Windows documentation / reorganization, fixes and new content #600

ghost · 2018-02-23T19:41:52Z

A lot of modifications and additions here - likely not a good idea for a 1st PR attempt but I didn't find how to split the PR into several ones (git noob here).

[new page] / windows/windows-vm.md. Those are instructions for installing a Windows VM from scratch for both R3.2 and R4.0
[renamed + modified page] / windows/windows-appvms.md to windows/windows-tools.md : the deleted page was 100% about QWT so the filename was misleading.
[modified] / hvm.md: removed references to Windows, reorganized the sections and deleted duplicated content about qvm-start --cdrom stuff
[modified] / windows.md : that's the "main" landing page so I thought adding a bit more details would be helpful. Also added/fixed the links
[modified] / windows/windows-tools-{2,3}.md: remove statement about QWT being developped for Win8.

I'm not sure I got the header part right on the pages. I also didn't find a way to test the http links on github, hopefully they're OK.

No problem to cherry-pick some of my commits and reject the PR of course...

* new links * short explanation about install, QWT, ...

- remove duplicated content about ISOs in dom0, appVMs, ... - remove references to windows VMs - add link to windows VM new page

adubois · 2018-02-28T14:55:48Z

I have read all files. Looking good... Few personal comments:
In windows-tools.md@60, I believe the correct use is bcdedit.exe -set testsigning on
In windows-vm.md win7new should be replaced by win7
In windows-vm.md@18, are you sure linux-stubdom is applicable (I don't know)?
In windows-vm.md@60-67, 4096 should be preferred to 4000
In windows-vm.md@141-148, 2048 should be preferred to 2000

In windows-vm.md@175-214 should be moved to windows-tools and a simple link provided here
In windows-vm.md@197, explicitly mention that QWT is unstable on R4.

In windows-vm.md@222-245, should be condensed (as the user is after the condensed version here with minimum to set), and provided at the top (it just works if people follow these instructions AFAIK)
i.e. for R4:
qvm-create win7 --class StandaloneVM --property virt_mode=hvm --property kernel="" --property memory=4096 --property maxmem=4096 --label blue --property debug=True
qvm-volume extend win7:root 25g
qvm-features win7 video-model cirrus
qvm-start --cdrom:--cdrom=untrusted:/home/user/windows_install.iso win7
Install windows and windows updates
qvm-features --unset win7 video-model

A lot of comments, but there was a lot of work to restructure a part of the doc that was very confusing. +1 from me.

awokd · 2018-02-28T22:02:10Z

provided at the top

@taradiddles had it at the top originally but it made the doc look a bit cluttered, so we moved them to the end with a link. Maybe the condensed version of them wouldn't look so "busy".

ghost · 2018-03-01T05:51:15Z

@adubois

In windows-tools.md@60, I believe the correct use is bcdedit.exe -set testsigning on

I'm quite sure it's /set but maybe -set works too.

In windows-vm.md win7new should be replaced by win7

I already had a 'win7' VM imported from 3.2 and thought that people may too. So if they are to copy/paste instructions, 'win7new' made more sense than 'win7' and having to search/replace the vm's name. Renaming the VM is then a simple matter through the gui or two commands in dom0.
(just explaining why I chose that - I'm of course OK to change the VM name to whatever suits the majority of reviewers).

In windows-vm.md@18, are you sure linux-stubdom is applicable (I don't know)?

Yes, that's from the post by Marek linked a few lines below.

In windows-vm.md@60-67, 4096 should be preferred to 4000
In windows-vm.md@141-148, 2048 should be preferred to 2000

Shouldn't make a difference but OK to change them.

In windows-vm.md@175-214 should be moved to windows-tools and a simple link provided here

I don't agree: you can install PV drivers without installing QWT (eg. for win10 VMs) and the qrexec timeout instruction is needed without QWT for stuff like chkdsk.
That said after rereading that section I understand the reason behind your remark so I'll probably reword it to make it less focused on QWT.

In windows-vm.md@197, explicitly mention that QWT is unstable on R4.

I thought that too but I wanted to avoid duplicates (like 'QWT is unstable' in the QWT page, and 'QWT is unstable' in the windows page).

In windows-vm.md@222-245, should be condensed (as the user is after the condensed version here with minimum to set), and provided at the top (it just works if people follow these instructions AFAIK)

See https://github.com/taradiddles/qubes-notes/wiki/test-page

One version has a horizontal scrollbar (personally I don't like those), the other version is line escaped and IMO looks as much cluttered as the original version, while being more error-prone.
(but again I don't have anything against changing stuff - let's see what others will say).

A lot of comments, but there was a lot of work to restructure a part of the doc that was very confusing. +1 from me.

Thank you :)

adubois · 2018-03-01T06:45:51Z

@taradiddles, I am not able to reply in line like you do. Probably a github noob issue or maybe because I am not PR owner... anyway
/set is perfect, error from my side (I had a typo (TestSiging), which made me change to -set (which works too), then fix my typo. Did not pay attention that the /set was in fact OK)
Understood for win7new, maybe you could use win7old for the import but win7new is perfectly fine.

In regards to the PV, at this point in time, I feel that it depends if the system is stable with them. My experience has been to have a usable and stable win7 without (just the qvm-create+prefs+features, install win7, features-unset+qrexec-timeout). An option could be to put this is a post-install section (tweaks, PV, QWT ref)? same as you in general I don't mind and happy to follow what @awokd and others think. However having a clear line between what is stable and not, is I feel important.

On the condensed, you are right, it looks better.

ghost · 2018-03-01T07:07:22Z

I am not able to reply in line like you do

You have to copy/paste the text you're replying to and insert a leading > on each new line (or select the text you've pasted and click the 'insert a quote' gui icon).

In regards to the PV, at this point in time, I feel that it depends if the system is stable with them.

It is stable in my case but I don't use Windows often so it doesn't really prove anything. I agree that adding a warning about stability could be helpful.

An option could be to put this is a post-install section

That's what I first wanted to do but I couldn't find how to create sub-sub-sections with Qubes' markdown coding guidelines (ie. how to write the equivalent of ### subsubtitle with = or - title underlines). So I reverted to sub-sections ('win update', 'pv drivers + qwt' and 'tweaks'

ghost · 2018-03-01T07:42:39Z

fyi, reworked the 'Xen PV drivers + Qubes integration' section in the last commit

adubois · 2018-03-01T10:09:59Z

That's what I first wanted to do but I couldn't find how to create sub-sub-sections with Qubes' markdown coding guidelines (ie. how to write the equivalent of ### subsubtitle with = or - title underlines). So I reverted to sub-sections ('win update', 'pv drivers + qwt' and 'tweaks'

OK, makes sense. I would have put 'tweaks' and move 'pv drivers' + 'qwt' in the qwt page. But you have more experience than me with the PV install, so fine with me.

ghost · 2018-03-05T14:44:27Z

A note about memory balancing: we make sure it's disabled during install by setting memory = maxmen but there's no mention about it after install. The qmemman doc implies that memory balancing works with Windows but under 4.0rc4, with memory < maxmem and memwriter enabled in the services tab, the VM crashes when the used memory reaches the 'memory' VM's value - eg. it looks like memory isn't increased automatically. I don't see any meminfo-writer process in the list of running processes, I don't know whether it's because of yet another issue with QWT under 4.0 or if memory balancing was broken in 3.2 too.

Q: add a paragraph about memory balancing assuming it's working (ie. memory < maxmen + enable meminfo-writer) and file an issue ? Or add a note that memory balancing simply doesn't work, and that one has to set memory = maxmem ?

awokd · 2018-03-05T15:43:25Z

Or add a note that memory balancing simply doesn't work, and that one has to set memory = maxmem ?

Suggest this for now. Could also file an issue and link to it with the same note. Not seeing that process on Win7 on R3.2 either.

(2000/4000Mo -> 2048/4096Mo)

marmarek

Thanks for a massive update. See individual comments.

marmarek · 2018-03-19T00:37:32Z

managing-os/hvm.md


 Creating an HVM domain
 ----------------------

-First, let's create a new HVM domain. Use the `--hvm` switch to `qvm-create`, or choose HVM type in the Qubes Manager VM creation dialog box:
+With a GUI: in Qubes Manager VM creation dialog box choose the "HVM" type.


On R4 there is no "HVM" type in that dialog. Instead, one should choose "Standalone qube not based on a template". If "install system from device" is selected (which is by default), then virt_mode will be set to hvm automatically.

marmarek · 2018-03-19T00:46:00Z

managing-os/hvm.md


 A generic HVM domain such as a standard Windows or Ubuntu installation, however, has no Qubes agent scripts running inside it initially and thus requires manual networking configuration so that it match the values assigned by Qubes for this domain.

 Even though we do have a small DHCP server that runs inside HVM untrusted stub domain to make the manual network configuration not necessary for many VMs, this won't work for most modern Linux distributions which contain Xen networking PV drivers (but not Qubes tools) built in which bypass the stub-domain networking (their net frontends connect directly to the net backend in the netvm).  In this instance our DHCP server is not useful.

 In order to manually configure networking in a VM, one should first find out the IP/netmask/gateway assigned to the particular VM by Qubes. This can be seen e.g. in the Qubes Manager in the VM's properties:

-![r2b1-manager-networking-config.png](/attachment/wiki/HvmCreate/r2b1-manager-networking-config.png)
+[![r2b1-win7-installing.png](/attachment/wiki/HvmCreate/r2b1-win7-installing.png)](/attachment/wiki/HvmCreate/r2b1-win7-installing.png)


Looks like unintended image change.

unintended, + problem with mass renaming. fixed.

marmarek · 2018-03-19T00:46:42Z

managing-os/hvm.md


-**Note:** If one plans on installing Qubes Tools for Windows guests (see below) it is 'not' necessary to configure networking manually as described in this section, because the tools will take care of setting the networking automatically for such Windows domains.
+Only IPv4 networking is currently supported in Qubes.


This is no longer true: https://www.qubes-os.org/doc/networking/#ipv6

updated notes ; fwiw that line is from the existing doc, maybe I should have checked that the current instructions aren't true anymore with R4.0

marmarek · 2018-03-19T00:47:34Z

managing-os/hvm.md

@@ -295,11 +200,82 @@ HVM domains (including Windows VMs) can be [assigned PCI devices](/doc/assigning

 One problem at the moment however, is that after the whole system gets suspended into S3 sleep and subsequently resumed, some attached devices may stop working and should be restarted within the VM. This can be achieved under a Windows HVM by opening the Device Manager, selecting the actual device (such as a USB controller), 'Disabling' the device, and then 'Enabling' the device again. This is illustrated on the screenshot below:

-[![r2b1-win7-usb-disable.png](/attachment/wiki/HvmCreate/r2b1-win7-usb-disable.png)](/attachment/wiki/HvmCreate/r2b1-win7-usb-disable.png)
+[![r2b1-my-new-vm-usb-disable.png](/attachment/wiki/HvmCreate/r2b1-my-new-vm-usb-disable.png)](/attachment/wiki/HvmCreate/r2b1-my-new-vm-usb-disable.png)


Unless you want to rename files in qubes-attachment repository, keep original name here.

same here ; fixed (also removed the (/attachment/wiki/HvmCreate/r2b1-win7-usb-disable.png) duplication.)

marmarek · 2018-03-19T00:49:45Z

managing-os/hvm.md

+Copy file to Dom0:
+
+~~~
+qvm-run --pass-io untrusted 'cat "/media/user/externalhd/win10.raw"' > /var/lib/qubes/appvms/win10/root.img


This will work only for R3.2 - on R4.0 by default LVM is used. On the other hand, if you copy that image to some temporary place (/home/user ?), then use qvm-create ... --root-move-from=..., then it will work on both versions.

I see; they were not part of my instructions, I simply moved them to the end of the page without even looking at them. I fixed the instructions with your suggestion.

marmarek · 2018-03-19T00:54:12Z