T490s + Lenovo Dock 40AV (Thunderbolt Essential 3) - Tips & Installation

Hello Qubes-Community,
just my experience with the mentioned combination of HW.

Installation

  • installed from USB Stick - no dock attached (just pure notebook)
  • during instllation i enabled keyboard and usb mouse to be auto -accepted (in the options during installation)
  • at the end of the second part of installation (Installation of VMs) - i got always an error about PCI devices - just accepted and finished the installation process
  • after first reboot - sys-usb did not start, sys-firewall and sys-net also not started
  • solution: go to Qubes Manager → sys-usb settings (sys-usb was shut down) but mousepad of t490 worked well → devices → select at the bottom “Configure strict reset for PCI devices” → select the two already provided devices and klick ok.
  • the two devices were: 00:14.0 USB controller: Intel Corporation … and 3a.00.0 USB controller: Intel Corporation …
  • reboot
  • now all sys-VMs are started without errors. Basic QubesOS is running.

Adjustments (before attaching Dock)

  • in BIOS → set primary display to “external” (somewhere in BIOS options)
  • in BIOS → enable “Kernel DMA protection” / enable Thunderbolt (these should be already enabled by default)
  • attach the Lenovo dock to the Thunderbolt USB-C connecter (the main Thunderbolt Connector is the 2nd one when counted from the display direction).
  • during reboot following will happen:
  • external monitor is active - (notebook display / Lid is open) also external keyboard and mouse (attached to the dock) during the phase where the QubesOS first menu appears (start normal or other 2 options)
  • then comes the screen with the disc encryption password entry - the external keyboard is still disabled - - press ESC key (so the log is shown instead of password entry window) - and enter the password for encryption - press ENTER and let the lid open
  • wait - then comes the user login passwort entry screen → external keyboard not working - i can enter the password only on notebook - and Qubes is starting
  • → go to Display-Setting in Menu → set external monitor as primary → in my case: i deactivate the notebook display when attached via Dock - so i activate the external and deactivate the internal display.
  • start Qubes Manager → clone the sys-usb VM
  • sys-usb-clone → (dont start) → settings - devices: select the new appeared device: 07:00.0 USB controller: Intel Corporation JHL7540 Thunderbolt 3 USB controller (Titan RIdge DD2018)
  • move the selected device to right window (Devices always connected to this qube)
  • remove the other USB which were on the right windows (which are already assigned to original sys-usb - otherwise the vm will not start when same device is assigned to 2 separate vms)
  • start the clone-sys-usb
  • keyboard still not working
  • go to Qubes Settings
  • in Qubes: Top-Left-Corner Menu → Settings → Qubes Tools → Qubes Global Config: Sub-Menu: USB
  • now there should be 2 USB VM listed. Enable Keyboard and Mouse for the second VM and safe the selection
  • reboot
  • now the external keyboard will work from the moment when i have to enter the user password (still not working when i have to enter the encryption password).
  • but Qubes is starting without errors. I close the notebook lid after entering the encryption password - and the system is running via dock only on external screen. everything works fine now.
  • Dont forget to select in the energy - options: when lid closed - deactivate notebook display (when in battery or when plugged-in mode)

I can now work with Qubes - connected via Lenovo dock. Everything works fine.
Only disadvantage: i have to open - when reboot - the notebook lid and enter the encryption password (press ESC first - then enter the password). Then i can close the lid and the external devices will work fine.
Only one cable connected to the notebook (from the dock). Battery is charging via Thunderbolt. All external gadgets (USB) are connected via the dock. Also a additional external NVME ssd is working well.

Just wanted to share with you the tips how to use Qubes on a T490s + Lenovo Dock - Thunderbolt 3 Essential Dock.

HW: Lenovo Thunderbolt 3 Essential Dock with 135W power device (the 65W device from notebook has not enough power).
T490s - i7 - 16GB RAM - 1TB nvme (internal) ssd.
Before this - i had a T470 with i5 ECU → the new HW is much faster regarding performance. VMs starting in few seconds ~10s (on my T470 it took up to 50s to start a VM - maybe because of the i5 ECU). The T470 had also 16GB RAM.

Update
Dont forget to enable auto-start for the clone-sys-usb.
Advantage: when Dock is not attached - the clone-sys-usb will not be started (1 error entry at boot-log is visible - because the device is not connected). Thus the clone VM will not run in mobile mode (without Dock). Saving resources.