Update for late upgraders (No. Internal upgrade from 4.0 to 4.1 is still not recommended on my side, unfortunately. Hopefully, next 4.1-> 4.2 upgrade will work out of the box, but this is not the case for 4.0 to 4.1 even today with fixes still happening where 4.2 is now in the works).
So time to practice your backup/restore mental muscle and template specialization skills, reapplying some tweaks manually.
Upstream instructions have been updated and clarified a lot since the previous discussions:
- Backup of Qubes OS How to back up, restore, and migrate | Qubes OS
- Download Qubes ISO and Qubes ISO detached signature on previously prepared USB thumb drive (EXT3/EXT4 partition required). (right-click, “save link as…” (or equivalent) on mounted USB thumb drive passed to your qube). Verify integrity on actual Heads firmware by attempting Options->Boot Options-> Boot from USB (should verify ISO and propose boot options)
- Download x230-htop-maximized latest firmware (right-click link in artifacts, “save link as…” or equivalent), verify hashes as instructed putting rom alongside Qubes iso and Qubes iso detached signature on a EXT3/EXT4 USB thumb drive following Step 1 - Downloading Heads - Heads - Wiki
- Make sure you have a copy of your GPG public key on that USB thumb drive as well to be able to inject it back after manually flashing to maximized board.
- Follow manual flashrom instruction to upgrade once from Recovery Shell from legacy to maximized firmware following Upgrading Heads - Heads - Wiki
- Install Qubes 4.1: Step 4 - Installing Qubes and other OSes - Heads - Wiki
- Depending of if you inject back your public key or apply Re-Ownership, follow appropriate steps Step 3 - Configuring-Keys - Heads - Wiki
Be cautious, specially with step 3 above, making sure your full 12mb rom image has good checksums. You then have to manually flash once from the revocery whell, to migrate from legacy boars to maximized boards, with mount-usb
and flashrom -p internal -w /media/heads-x230-hotp-maximized-version-commit_id.rom
as documented. DO NOT USE MENUS TO MIGRATE FROM LEGACY BOARDS TO MAXIMIZED BOARDS. Internal upgrades can then be flashed internally through the menus, if you already are using a maximized board.
Notes
- sys-net, sys-usb and sys-firewall are recommended to be disposables at Qubes install
-
Ethernet mac randomization is not in by default, as opposed to wifi MAC randomization (funded work was supposed to include both).
- It is suggested to create
/usr/lib/NetworkManager/conf.d/32-randomize-eth-mac.conf
under sys-net’s Template (not dvm, eg: Fedora-36) with the following content:
- It is suggested to create
[connection]
ethernet.cloned-mac-address=stable
- You will have to change sys-net and sys-usb default assigned memory settings to 450-500 Mb minimally to not lose webcam/network randomly (Will not be fixed upstream)
- related to Reduce memory usage of Fedora qubes · Issue #7028 · QubesOS/qubes-issues · GitHub
- general problem lot of platforms Librem 14 Camera Sporadically Disconnecting from VMs - #4 by Insurgo
- network loss being side effect Large/Consistent Volume of Intranet Traffic Causes Networking to Fail - #5 by Insurgo
- You will have to choose if you want to deploy qvm-screenshot-tool from Qubes contrib repositories, which is still subject to debate years later: [Contribution] qvm-screenshot-tool · Issue #953 · QubesOS/qubes-issues · GitHub
- sdcard reader PCI device SHOULD be assigned to sys-usb, otherwise assigned to dom0 by default (shutdown sys-usb, assign PCI device in devices tab of Qube configuration)
- You should remove Template exposed shortcuts leading to errors, like firefox and others that should never be executed in Templates