kexec can't boot qubes 4.1 iso

[ghost]

Hi @tlaurion any chance to boot from heads? Did you try 4.1 iso?
I use master branch. 4-14.62-heads

[MrChromebox]

where are you seeing Qubes 4.1? 4.0.3 is the latest release

edit: would also help to mention what hardware is in use

[ghost]

@MrChromebox

laptop : x220
install media: https://openqa.qubes-os.org/tests/5493/asset/iso/Qubes-4.1-20200113-x86_64.iso
firmware: heads - boot fails.

laptop : x220-tablet
install media: https://openqa.qubes-os.org/tests/5493/asset/iso/Qubes-4.1-20200113-x86_64.iso
Rufus MBR/Legacy method dd (only legacy mode, uefi stuck before Anaconda start)
bios: modified 1.46 (unlocked RAM and whitelist wifi) NOT coreboot (http://www.mcdonnelltech.com/X220_v1.46_Modified_BIOS.zip) - boot success

[MrChromebox]

any reason you're using a nightly build instead of the 4.0.3 release? Can you test that so we know if it's version-specific?

[ghost]

any reason you're using a nightly build instead of the 4.0.3 release? Can you test that so we know if it's version-specific?

Yes. fedora-25 on dom0 is totally outdated and not supported (status on December 12th, 2017)
Qubes 4.1 runs fedora-31, xfce-4.14, new features, include installation, a lot of fresh packages etc.
Qubes builder works good for 4.1. Ok, i will try.

[MrChromebox]

I'll test both here as well and see if I can replicate on a Librem

[tlaurion]

@0rb677 @MrChromebox I confirm install works on my branch (not main Heads) for x230 for latest official QubesOS release (4.0.3). I didn't test any 4.1 release yet, while there are another issue linked to LUKS V2 not being supported (#669) which would probably fail to boot Fedora-31(?) based QubesOS install anyway until resolved (upgraded cryptsetup module, reproducibility of produced ROM images confirmed on CI for different host builders configs ( ubuntu, debian, fedora etc).

There was a fix a while back to be able to boot fedora-30 (#553) that I tested but your issue seems to be related to igfx corruption, which is supposed to be fixed under x220, but i'm not the best to confirm this.

Unfortunately, I just own x230 for testing. Will put that in my todo list but i'm quite busy right now.
If you want to ship a x220 to me, be my guest but reading QubesOS release schedule shows that we are far from 4.1. (So this is not a priority for me to test this now).

Please check in other issues for t420 and x220 users and ping them here. If you can confirm that their patchwork work, poke me in those PR and I will merge them asap. I lost track of the current t420 and x220 statuses, being more interested in 9elements work to port coreboot 4.11 correctly for those boards with VBOOT+measured boot with IFD and ME cleaned out so we have enough space to do interesting things for those boards.

We might as well open an issue to track who tests what hardware. That would be really helpful.

[MrChromebox]

Installers for both Qubes 4.0.3 and 4.1-20200113 boot fine on a Librem 13v4 running Heads master (bcf522c) + the handful of branding changes from Purism's tree. Given the display artifacts, there's at least an IOMMU config issue at play, perhaps more. I'd start by adding intel_iommu=igfx_off to the x220's coreboot config CONFIG_LINUX_COMMAND_LINE param, which both the x230 and Librems already use. That param only affects the Heads payload, not any kexec'd kernels.

[tlaurion]

See here

[tlaurion]

Personally, I would remove the quiet there for all the boards.

[MrChromebox]

Personally, I would remove the quiet there for all the boards

I'll push a PR after testing

[MrChromebox]

Personally, I would remove the quiet there for all the boards.

hmm, it's pretty verbose w/o 'quiet' and not in a particularly useful way

[tlaurion]

Agreed. Tested too. Nope!

[ghost]

@MrChromebox @tlaurion thanks, i just woke up, now i will reflash my laptop today.

[ghost]

Also changed chip to Winbond W25Q64.V and added iomem=relaxed

[tlaurion]

@0rb677 I wouldn't recommend 4.1:
QubesOS/qubes-doc#828

Fedora-25 on dom0 is not problematic, all needed packages are backported and all your actions should be in AppVMs, not dom0 anyway.

I would stick to 4.0.3 if I were you.

[tlaurion]

You built for qemu?

…

On February 15, 2020 10:35:23 PM UTC, 0rb677 ***@***.***> wrote: @tlaurion sad news. Also build is complete. If you want i can flash and test 4.1 media and do not update to xen 4.13 ``` 2020-02-16 01:21:54+03:00 INSTALL build/coreboot-4.8.1/qemu-coreboot/coreboot.rom => build/qemu-coreboot/coreboot.rom 2020-02-16 01:21:54+03:00 UNCHANGED build/coreboot-4.8.1/qemu-coreboot/coreboot.rom 29c4cc187ceecc4ca4b2edf0b24f12585295cc6f0c8b66b0f5f7173e84e02181 build/qemu-coreboot/coreboot.rom 29c4cc187ceecc4ca4b2edf0b24f12585295cc6f0c8b66b0f5f7173e84e02181 /home/user/heads/build/qemu-coreboot/coreboot.rom make[1]: Leaving directory '/home/user/heads' ``` -- You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub: #672 (comment)

-- Sent from /e/ Mail

[tlaurion]

make BOARD=desired_board qemu build is the default

…

On February 15, 2020 10:35:23 PM UTC, 0rb677 ***@***.***> wrote: @tlaurion sad news. Also build is complete. If you want i can flash and test 4.1 media and do not update to xen 4.13 ``` 2020-02-16 01:21:54+03:00 INSTALL build/coreboot-4.8.1/qemu-coreboot/coreboot.rom => build/qemu-coreboot/coreboot.rom 2020-02-16 01:21:54+03:00 UNCHANGED build/coreboot-4.8.1/qemu-coreboot/coreboot.rom 29c4cc187ceecc4ca4b2edf0b24f12585295cc6f0c8b66b0f5f7173e84e02181 build/qemu-coreboot/coreboot.rom 29c4cc187ceecc4ca4b2edf0b24f12585295cc6f0c8b66b0f5f7173e84e02181 /home/user/heads/build/qemu-coreboot/coreboot.rom make[1]: Leaving directory '/home/user/heads' ``` -- You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub: #672 (comment)

-- Sent from /e/ Mail

[tlaurion]

@0rb677 iomem=relaxed
Why is that?

[tlaurion]

Please follow the breadcrumbs by starting where it works:
#578

[ghost]

@tlaurion wow gui-init is amazing. Its works with my nitrokey-start

@tlaurion sorry i wrote make board=x220 instead make BOARD=x220
also fbwhiptail package available only if you connect your vm to vpn in my country.
iomem=relaxed you can dump flash from dom0 use coreboot-utils and flashrom for example

2020-02-16 10:41:32+03:00 MAKE coreboot
2020-02-16 10:42:12+03:00 DONE coreboot
"/home/user/heads/build/coreboot-4.8.1/x220/cbfstool" "/home/user/heads/build/coreboot-4.8.1/x220/coreboot.rom" print
Name                           Offset     Type           Size   Comp
cbfs master header             0x0        cbfs header        32 none
fallback/romstage              0x80       stage           86884 none
cpu_microcode_blob.bin         0x15480    microcode       25600 none
fallback/ramstage              0x1b900    stage           96557 none
cmos_layout.bin                0x33280    cmos_layout      1816 none
fallback/dsdt.aml              0x33a00    raw             13646 none
fallback/payload               0x36fc0    simple elf    6977487 none
(empty)                        0x6de800   null           954328 none
bootblock                      0x7c7800   bootblock        1968 none
2020-02-16 10:42:12+03:00 INSTALL   build/coreboot-4.8.1/x220/coreboot.rom => build/x220/coreboot.rom
e2c4e3d2de9c434155a1bee6d30741884a9985dfa1698a9c5efbe01c47ee7d1c  build/x220/coreboot.rom
e2c4e3d2de9c434155a1bee6d30741884a9985dfa1698a9c5efbe01c47ee7d1c  /home/user/heads/build/x220/coreboot.rom
make[1]: Leaving directory '/home/user/heads'

[tlaurion]

You looked at opened tickets for x220?

…

On February 16, 2020 7:45:02 AM UTC, 0rb677 ***@***.***> wrote: @tlaurion sorry i wrote `make board=x220` instead `make BOARD=x220` also fbwhiptail package available only if you connect your vm to vpn in my country. ``` 2020-02-16 10:41:32+03:00 MAKE coreboot 2020-02-16 10:42:12+03:00 DONE coreboot "/home/user/heads/build/coreboot-4.8.1/x220/cbfstool" "/home/user/heads/build/coreboot-4.8.1/x220/coreboot.rom" print Name Offset Type Size Comp cbfs master header 0x0 cbfs header 32 none fallback/romstage 0x80 stage 86884 none cpu_microcode_blob.bin 0x15480 microcode 25600 none fallback/ramstage 0x1b900 stage 96557 none cmos_layout.bin 0x33280 cmos_layout 1816 none fallback/dsdt.aml 0x33a00 raw 13646 none fallback/payload 0x36fc0 simple elf 6977487 none (empty) 0x6de800 null 954328 none bootblock 0x7c7800 bootblock 1968 none 2020-02-16 10:42:12+03:00 INSTALL build/coreboot-4.8.1/x220/coreboot.rom => build/x220/coreboot.rom e2c4e3d2de9c434155a1bee6d30741884a9985dfa1698a9c5efbe01c47ee7d1c build/x220/coreboot.rom e2c4e3d2de9c434155a1bee6d30741884a9985dfa1698a9c5efbe01c47ee7d1c /home/user/heads/build/x220/coreboot.rom make[1]: Leaving directory '/home/user/heads' ``` -- You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub: #672 (comment)

-- Sent from /e/ Mail

[ghost]

@tlaurion i dont understund what you mean,
i use this commit https://github.com/osresearch/heads/pull/578/files#diff-d8b4fe91f08f8822cbab99f7ea3eedf7R23 with intel_iommu=igfx_off enabled.

[tlaurion]

You'll have the 50 seconds bug related to cbfs size in coreboot not being right, detailed in other tickets and PR. Other then that. Can you kexec in Qubes 4.1?

…

On February 16, 2020 8:56:00 AM UTC, 0rb677 ***@***.***> wrote: @tlaurion i dont understund what you mean, i use this commit https://github.com/osresearch/heads/pull/578/files#diff-d8b4fe91f08f8822cbab99f7ea3eedf7R23 with `intel_iommu=igfx_off` enabled. -- You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub: #672 (comment)

-- Sent from /e/ Mail

[ghost]

@tlaurion 10-15 minutes, waiting for downloading iso.

[tlaurion]

If yes, please close the issue (kexec qubesos 4.1) and open other/comment in other tickets linked to your issues!

Happy that you like whiptail!

[tlaurion]

You should probably read this now #669

…

On February 16, 2020 9:06:37 AM UTC, 0rb677 ***@***.***> wrote: @tlaurion please wait 10-15 minutes, waiting for downloading iso. -- You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub: #672 (comment)

-- Sent from /e/ Mail

[ghost]

@MrChromebox @tlaurion thanx o lot but it doesn't help. Screen artefacts and boot stuck!
intel_iommu=igfx_off is enabled when kexec try to boot. need more time for tests. I can close temporary this ticket if you want.
i use this https://github.com/osresearch/heads/pull/578/files#diff-976724db470cd69ca59874dcba28ab59 and this
https://github.com/osresearch/heads/pull/578/files#diff-d8b4fe91f08f8822cbab99f7ea3eedf7
commits.
Can you please add to FLASHROM_OPTIONS winbond spi chip?
i agree with you @tlaurion and switch to Qubes Stable. It works better now.

[ghost]

@tlaurion @MrChromebox @flammit @SebastianMcMillan also x220 has different spi chips.
heads/initrd/bin/flash.sh need update. For example, my x220 tablet use -c "MX25L6406E/MX25L6408E" and x220 use -c "W25Q64.V", not -c MX25L6405D. Or you can't flash bios internal from heads or add gpg keys. I changed it manually.

 x220* )
    FLASHROM_OPTIONS='--force --noverify-all -p internal --ifd --image bios -c MX25L6406E/MX25L6408E'

and add to boards/x220/x220.config

export FLASHROM_OPTIONS='--force --noverify-all -p internal --ifd --image bios -c MX25L6406E/MX25L6408E'

Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
Found Macronix flash chip "MX25L6406E/MX25L6408E" (8192 kB, SPI) on linux_spi.

also need add cbfstool build/x220/coreboot.rom add -t raw -n initrd/.gnupg/public.key -f public.key instead documentation
and add textinfo package to build requirements (musl-cross)

also please do not remove this option CONFIG_ANY_TOOLCHAIN=y

coreboot: Using /home/user/heads/crossgcc/bin/i386-linux-musl-gcc
toolchain.inc:176: The coreboot toolchain for 'x86_32' architecture was not found.
toolchain.inc:212: 
toolchain.inc:213: To build the entire coreboot toolchain: run 'make crossgcc'
toolchain.inc:217: For more toolchain build targets: run 'make help_toolchain'
toolchain.inc:218: 
toolchain.inc:220: To try to use any toolchain in your path, run 'make menuconfig', then select
toolchain.inc:222: the config option: 'General setup', and 'Allow building with any toolchain'
toolchain.inc:224: Note that this is NOT supported. Using it means you're on your own.
toolchain.inc:226: 
toolchain.inc:228: *** Halting the build.  Stop.

[tlaurion]

Please leave this ticket open to track newer Xen kexec problems(?)
QubesOS 4.1 bug is probably linked to kexec needed changes to handle newer xen correctly.
Ping @osresearch @flammit @MrChromebox : if you have time to play with QubesOS 4.1 on qemu (and/or create a small draft on how to properly test with qemu to help others troubleshoot this would be awesome.)

@0rb677 : My intuition on (irrelevant here) internal flash chip definition is happening here

@0rb677: Please participate under relevant tickets to continue troubleshooting, testing of other PRs. If it works for you, say it there. It will help merging those changes upstream for everyone.
Universal flash (flash command under board config)
X220/T420 support

X220/T420 and X230/T430 are very similar while different. Don't hesitate to tag SebastianMcMillan techge and flawedworld in relevant tickets for those people owning the same boards to facilitate collaboration to resolve remaining issues upstream, test code and facilitate merging.

[tlaurion]

@osresearch pointed to this, that may have reappeared in latest Xen and doesn't permit kexec to launch Xen, maybe because of bad ELF format.

@marmarek, can you take a look?
Edit: link corrected.

[marmarek]

Are you sure that is the correct link? It points at flashrom options, I don't think that has anything to do with kexec.

[tlaurion]

@marmarek: sorry. link corrected.

[tlaurion]

@marmarek : have you been able to shed some light to the issue and discussion pointed here?

[marmarek]

Not yet