HCL - Lenovo Thinkpad X200

506 views
Skip to first unread message

Kevin Lipe

unread,
Oct 23, 2015, 10:02:31 PM10/23/15
to qubes...@googlegroups.com
Hello Qubes folks:

I got Qubes R3 up and running on my trusty old Thinkpad X200 today. I've attached my HCL report.

This is a Core 2 Duo machine and supposedly supports VT-d, but I wasn't able to get Qubes to install until I disabled VT-d in the BIOS setup. X wouldn't start for the installer, and then the text mode installer would hang in weird places. Turned VT-d off, and everything installed without a hitch. I haven't tried going back in and turning it back on to see if Qubes will boot with it enabled.

This machine has a TPM, and the qubes-hcl-report tool sees it.

Qubes is very cool. I've always been a linux nerd, but the Snowden stuff has started to turn me into a privacy/security nerd, too. I'm kinda tied to my MacBook Pro for some of my work, but hopefully I can get my workflows up and running in Qubes and replace my Chromebook that I do most of my writing on (in Emacs via crouton) with some sort of Qubes machine soon.

Let me know if there are other reports I can make or things I can run to give you more X200 info. I love this machine and would love to see it fully supported!
Qubes-HCL-LENOVO-2024B53-20151023-214242.yml

Thierry Laurion

unread,
Dec 12, 2015, 8:12:38 PM12/12/15
to qubes-users
Interesting information to make this marvelous laptop go further.
Xen 4.6 supports more workaround around a bug known in gm45 chipset with vt-d.

It is important to know that the support for core 2 duo is linked to microcode update version.
Mine in the following report is 1067a on a p8700 cpu, which is the latest available, so no need to inject microcode update to make virtualisation work. (vt-x and vt-d are initialisable)

Here are the reports.

Bug: not possible to have a netvm working with vt-d activated. Still have to deactive vt-d to have a working setup, but it seems that vt-d is possible.
Please help me make this marvelous laptop reach a mature level with Qubes.

To make the laptop boot until before netvm, and reach state where the two attached files could be produced:
iommu=no-igfx iommu=verbose iommu=debug

Thierry
Qubes-HCL-LENOVO-745434U-20151212-193925.yml
x200_vtd_works_on_latest_bios_with_no-igfx

Thierry Laurion

unread,
Dec 12, 2015, 9:51:59 PM12/12/15
to qubes-users
Even more interesting: TPM is detected when providing:
iommu=pv iommu=pass-through iommu=no-igfx

Still: no love when netvm boots; random freeze.
I would love to debug this further and digging for it.

Is there a way to activate kernel dump when cpu freezes?


Thierry

Le samedi 24 octobre 2015 02:02:31 UTC, Kevin Lipe a écrit :

piitb...@gmail.com

unread,
Mar 20, 2016, 5:50:33 PM3/20/16
to qubes-users
Hello,

I would like to use my X200 as 2nd laptop because of the great keyboard, compact size and because performance has been improved after upgrading to a SSD and 8 Gig RAM.
I tried already several things in order to run the installer on Lenovo X200. Only disabling VT-d did the trick and I was able to launch the Qube OS installer via USB.
with VT-d enabled the Installer will freeze before starting.


Am Sonntag, 13. Dezember 2015 03:51:59 UTC+1 schrieb Thierry Laurion:
Still: no love when netvm boots; random freeze.
I would love to debug this further and digging for it.

Regarding the random freezes: when and how do those occur? Would you call Qube OS 3.1 usable as primary OS on the X200?

- Piit

7v5w7go9ub0o

unread,
Mar 20, 2016, 7:34:50 PM3/20/16
to qubes...@googlegroups.com
Now that it is installed, can you re-enable VT-d?

<https://www.qubes-os.org/doc/user-faq/#can-i-install-qubes-on-a-system-without-vt-d>

"...Yes. You can even run a NetVM, but you will not benefit from DMA
protection for driver domains. On a system without VT-d, everything
should work in the same way, except there will be no real security
benefit to having a separate NetVM, as an attacker could always use a
simple DMA attack to go from the NetVM to Dom0...."

piitb...@gmail.com

unread,
Mar 21, 2016, 5:49:59 AM3/21/16
to qubes-users


Am Montag, 21. März 2016 00:34:50 UTC+1 schrieb 7v5w7go9ub0o:

On 03/20/2016 09:50 PM, piitb...@gmail.com wrote: 
(...)
> Only disabling VT-d did the trick and I was able to launch the Qube
> OS installer via USB.
> with VT-d enabled the Installer will freeze before starting.
(...)

Now that it is installed, can  you re-enable VT-d?
<https://www.qubes-os.org/doc/user-faq/#can-i-install-qubes-on-a-system-without-vt-d>
"...Yes. You can even run a NetVM, but you will not benefit from DMA
protection for driver domains. On a system without VT-d, everything
should work in the same way, except there will be no real security
benefit to having a separate NetVM, as an attacker could always use a
simple DMA attack to go from the NetVM to Dom0...."

I have re-enabled VT-d after I've restarted the boot process hangs again.
So disabling VT-d is th eonl yoption

- Piit
Reply all
Reply to author
Forward
0 new messages