Dear Qubes Community,
The third release candidate for Qubes 4.1 is here! There are no major
changes to report. We've just focused on fixing bugs that were
discovered and reported in the second release candidate.
If you're currently using any Qubes 4.1 release candidate, a regular
update [01] is sufficient to upgrade to the latest one. Otherwise,
read on for more about how to get started with testing Qubes 4.1-rc3.
What's new in Qubes 4.1?
Long time Qubes user…I just bought an upgraded laptop from what I have been using. I’d like to get the latest Qubes version and this release has a lot of appeal, however I am not sure I am competent enough to provide valuable feedback on this latest RC.
Should I install the RC or version 4.0.4? I would like to build this properly to start on my upgraded laptop…
I have been able to handle making new templates as febora and debian versions go end of life…so no problem there.
Any advice appreciated!
Sincerely,
(PS Just donated before year end to the Qubes project…keep going developers and community! You do great stuff!)
If you want to get the lastest version, just install/upgrade to 4.1rc3. This version is already working for most of the things and I’m sure, it will work for your daily things also. I wouldn’t bother with 4.0.4 any more at this point of stage.
...
(PS Just donated before year end to the Qubes project...keep going developers and community! You do great stuff!)
...
Me too 
Actually for a "release candidate" I'm expecting that most things do work. 
...
Thank you all, appreciate the feedback and happy new year to some!
Excuse the layman question but I assume if I install 4.1rc3, when 4.1 rolls outit is simply an upgrade?
Wishing every one the best 2022…
It depends on the nature of any updates, but that seems like the most likely outcome right now. In general, the final release candidate of a series (whichever one that might be) is ultimately declared to be the stable release. However, it's possible that a clean reinstallation may be required from one release candidate to the next (though that's less common and rather unlikely at this stage of the R4.1-rc series).
Just installed 4.1rc3 onto a Carbon X1(5th G)…went well. No major glitches…I think I am good but had a few questions:
1)I ran, a simple test I was advised to do: qubes-hcl-report AppVM (Name of “AppVM” I was running)
Results you want:
HVM: Active
I/O MMU: Active
HAP/SLAT: Yes
TPM: Device not found <—Is this Anti-Evil Maid" ?
Remapping: Yes
Post Interupt not enabled <----This one is new to me? Does this look alright?
XEN Intel VT-d Shared EPT tables not enabled - This is enabled
I tried to Install Anti-Evil-Maid
sudo qubes-dom0-update anti-evil-maid <—It timed out or couldn’t find where to download??
Cool feature but 4.1rc3 has options in General Settings to pick how to update dom0, which one do I use for 4.1rc3?: Stable updates? Testing updates? Unstable updates? or Testing updates(security only)?
No big issues with the OS, I like it, specifically disposable firewall and USB VM, I used to use Debian for my print VM…couldn’t get it going but Fedora was super easy! Very similar feel to the current 4.0 but updated look. Verifying the ISO was painful…I would pay for a verified/trustable bootable USB…could be a good way to raise funds! Maybe ship in a tamper proof case…
I just updated my OS to 4.1rc3…pretty slick! I picked up a X1 Carbon (5thG) and loaded it on…the install went pretty good. Verifying the ISO is still a pain…I would suggest Qubes sell a bootable thumb drive that has been verified, maybe package it in a tamper resistant package for security. I would pay for that…might be a good way to raise funds.
Some early observations are:
I did have a few questions I was hoping to get help with:
Results you want:
HVM: Active
I/O MMU: Active
HAP/SLAT: Yes
TPM: Device not found ← Is this Anti-Evil-Made I am missing?
Remapping: Yes
2)I also ran this test: sudo xl dmesg|grep VT-d (Thats a small “L” and a “|” Shift+)
Results you want:
XEN Intel VT-d iommu 0 supported page sizes: 4kB
XEN Intel VT-d iommu 1 supported page sizes: 4kB
XEN Intel VT-d Snoop Control not enabled
XEN Intel VT-d Dom0 DMA Passthrough not enabled
XEN Intel VT-d Queued Invalidation enabled
XEN Intel VT-d Interrupt Remapping enabled
Post Interupt not enabled ← This is something new?? Is this OK?
XEN Intel VT-d Shared EPT tables not enabled - This is enabled
3)I was not able to install “Anti-Evil-Maid” it seemed to time out?
sudo qubes-dom0-update anti-evil-maid
Thanks for any help or thoughts…
Scat:
TPM: Device not found <---Is this Anti-Evil Maid" ?
Yes.
VT-D settings look OK. Qubes will warn on install if something required is missing.
3) I tried to Install Anti-Evil-Maid
sudo qubes-dom0-update anti-evil-maid <---It timed out or couldn't find
where to download??
May not be out yet for 4.1, but you'd need to get your TPM functional first anyways.
4) Cool feature but 4.1rc3 has options in General Settings to pick how to
update dom0, which one do I use for 4.1rc3?: Stable updates? Testing
updates? Unstable updates? or Testing updates(security only)?
If this is your primary workstation, choose stable or testing(security only) if you want security updates as soon as they are released, but with potential problems as they haven't been as broadly tested. If you don't mind breakage and want to test updates in advance and provide feedback, choose Testing.
Scat:
TPM: Device not found <—Is this Anti-Evil Maid" ?
Yes.
VT-D settings look OK. Qubes will warn on install if something required
is missing.
Anybody try using a vTPM or TPM Simulator with Qubes?
My machine came with a “software TPM” which only works under Windows apparently. I had previously looked at Xen vTPM but somehow could not manage to get it to work under Qubes. I can’t be the only one out there without a TPM, so I just wanted to ask if anyone else had looked into a virtual/software replacement yet.
Thanks all for the help…making progress…really appreciate the responses
As I continue to explore the new 4.1rc3 another issue comes up that I can’t remember experiencing with 4.0 and it seems important:
When I try to back up my system and insert a WD external hard drive I get an error when I try to mount it, specifically "Error mounting /dev/sda1 at run/media/user/easystore: unknown filesystem type ‘ntfs3,ntfs’
I tried both USB ports, same error
I tried multiple hard drives, including the one I used with my 4.0 setup, same error
I see the device in my sys-usb but the error comes when I try to mount the device
I can mount a small USB drive and transfer files but when I put in a large disk the error occurs
I tried backing up on a 32g thumb drive and it started to back up but then errored out with the following: "ERROR: Writing backup to VM failed: cat: write error: File too large (I use a dedicated VM for my email(Thunderbird) which has a lot of emails.
Never had this problem with my 4.0 set up
I googled and found similar issues but nothing with a solution
The above is my biggest issue right now but also had a few other questions:
USB-C doesn’t seem to work? Not a big deal but I can’t mount a USB-C thumbdrive(in all fairness I was using a regular USB and used a dongle to convert to USB-C). I found an old thread that mentioned USB-C isn’t supported in Qubes…
My Thunderbird VM(dedicated VM to email) seems to constantly be downloading emails (I remember this from my 4.0 set up and it eventually stopped) but I have a large number of emails. Is there a better way to manage this? Can I some how save these emails with out deleting them? I changed “Private storage max size:” to 30g…not sure this is right but seems to make sense. I also changed Initial memory to 500MB and Max memory to 5000MB in an effort to add more resources to my email VM
The lack of being able to back-up is my biggest concern…
Hello my friends and thanks for the great work.
I clean installed release 3 and tried to update dom0. It replies: “No updates available”. It seems strange. Is it normal?
Best
Franz
Scat:
When I try to back up my system and insert a WD external hard drive I get
an error when I try to mount it, specifically "Error mounting /dev/sda1 at
run/media/user/easystore: unknown filesystem type 'ntfs3,ntfs'
Add an ntfs package to the template you're using for the AppVM where you're trying to mount it.
The above is my biggest issue right now but also had a few other questions:
- USB-C doesn't seem to work? Not a big deal but I can't mount a USB-C
thumbdrive(in all fairness I was using a regular USB and used a dongle to
convert to USB-C). I found an old thread that mentioned USB-C isn't
supported in Qubes...
I think USB-C is supported now, but can't confirm. Maybe try an addin USB-C adapter so you can connect directly?
- My Thunderbird VM(dedicated VM to email) seems to constantly be
downloading emails (I remember this from my 4.0 set up and it eventually
stopped) but I have a large number of emails. Is there a better way to
manage this? Can I some how save these emails with out deleting them? I
changed "Private storage max size:" to 30g...not sure this is right but
seems to make sense. I also changed Initial memory to 500MB and Max memory
to 5000MB in an effort to add more resources to my email VM
Your changes seem reasonable. I doubt email would need more than 1-2GB max RAM, but more won't hurt if you have plenty. You can create a local mail folder in Thunderbird and move your emails there, but then it becomes even more important to have a good backup as the only location for them would be on local storage.
Franz:
Hello my friends and thanks for the great work.
I clean installed release 3 and tried to update dom0. It replies: "No
updates available". It seems strange. Is it normal?
RC3 is pretty fresh and defaults to the stable channel; I don't recall any dom0 updates pushed to stable since its release.
Thanks Awokd, you helped!
Another question regarding x230 tablet,
On this Thread https://groups.google.com/g/qubes-users/c/S2w51ze1jSA/m/TIzbI51NAQAJ
Unman gives some help for getting a tablet working, but with R4.1 something changed:
and adding this line to /etc/qubes-rpc/qubes.InputTablet does not connect the tablet as an input.
Now /etc/qubes-rpc/qubes.InputMouse contains only
/usr/bin/input-proxy-receiver --mouse
and
/etc/qubes-rpc/qubes.InputTablet contains only:
/usr/bin/input-proxy-receiver --mouse --tablet
So it seems the way it works changed
Best
Franz
Thanks Awokd…
Since Rc3 has a disposable VM for its default sys-USB, I entered the following command in the fedora-34 template (Not fedora-34-dvm):
sudo dnf install ntfs-3g fuse
…restarted sys-usb, no issues with backing up.
I used this article which discusses commands for other distros: https://linuxconfig.org/how-to-mount-partition-with-ntfs-file-system-and-read-write-access
My back up mounted and I was able to back up my VMs…I wonder if reformatting my hard drive would have been a better call vs adding additional software. Seems a small risk and I am happy…
Thanks again…I’ll play with the USB-C and thanks for the advice on Thunderbird.
(Francesco - I too have not seen an update in Dom0 since installing RC3, I do get a “Green Check” mark when I try…other templates are updating)
Franz:
Thanks Awokd, you helped!
Another question regarding x230 tablet,
On this Thread
https://groups.google.com/g/qubes-users/c/S2w51ze1jSA/m/TIzbI51NAQAJ
Unman gives some help for getting a tablet working, but with R4.1 something
changed:
1. An alert automatic appears after boot saying: Denied: Qubes.InputTablet;
qubes.InputTablet from sys-usb to dom0,
2. Contrary to the above thread /etc/qubes-rpc/qubes.InputMouse does no
more contain the line:
sys-usb dom0 allow,user=root
and adding this line to /etc/qubes-rpc/qubes.InputTablet does not connect
the tablet as an input.
How about /etc/qubes-rpc/policy/qubes.InputTablet ?
You misread my suggestion.
yes and I keep misreading it :
How about /etc/qubes-rpc/policy/qubes.InputTablet ?
Puzzled!
Franz:
You misread my suggestion.
yes and I keep misreading it :
How about /etc/qubes-rpc/policy/qubes.InputTablet ?
Puzzled!
The one you're looking at doesn't have /policy/ in the path. Try the one that does.
