Celeron N3350 and VT-d
newp...@gmail.com
I'm new Qubes and a few days ago decided to give it a try.
After dd'ing the R4 checksum-checked iso and turning off "secure boot" on target device, I got a printk flood of GPE errors. After being unable to stop/mask them with the acpi_mask_gpe or similar boot option (was not even sure what <int> to use), I edited BOOTX64.cfg to use [qubes] (but modified to still no be quiet) instead of [qubes-verbose]. It booted but always failed to mount /dev/root or /dev/mapper/live-rw. Internet search results had me trying many things to no avail. Finally, I found out my USB stick is a fake (thanks f3write/read). I tried from another (this time good) stick and got the same error. I suspected it had to do with the UEFI-only boot mode of target machine only? using GPT, and therefore deleted all partitions on good stick and created a GPT table with gdisk; then I dd'd, and then it finally booted to the installer. (Perhaps UEFI boot mode stage 2 freaks out if partition 1 is not GPT labelled, even though stage 1 boots fine.)
Now, for the actual question. :) The installer reports missing IOMMU/VT-d/AMD-Vi, however the machine's motherboard is an Intel Celeron N3350 which, according to https://ark.intel.com/products/95598/Intel-Celeron-Processor-N3350-2M-Cache-up-to-2-4-GHz-, should have VT-d (unless it needs a specific kind of VT-d?). I am not sure about IOMMU, perhaps it is missing. Does the error message list those as alternatives of the same thing? Or is it that I may have VT-d but not IOMMU, and the error just lists them all if just one has not been detected?
Cheers
awokd
> Now, for the actual question. :) The installer reports missing IOMMU/VT-d/AMD-Vi, however the machine's motherboard is an Intel Celeron N3350 which, according to https://ark.intel.com/products/95598/Intel-Celeron-Processor-N3350-2M-Cache-up-to-2-4-GHz-, should have VT-d (unless it needs a specific kind of VT-d?). I am not sure about IOMMU, perhaps it is missing. Does the error message list those as alternatives of the same thing? Or is it that I may have VT-d but not IOMMU, and the error just lists them all if just one has not been detected?
config?
newp...@gmail.com
There are actually no virtualization options in my UEFI config. I do get to turn off secure boot and some TSC stuff, but not much else. There's no vmx flag in /proc/cpuinfo (less that file after ctrl+f2 during installation), but apparently Qubes is not complaining about a lack of VT-x. There is a hypervisor flag, however.
awokd
newp...@gmail.com:
chipset and/or UEFI. Not having any options in the config for it is
generally a bad sign. Check to see if there's a firmware update
available for your board. VT-d implies there's at least one IOMMU, and
VT-x is present on everything with VT-d.
newp...@gmail.com
> @gmail.com:
Indeed... doing more research it does seem that it is not simply a matter at looking at what the chipset supports. Updated UEFI to its latest version, and still there is no option for virtualization settings.
Since I used default installation settings and to encrypt drive (actually to a flash drive) I had to gpart it to have fat32 partition with /boot info (used the installer structure as example but with files that were actually installed to the encrypted partition.)
Finally logged in. qubes-hcl-report gives HVM active, I/O MMU not active, HAP/SLAT Yes, TPM Device not found (UEFI settings has something about TPM), Remapping No. This is for an Acer Aspire ES1 432. I'll still use Qubes this way, knowing full well that without VT-d, a lot of protection (ie against DMA attacks) is disabled. I'll just cross my fingers that perhaps a future firmware update will allow VT-d to be turned on, if the motherboard supports it.
Thanks for the pointers!
Cheers