[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] Lenovo X200 IOMMU support through Xen 4.6 iommu=no-igfx switch
Sorry for the precedent post that was written a bit
too fast. Libreboot was flashed when I wrote it, which is the equivalent
of a having vt-d deactivated (iommu=0). Thanks to a user that read this
post and wrote to me personally so I could do my mea culpa. Sorry for
the precedent misleading post.
Xen on a GM45 chipset and
with IGD i915 driver is still getting the system hanged when vt-d is
activated. I'm willing to borrow a machine to the Xen developer that
could fix the iommu=no-igfx code for gm45 chipset to actually work. A ticket is opened here with current states of thing: https://github.com/QubesOS/qubes-issues/issues/1594#issuecomment-209213917Sorry about that (and repost since I wrote the same misleading post to two places) Thierry
The problem wasn't with xen iommu support but kms/drm and i915 driver. Passing to the kernel i915.preliminary_hw_support=1 fixes it all :) Thanks
Nope. That commit is present in 4.6 and results in x200 being able to boot xen.
Not having that option makes xen hang at boot.
If present, it works until other vm access pass-through devices, which I'm not able to troubleshoot even through amt SOL.
See here for debug logs: >>> On 22.12.15 at 19:04, <thierry.laurion@xxxxxxxxx> wrote:
> iommu=no-igfx is a gamechanger for Qubes support through 3.1 RC1 release,
> thanks to Xen 4.6 :)
>
> The Lenovo X200 supports vt-x, vt-d and TPM as reported and required by
> Qubes in the HCL attached to this e-mail. The problem is that when Qubes
> launches it's netvm which uses IOMMU to talk to it's network card, it
> freezes the whole system up. Even when specifying sync_console, I don't get
> much more verbosity. I ordered a PCMCIA to serial adapter which will be
> shipped to my door late January... Meanwhile, booting with iommu=0 makes
> things work, but a potential hardware component being compromised has
> chances to compromise the whole system since compartmentalization is not
> guaranteed without IOMMU (vt-d).
>
> A little more love is needed from xen to make that laptop line supported by
> Qubes and a nice alternative to the costy Librem currently promoted by
> Qubes-Purism
> partnership
Is all of the above and below a quite complicated way of expressing
that you'd like to see commit 146341187a backported to 4.6.x?
Jan
> <http://arstechnica.com/gadgets/2015/12/qubes-os-will-ship-pre-installed-on-p
> urisms-security-focused-librem-13-laptop/>which
> suggest that the laptop will be Respect Your Freedom compliant in the
> future with Intel participation in removing ME and AMT
> <http://libreboot.org/faq/#intelme>, which is not guaranteed at all.
> <http://www.phoronix.com/scan.php?page=news_item&px=Purism-Librem-Still-Blobbe
> d>
> If Xen 4.6 can cooperate with Penryn GM45 chipset, it's all MiniFree laptops
> <http://minifree.org/product-category/laptops/> (and Libreboot support of
> those <http://libreboot.org/docs/hcl/x200.html>) that will be potential
> candidates!
> Please share the love so that the community has a cheap alternative.
>
> Requirements to replicate bug:
> Model: X200 745434U with p8700 CPU running 1067a microcode(important),
> upgrable to 8go
> BIOS: Lenovo 3.22/1.07 (latest from 2013
> <http://support.lenovo.com/ca/en/downloads/ds015007>)
> Network card supports FLReset+ as requested here
> <http://wiki.xen.org/wiki/VTd_HowTo>.
> Bios settings: vt-d and vt-x needs to be enforced.
> Xen command line option required
> <http://www.gossamer-threads.com/lists/xen/devel/393647> to boot:
> iommu=no-igfx
>
> Here is the current debug trace/status on Qubes side of things
> <https://groups.google.com/forum/#!topic/qubes-users/bHQHjXqinaU>.
> If you have any hint, please contribute :)
>
> Help me say happy new years to all security conscious people out there :)
>
> Merry Christmas all,
> Thierry Laurion
>
>
>
>
>
> --
> Thierry Laurion
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
