I looked at the documentation available online. Next step?
dom0 doesn’t have internet access, and
it doesn’t look like fwupdmgr is written in such a
way that it can work ‘offline’
Normally Dom0 does not but under special circumstances it does. Such as adding new templates. And look at the release notes for 4.2. What I am trying to do with fwupf is one of the new developments added to 4.2.
There must be a way to start qvm-service for fwupd update. Qubes-update-proxy or updates-proxy-setup have to be used. But my attacker already did something to updates proxy…
Its what this forum is supposed to be for. Not non-answers or suggesting that people are know-nothings if they ask questions. If this is lightweight, why didnt qubes developers already patch the vuln the attacker found almost immediately. Supposed to be Snowden’s favorite OS after all.
And look at the release notes for 4.2.
I don’t use RCs so I wasn’t aware of this. I
stand corrected on this not being inherently supported.
What qube is your system using for updates? Try
testing from a terminal in that Qube if it can reach that
hostname that was said to be unreachable.
There is someway updates over tor can be stopped if the sources are not onionized. That is the case for default Debian and Fedora. Whonix updates fine. Dnf and apt with https only do not over tor. Debian template has a lot of unnecessary apps like games in 4.2 for some reason. There should be a Kicksecure template that could be retrieved by Dom0. That would be onionized. If it is possible to onionize CentOS like lysator SE did, then there could be onion sources Fedora. Fedora onion morphing.
Has 30-salt.policy been removed in 4.2? [I verified my iso] There is no 30-user.policy. Changing Dom0 policy updates =whonix to =firewall did not work.
Dom0 should be Kicksecure instead of Fedora if updates over tor are supposed to be possible. Or implement Fedora Onion morphing.
All I can do with Qubes given my adversary is have Whonix with a host that cannot be updated over tor. I dont think Dom0 uses dnf5 either. How much better in this case is Qubes than Whonix with a Fedora host updating through dnf5 over a VPN?
There isn’t LVFS for System 76. You would think it safe to assume there would be given their alignment with FOSS.
Nova Custom has LVFS and NV41 is very similar to G6. Is there a way to tell fwupdmgr that the machine is a Nova and see if everything still works or does everything have to be exact in every respect?
Related recent issue:
Right. The moderator to the bug tracker says that discussion should be moved to a forum in the most recent last post. How about here? Who should we contact to see if the LVFS firmware can be developed? System 76? Does LVFS have independent firmware developers and auditors? How does one go about reviewing firmware codes? Is it all in hex?
That’s me. My comment was a reply to another user there (see the quoted text in my comment), not a remark about the issue in general. I suppose you could discuss that here, if you want, but it seems off-topic from your original post in this thread.
Do you know the answers to the questions about firmware development at the end of the previous post?
I do not, sorry.