influence factors
boot options
- intel_iommu_setup
intel_iommu=on,off,igfx_off,forcedac,strict,sp_off,sm_on,tboot_noforce,nobounce
- iommu_setup
iommu=off,force,noforce,biomerge,panic,nopanic,merge,nomerge,forcesac,allowdac,nodac,usedac,soft,pt,nopt
TXT/tboot
Intel® Trusted Execution Technology and trusted boot
- CONFIG_INTEL_TXT
- boot_params.tboot_addr
If tboot is enabled, we may get the following kernel log during tboot_probe():
pr_info("found shared page at phys addr 0x%llx:\n",
boot_params.tboot_addr);
platform opt in
- CONFIG_DMAR_TABLE
- ACPI_SIG_DMAR ----> DMAR_PLATFORM_OPT_IN
‘iasl’ is a tool that can translate AML binary files to readable ASL source files. Install it on Ubuntu:
apt-get install iasl
Parse ‘DMAR’ e.g.,
ubuntu@ubuntu-01:~/$ sudo iasl -p ~/result -d /sys/firmware/acpi/tables/DMAR
Intel ACPI Component Architecture
ASL+ Optimizing Compiler/Disassembler version 20180105
Copyright (c) 2000 - 2018 Intel Corporation
Input file /sys/firmware/acpi/tables/DMAR, Length 0x50 (80) bytes
ACPI: DMAR 0x0000000000000000 000050 (v02 INTEL EDK2 00000002 01000013)
Acpi Data Table [DMAR] decoded
Formatted output: /home/ubuntu/result.dsl - 2458 bytes
View the result.dsl:
[000h 0000 4] Signature : "DMAR" [DMA Remapping table]
[004h 0004 4] Table Length : 00000050
[008h 0008 1] Revision : 02
[009h 0009 1] Checksum : 3D
[00Ah 0010 6] Oem ID : "INTEL "
[010h 0016 8] Oem Table ID : "EDK2 "
[018h 0024 4] Oem Revision : 00000002
[01Ch 0028 4] Asl Compiler ID : " "
[020h 0032 4] Asl Compiler Revision : 01000013
[024h 0036 1] Host Address Width : 26
[025h 0037 1] Flags : 05
[026h 0038 10] Reserved : 00 00 00 00 00 00 00 00 00 00
...
We can see the ‘flags’ is ‘05’, refer to the following definition:
/* DMAR Flags */
#define DMAR_INTR_REMAP 0x1
#define DMAR_X2APIC_OPT_OUT 0x2
#define DMAR_PLATFORM_OPT_IN 0x4
- untrusted pci devices
Refer to this article from LWN:
Bounce buffers for untrusted devices
A PCI device is marked untrusted if the firmware marks its root port as external (currently only if the ExternalFacingPort ACPI property is set); that should be the case for Thunderbolt devices.
Combinations
Assumes:
- BIOS Intel VT-d is enabled
- CONFIG_INTEL_IOMMU_DEFAULT_ON is not set
- No trusted boot
intel_iommu= | iommu= | (no optin) or (no untrusted dev) | initialization result | |||
on | off | on | off | pt | ||
yes | off | |||||
yes | off | |||||
no | pt | |||||
yes | no | pt | ||||
yes | no | pt | ||||
yes | on | |||||
yes | yes | pt | ||||
yes | yes | yes | off | |||
yes | yes | no | on |