HCL - HP EliteBook 850 G1

645 views
Skip to first unread message

Olivier Médoc

unread,
Oct 29, 2014, 1:04:16 PM10/29/14
to qubes...@googlegroups.com
Hello,

We are testing Qubes on our new laptop model.

Successfully installation and successfull boot of Qubes R2, but it has
not been extensively tested yet. VT-x and VT-d are active, but TPM has
not been tested.

Wired networking is working (wireless not tested yet).

One problem we encountered is when assigning the USB pci-bus to an
AppVM. When we start the AppVM, it breaks the xhci seems to breaks.

In the AppVM dmesg shows an error very similar to the following :

[ 30.560041] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[ 30.560409] ehci_hcd 0000:00:00.0: device not available (can't reserve [mem 0xf162a000-0xf162a3ff])
[ 30.560565] ehci_hcd 0000:00:01.0: device not available (can't reserve [mem 0xf1629000-0xf16293ff])

(found in ticket https://qubes-os.org/ticket/521)

It should be noted that:
- The AppVM uses the default kernel options (nopat iommu=soft swiotlb=4096)
- It is the same with the 3.17 kernel (by enabling the unstable repository)
- Memory balancing has been disabled on the AppVM

Should the ticket 521 be reopened ?


Qubes-HCL-Hewlett-Packard-HP_EliteBook_850_G1-20141029-144726.cpio.gz
Qubes-HCL-Hewlett-Packard-HP_EliteBook_850_G1-20141029-144726.txt

Olivier Médoc

unread,
Oct 29, 2014, 1:07:51 PM10/29/14
to qubes...@googlegroups.com
By the way, this laptop has two GPU cards, are there any successful
experiences or recommendations on assigning a pci-GPU to an appvm in
order to run OpenGL applications or OCL programs ?

The discussions on this subjects are getting large, but I don't know if
there are any actual results.








Marek Marczykowski-Górecki

unread,
Oct 29, 2014, 2:43:30 PM10/29/14
to Olivier Médoc, qubes...@googlegroups.com
Try increasing swiotlb parameter, also check kernel messages for anything
related to swiotlb. Generally this is probably related to memory
fragmentation, so VM isn't able to get large enough continuous memory region
for the device.
If increasing swiotlb doesn't help, try the whole system reboot and start the
VM early (perhaps even set as autostart) - when memory isn't much fragmented.

--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

signature.asc

Olivier Médoc

unread,
Oct 30, 2014, 5:03:55 AM10/30/14
to qubes...@googlegroups.com
I use 16GB of RAM and I tried increasing the parameter swiotlb=16384,
but I still had the problem. Until I found that reducing the AppVM
memory from 4096GB to 2048GB.

Now it works, but I cannot assign 4096GB to the AppVM.




mihaig...@gmail.com

unread,
Nov 7, 2014, 8:10:59 AM11/7/14
to qubes...@googlegroups.com
On Wednesday, October 29, 2014 6:04:16 PM UTC+1, Olivier Médoc wrote:
> Hello,
>
> We are testing Qubes on our new laptop model.

I have the 820 G1 model and was wondering if you tested the self-encrypting SSD feature (Drive-lock option in the BIOS) and SecureBoot? ...look like (better?) alternatives to software encryption/antievil maid.

Manuel Amador (Rudd-O)

unread,
Nov 8, 2014, 1:43:48 AM11/8/14
to mihaig...@gmail.com, qubes...@googlegroups.com
Encryption you cannot verify in principle is never "better" than open
source encryption.

--
Rudd-O
http://rudd-o.com/


signature.asc

Olivier Médoc

unread,
Nov 10, 2014, 3:19:43 AM11/10/14
to qubes...@googlegroups.com
Apparently, DriveLock is not encryption, it is a password locking
mecanism implemented as a hardware ship on your hard drive (from what I
understood, not on the HDD controller, so that replacing the controller
does not unlock the harddrive). Now there isn't any technical
information on drive lock, so it is hard to give security advice on that.


mihaig...@gmail.com

unread,
Nov 11, 2014, 5:37:00 AM11/11/14
to qubes...@googlegroups.com
Manuel, I was saying "better" from performance point of view. SEDs do all encryption in hardware, OS encryption is software. Anyway, open source is same as closed source to me, since I am not able to audit each and every line of code. If you can, good for you.

Drive lock is the BIOS option that allows one to set the password needed to "unlock" an self-encrypyed disk.
http://h20331.www2.hp.com/Hpsub/downloads/Self_encrypting_drives_whitepaper.pdf
I will receive my SED this week and try to make it work, I thought maybe you already set it up.and was looking for guidance.

Reply all
Reply to author
Forward
0 new messages