search

Dasharo / dasharo-issues

The Dasharo issue tracker
https://dasharo.com/
25 stars 0 forks source link

Early DMA check in ubuntu fails #985

Open philipandag opened 2 months ago

philipandag commented 2 months ago

Component

Dasharo firmware

Device

NovaCustom V54 14th Gen

Dasharo version

v0.9.1-rc1

Dasharo Tools Suite version

No response

Test case ID

EDP001.001

Brief summary

Early DMA protection check using cbmem fail

How reproducible

100% in two retries

How to reproduce

Do the EDP001.001 test manually

Expected behavior

output should contain: [DEBUG] VT-d @ 0xfed91000, version 5.0 [INFO ] Setting DMA protection [0x0 - 0x46c00000] [INFO ] Setting DMA protection [0x100000000 - 0x00000008afc00000] [INFO ] Successfully enabled VT-d PMR DMA protection

Actual behavior

root@3mdeb:/home/ubuntu# ./cbmem -1 | grep -i "dma"
?ACPI:    * DMAR
?soc_fill_dmar - gfxvtbar:0xfc800000  0xfc800001
root@3mdeb:/home/ubuntu# 
root@3mdeb:/home/ubuntu# ./cbmem -1 | grep -i "protection"
?BM-LOCKDOWN: Skipping enabling boot media protection
?ME: SPI Protection Mode Enabled : NO
root@3mdeb:/home/ubuntu#

Screenshots

No response

Additional context

No response

Solutions you've tried

No response

mkopec commented 2 months ago

The code to configure DMA protection is not wired up on soc/intel/meteorlake

mkopec commented 2 months ago

Most likely just need to apply https://review.coreboot.org/c/coreboot/+/68450 but for meteorlake and that should be enough

philipandag commented 2 months ago

I am applying the patch here: https://github.com/Dasharo/coreboot/pull/553. We need the Intel FSP to compile and test it on the target platform though.

philipandag commented 2 months ago

After applying the patch cbmem -l shows

[ERROR]  VT-d PMR HOB not found, not enabling DMA protection
philipandag commented 2 months ago

The test passes on V560TNE with v0.9.1-rc4.

philipandag commented 1 month ago

Not working on V540TND with v0.9.1-rc5

ubuntu@3mdeb:~$ grep -i "vt-d" cbmem-dma-enabled.log
[DEBUG]  VT-d @ 0xfc801000, version 7.0
[ERROR]  VT-d PMR HOB not found, not enabling DMA protection

cbmem-dma-enabled.log cbmem-dma-disabled.log

SebastianCzapla commented 3 weeks ago

Issue still present in v0.9.1-rc6. cbmem-dma-enabled.txt

SebastianCzapla commented 2 weeks ago

Issue still present in v0.9.1-rc7. cbmem-dma-enabled.txt

mkopec commented 2 weeks ago

@SebastianCzapla The option was supposed to be hidden, how are you testing if it's not visible?

SebastianCzapla commented 2 weeks ago

You are right, it is not visible in the security options. I misread other option for it, my bad.