Just ran through this upgrade last night. Some early thoughts and advisories for those nervous about it like I was.
I printed out the instructions. Easier to markup and line through things I didnât need or didnât apply. Unfortunately, I went to the osresearch wiki and went top to bottom. Completely neglected to notice, at the very absolute end of Step 1 - Downloading Heads is a completely separate line for upgrading. So I ended up wiping all the GPG keys and all that. Complete scorched earth. No survivors. Oh well.
**SUGGESTION for @Insurgo - Note that there is a separate path for upgrading HEADS under the section in Step 1 " Migrating from on board configuration to another". Just in case they do like I did and presume to go with âStep 1â. **
Point to this upgrade section and note that for users whose machines are compatible for internal flash to new maximized version can follow instructions under âFlashing new firmware under Headsâ there for this portion of the upgrade process.
Iâd also note this subsection big and bold in a second sentence in the first paragraph of the âUpgrading Headsâ introductory section.
Outside of this, I had no issues walking through this from a procedural standpoint. I do have a bit of IT experience, working the field and having worked on other hardware and done some guided reflashing of a similar vein.
My second request regarding the wiki would be to note in clear text commands being run in Step 1.
Specifically, I was a bit nervous about the new flash command -
(flashrom -p internal -w /media/new_heads_rom_version_here.rom)
- as the image in the installation instructions in âStep 1â section were just blurry/indistinct enough that I wasnât sure if I was looking at a âwâ or some other character.
All-in-all, the experience was not bad, even with my screw ups, as one might make it out to be in advance.
To my fellow users - BACK UP YOUR VMs.
I personally recommend this in three sections.
-
AppVms in one backup
-
templates in another
-
sys/dvm in a third
Time to verify the headers and open these can be long if you have everything crammed in one. If you have standalone VMs (like Windows which I rarely ever used), then back it up with one of the three above according to your usage.
Previously, I did this only because I backed up the actual AppVMs I worked in frequently, with templates and sys/dvm VMs rarely getting backed up since their configurations didnât change.
Less space consumption per backup on my external device that way, less time spent doing backups, and easier in the event of an upgrade, as I found out today.
It has been easier than it might have been to be able to access the qubes I need as I am rebuilding my environment today. Since I have them broken up, I can unpack the couple I need from a relatively short list quickly instead of sorting through a 25+ qube list in the backup tool for the three I want, unpacking,
having it close out, then decrypting it all again for the next 3 or 5 I want to do, and sorting through that long list again.
MAKE SURE YOU HAVE THAT BACKUP ENCRYPTION PASSWORD NOTED DOWN!
Seriously, its easy to be lazy and always use the same encryption password stored in dom0 and forget whether or not you have it down somewhere. In my case, I noted it down during my first backups, then promptly forgot about it during this whole process until this morning where upon you can imagine I was a bit anxious.
Thankfully, I confirmed that previous-meâs paranoia about losing data/access to data had seen to noting that passphrase down on day one with the first round of backups I ever did more than a year ago.
The upgrade process is not bad. If you are a Privacybeaast owner, this is a relatively painless process. Donât make it out to be more than it is. And Iâve always found the Insurgo team to be responsive to questions and willing to explain. Print out the (correct) instructions, annotate, ask some questions, make your last backups, and make it happen.
This also has the side benefit of refreshing your user experience. I might wipe Qubes and reinstall every year or at least every new version release. It wasnât that bad and having walked through it once, doing this again in the future is not so daunting.
Thank you for your work @Insurgo in making the machine and the process accessible.
Iâm looking forward to a new Privacybeast based on some newer hardware so I can have a bit bigger screen and little higher resolution.