[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Lenovo X200 IOMMU support through Xen 4.6 iommu=no-igfx switch



Nope. That commit is present in 4.6 and results in x200 being able to boot xen.

Not having that option makes xen hang at boot.

If present, it works until other vm access pass-through devices, which I'm not able to troubleshoot even through amt SOL.

See here for debug logs:
https://groups.google.com/forum/m/#!topic/qubes-users/bHQHjXqinaU

LeÂmer. 6 janv. 2016 09:35,ÂJan Beulich <JBeulich@xxxxxxxx> a ÃcritÂ:
>>> On 22.12.15 at 19:04, <thierry.laurion@xxxxxxxxx> wrote:
> iommu=no-igfx is a gamechanger for Qubes support through 3.1 RC1 release,
> thanks to Xen 4.6 :)
>
> The Lenovo X200 supports vt-x, vt-d and TPM as reported and required by
> Qubes in the HCL attached to this e-mail. The problem is that when Qubes
> launches it's netvm which uses IOMMU to talk to it's network card, it
> freezes the whole system up. Even when specifying sync_console, I don't get
> much more verbosity. I ordered a PCMCIA to serial adapter which will be
> shipped to my door late January... Meanwhile, booting with iommu=0 makes
> things work, but a potential hardware component being compromised has
> chances to compromise the whole system since compartmentalization is not
> guaranteed without IOMMU (vt-d).
>
> A little more love is needed from xen to make that laptop line supported by
> Qubes and a nice alternative to the costy Librem currently promoted by
> Qubes-Purism
> partnership

Is all of the above and below a quite complicated way of expressing
that you'd like to see commit 146341187a backported to 4.6.x?

Jan

> <http://arstechnica.com/gadgets/2015/12/qubes-os-will-ship-pre-installed-on-p
> urisms-security-focused-librem-13-laptop/>which
> suggest that the laptop will be Respect Your Freedom compliant in the
> future with Intel participation in removing ME and AMT
> <http://libreboot.org/faq/#intelme>, which is not guaranteed at all.
> <http://www.phoronix.com/scan.php?page=news_item&px=Purism-Librem-Still-Blobbe
> d>
> If Xen 4.6 can cooperate with Penryn GM45 chipset, it's all MiniFree laptops
> <http://minifree.org/product-category/laptops/> (and Libreboot support of
> those <http://libreboot.org/docs/hcl/x200.html>) that will be potential
> candidates!
> Please share the love so that the community has a cheap alternative.
>
> Requirements to replicate bug:
> Model: X200 745434U with p8700 CPU running 1067a microcode(important),
> upgrable to 8go
> BIOS: Lenovo 3.22/1.07 (latest from 2013
> <http://support.lenovo.com/ca/en/downloads/ds015007>)
> Network card supports FLReset+ as requested here
> <http://wiki.xen.org/wiki/VTd_HowTo>.
> Bios settings: vt-d and vt-x needs to be enforced.
> Xen command line option required
> <http://www.gossamer-threads.com/lists/xen/devel/393647> to boot:
> iommu=no-igfx
>
> Here is the current debug trace/status on Qubes side of things
> <https://groups.google.com/forum/#!topic/qubes-users/bHQHjXqinaU>.
> If you have any hint, please contribute :)
>
> Help me say happy new years to all security conscious people out there :)
>
> Merry Christmas all,
> Thierry Laurion
>
>
>
>
>
> --
> Thierry Laurion



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.