Re: Lenovo X200 IOMMU support through Xen 4.6 iommu=no-igfx switch

[Thierry Laurion <thierry.laurion@gmail.com>]

[-- Attachment #1.1: Type: text/plain, Size: 4649 bytes --]

Sorry for the precedent post that was written a bit too fast. Libreboot was
flashed when I wrote it, which is the equivalent of a having vt-d
deactivated (iommu=0). Thanks to a user that read this post and wrote to me
personally so I could do my mea culpa. Sorry for the precedent misleading
post.

Xen on a GM45 chipset and with IGD i915 driver is still getting the system
hanged when vt-d is activated. I'm willing to borrow a machine to the Xen
developer that could fix the iommu=no-igfx code for gm45 chipset to
actually work.

A ticket is opened here with current states of thing:
https://github.com/QubesOS/qubes-issues/issues/1594#issuecomment-209213917

Sorry about that (and repost since I wrote the same misleading post to two
places)
Thierry

Le dim. 28 févr. 2016 à 14:03, Thierry Laurion <thierry.laurion@gmail.com>
a écrit :

> The problem wasn't with xen iommu support but kms/drm and i915 driver.
>
> Passing to the kernel i915.preliminary_hw_support=1 fixes it all :)
>
> Thanks
>
> Le mer. 6 janv. 2016 à 22:11, Thierry Laurion <thierry.laurion@gmail.com>
> a écrit :
>
>> Nope. That commit is present in 4.6 and results in x200 being able to
>> boot xen.
>>
>> Not having that option makes xen hang at boot.
>>
>> If present, it works until other vm access pass-through devices, which
>> I'm not able to troubleshoot even through amt SOL.
>>
>> See here for debug logs:
>> https://groups.google.com/forum/m/#!topic/qubes-users/bHQHjXqinaU
>>
>> Le mer. 6 janv. 2016 09:35, Jan Beulich <JBeulich@suse.com> a écrit :
>>
>>> >>> On 22.12.15 at 19:04, <thierry.laurion@gmail.com> wrote:
>>> > iommu=no-igfx is a gamechanger for Qubes support through 3.1 RC1
>>> release,
>>> > thanks to Xen 4.6 :)
>>> >
>>> > The Lenovo X200 supports vt-x, vt-d and TPM as reported and required by
>>> > Qubes in the HCL attached to this e-mail. The problem is that when
>>> Qubes
>>> > launches it's netvm which uses IOMMU to talk to it's network card, it
>>> > freezes the whole system up. Even when specifying sync_console, I
>>> don't get
>>> > much more verbosity. I ordered a PCMCIA to serial adapter which will be
>>> > shipped to my door late January... Meanwhile, booting with iommu=0
>>> makes
>>> > things work, but a potential hardware component being compromised has
>>> > chances to compromise the whole system since compartmentalization is
>>> not
>>> > guaranteed without IOMMU (vt-d).
>>> >
>>> > A little more love is needed from xen to make that laptop line
>>> supported by
>>> > Qubes and a nice alternative to the costy Librem currently promoted by
>>> > Qubes-Purism
>>> > partnership
>>>
>>> Is all of the above and below a quite complicated way of expressing
>>> that you'd like to see commit 146341187a backported to 4.6.x?
>>>
>>> Jan
>>>
>>> > <
>>> http://arstechnica.com/gadgets/2015/12/qubes-os-will-ship-pre-installed-on-p
>>> > urisms-security-focused-librem-13-laptop/>which
>>> > suggest that the laptop will be Respect Your Freedom compliant in the
>>> > future with Intel participation in removing ME and AMT
>>> > <http://libreboot.org/faq/#intelme>, which is not guaranteed at all.
>>> > <
>>> http://www.phoronix.com/scan.php?page=news_item&px=Purism-Librem-Still-Blobbe
>>> > d>
>>> > If Xen 4.6 can cooperate with Penryn GM45 chipset, it's all MiniFree
>>> laptops
>>> > <http://minifree.org/product-category/laptops/> (and Libreboot
>>> support of
>>> > those <http://libreboot.org/docs/hcl/x200.html>) that will be
>>> potential
>>> > candidates!
>>> > Please share the love so that the community has a cheap alternative.
>>> >
>>> > Requirements to replicate bug:
>>> > Model: X200 745434U with p8700 CPU running 1067a microcode(important),
>>> > upgrable to 8go
>>> > BIOS: Lenovo 3.22/1.07 (latest from 2013
>>> > <http://support.lenovo.com/ca/en/downloads/ds015007>)
>>> > Network card supports FLReset+ as requested here
>>> > <http://wiki.xen.org/wiki/VTd_HowTo>.
>>> > Bios settings: vt-d and vt-x needs to be enforced.
>>> > Xen command line option required
>>> > <http://www.gossamer-threads.com/lists/xen/devel/393647> to boot:
>>> > iommu=no-igfx
>>> >
>>> > Here is the current debug trace/status on Qubes side of things
>>> > <https://groups.google.com/forum/#!topic/qubes-users/bHQHjXqinaU>.
>>> > If you have any hint, please contribute :)
>>> >
>>> > Help me say happy new years to all security conscious people out there
>>> :)
>>> >
>>> > Merry Christmas all,
>>> > Thierry Laurion
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> > Thierry Laurion
>>>
>>>
>>>
>>>

[-- Attachment #1.2: Type: text/html, Size: 6956 bytes --]

[-- Attachment #2: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel