> Last resort is to flash back the OEM image but I'm hoping to avoid that.

I would suggest to do this step now. As interim step, Then you can verify everything you are trying to do
with Coreboot. The first and obvious step is to check for MCU using dmesg, if any exists. If yes, the next
step, probably, is to retrieve MCU from BIOS and port it to Coreboot, so you can be sure that this is not
an issue.

Then you can verify all the rest:XEN, Cubes and etc., and record use cases wit logs, before returning
back to Coreboot.

Zoran

On Wed, Nov 29, 2017 at 10:48 PM, awokd <awokd@elude.in> wrote:
On Wed, November 29, 2017 16:35, Ivan Ivanov wrote:
> Hi awokd,
Hi and thanks for your reply!

> are you sure that your HVM is correctly installed / has a
> correct config ?
> Because: you may have heard about Qubes OS - excellent OS which is based
> on Xen,
> has the same and even stronger security than Xen in some cases, and it
> is working perfectly
> at Lenovo G505S laptop with coreboot installed

Qubes 4.0 is actually my end target usage scenario, however it defaults to
using HVMs (vs. 3.2 which defaulted to PV) so I was unable to run it at
all until I managed to switch everything to PV. I ruled the freezes out as
a Qubes issue by performing a fresh install of Fedora 26, and installing
Xen 4.8.2 from repository on it. Creating and starting PVs worked but I
was able to recreate the lock up by creating a HVM on Xen and trying to
start it.

> Please go to Qubes HCL hardware compatibility list page -
> https://www.qubes-os.org/hcl/ ,
> and look at G505S report for Qubes R3.2 version - both HVM and IOMMU
> and even SLAT :
> all these hardware virtualization functions are working perfectly.

Mine reports they are enabled as well, it's just when I attempt to use an
HVM I'm experiencing the freeze! Thus my plea for help to the list to see
if anyone has actually tried to use an HVM on this Corebooted hardware.

> also please read this message:
> https://groups.google.com/forum/#!msg/qubes-users/TS1zfKZ7q8w/JQFkVF4xBgAJ
> it contains a link to a forum post with attachments, not just .config
> but also the coreboot G505S binaries
> which have been tested with Qubes OS
> (yes they have been done almost 1 year ago, outdated, but they contain
> some nice extra stuff)

I did see that post, thank you. It was one of the ones that convinced me
to buy this particular laptop for Qubes usage. I followed the guide in the
forum link to build Coreboot. I've tried it with and without Yabel and
multiple other settings but they've all resulted in the freeze.

> about 0 bytes cpu_microcode_blob.bin - if you look at the memory map
> of 1 year old coreboot G505S build,
> (provided below), there is no microcode. My guess is that no microcode
> is needed for A10-5750M APU,
> it is Richland architecture which is pretty refined, not even sure if
> the microcode updates exist for this one -
> please tell me if I'm wrong here

Maybe there isn't one at all. The processor isn't that old but it's
already hard to find vendor documentation on it.

If I can't find anyone who can verify success with HVMs, my next step will
be to try KVM and ESXi on it to see if I can recreate the issue. Last
resort is to flash back the OEM image but I'm hoping to avoid that.