Says IOMMU is active. However, this Intel generation lacks interrupt
remapping. There are some attacks[1] and also some Xen-specific
mitigations[2].
Install notes
-------------
Coreboot IOMMU changes are not in downstream Libreboot yet.
To compile Coreboot, I followed these[3][4] instructions for ME-less
Coreboot. Alternatively, you can wait until Libreboot updates their builds.
For step-by-step instructions to flash a Lenovo T400 with an external
programmer (replacing the factory BIOS), see Libreboot website. The
Lenovo T400 requires a complete disassembly; the procedure is much
easier on the Lenovo X200.
After Coreboot + Grub2 payload is flashed, to boot an already-installed
Qubes:
at grub prompt:
configfile (ahci0,msdos1)/grub2/grub.cfg
or similar.
If boot hangs on "Loading initial ramdisk":
'e' to edit the entry "Qubes, with Xen hypervisor"
append to Xen command line after ${xen_rm_opts}: iommu=no-igfx
Thanks for reading.
[1]http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html
[2]page 24 of same paper
[3]https://www.coreboot.org/Board:lenovo/x200
[4]https://www.coreboot.org/Build_HOWTO
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/95ee3853-79f7-6476-2c3b-a02ecad70bd3%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
---
layout:
'hcl'
type:
'laptop'
hvm:
'yes'
iommu:
'yes'
slat:
'no'
tpm:
'unknown'
brand: |
LENOVO
model: |
6473PVU
bios: |
CBET4000 4.5-696-ga4464140f9-dirty
cpu: |
Intel(R) Core(TM)2 CPU P8700 @ 2.53GHz
cpu-short: |
FIXME
chipset: |
Intel Corporation Mobile 4 Series Chipset Memory Controller Hub [8086:2a40]
(rev 07)
chipset-short: |
GM45
gpu: |
Intel Corporation Mobile 4 Series Chipset Integrated Graphics Controller
[8086:2a42] (rev 07) (prog-if 00 [VGA controller])
Intel Corporation Mobile 4 Series Chipset Integrated Graphics Controller
[8086:2a43] (rev 07)
gpu-short: |
Intel GMA 4500MHD
network: |
Intel Corporation 82567LF Gigabit Network Connection (rev 03)
Qualcomm Atheros AR9285 Wireless Network Adapter (PCI-Express) (rev 01)
memory: |
4058
scsi: |
Samsung SSD 850 Rev: 2B6Q
versions:
- works:
yes
qubes: |
R3.2
xen: |
4.6.3
kernel: |
4.8.9-12
remark: |
Coreboot without ME
credit: |
aphidfarmer but the Coreboot devs did all the real work.
link: |
FIXLINK
---