December 23, 2019 7:31 AM, "qubes123" <> wrote:
> Suspend/resume problem is most likely caused by a recently added security 
> feature in Xen, that
> checks CPUID after resume with the previously (at boot time) known CPUID. 
> This is to ensure, that
> the CPU microcode level - along with the resulting Spectere/Meltdown etc. 
> mitigations - still
> persist after system resume and there are no features missing.

How recent? Is it present in Xen 4.8-fc25 (R4.0)? Xen 4.12-fc29 (R4.1)?

> For many AMD systems (eg. Trinity/Richland) CPUID changes after suspend (some 
> of the high bits),
> resulting in Xen Panic (see xen/arch/x86/acpi/power.c). So, more 
> investigation would be needed to
> check why the CPUID bits are changing after resume and whether it had any 
> security implications or
> not.
> For the time being - if you accept the possible security implications - you 
> can disable that check
> eg. by commenting the panic line out after "recheck_cpu_features" in the 
> above mentioned power.c
> file, compile xen for dom0 via qubes builder and test it in your system.

Thanks for the info.

I'm not sure this is the problem, though, because I get the same symptoms when 
suspending in a Fedora 25 livecd. Which makes me think it's a Fedora problem 
not a Xen problem, at least for R4.0. In Fedora 29 I think the symptoms were 
slightly different, the system was responsive but the screen just didn't power 
back on after resume. I don't think suspend/resume actually worked correctly 
until Fedora 30. We should have an F31-based R4.1 developer release by the end 
of the month, which would be a more accurate test.

What are the symptoms of a Xen panic? Would it prevent the screen from powering 
back on? Would it reboot after five seconds? Or would it just hang?

I'll try booting qubes R4.1 on bare metal without Xen and try suspend/resume. 
If it works I'll post cpuinfo before and after.

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To view this discussion on the web visit

Reply via email to