Pleasure to listen, very inspiring, thank you!

Fountain

Lost Dot Podcast: The Transcontinental, Trans Pyrenees, and Accursed Race. • Women Who Race // Ep.4 Fiona Kolbinger • Listen on Fountain

A special series spotlighting the women in Lost Dot races. Join Taylor as she sits down with Fiona Kolbinger, who made history in 2019 with her ove...

# Trezor Suite on QubesOS R4.2 (successfully tested recently with TS5 on R4.2.3) ## Foreword It is not in scope of this text to go too deep into QubesOS rabbit hole... You should understand and double check what you type into your terminal, especially in dom0. Keep that in mind and stay vigilant when following any tutorial published online or downloading files from internet. Always verify source, URL, hashes or signatures) **USE AT OWN RISK!** ## Prerequisites: - QubesOS R4.2 installed - Familiarity with QubesOS and its terminology (e.g., AppVMs, templates, networking, etc.) ## What you will end up with: - Disposable `sys-usb` qube based on `debian-13-minimal` template - AppVM qube `TrezorSuite` using `whonix-workstation-17` template - Ability to use and control Trezor Hardware Wallet with companion app Trezor Suite ## Tips - to start root terminal for template based on minimal template you can use command in `dom0`: ``` qvm-run -u root tpl-d13m-usb xterm ``` - to copy file between AppVMs you can use command: ``` qvm-copy /path/to/file ``` pop-up in `dom0` will ask for destination ## Steps: 1. In `dom0`: ``` sudo qubes-dom0-update qvm-template install debian-13-minimal ``` 2. Create two clones: ``` qvm-clone debian-13-minimal tpl-d13m-usb qvm-clone whonix-workstation-17 wws17-ts ``` 3. Prepare `tpl-d13m-usb` template for `sys-usb`: ``` qvm-run --pass-io -u root tpl-d13m-usb "apt update && apt install --no-install-recommends qubes-usb-proxy qubes-input-proxy-sender qubes-core-agent-nautilus zenity policykit-1 trezor libfuse2 socat -y" qvm-shutdown --wait tpl-d13m-usb ``` 4. Create disposable AppVM using the `tpl-d13m-usb` template and label it "red": ``` qvm-create --template tpl-d13m-usb --label red tpl-d13m-usb-dvm ``` 5. Set the `tpl-d13m-usb-dvm` qube as disposable template: ``` qvm-prefs tpl-d13m-usb-dvm template_for_dispvms true ``` 6. Add app menus to the `tpl-d13m-usb-dvm` qube: ``` qvm-features tpl-d13m-usb-dvm appmenus-dispvm 1 ``` 7. Disable networking for the `tpl-d13m-usb-dvm` qube: ``` qvm-prefs tpl-d13m-usb-dvm netvm none ``` 8. Create a new AppVM for TrezorSuite (TrezorSuite) using the `wws17-ts` template ``` qvm-create --property memory=400 --property maxmem=2048 --property template=wws17-ts -l purple TrezorSuite qvm-prefs TrezorSuite netvm ${netVM} # set netvm for your needs, some prefer `sys-vpn` others may `sys-firewall` qvm-features TrezorSuite menu-items "qubes-run-terminal.desktop " # adding terminal to GUI menu ``` 9. Start terminal in disposable AppVM with networking access and download following files: ``` cd ~/Dowloads mkdir usb && cd usb curl -O https://data.trezor.io/bridge/2.0.30/trezor-bridge_2.0.30_amd64.deb curl -O https://data.trezor.io/udev/51-trezor.rules mkdir ../ts && cd ../ts curl -O https://data.trezor.io/suite/releases/desktop/latest/Trezor-Suite-24.12.3-linux-x86_64.AppImage curl -O https://data.trezor.io/suite/releases/desktop/latest/Trezor-Suite-24.12.3-linux-x86_64.AppImage.asc curl -O https://trezor.io/security/satoshilabs-2021-signing-key.asc # import signing key gpg --import satoshilabs-2021-signing-key.asc # verify AppImage gpg --verify Trezor-Suite-24.12.3-linux-x86_64.AppImage.asc # you should see something similar: # user@disp1234:~/Downloads/ts$ gpg --verify Trezor-Suite-24.12.3-linux-x86_64.AppImage.asc # gpg: assuming signed data in 'Trezor-Suite-24.12.3-linux-x86_64.AppImage' # gpg: Signature made Wed 18 Dec 2024 05:40:31 PM CET # gpg: using RSA key EB483B26B078A4AA1B6F425EE21B6950A2ECB65C # gpg: Good signature from "SatoshiLabs 2021 Signing Key" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: EB48 3B26 B078 A4AA 1B6F 425E E21B 6950 A2EC B65C cd .. # ready to move downloads where we need them qvm-copy usb # in dom0 pop-up select `tpl-d13m-usb` qvm-copy ts # in dom0 pop-up select `TrezorSuite` ``` 10. In the `tpl-d13m-usb` qube: ``` sudo dpkg -i /home/user/QubesIncoming/disp1234/trezor-bridge_*_amd64.deb echo -e "systemctl enable trezord.service \nsystemctl start trezord.service" | sudo tee -a /rw/config/rc.local sudo mv /home/user/QubesIncoming/disp1234/51-trezor.rules /etc/udev/rules.d/51-trezor.rules sudo chmod +x /etc/udev/rules.d/51-trezor.rules sudo poweroff ``` 11. In the `tpl-d13m-usb-dvm`: ``` sudo mkdir -p /usr/local/etc/qubes-rpc echo "socat - TCP:localhost:21325" | sudo tee /usr/local/etc/qubes-rpc/trezord-service sudo chmod +x /usr/local/etc/qubes-rpc/trezord-service sudo poweroff ``` 12. In `dom0`, stop (existing and) running `sys-usb` and replace its template with newly created and customized `tpl-d13m-usb-dvm`: ``` qvm-shutdown --wait sys-usb qvm-prefs --get sys-usb template # display currently used template name, remember this in case of roll-back qvm-prefs --set sys-usb template tpl-d13m-usb-dvm && qvm-start sys-usb ``` 13. In `dom0`, add the necessary policy for the Trezor RPC service: ``` echo '@anyvm @anyvm allow,user=trezord,target=sys-usb' > /etc/qubes-rpc/policy/trezord-service ``` 14. In `dom0`, update and install the Trezor Python package in AppVM's template: ``` qvm-run --pass-io -u root wws17-ts "apt update && apt install --no-install-recommends pip -y" qvm-shutdown --wait wws17-ts ``` 15. Setting up `TrezorSuite` AppVM: ``` echo 'socat TCP-LISTEN:21325,fork EXEC:"qrexec-client-vm sys-usb trezord-service" &' | sudo tee -a /rw/config/rc.local pip install --user trezor ``` - On Qubes R4.2, you may experience an error with the above command. Try this workaround instead: ``` pip install --user trezor --break-system-packages ``` 16. Setup `Trezor-Suite-24.*.AppImage` file for use: ``` mv /home/user/QubesIncoming/disp1234/Trezor-Suite-*.AppImage ~/ chmod u+x ~/Trezor-Suite-*.AppImage sudo poweroff ``` Start `sys-usb`, start terminal in `TrezorSuite` and launch `./Trezor-Suite-*.AppImage` You should now be able to use Trezor Suite with your hardware wallet on QubesOS. There are some ways how to add AppImage to menu, but I am ok with terminal. In case you'd like to explore this possibility look here:

Qubes OS Forum

AppImage added to Application List but won't execute program

I downloaded an AppImage, made it executable with “chmod +x”, and I’ve been able to create a .desktop file. I’ve added the file into /usr/s...

Note: This guide has been inspired by multiple articles on the Qubes Forum. To name a few:

Qubes OS Forum

Ultimate Guide on Using Trezor on Qubes

Written by Ursidae: https://ursidaecyber.com This guide explains how to use Trezor cryptocurrency hardware wallets on Qubes OS. Unfortunately inst...

and https://forum.qubes-os-os.org/t/debian-10-minimal-configuration/2603 #QubesOS #TrezorSuite #HWW

whow!

# TrezorSuite how to for qubesOS R4.2 (it should work with same instruction on R4.1) It is not in scope of this text to go too deep into QubesOS rabbit hole... You should always understand and double check what you type in your terminal, especially in Dom0 Keep in mind and stay vigilant when following any tutorial published online or downloading files from internet, always verify source URL, hashes or signatures) Use at your own risk! This setup is using QubesOS R4.2: disposable sys-usb which is based on debian-12-minimal template. Qube TS (AppVM) is using whonix-workstation-17 as template (it's good practice to work with clones, in this case it is ww17-TS). You may find usefull utilities like qvm-copy or qvm-move when getting files to qubes which does not have networking enabled. In order to make use of your Trezor HW Wallet follow instruction below: in dom0: 1. sudo qubes-dom0-update 2. qvm-template install debian-12-minimal 3a. qvm-clone debian-12-minimal d12m-usb 3b. qvm-clone whonix-workstation-17 ww17-TS 4. qvm-run --pass-io -u root d12m-usb "apt update && apt install --no-install-recommends qubes-usb-proxy qubes-input-proxy-sender qubes-core-agent-nautilus zenity policykit-1 libblockdev-crypto2 ntfs-3g socat -y" 5. qvm-shutdown --wait d12m-usb 6. qvm-create --template d12m-usb --label red d12m-usb-dvm 7. qvm-prefs d12m-usb-dvm template_for_dispvms true 8. qvm-features d12m-usb-dvm appmenus-dispvm 1 9. qvm-prefs d12m-usb-dvm netvm none 10. echo "$anyvm $anyvm allow,user=trezord,target=sys-usb" > /etc/qubes-rpc/policy/trezord-service 11. do not forget to shut down your existing sys-usb and replace its template in settings with d12m-usb-dvm in QubesManager: 1. create new AppVM using template: ww17-TS in d12m-usb: 1. install trezor-bridge (sudo dpkg -i trezor-bridge_2.0.27_amd64.deb) you may need to transfer it from other qube with network enabled 2. echo -e "systemctl enable trezord.service \nsystemctl start trezord.service" | sudo tee -a /rw/config/rc.local 3. sudo vi /etc/udev/rules.d/51-trezor.rules (you can get udev rules from official source: https://data.trezor.io/udev/51-trezor.rules ) 4. sudo chmod +x /etc/udev/rules.d/51-trezor.rules 5. sudo poweroff in d12m-usb-dvm: 1. sudo mkdir -p /usr/local/etc/qubes-rpc 2. echo "socat - TCP:localhost:21325" | sudo tee /usr/local/etc/qubes-rpc/trezord-service 3. sudo chmod +x /usr/local/etc/qubes-rpc/trezord-service 4. sudo poweroff in ww17-TS: 1. sudo apt install pip 2. sudo poweroff in TS: 1. echo 'socat TCP-LISTEN:21325,fork EXEC:"qrexec-client-vm sys-usb trezord-service" &' | sudo tee -a /rw/config/rc.local 2. pip install --user trezor 2a. on qR4.2 you may experience error with above cmd. you can try this workaround: pip install --user trezor --break-system-packages 3. download or copy from other qube Trezor-Suite-24.*.AppImage, verify and give it executable bit ( chmod u+x /path/to/Trezor-Suite-*.AppImage ) 4. poweroff Make sure all templates are shut down, restart sys-usb and TS AppVM and you can start your hardware wallet with Trezor-Suite on QubesOS. Now you should be ready and profit! ;) # This guide has been inspired by multiple articles on Qubes Forum. To name few: Ursidae's post that I found here:

Qubes OS Forum

Ultimate Guide on Using Trezor on Qubes

Written by Ursidae: https://ursidaecyber.com This guide explains how to use Trezor cryptocurrency hardware wallets on Qubes OS. Unfortunately inst...

and

Qubes OS Forum

Debian-10-minimal Configuration

I’m interested in converting as many of my Debian AppVMs as possible to debian-10-minimal-template to reduce their attack surface, and then docum...

Two Germans walk into a London bar: - Two glasses of white wine please. - Dry? - Nein - Nine?

TIL vignette price change https://image.nostr.build/f47c2736080a425a14f2aa1fbe95f82b8f684d5d3f45c3dfb2b1081389568d0a.jpg#m=image%2Fjpeg&dim=1170x1315&alt=%F0%9F%98%89&blurhash=%7B7RC%7DJxt%7EE%25MRj%253oMof00%252s%3Baee.WAR%25j%5B00-qD%24oeM_R%25Rjay00jEs.jGoejbofWB00s%3AjYe.oMofj%5Bj%5D00V%40ocRP%253WBs%3Bog00spRiRixuWAofj%5BDknjWARjR%25WBs%3BWB4nRixboMaxoMj%5Bay&x=8bb6673420733ecc7dae9e1571d9bdda4034c0a1ba28921a9a7f3f5fa7a3c6ce

How to make miners happy tutorial 🙃

This is very cool blog: Bitcoin mining on an Apollo Guidance Computer: 10.3 seconds per hash

Ken Shirriff's blog

Computer history, restoring vintage computers, IC reverse engineering, and whatever

Thank you for enriching lesson sir! View quoted note →

I am collecting tips for home server with following requirements: - not very hungry (energy-wise) - not noizy (flat friendly) - at least 16GB RAM w/ possibility for future upgrades - disabled IME (coreboot, ...) - more SATA, the better - nice to have: few NVMe slots for cache

- do you know what is CDO? -? - it's OCD, but in alphabetical order. As it should be!!!