Pleasure to listen, very inspiring, thank you!
# Trezor Suite on QubesOS R4.2
(successfully tested recently with TS5 on R4.2.3)
## Foreword
It is not in scope of this text to go too deep into QubesOS rabbit hole...
You should understand and double check what you type into your terminal, especially in dom0.
Keep that in mind and stay vigilant when following any tutorial published online or downloading files from internet.
Always verify source, URL, hashes or signatures)
**USE AT OWN RISK!**
## Prerequisites:
- QubesOS R4.2 installed
- Familiarity with QubesOS and its terminology (e.g., AppVMs, templates, networking, etc.)
## What you will end up with:
- Disposable `sys-usb` qube based on `debian-13-minimal` template
- AppVM qube `TrezorSuite` using `whonix-workstation-17` template
- Ability to use and control Trezor Hardware Wallet with companion app Trezor Suite
## Tips
- to start root terminal for template based on minimal template you can use command in `dom0`:
```
qvm-run -u root tpl-d13m-usb xterm
```
- to copy file between AppVMs you can use command:
```
qvm-copy /path/to/file
```
pop-up in `dom0` will ask for destination
## Steps:
1. In `dom0`:
```
sudo qubes-dom0-update
qvm-template install debian-13-minimal
```
2. Create two clones:
```
qvm-clone debian-13-minimal tpl-d13m-usb
qvm-clone whonix-workstation-17 wws17-ts
```
3. Prepare `tpl-d13m-usb` template for `sys-usb`:
```
qvm-run --pass-io -u root tpl-d13m-usb "apt update && apt install --no-install-recommends qubes-usb-proxy qubes-input-proxy-sender qubes-core-agent-nautilus zenity policykit-1 trezor libfuse2 socat -y"
qvm-shutdown --wait tpl-d13m-usb
```
4. Create disposable AppVM using the `tpl-d13m-usb` template and label it "red":
```
qvm-create --template tpl-d13m-usb --label red tpl-d13m-usb-dvm
```
5. Set the `tpl-d13m-usb-dvm` qube as disposable template:
```
qvm-prefs tpl-d13m-usb-dvm template_for_dispvms true
```
6. Add app menus to the `tpl-d13m-usb-dvm` qube:
```
qvm-features tpl-d13m-usb-dvm appmenus-dispvm 1
```
7. Disable networking for the `tpl-d13m-usb-dvm` qube:
```
qvm-prefs tpl-d13m-usb-dvm netvm none
```
8. Create a new AppVM for TrezorSuite (TrezorSuite) using the `wws17-ts` template
```
qvm-create --property memory=400 --property maxmem=2048 --property template=wws17-ts -l purple TrezorSuite
qvm-prefs TrezorSuite netvm ${netVM} # set netvm for your needs, some prefer `sys-vpn` others may `sys-firewall`
qvm-features TrezorSuite menu-items "qubes-run-terminal.desktop " # adding terminal to GUI menu
```
9. Start terminal in disposable AppVM with networking access and download following files:
```
cd ~/Dowloads
mkdir usb && cd usb
curl -O https://data.trezor.io/bridge/2.0.30/trezor-bridge_2.0.30_amd64.deb
curl -O https://data.trezor.io/udev/51-trezor.rules
mkdir ../ts && cd ../ts
curl -O https://data.trezor.io/suite/releases/desktop/latest/Trezor-Suite-24.12.3-linux-x86_64.AppImage
curl -O https://data.trezor.io/suite/releases/desktop/latest/Trezor-Suite-24.12.3-linux-x86_64.AppImage.asc
curl -O https://trezor.io/security/satoshilabs-2021-signing-key.asc
# import signing key
gpg --import satoshilabs-2021-signing-key.asc
# verify AppImage
gpg --verify Trezor-Suite-24.12.3-linux-x86_64.AppImage.asc
# you should see something similar:
# user@disp1234:~/Downloads/ts$ gpg --verify Trezor-Suite-24.12.3-linux-x86_64.AppImage.asc
# gpg: assuming signed data in 'Trezor-Suite-24.12.3-linux-x86_64.AppImage'
# gpg: Signature made Wed 18 Dec 2024 05:40:31 PM CET
# gpg: using RSA key EB483B26B078A4AA1B6F425EE21B6950A2ECB65C
# gpg: Good signature from "SatoshiLabs 2021 Signing Key" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: EB48 3B26 B078 A4AA 1B6F 425E E21B 6950 A2EC B65C
cd ..
# ready to move downloads where we need them
qvm-copy usb
# in dom0 pop-up select `tpl-d13m-usb`
qvm-copy ts
# in dom0 pop-up select `TrezorSuite`
```
10. In the `tpl-d13m-usb` qube:
```
sudo dpkg -i /home/user/QubesIncoming/disp1234/trezor-bridge_*_amd64.deb
echo -e "systemctl enable trezord.service \nsystemctl start trezord.service" | sudo tee -a /rw/config/rc.local
sudo mv /home/user/QubesIncoming/disp1234/51-trezor.rules /etc/udev/rules.d/51-trezor.rules
sudo chmod +x /etc/udev/rules.d/51-trezor.rules
sudo poweroff
```
11. In the `tpl-d13m-usb-dvm`:
```
sudo mkdir -p /usr/local/etc/qubes-rpc
echo "socat - TCP:localhost:21325" | sudo tee /usr/local/etc/qubes-rpc/trezord-service
sudo chmod +x /usr/local/etc/qubes-rpc/trezord-service
sudo poweroff
```
12. In `dom0`, stop (existing and) running `sys-usb` and replace its template with newly created and customized `tpl-d13m-usb-dvm`:
```
qvm-shutdown --wait sys-usb
qvm-prefs --get sys-usb template # display currently used template name, remember this in case of roll-back
qvm-prefs --set sys-usb template tpl-d13m-usb-dvm && qvm-start sys-usb
```
13. In `dom0`, add the necessary policy for the Trezor RPC service:
```
echo '@anyvm @anyvm allow,user=trezord,target=sys-usb' > /etc/qubes-rpc/policy/trezord-service
```
14. In `dom0`, update and install the Trezor Python package in AppVM's template:
```
qvm-run --pass-io -u root wws17-ts "apt update && apt install --no-install-recommends pip -y"
qvm-shutdown --wait wws17-ts
```
15. Setting up `TrezorSuite` AppVM:
```
echo 'socat TCP-LISTEN:21325,fork EXEC:"qrexec-client-vm sys-usb trezord-service" &' | sudo tee -a /rw/config/rc.local
pip install --user trezor
```
- On Qubes R4.2, you may experience an error with the above command. Try this workaround instead:
```
pip install --user trezor --break-system-packages
```
16. Setup `Trezor-Suite-24.*.AppImage` file for use:
```
mv /home/user/QubesIncoming/disp1234/Trezor-Suite-*.AppImage ~/
chmod u+x ~/Trezor-Suite-*.AppImage
sudo poweroff
```
Start `sys-usb`, start terminal in `TrezorSuite` and launch `./Trezor-Suite-*.AppImage`
You should now be able to use Trezor Suite with your hardware wallet on QubesOS.
There are some ways how to add AppImage to menu, but I am ok with terminal. In case you'd like to explore this possibility look here:
https://forum.qubes-os.org/t/appimage-added-to-application-list-but-wont-execute-program/16687
Note: This guide has been inspired by multiple articles on the Qubes Forum.
To name a few: https://forum.qubes-os.org/t/ultimate-guide-on-using-trezor-on-qubes/18310 and https://forum.qubes-os-os.org/t/debian-10-minimal-configuration/2603
#QubesOS #TrezorSuite #HWW
what is the better version?
I'd like to know as I'm using the same model as JB55
Yes please, I'm curious. Already requested via DM 🙂
Right
In that case it's probably not possible in 2
Black can always move pawn on a7
nestrannemu pozorovatelovi sa to moze javit ako dost arogantny prisup, lebo ved kto je viac v plechovke s airbagmi ako jednostopi bezmotorovi ucastnici premavky...
Jak to mám vedieť prečo máš komplexy z cyklistov...
To je cvičenie personálneho charakteru
nejake neadresovane komplexy?
_____
/ \
| O O |
| \ / |
| \/ |
| /\__/ |
|_\/_/\_|
____ ____
| || |
| ___||___ |
| / | \ |
|/____|_____\
Exactly! I do not understand why would any conscious person recommend the use of malware SW like Telegram
How will you improve your protection against getting infected when you trained hard for a months and now need to stay fit so you and your team need to deliver results?
Anyone leaving running train will be missed and can impact overall performance.
What will you suggest as alternative?
OpenAI umí udělat působivá oznámení nových verzí. Teď trocha reality z povídacího režimu.
- ChatGPT-4o je v lepší než předchozí verze
- odpovědi jsou často pořád dost povrchní, je to boj ji přinutit do kvalitnějších odpovědí
- ani s poslední verzí aplikace nefunguje deklarované přerušení hlasem (zkoušeno v ČJ i EN)
- víc si s GPT povídáte, vyplácáte víc tokenů a narazíte na oznámení "You have reached message cap limit. Try later."
- občas přepne v odpovědích do jiného jazyka
Když aplikaci ChatGPT necháte poslouchat ticho, třeba proto, že přemýšlíte jak naformulovat další otázku, aby odpověď dávala smysl, může se stát, že si usmyslí, že jste ji právě řekli "Titulky vytvořil JohnyX", přestože jste nic neřekli.
V ChatGPT historii je to pak vidět jak je na screenshotu.
O vysvětlení se pokusil Jakub Danielka. https://www.linkedin.com/posts/hronmichal-finmag_ai-activity-7165710771190972419-Q2s0/
Dnes som počúval toto, možno zaujme:
https://pod.link/1689606069/episode/574d3f6f25211879a992a1bdf41c20a9
What I usually do is ask 'impersonator' to zap me certain amount to prove they are who they claim to be.
I never hear back from them again, but I guess they keep fishing in shallow waters...
