Try to update microcode as early as possible if provided.
This option will scan all multiboot modules besides dom0 kernel. In our
case this is perfect - there is only one other module and it is
initramfs which have microcode early cpio prepended.
QubesOS/qubes-issues#3703
Kernel command line in legacy mode is constructed by grub scripts and
properly handle btrfs subvolumes. For EFI, it is built directly by
anaconda and 'rootflags=subvol=...' argument need to be added manually.
FixesQubesOS/qubes-issues#1871
Typical GRUB2 installations would execute the script
located at /usr/libexec/mactel-boot-setup which would
modify the HFS+ ESP files and bless the specified efi.
However, we are not using GRUB at this time which would
cause that script to exit earlier.
These changes will execute the relevant commands
to symlink the efi file in the /System directory as well
the cfg file. Lastly, macOS requires the bootable efi
file to be blessed.
We also attempt to place some user-friendly icons
for Qubes to show to the user.
Lastly, we add a README with some instructions on how
to get into rescue mode from macOS.
Many Intel processors (and BIOSes) have invalid IOMMU configuration for
IGFX, which cause multiple problems - from screen glitches, to system
hang.
Since IGFX currently is still in dom0 (isn't isolated from other system
components), disabling IOMMU for it doesn't lower overall security.
When GUI domain will be implemented, we need to re-enable IOMMU here and
hope hardware manufacturers will fix it in the meantime.
FixesQubesOS/qubes-issues#2836
And unconditionally allow boot encryption and the lvmlv format.
(The user still has to fight the installer to actually set it up.)
FixesQubesOS/qubes-issues#2553
EFI boot uses only /boot/efi, so /boot may be even on encrypted volume,
LVM, btrfs or anything else. Instead of allowing just LVM, override the
whole check for /boot.
FixesQubesOS/qubes-issues#1721
Since all the required files are on ESP (and are loaded by xen.efi), we
don't need /boot accessible at all from there. This will in practice
allow to not have separate /boot at all.
FixesQubesOS/qubes-issues#1721
Linux kernel have some memory overhead depending on maxmem. Dom0 isn't
meant to use that much memory (most should be assigned to AppVMs), so on
big systems this will be pure waste.
QubesOS/qubes-issues#1136FixesQubesOS/qubes-issues#1313
