next project: figuring out how to exorcize this gunyah hypervisor bullshit from my thinkpad
the answer of course is obvious: coreboot
sl2bounce is cute, but where i'm going, i won't be needing that anymore
@ariadne are there unfused thinkpads? 0.o
@ariadne unfortunately, anything prior to (and including) the UEFI boot stage are signed with them being fused
some small OEMs forget to fuse, but Lenovo isn't one of them, as unfused breaks HDCP and DRM
@never_released well thatβs rude of them
@ariadne this is basically the opposite of PC evolution which went from a fully open system (which I grew up on) to trying to figure out how to secure it (TPM, TXT, DRTM etc.). The QC SoCs started with the mobile ecosystem with a strict boot chain locked to the device manufacturer, and it is loosening up. The Gunyah hypervisor early boot is mainly there to make sure the peripherals and their firmware are properly initialized and isolated. It is then switched to the platform hypervisor on Windows systems (and to Linux on EL2 with the slbounce thing). And yes, this is a much longer way of saying that it is not really possible to make it go away in a correctly configured device. @never_released
@canacar @never_released then can we at least get a fix for it to make it work with 64GB of RAM?
@valpackett @ariadne Anything pre-bootguard (Ivy Bridge and earlier), and also any Haswell ThinkPads with socketed CPUs (ThinkPad T440p/W450/W451/L440/L540) do not have bootguard. Anything with MEv11 (Skylake and Kaby Lake/Kaby Lake Refresh, so T460/T470/T480-era) has bootguard, but it can be bypassed with deguard.
@noisytoot @valpackett too bad itβs x86 garbage
@ariadne @never_released this is in my list to follow up on but things were quite busy recently. I suspect the DT available at boot is a generic one where "32G should be enough for everyone". If so Lenovo may have to provide an update. Are there any other publicly available bug reports or discussions on this I can refer to when discussing internally?
@never_released @ariadne is this just the memory Gunyah reserves for itself and other use cases (that may not be applicable to Linux?) I thought the missing memory was on the order of Gigabytes, so I assumed a configuration issue somewhere. I will bring this up with the right teams, but having a good description will help a lot.
@never_released @ariadne but how would that lead to missing memory?
@never_released @ariadne do you know how Android handles this? I will probably find out next week but still ...