'[qubes-devel] Running (or not) Xen during installation'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    [qubes-devel] Running (or not) Xen during installation
From:       Marek =?utf-8?Q?Marczykowski-G=C3=B3recki?= <marmarek () invisiblethingslab ! com>
Date:       2016-11-03 20:13:26
Message-ID: 20161103201326.GJ22572 () mail-itl
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

Currently Qubes OS installer is starting full Xen + Linux dom0 to
perform installation. On one hand it is good, because it is obvious at
this early stage if hardware is not compatible (especially display
driver and its cooperation with Xen). But on another hand, it is IMHO
much easier to fix such problems having the system already installed.
When even installer does not start, in most cases the only alternative
is trying other installer (in extreme case - building custom
installation image). Also, starting Xen for installation require some
effort when preparing the installer (see below).

Initially running Xen was needed because all qubes tools crashed when
running without it - for example most of the tools do check running VM
list and of course there is no such thing when running without Xen.
But since Qubes OS 3.0, it is no longer the case - we have introduced so
called "offline mode" to perform those few tasks (create initial
qubes.xml, register installed template(s) etc) without need to launch
libvirt daemon in chroot environment there. All the tasks really
requiring Xen running are performed during first boot.

Long story short - technically Xen is no longer needed during
installation of Qubes OS. Or at least is very close to such state.

So, now the question - do we want to keep launching Xen for
installation, or launch just plain Linux?

Benefits of keeping Xen:
 - earlier (negative) confirmation of hardware compatibility
 - possibility of (re-)introducing later something that require Xen running
   during installation
 - rescue mode have Xen running (but not libvirt), which may ease some
   tasks
 - no need to change anything related to ISO build, at least not right
   now

Benefits of dropping Xen:
 - no longer limited to 32MB of initrd for UEFI boot[1]
 - easier starting installation in non standard environment (network
   boot, non standard installation media)
 - ability to use almost any tool to write USB installation image (most
   of them, like unetbootin, generously setup a bootloader to launch
   _linux_ image found in the ISO image)
 - better changes to install on not perfectly compatible hardware and
   easier way to adjust the system afterwards (like - get at least
   command line access and upgrade the kernel)
 - less work when upgrading to new installer version (as part of
   upgrading dom0 distribution)

[1]
https://github.com/QubesOS/qubes-issues/issues/794#issuecomment-135988806

PS I'm writing this exactly because of the ticket linked above - I hit
this problem again when building some Qubes OS 4.0 test images...

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJYG5ppAAoJENuP0xzK19cs7BsH/R8tfHYryBeopo4BF/zOFTIu
btxtDSWNA17YQ3RuIUrdKCMZPZft0+7mgSw+MgLctY3yz/lhuOp3NgTR8r00MTBU
fvjfS/KRaBZj4agPoxYe1+BRAOeBduLQi5G8NLhMl1H8w3Omjjy8kqyhxmc0uNR/
yEGvSCNJJyGgpKCjZOkXggP5HUWBXVDNfOkxBh6maTFPOuPCNiWVdd+iDrXZuvKX
g4r1GbZNfVeEZIsieyjNQBNiZLTpqab53Kk+nMUG88yRcD8RpQ50sY4grjnXJlW9
TLpx9GIUeQBPUAo5pJl/28VZvfHtliqXI4+cF1kL9uZH587eac3hPKeRbz8pDlk=
=ESsV
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/20161103201326.GJ22572%40mail-itl. For \
more options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic