is minimal.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab