[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Lenovo X200 IOMMU support through Xen 4.6 iommu=no-igfx switch

>>> On 22.12.15 at 19:04, <thierry.laurion@xxxxxxxxx> wrote:
> iommu=no-igfx is a gamechanger for Qubes support through 3.1 RC1 release,
> thanks to Xen 4.6 :)
> 
> The Lenovo X200 supports vt-x, vt-d and TPM as reported and required by
> Qubes in the HCL attached to this e-mail. The problem is that when Qubes
> launches it's netvm which uses IOMMU to talk to it's network card, it
> freezes the whole system up. Even when specifying sync_console, I don't get
> much more verbosity. I ordered a PCMCIA to serial adapter which will be
> shipped to my door late January... Meanwhile, booting with iommu=0 makes
> things work, but a potential hardware component being compromised has
> chances to compromise the whole system since compartmentalization is not
> guaranteed without IOMMU (vt-d).
> 
> A little more love is needed from xen to make that laptop line supported by
> Qubes and a nice alternative to the costy Librem currently promoted by
> Qubes-Purism
> partnership

Is all of the above and below a quite complicated way of expressing
that you'd like to see commit 146341187a backported to 4.6.x?

Jan

> <http://arstechnica.com/gadgets/2015/12/qubes-os-will-ship-pre-installed-on-p 
> urisms-security-focused-librem-13-laptop/>which
> suggest that the laptop will be Respect Your Freedom compliant in the
> future with Intel participation in removing ME and AMT
> <http://libreboot.org/faq/#intelme>, which is not guaranteed at all.
> <http://www.phoronix.com/scan.php?page=news_item&px=Purism-Librem-Still-Blobbe
>  
> d>
> If Xen 4.6 can cooperate with Penryn GM45 chipset, it's all MiniFree laptops
> <http://minifree.org/product-category/laptops/> (and Libreboot support of
> those <http://libreboot.org/docs/hcl/x200.html>) that will be potential
> candidates!
> Please share the love so that the community has a cheap alternative.
> 
> Requirements to replicate bug:
> Model: X200 745434U with p8700 CPU running 1067a microcode(important),
> upgrable to 8go
> BIOS: Lenovo 3.22/1.07 (latest from 2013
> <http://support.lenovo.com/ca/en/downloads/ds015007>)
> Network card supports FLReset+ as requested here
> <http://wiki.xen.org/wiki/VTd_HowTo>.
> Bios settings: vt-d and vt-x needs to be enforced.
> Xen command line option required
> <http://www.gossamer-threads.com/lists/xen/devel/393647> to boot:
> iommu=no-igfx
> 
> Here is the current debug trace/status on Qubes side of things
> <https://groups.google.com/forum/#!topic/qubes-users/bHQHjXqinaU>.
> If you have any hint, please contribute :)
> 
> Help me say happy new years to all security conscious people out there :)
> 
> Merry Christmas all,
> Thierry Laurion
> 
> 
> 
> 
> 
> -- 
> Thierry Laurion




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.