First Time User (Preparation and using VM)

I have ordered a mini pc and waiting for it to arrive.
I will use QEMU to create a Win10 VM on the second disk.
I have almost no experience so I’d appreciate someone coming in and lending a hand.

1- Downloading Apps for Offline Use
The guide I will follow recommends these apps to create a VM:

qemu-kvm libvirt-bin bridge-utils virt-manager qemu virt-viewer spice-vdagent

How can I download them along with their dependencies on a windows machine to have them ready for offline use in linux?

2- Which Firewall with GUI?
I checked the default app list on PureOS and didn’t see a firewall app.
I need an easy to use firewall with a sleek interface. Any suggestions like these here?

3- Encrypting Second Disk which is only for VM
How should I encrypt the second disk which I will only use for Win10 VM?
1st disk will contain PureOS while the second disk will contain VM

4- Any Suggestions?
Any security/hardening app or suggestions for a newbie? Especially for running VM.
Is this app cool?

sudo apt install bridge-utils virtinst virt-manager virt-viewer qemu-system-x86 ovmf

spice-vdagent is to be installed on the vm itself, so you’ll have to find that package for Windows.

I use this command to install Windows11, works for Windows10 as well:

vm=win11; mkdir /var/tmp/${vm}_share/; sudo virt-install -n ${vm} --hvm --memory 16384 --vcpus 2 --cpu mode=maximum --boot loader=$(find /usr -name OVMF_CODE.fd|tail -1),loader.readonly=yes,loader.type=pflash,nvram.template=$(find /usr -name OVMF_VARS.fd|tail -1),loader_secure=yes,bootmenu.enable=on,bios.useserial=on --cdrom /tmp/Win11_EnglishInternational_x64.iso --disk /vdi/${vm}.img,size=128,format=raw --filesystem /var/tmp/${vm}_share/,${vm}_share --graphics vnc,password=aPassword,port=5900,gl.enable=yes --video qxl,model.ram=2097152,model.vram64=2097152 --console pty,target.type=serial --console pty,target.type=virtio --tpm backend.type=passthrough,backend.version=2.0,model=tpm-tis --feature smm=on --network direct,source=macvtap0,trustGuestRxFilters=yes

This is a single line which you’ll want to adjust to your environment.

1 Like

I use this command to install Windows11, works for Windows10 as well:
vm=win11; mkdir…

I don’t think this is what I’m asking for. I am not looking for a Windows ISO (I already have mine) but if you want to give me advice on how I should further configure that ISO (using a windows platform and possibly NTLite) I am listening.
To make it clear, I just want to download the mentioned packages (QEMU etc. for creating the virtual machine) and put them into a USB drive before I start using Linux.

Bump, any answers especially for #1-2?

There are many ways to do this, would you never be bringing this system online? I’d so, do you plan to keep it up to date? Do you want to clone the repository and have your own local copy or are you only looking for these specific packages?

What you are asking does not have a quick one size fits all answer.

That’s largely going to depend on your personal preference as to what’s “easy” and “sleek” I’d suggest trying each one and finding the one that works best for you.

It depends. Is your goal to have the whole disk encrypted and require unlocking by Linux? I’d lean toward Luks for that. Is your goal to have windows show that it’s encrypted? Bitlocker would be the way to go here. Maybe both if you want the whole disk encrypted but also want the VM to report encrypted status as well.

Backup your data. Seriously back up your data, even the stuff you don’t think is important. Back up your data regularly.

Be prepared to rebuild the system a different way after you learn that some advice someone gave wasn’t best for you and you’ve now learned a different way that is best for you.

Document everything you do so that when you want to re-do it you’ll have instructions that make sense to you for your setup.

Try not to get too hung up on securing everything possible in every way possible. Figure out what actual threats are relevant to you and start with the ones that are well documented to mitigate. Security is something all too easy to get caught up in the details of.

It’s a good thing this command doesn’t tell you where to get a windows ISO but rather tells you where to reference the one you have already downloaded.

Don’t, the advice would be to mount the ISO and install from it, not to make changes to the ISO.

This sounds more like you want to try linux before installing it. If that is the case, when you boot off the install media for most Linux distro’s you’ll have the option for “live” which is an interactive environment that runs off the install media instead of installing. If you have not done this before, I strongly recommend this as a first step.

1 Like

Thanks for taking your time to answer these, appreciated. Please bear with me as I’m a new to this. I will start using Librem Mini with pureboot/pureos. However, I will use it to make a VM for Win10. I want to be able to create and test Win10 VM’s with QEMU before I connect my machine online.
So I’m looking for ways to download these beforehand.
There are Byzantium and Amber variations on the store. I don’t know which one will be installed when I recieve the Librem Mini.
I guess we don’t have to exclusively use PureOS’es app store but I’m doing that just in case.

Here’s the stuff I want to download but I can’t figure out the right way to do it (using windows)

virt-manager: software(.)pureos(.)net/search_pkg?term=virt-manager
virt-viewer: software(.)pureos(.)net/search_pkg?term=virt-viewer
spice-vdagent: software(.)pureos(.)net/search_pkg?term=spice-vdagent
libvirt-bin: No Result

Note: Lets me post only 2 links.
I clicked through your link to “amber” then the only available version amd64 which is the.deb file which is the installer for a Debian based Linux distribution.
That download of the .Deb file can be done by windows, however windows cannot install nor run the .Deb file, it would need to be opened by apt/dpkg/gdebi within that Debian based Linux os.

Virt manager has 3 different types (Amber, Byzantium and Landing). Which one should I go with?
What’s the difference between them anyway? Is Purism shipping their products with Byzantium installed?

Or should I even go search for .deb files on those apps’ particular websites?

It depends on which of you’re running.

I don’t know(x2)

If you want the latest versions and to deal with manually updating, maybe.

@vkslputll Byzantium is the current release of PureOS. I would favor Byzantium over Amber.

For clarity, please confirm the following:

  1. Your goal is to run your Librem Mini v2 not connected to the internet
  2. You want to install the additional components for PureOS (virtual machine manger, etc.) on your new Liberm which will not be connected to the internet
  3. You want to create a VM where the guest OS will be Windows, and you already have your ISO file, which you can copy onto your Librem Mini in order to use it to install Windows in your new VM.

Please reply to confirm that 1, 2, and 3 above are correct.

Just FYI, please be sure to verify the checksums of the downloads against the published values for the downloads to ensure that you have valid downloads that are tamper-free.

When it comes to downloading those tools, I suggest starting here:

For each package, seek out a corresponding sha256 or sha512 file that will contain the value for each package you plan to install.

Depending on what OS you are using to do the downloads, you will need to run the program available for generating the checksum from the downloaded file.

For macOS and Debian I believe it is shasum - look at the man page to understand the arguments.
Generally for shasum you will simply specify the algorithm to use, e.g. sha256 or sha512.

For example:
shasum -a256 your-downloaded-package.deb will output the sha256 checksum - compare that to the value published on the download page for that package.

If you are downloading the packages on a Windows machine, then search online for the equivalent program to generate the checksum values.