Re: [qubes-users] Re: Installation, no AMD-vi, interrupt mapping, etc.

2018-10-04 Thread taii...@gmx.com
Most consumer mobos have broken IOMMU, I suggest instead of wasting your
time trying to make it work you simply buy a KCMA-D8 or KGPE-D16 plus
used cpu and install coreboot-libre.

Without HVM/IOMMU your security will suck.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/048b7372-e140-1150-9d08-a07a0e414b89%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


0xDF372A17.asc
Description: application/pgp-keys


[qubes-users] Re: Installation, no AMD-vi, interrupt mapping, etc.

2018-10-02 Thread Sergio Matta
Em terça-feira, 2 de outubro de 2018 09:17:43 UTC-3, Sergio Matta  escreveu:
> Em segunda-feira, 1 de outubro de 2018 19:55:24 UTC-3, Sergio Matta  escreveu:
> > Em segunda-feira, 1 de outubro de 2018 16:04:34 UTC-3, naas...@gmail.com  
> > escreveu:
> > > Installation went fine except for a libxenlight config error of some 
> > > kind. I still can't enable IOMMU using either of the approaches described 
> > > in that Ubuntu thread, even though it successfully worked with raw Linux.
> > > 
> > > What boot parameters did you add? I have the earlier rev.1 Sabertooth 
> > > 990FX mobo that you have.
> > 
> > 
> > My mobo is rev.2, firmware 2901
> > I used (ivrs_ioapic[7]=00:14.0 ivrs_ioapic[8]=00:00.2). I am not using 
> > anymore and my qubes 4.0 is working fine.
> > 
> > But ubuntu forum has a solved solution with different ioapic:
> > Quick solution for Sabertooth 990FX (R1.0):
> > Edit file /etc/default/grub, find line "GRUB_CMDLINE_LINUX_DEFAULT=", edit 
> > it to look like:
> > Code:
> > GRUB_CMDLINE_LINUX_DEFAULT="quiet splash ivrs_ioapic[7]=00:14.0 
> > ivrs_ioapic[8]=00:00.1"
> > 
> > There are iommu info here too:
> > from Xen https://wiki.xen.org/wiki/VTd_HowTo
> > 
> > If you can not solve the iommu problem, change all vms to PV. Maybe this is 
> > the cause of libxenlight error. Change all vms to PV, including sys-net.
> > Later I will send you the commands to start networking.
> 
> My cpu is a AMD 1100T and PVH is not much more fast then PV.
> 
> If you want to test it without iommu:
> Change the VMs to PV, including sys-net and sys-firewall (qvm-prefs 
> yourvmname virt_mode PV)
> Using sys-firewall terminal do:
> sudo cp /etc/resolv2.conf /etc/resolv.conf (resolv2.conf has your preferred 
> nameservers)
> ping -c 2 10.137.0.8 (to create vif interface)
> sudo ip link set vif3.0 up
> sudo ip addr add 10.137.0.4//255.255.255.255 dev vif3.0
> sudo ip route add 10.137.0.8/255.255.255.255 dev vif3.0
> - Save the commands above in /rw/config/rc.local and make it executable 
> (chmod +x /rw/config/rc.local):
> Using sys-net terminal do:
> Save then in /rw/config/rc.local and make it executable:
> ip link set vif2.0 up
> ip addr add 10.137.0.3/255.255.255.255 dev vif2.0
> ip route add 10.137.0.4 dev vif2.0
> It should works.

PS: in the command "sudo ip route add 10.137.0.8/255.255.255.255 dev vif3.0", 
change the 10.137.0.8 to your correct VM IP

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b428062f-b0c2-48d7-af00-043326d80816%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Installation, no AMD-vi, interrupt mapping, etc.

2018-10-02 Thread Sergio Matta
Em segunda-feira, 1 de outubro de 2018 19:55:24 UTC-3, Sergio Matta  escreveu:
> Em segunda-feira, 1 de outubro de 2018 16:04:34 UTC-3, naas...@gmail.com  
> escreveu:
> > Installation went fine except for a libxenlight config error of some kind. 
> > I still can't enable IOMMU using either of the approaches described in that 
> > Ubuntu thread, even though it successfully worked with raw Linux.
> > 
> > What boot parameters did you add? I have the earlier rev.1 Sabertooth 990FX 
> > mobo that you have.
> 
> 
> My mobo is rev.2, firmware 2901
> I used (ivrs_ioapic[7]=00:14.0 ivrs_ioapic[8]=00:00.2). I am not using 
> anymore and my qubes 4.0 is working fine.
> 
> But ubuntu forum has a solved solution with different ioapic:
> Quick solution for Sabertooth 990FX (R1.0):
> Edit file /etc/default/grub, find line "GRUB_CMDLINE_LINUX_DEFAULT=", edit it 
> to look like:
> Code:
> GRUB_CMDLINE_LINUX_DEFAULT="quiet splash ivrs_ioapic[7]=00:14.0 
> ivrs_ioapic[8]=00:00.1"
> 
> There are iommu info here too:
> from Xen https://wiki.xen.org/wiki/VTd_HowTo
> 
> If you can not solve the iommu problem, change all vms to PV. Maybe this is 
> the cause of libxenlight error. Change all vms to PV, including sys-net.
> Later I will send you the commands to start networking.

My cpu is a AMD 1100T and PVH is not much more fast then PV.

If you want to test it without iommu:
Change the VMs to PV, including sys-net and sys-firewall (qvm-prefs yourvmname 
virt_mode PV)
Using sys-firewall terminal do:
sudo cp /etc/resolv2.conf /etc/resolv.conf (resolv2.conf has your preferred 
nameservers)
ping -c 2 10.137.0.8 (to create vif interface)
sudo ip link set vif3.0 up
sudo ip addr add 10.137.0.4//255.255.255.255 dev vif3.0
sudo ip route add 10.137.0.8/255.255.255.255 dev vif3.0
- Save the commands above in /rw/config/rc.local and make it executable (chmod 
+x /rw/config/rc.local):
Using sys-net terminal do:
Save then in /rw/config/rc.local and make it executable:
ip link set vif2.0 up
ip addr add 10.137.0.3/255.255.255.255 dev vif2.0
ip route add 10.137.0.4 dev vif2.0
It should works.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f74db636-c0e9-478a-94bc-918043982959%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Installation, no AMD-vi, interrupt mapping, etc.

2018-10-01 Thread Sergio Matta
Em segunda-feira, 1 de outubro de 2018 16:04:34 UTC-3, naas...@gmail.com  
escreveu:
> Installation went fine except for a libxenlight config error of some kind. I 
> still can't enable IOMMU using either of the approaches described in that 
> Ubuntu thread, even though it successfully worked with raw Linux.
> 
> What boot parameters did you add? I have the earlier rev.1 Sabertooth 990FX 
> mobo that you have.


My mobo is rev.2, firmware 2901
I used (ivrs_ioapic[7]=00:14.0 ivrs_ioapic[8]=00:00.2). I am not using anymore 
and my qubes 4.0 is working fine.

But ubuntu forum has a solved solution with different ioapic:
Quick solution for Sabertooth 990FX (R1.0):
Edit file /etc/default/grub, find line "GRUB_CMDLINE_LINUX_DEFAULT=", edit it 
to look like:
Code:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash ivrs_ioapic[7]=00:14.0 
ivrs_ioapic[8]=00:00.1"

There are iommu info here too:
from Xen https://wiki.xen.org/wiki/VTd_HowTo

If you can not solve the iommu problem, change all vms to PV. Maybe this is the 
cause of libxenlight error. Change all vms to PV, including sys-net.
Later I will send you the commands to start networking.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d9a20451-f4f1-4510-9ae7-6616c704de0b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Installation, no AMD-vi, interrupt mapping, etc.

2018-10-01 Thread naasking
I meant qemu-kvm not VirtualBox. I now see this table [1] that claims that Xen 
doesn't support IOMMU on rev.1 of our mobo have, but does on rev.2. I'll 
probably go with the alternative I have in mind then since, unless someone else 
has any ideas.

If not, thanks for the suggestions everyone!

Sandro

[1] 
https://en.wikipedia.org/wiki/List_of_IOMMU-supporting_hardware#Motherboards_2


On Monday, 1 October 2018 15:04:34 UTC-4, naas...@gmail.com  wrote:
> Installation went fine except for a libxenlight config error of some kind. I 
> still can't enable IOMMU using either of the approaches described in that 
> Ubuntu thread, even though it successfully worked with raw Linux.
> 
> What boot parameters did you add? I have the earlier rev.1 Sabertooth 990FX 
> mobo that you have.
> 
> I'm not sure there's much advantage in sticking to Qubes without the hardware 
> acceleration over a Linux distro I'm more familiar with that has 
> virtualization working. I can just use accelerated VirtualBox instead of 
> accepting the PV overheads for the workflows I have in mind, but I'd 
> definitely like to use Qubes if I can get this working.
> 
> Sandro
> 
> On Monday, 1 October 2018 13:26:41 UTC-4, Sergio Matta  wrote:
> > Are you suggesting I just proceed with the installation regardless and try 
> > to set these parameters in the grub booting config after I get up and 
> > running?
> > > 
> > > Sandro
> > > 
> > Yes! And even if iommu does not works, you will be able to use Qubes 4 VM 
> > as PV. Networking will need to set up by hand and save those commands in 
> > files to start it automatically.
> > You will have time to solve it or buy another motherboard. Mine is a US$150 
> > used sabertooth 990fx rev.2

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/31499e0a-dfd2-4b49-b000-0fb0752a2571%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Installation, no AMD-vi, interrupt mapping, etc.

2018-10-01 Thread naasking
Installation went fine except for a libxenlight config error of some kind. I 
still can't enable IOMMU using either of the approaches described in that 
Ubuntu thread, even though it successfully worked with raw Linux.

What boot parameters did you add? I have the earlier rev.1 Sabertooth 990FX 
mobo that you have.

I'm not sure there's much advantage in sticking to Qubes without the hardware 
acceleration over a Linux distro I'm more familiar with that has virtualization 
working. I can just use accelerated VirtualBox instead of accepting the PV 
overheads for the workflows I have in mind, but I'd definitely like to use 
Qubes if I can get this working.

Sandro

On Monday, 1 October 2018 13:26:41 UTC-4, Sergio Matta  wrote:
> Are you suggesting I just proceed with the installation regardless and try to 
> set these parameters in the grub booting config after I get up and running?
> > 
> > Sandro
> > 
> Yes! And even if iommu does not works, you will be able to use Qubes 4 VM as 
> PV. Networking will need to set up by hand and save those commands in files 
> to start it automatically.
> You will have time to solve it or buy another motherboard. Mine is a US$150 
> used sabertooth 990fx rev.2

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1c1cdb0c-16b1-4e48-b028-7e7459d1c117%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Installation, no AMD-vi, interrupt mapping, etc.

2018-10-01 Thread Sergio Matta
 Are you suggesting I just proceed with the installation regardless and try to 
set these parameters in the grub booting config after I get up and running?
> 
> Sandro
> 
Yes! And even if iommu does not works, you will be able to use Qubes 4 VM as 
PV. Networking will need to set up by hand and save those commands in files to 
start it automatically.
You will have time to solve it or buy another motherboard. Mine is a US$150 
used sabertooth 990fx rev.2

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ca8eaf8c-eeb8-4f7a-a388-2fab2ef9173e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Installation, no AMD-vi, interrupt mapping, etc.

2018-10-01 Thread naasking
Yes, I read that thread as well. The last post in that thread did not enable 
IOMMU on Linux, the second to last did and it's the same procedure I linked in 
my first post on superuser.com.

However, adding these parameters while booting the Qubes installer doesn't seem 
to have an effect. Are you suggesting I just proceed with the installation 
regardless and try to set these parameters in the grub booting config after I 
get up and running?

Sandro


On Monday, 1 October 2018 12:56:43 UTC-4, Sergio Matta  wrote:
> > I updated the bios but still no luck, so I tried a manual procedure as 
> > described at [1]: I ran a recent live linux distro from a USB key and 
> > confirmed that interrupt remapping was disabled by default due to this BIOS 
> > bug. I then figured out the IOMMU and SMBus addresses using the described 
> > procedure and managed to get the live linux to boot with interrupt 
> > remapping and virtualization enabled as reported by dmesg.
> > 
> > I tried the same ivrs_ioapic mapping procedure for the Qubes installer, but 
> > it still raises that dialog saying no interrupt remapping, AMD-Vi, etc. 
> > Running dmesg in the Qubes installer console reports only that IOMMUv2 is 
> > not available, which the live linux also reported, but no other errors. The 
> > dmesg output is a little different though, so perhaps I missed something.
> > 
> > Any suggestions on what to do next?
> > 
> > [1] https://superuser.com/questions/1052023/ioapic0-not-in-ivrs-table
> 
> To fix the bug I inserted some parms on the xen command line (grub boot) and 
> after I did "sudo grub2-mkconfig -o /boot/grub2/grub.cfg"
> But at that time there was a qubes-hcl-report bug not recognizing Remapping:
> HVM:   Active
> I/O MMU:   Active
> HAP/SLAT   Yes
> Remapping: no
> 
> xl dmesg works fine:
> (XEN) AMD-Vi: IOMMU 0 Enabled.
> (XEN) I/O virtualisation enabled
> (XEN)  – Dom0: mode: Relaxed
> (XEN) Interrupt remapping enabled
> 
> see: https://ubuntuforums.org/showthread.php?t=2254677

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/381a3bb9-8aac-47a1-9c48-332a2fdc997b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Installation, no AMD-vi, interrupt mapping, etc.

2018-10-01 Thread Sergio Matta

> I updated the bios but still no luck, so I tried a manual procedure as 
> described at [1]: I ran a recent live linux distro from a USB key and 
> confirmed that interrupt remapping was disabled by default due to this BIOS 
> bug. I then figured out the IOMMU and SMBus addresses using the described 
> procedure and managed to get the live linux to boot with interrupt remapping 
> and virtualization enabled as reported by dmesg.
> 
> I tried the same ivrs_ioapic mapping procedure for the Qubes installer, but 
> it still raises that dialog saying no interrupt remapping, AMD-Vi, etc. 
> Running dmesg in the Qubes installer console reports only that IOMMUv2 is not 
> available, which the live linux also reported, but no other errors. The dmesg 
> output is a little different though, so perhaps I missed something.
> 
> Any suggestions on what to do next?
> 
> [1] https://superuser.com/questions/1052023/ioapic0-not-in-ivrs-table

To fix the bug I inserted some parms on the xen command line (grub boot) and 
after I did "sudo grub2-mkconfig -o /boot/grub2/grub.cfg"
But at that time there was a qubes-hcl-report bug not recognizing Remapping:
HVM:   Active
I/O MMU:   Active
HAP/SLAT   Yes
Remapping: no

xl dmesg works fine:
(XEN) AMD-Vi: IOMMU 0 Enabled.
(XEN) I/O virtualisation enabled
(XEN)  – Dom0: mode: Relaxed
(XEN) Interrupt remapping enabled

see: https://ubuntuforums.org/showthread.php?t=2254677

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f5263830-51d2-4ac7-bbaa-0e2e597d1f46%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.