[coreboot] Lenovo G505s AMD Hardware Virtualization
Ivan Ivanov
qmastery16 at gmail.com
Fri Dec 1 16:33:14 CET 2017
> Mine reports they are enabled as well, it's just when I attempt to use
> an HVM I'm experiencing the freeze! Thus my plea for help to the list
> to see if anyone has actually tried to use an HVM on this Corebooted
> hardware
I have thought that if Qubes sees HVM available it is always using it.
(so if Qubes reports to you that HVM is enabled, that means its using
HVM and without any problems). Am I wrong here?
> Last resort is to flash back the OEM image but I'm hoping to avoid that.
It is rare that a default proprietary UEFI/BIOS has a good virtualization
support, especially for AMD-based consumer level hardware.
E.g. I am almost sure that no IOMMU supported by that InsydeH2O,
but still it would be curious to hear your results...
> That is a painful (because this laptop needs to be completely
> disassembled to get at the flash chip, and it's a Lenovo crippled
> InsydeH2O EFI BIOS with phone home capability) but logical approach
Next time you disassemble, you could carefully cut a small window
(e.g. using a heated knife or soldering iron) inside the bottom's half of a
laptop. Please check out the attached image to see how to do it safely.
After you cut this window - you could attach SOIC8 clip to a flash chip
without completely disassembling your laptop. But, because of the
same reason, someone may use your "quick access window" to quickly
flash a "coreboot with added backdoors" image - since now he doesn't
need to completely disassemble your laptop, can do it very quickly.
So you will have to never leave your laptop unattended after this mod,
or at least invent some additional security measures (vboot?) ...
2017-12-01 15:10 GMT+03:00 awokd <awokd at elude.in>:
> On Thu, November 30, 2017 05:38, Zoran Stojsavljevic wrote:
>>> Last resort is to flash back the OEM image but I'm hoping to avoid that.
>>
>> I would suggest to do this step now. As interim step, Then you can verify
>> everything you are trying to do
>> with Coreboot. The first and obvious step is to check for MCU using dmesg,
>> if any exists. If yes, the next
>> step, probably, is to retrieve MCU from BIOS and port it to Coreboot, so
>> you can be sure that this is not
>> an issue.
>>
>> Then you can verify all the rest:XEN, Cubes and etc., and record use cases
>> wit logs, before returning
>> back to Coreboot.
>
> That is a painful (because this laptop needs to be completely disassembled
> to get at the flash chip, and it's a Lenovo crippled InsydeH2O EFI BIOS
> with phone home capability) but logical approach. Thanks, will report back
> on where this problem bisection leads and/or a resolution when I get
> there.
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: G505S_underneath.png
Type: image/png
Size: 874144 bytes
Desc: not available
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20171201/7f2ec7c9/attachment-0001.png>
More information about the coreboot
mailing list