How to specify options for installing?

[setsky]

Hello, @tasket. I'm very like your code, thanks for doing it. I'm just newbie in Linux, so please be patience. How to specify options for installing? vm-boot-protect or vm-boot-protect-root? I easily installed the .service and disable default passwordless-root. But I dont understand how I can choose the mode (vm-boot-protect or vm-boot-protect-root). After installing service and "sudo service vm-boot-protect status" I have:

● vm-boot-protect.service - Protect Qubes VM execution environment at startup Loaded: loaded (/usr/lib/systemd/system/vm-boot-protect.service; enabled; vendor preset: disabled) Active: inactive (dead) Condition: start condition failed at Mon 2018-04-30 17:04:57 EEST; 54min ago ├─ ConditionPathExists=|/var/run/qubes-service/vm-boot-protect was not met ├─ ConditionPathExists=|/var/run/qubes-service/vm-boot-protect-root was not met └─ ConditionPathExists=|/var/run/qubes-service/vm-boot-protect-cli was not met Docs: https://github.com/tasket/Qubes-VM-hardening

I read the docs but it's not really help for me. How can I make sure that the service works correctly?

[tasket]

@setsky The key is to specify a 'Qubes service' in the VM settings:

From your desktop menu, launch the VM's Settings/Preferences window. On the Services tab type in the desired service mode (i.e. 'vm-boot-protect-root') and click the plus/+ icon to add it to the list. Then click OK.