-
-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
qubes-windows-tools: Support for Windows 10/11 #1861
Comments
Indeed there is no open issue for that, but this is exactly what @omeg is doing right now. The most challenging is totally different graphics drivers framework (or more precise: removal of the old, simpler one). |
Any updates on the current progress of the Windows 10 support? It would be very nice to be able to run Windows 10 VM in a resolution higher than default 1024x1024. |
Not sure about details, but drivers for running Windows 10 in @omeg can provide more details. Best Regards, |
Since it has been 18 days since the last update: @omeg, do you have an indication when Win 8+ support will be ready? And just out of curiosity: what does in mean that seamless mode will probably never happen in Win 10? And does this also apply to Win 8(.1)? |
Without any intention to add pressure to an awesome project I can get for free (Thank you!), and just with the intention so I can prepare myself to the vague date: |
@brunoais: No one is currently working on this (hence the |
@andrewdavidwong Oh! I didn't know those tags were because there's no one working on it. In that case, any ETA question makes no sense. |
In this case, yes.
I'm not sure what you mean. |
As there is no one working on this, it doesn't make sense to have an ETA in a project such as this. Thought that, you still tried to get me an answer. I appreciate it. |
Yes. :) |
(As noted before, I've no intention to add pressure and thanks for the great work!) I argue that supporting newer windows is important for two reasons that have not been mentioned before:
|
If at any point a tester who tends to work >4 hours per day in a windows VM and is willing to "get dangerous" is needed for this, hit me up :) |
Let's get dangerous @tonsimple :-) |
@tonsimple how can I help? |
@Yethal haha, I meant that I'm ready to test win10 tools as soon as they are ready )) I use windows in qubes a huge lot (as evidenced with really obscure windows-on-qubes bugs I've managed to run into and submit) so I decided it may be neat to notify the developers that I am ready to be the guinea pig for the Win10 tools when the time is right |
Oh well, that's a shame. Anyway, if anybody needs a second pair of hands to help I'm here. I have a spare physical machine I can reinstall Qubes on over and over if needed. |
[Off-topic] For those desperate to use Windows 10 on Qubes, there is a (less secure?) alternative to |
@3n7r0p1 Do you have any pointers to pages on that? Most of what I turn up that deals with windows in Qubes is an after thought, old, or both. Don't get me wrong, Qubes still absolutely rules and I hope someday it'll show windows how to actually do windows right. |
@krzivn Sorry to keep you in suspense. Discussion here: https://groups.google.com/forum/#!topic/qubes-users/dB_OU87dJWA |
For resizing support, the qemu drivers support this for qemu guests |
Is this because the new Xen PV drivers cannot be cross-built? |
Yes. Previously they were not built either because we used binaries provided by upstream (and they no longer provide that). It's probably possible to make them build with Linux toolset, but that seemed like a significant effort when I tried. |
Yes, that's the "custom WDDM video driver" option. It was infeasible a few years ago when I first looked into this, but now there are some available examples like the virtio drivers that can be adapted. I'll look into that after the basic functionality works well enough. |
Do you expect this to be a performance problem in practice? This is a great candidate for SIMD acceleration. |
I am curious if one could (both legally and technically) run MSVC on Wine. |
At least the start menu should be negligible, since it occupies a fixed space on the screen. The values for that can be hardcoded (boundaries of the visible window), no detection required. |
I was not aware of that, which probably shows how long it has been since I used Windows. |
In Windows 10, position and size of the start menu may be chaned, and in Windows 11, at least the position may be changed. For both systems, there are alternative start menus, like ClassicShell, available, which may behave differently. |
If possible, compatibility with Windows 7 should be checked/achieved, for at least two reasons:
Usage of Windows 7 under Qubes poses no additional security risk, as the system can be shielded against attacks from the net. So the lack of further support from Microsoft may not have significant effects on this system, and its use is still a good option if one is forced to use Windows. |
Hopefully, if the work described here proceeds successfully, QWT will be available before Qubes R4.1 EOL. 😄 |
In these cases I would expect the use of Windows 10/11 Enterprise or Education, which allows telemetry to be completely turned off. Otherwise, there are no officially supported solutions other than blocking Microsoft telemetry servers at the DNS or proxy level.
The only time I can think of where Windows 7 is safe is when the system is permanently offline and never receives untrusted input. A permanently offline system will never be able to transmit telemetry data, though. |
Windows 7 compatibility would still be useful, especially as it comes to playing older windows games in net-isolated VMs. But I'd also be an advocate for seamless mode and file transfer in XP for the same reason, so I'm not certain I'm the ideal audience to chip in on backwards compatibility (as most of my games are Visual Novels, and I'd REALLY like them to run well and seamlessly on qubes) |
Even if Windows telemetry itself is turned off, e.g. when using an education or an LTSC license, the use of this system is forbidden in the context of Microsoft 365 containing Office and other components like the Smart Screen checker. Turning access to Microsft servers off, as is sometimes suggested, does not work either: The telemetry functions access dozens of IP addresses that are permanently changing. So the only possibility to use the system in a legal way would be to block Internet access completely and allow access only to selected addresses via a whitelist, as can be done in Qubes. This, however, is no practical solution, because in smaller institutions there is no personnel available/able to maintain these lists. For Windows, there are scenarios where the system is isolated from the Internet but allows local networks. This is allowed and, even for Windows 7, moderately secure. Working with the different Windows versions, I would not regard Windows 10 Internet access as any more secure than that of Windows 7 - both are crap, no matter what Microsoft tells. If you are using Windows 10, currently your system may be open to the Russian Midnight Blizzard hackers who stole important access tokens months ago - and Microsoft is not able to get them out. So, in my opinion, it is extremely important to have good Windows support in Qubes. I see no other way to use Windows securely. Even if, as QSB-091 states, QWT is of doubtful security, this is still much better than using Windows natively, on bare metal. |
This comment was marked as off-topic.
This comment was marked as off-topic.
I have windows 7 with multi-monitor config and in older Qubes I used the "debug mode + qubes gui driver", with seamless GUI disables" to get two separate windows that act (mostly successfully) as two monitors and can be placed around my multi-monitor setup as I see fit I would be very grateful if @omeg were to implement something to allow this kind of usecase. Us multi-monitor users deserve happiness too 😸 |
Hey, is there any intention to start packaging these again? It looks like work is pretty much complete. |
Yes, it should be available for user testing soon. |
Looking forward to that. |
Sorry for bugging, but when you are expecting release? |
The information about progress of this issue is required. A lot of users are waiting for any information. R4.2 should have not been released until this major problem is solved, because Windows virtualization with QWT has been a base feature of Qubes OS for something like 10 years or so. |
Progress update: I'm currently finishing Qubes Builder integration which is required for official builds. I expect this to be done in around a week and probably a week more for review/testing. Current QWT branch can be built manually and is usable, the instructions are in the main repo in the OP. |
@omeg I've built the latest QWT for a test and I had a lot of graphical artifacts with it: win10-qwt-new.mp4It was the same for both full desktop and seamless modes. Also I couldn't install QWT with qube's net qube set to |
@omeg For a user, would you recommend waiting for a stable release of QWT, building it from source or using the older, pre-dummy-package version? I'm planning to set up a Win10 template for myself and I don't know which path I should take. |
I would recommend waiting for a stable release. While I've been using the new branch and builder-v2 integration is almost done, I've recently ran into instability issues with the Xen PV drivers. I'm still debugging them (random freezes, on driver sources that were working fine before). |
Progress report from Qubes developer @omeg
Alright, since I (@omeg) have been working on this for a while now and finally it's in a state that will allow for user testing soon, here is the current status of Windows 10/11 support. More items might be added in case I forgot something.
All of the current code is here: https://github.com/omeg/qubes-installer-windows-tools/tree/omeg/win10
Don't use on production VMs, it's not ready yet. Make sure to set the
default-user
property for the qube manually as appropriate (#9020).TODO:
qvm-run
with passthrough i/oNice to have (will most likely be done after an initial release):
Known issues (will be added to github once the code is merged):
Original issue text from Qubes user @caschulz88
Hi,I was wasn't able to find any already opened issue about this topic so I'm creating one right now. In all documentation on qubes-windows-tools there is always only the information that newer Windows versions than Windows 7 are in development.
Can anyone please clarify what exactly this means? Do we have a roadmap or special features, which are missing at the moment? Because the MSI installer has a hard check for Windows 7 version in it I wasn't able to run the installer on Windows 8 and Windows 10 in comatibility mode (as the user cannot specify a specific Windows version in compatibility mode as he could do when running some executable file). I bet there are some reasons to include such a check there.
Would be great to have this list posted here. I'm also willing to help to get support for Windows 8 and 10 of course!
The text was updated successfully, but these errors were encountered: