Just ran through this upgrade last night. Some early thoughts and advisories for those nervous about it like I was.
I printed out the instructions. Easier to markup and line through things I didn’t need or didn’t apply. Unfortunately, I went to the osresearch wiki and went top to bottom. Completely neglected to notice, at the very absolute end of Step 1 - Downloading Heads is a completely separate line for upgrading. So I ended up wiping all the GPG keys and all that. Complete scorched earth. No survivors. Oh well.
**SUGGESTION for @Insurgo - Note that there is a separate path for upgrading HEADS under the section in Step 1 " Migrating from on board configuration to another". Just in case they do like I did and presume to go with ‘Step 1’. **
Point to this upgrade section and note that for users whose machines are compatible for internal flash to new maximized version can follow instructions under “Flashing new firmware under Heads” there for this portion of the upgrade process.
I’d also note this subsection big and bold in a second sentence in the first paragraph of the “Upgrading Heads” introductory section.
Outside of this, I had no issues walking through this from a procedural standpoint. I do have a bit of IT experience, working the field and having worked on other hardware and done some guided reflashing of a similar vein.
My second request regarding the wiki would be to note in clear text commands being run in Step 1.
Specifically, I was a bit nervous about the new flash command -
(flashrom -p internal -w /media/new_heads_rom_version_here.rom)
- as the image in the installation instructions in ‘Step 1’ section were just blurry/indistinct enough that I wasn’t sure if I was looking at a ‘w’ or some other character.
All-in-all, the experience was not bad, even with my screw ups, as one might make it out to be in advance.
To my fellow users - BACK UP YOUR VMs.
I personally recommend this in three sections.
AppVms in one backup
templates in another
sys/dvm in a third
Time to verify the headers and open these can be long if you have everything crammed in one. If you have standalone VMs (like Windows which I rarely ever used), then back it up with one of the three above according to your usage.
Previously, I did this only because I backed up the actual AppVMs I worked in frequently, with templates and sys/dvm VMs rarely getting backed up since their configurations didn’t change.
Less space consumption per backup on my external device that way, less time spent doing backups, and easier in the event of an upgrade, as I found out today.
It has been easier than it might have been to be able to access the qubes I need as I am rebuilding my environment today. Since I have them broken up, I can unpack the couple I need from a relatively short list quickly instead of sorting through a 25+ qube list in the backup tool for the three I want, unpacking,
having it close out, then decrypting it all again for the next 3 or 5 I want to do, and sorting through that long list again.
MAKE SURE YOU HAVE THAT BACKUP ENCRYPTION PASSWORD NOTED DOWN!
Seriously, its easy to be lazy and always use the same encryption password stored in dom0 and forget whether or not you have it down somewhere. In my case, I noted it down during my first backups, then promptly forgot about it during this whole process until this morning where upon you can imagine I was a bit anxious.
Thankfully, I confirmed that previous-me’s paranoia about losing data/access to data had seen to noting that passphrase down on day one with the first round of backups I ever did more than a year ago.
The upgrade process is not bad. If you are a Privacybeaast owner, this is a relatively painless process. Don’t make it out to be more than it is. And I’ve always found the Insurgo team to be responsive to questions and willing to explain. Print out the (correct) instructions, annotate, ask some questions, make your last backups, and make it happen.
This also has the side benefit of refreshing your user experience. I might wipe Qubes and reinstall every year or at least every new version release. It wasn’t that bad and having walked through it once, doing this again in the future is not so daunting.
Thank you for your work @Insurgo in making the machine and the process accessible.
I’m looking forward to a new Privacybeast based on some newer hardware so I can have a bit bigger screen and little higher resolution.