[qubes-users] HCL - Lenovo T400 (Coreboot without ME, with IOMMU*)

Sun, 25 Dec 2016 00:54:07 -0800

Says IOMMU is active. However, this Intel generation lacks interrupt remapping. There are some attacks[1] and also some Xen-specific mitigations[2]. 

Install notes
-------------

Coreboot IOMMU changes are not in downstream Libreboot yet.


To compile Coreboot, I followed these[3][4] instructions for ME-less 
Coreboot. Alternatively, you can wait until Libreboot updates their builds.



For step-by-step instructions to flash a Lenovo T400 with an external 
programmer (replacing the factory BIOS), see Libreboot website. The 
Lenovo T400 requires a complete disassembly; the procedure is much 
easier on the Lenovo X200.



After Coreboot + Grub2 payload is flashed, to boot an already-installed 
Qubes:


at grub prompt:
   configfile (ahci0,msdos1)/grub2/grub.cfg
or similar.

If boot hangs on "Loading initial ramdisk":
   'e' to edit the entry "Qubes, with Xen hypervisor"
   append to Xen command line after ${xen_rm_opts}: iommu=no-igfx


Thanks for reading.


[1]http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html
[2]page 24 of same paper
[3]https://www.coreboot.org/Board:lenovo/x200
[4]https://www.coreboot.org/Build_HOWTO


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/95ee3853-79f7-6476-2c3b-a02ecad70bd3%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

---
layout:
  'hcl'
type:
  'laptop'
hvm:
  'yes'
iommu:
  'yes'
slat:
  'no'
tpm:
  'unknown'
brand: |
  LENOVO
model: |
  6473PVU
bios: |
  CBET4000 4.5-696-ga4464140f9-dirty
cpu: |
  Intel(R) Core(TM)2 CPU         P8700  @ 2.53GHz
cpu-short: |
  FIXME
chipset: |
  Intel Corporation Mobile 4 Series Chipset Memory Controller Hub [8086:2a40] 
(rev 07)
chipset-short: |
  GM45
gpu: |
  Intel Corporation Mobile 4 Series Chipset Integrated Graphics Controller 
[8086:2a42] (rev 07) (prog-if 00 [VGA controller])
  Intel Corporation Mobile 4 Series Chipset Integrated Graphics Controller 
[8086:2a43] (rev 07)
gpu-short: |
  Intel GMA 4500MHD
network: |
  Intel Corporation 82567LF Gigabit Network Connection (rev 03)
  Qualcomm Atheros AR9285 Wireless Network Adapter (PCI-Express) (rev 01)
memory: |
  4058
scsi: |
  Samsung SSD 850  Rev: 2B6Q

versions:

- works:
    yes
  qubes: |
    R3.2
  xen: |
    4.6.3
  kernel: |
    4.8.9-12
  remark: |
    Coreboot without ME
  credit: |
    aphidfarmer but the Coreboot devs did all the real work.
  link: |
    FIXLINK

---















    











					Reply via email to