Mine reports they are enabled as well, it's just when I attempt to use an HVM I'm experiencing the freeze! Thus my plea for help to the list to see if anyone has actually tried to use an HVM on this Corebooted hardware
I have thought that if Qubes sees HVM available it is always using it. (so if Qubes reports to you that HVM is enabled, that means its using HVM and without any problems). Am I wrong here?
Last resort is to flash back the OEM image but I'm hoping to avoid that.
It is rare that a default proprietary UEFI/BIOS has a good virtualization support, especially for AMD-based consumer level hardware. E.g. I am almost sure that no IOMMU supported by that InsydeH2O, but still it would be curious to hear your results...
That is a painful (because this laptop needs to be completely disassembled to get at the flash chip, and it's a Lenovo crippled InsydeH2O EFI BIOS with phone home capability) but logical approach
Next time you disassemble, you could carefully cut a small window (e.g. using a heated knife or soldering iron) inside the bottom's half of a laptop. Please check out the attached image to see how to do it safely. After you cut this window - you could attach SOIC8 clip to a flash chip without completely disassembling your laptop. But, because of the same reason, someone may use your "quick access window" to quickly flash a "coreboot with added backdoors" image - since now he doesn't need to completely disassemble your laptop, can do it very quickly. So you will have to never leave your laptop unattended after this mod, or at least invent some additional security measures (vboot?) ...
2017-12-01 15:10 GMT+03:00 awokd awokd@elude.in:
On Thu, November 30, 2017 05:38, Zoran Stojsavljevic wrote:
Last resort is to flash back the OEM image but I'm hoping to avoid that.
I would suggest to do this step now. As interim step, Then you can verify everything you are trying to do with Coreboot. The first and obvious step is to check for MCU using dmesg, if any exists. If yes, the next step, probably, is to retrieve MCU from BIOS and port it to Coreboot, so you can be sure that this is not an issue.
Then you can verify all the rest:XEN, Cubes and etc., and record use cases wit logs, before returning back to Coreboot.
That is a painful (because this laptop needs to be completely disassembled to get at the flash chip, and it's a Lenovo crippled InsydeH2O EFI BIOS with phone home capability) but logical approach. Thanks, will report back on where this problem bisection leads and/or a resolution when I get there.
