For my offensive security certified procrastinator
exam I had to install an Ubuntu with VMWare on my machine. They don’t even let you use KVM/qemu/libvirt and in my view the whole thing is just trying to scrape outrageous amounts of money from their students (try harder, not smarter).
Anyway, wouldn’t it be nice to start your Kali-Linux VM from Qubes? So I thought and wrote this two little nifty scripts to create a block device to boot from.
[user@disp678 ~]$ cat mount.sh
#! /usr/bin/bash
file='/mnt/cryptroot/home/offsec/vmware/offsec/Kali-Linux-2021.3-vmware-amd64.vmdk'
offset=1048576
size=84873838592
sudo mkdir /mnt/cryptroot \
&& sudo cryptsetup open /dev/xvdi cryptroot \
&& sudo mount /dev/mapper/cryptroot /mnt/cryptroot \
&& sudo modprobe nbd max-part=8 \
&& sudo qemu-nbd -c /dev/nbd0 $file \
&& sudo kpartx -av /dev/nbd0
[user@disp678 ~]$ cat umount.sh
#! /usr/bin/bash
sudo kpartx -d /dev/nbd0 \
&& sudo qemu-nbd -d /dev/nbd0 \
&& sudo umount /mnt/cryptroot \
&& sudo cryptsetup close cryptroot \
&& sudo rmdir /mnt/cryptroot \
&& sleep 3 \
&& sudo modprobe -r nbd
So, I attached the ubuntu-cryptroot to the dispVM
as /dev/xvdi
, ran mount.sh
and fired up my offsec HVM from dom0 with
qvm-start offsec --drive=hd:disp678:/dev/nbd0p1
and seabios
said NO, no bootable device.
Tried
qvm-start offsec --drive=hd:disp678:/dev/mapper/nbd0p1
with the same result:
Booting from Hard Disk...
Boot failed: not a bootable disk
[stuff]
No bootable device.
In the dispVM I can sudo mount (-r) /dev/mapper/nbd0p1 /mnt
, sudo ls -al /mnt/boot
(i.e.) and sudo umount /mnt
successfully.
Is there a emergency console in seabios?
If yes, how can it be invoked?
Anyone an idea how to debug this further?
This “no bootable device” error has been reported before and dealt with by giving the VM an exactly 10Gbytes sized .raw image. However block devices of all sizes shouldn’t be a problem or the problem needs to be fixed.
This is rather unpleasant and I hope someone with more profound knowledge of QubesOS’ internals could help debug the problem.