Apple MacBook Air - A1369

Remarks

  • Will not run Qubes OS 4.1

  • Will not even boot the 4.0.4 installer ISO

  • 4.0.3 works like a charm from a usability perspective (not so sure about security-wise)

  • sys-net must be run in paravirtualized mode (PV), and required kmod-wl to be installed, as well as a systemd service (attached below)

  • The following HVMs work great: Windows 10, Windows 11, FreeBSD, Android x86, most major Linux distros. Oh, and TempleOS works too!

  • 4GB of RAM (soldered) is an absolute nightmare with Qubes OS. You can basically have sys-net, sys-firewall, and sys-whonix open, with 1-2 extra qubes open (AppVMs or disp-mgmt-templates). You can’t practically use it while performing system updates, because there isn’t enough RAM for both…

  • If you close the lid, it will sleep, and when you open the lid, it will wake, however the screen will just stay black (illuminated, though). I will write further updates on this as I investigate.

More details will follow…

Attachments

Qubes-HCL-Apple_Inc_-MacBookAir4_2-20211104-203623.yml (886 Bytes)
Processing: fix-wifi.service…

Systemd service file for prepping BCM43221 wifi/bluetooth card for Xen
[Unit]
Description=Reset Broadcom Wifi Card to Allow PCI Passthrough

[Service]
ExecStart=/usr/local/bin/working-wifi.sh

[Install]
WantedBy=multi-user.target
/usr/local/bin/working-wifi.sh
#!/bin/sh
# Post-Install - Load this so that you can make it through Qubes OS first boot "Setting Up Networking" without your whole machine freezing
#echo 1 > /sys/bus/pci/devices/0000\:02\:00.0/remove

# then comment out everything above this line, and UNCOMMENT everything below this line - You're good to go!
echo 2:00.0 > /sys/bus/pci/drivers/pciback/permissive
echo 2:00.0 > /sys/bus/pci/drivers/pciback/allow_interrupt_control
echo 1 > /sys/bus/pci/drivers/pciback/0000\:2\:00.0/d3cold_allowed
echo pciback > /sys/bus/pci/drivers/pciback/0000\:2\:00.0/driver_override
echo 1 > /sys/bus/pci/drivers/pciback/0000\:2\:00.0/reset
1 Like

Thank you @alzer89 once again for your HCL report, which is now online

UPDATE - Broadcom Wi-FI BCM43224 sys-net System Freeze

It appears that the workaround above for the BCM43224 PCI passthrough to sys-net does not work from a cold boot.

The thing that is frustrating me is that I did something to it to make it work, but I can’t remember what I did. :sweat_smile:

I will provide the relevant updates and edits once I figure out what is actually needed to make it work.

In dom0, /var/log/xen/console/guest-sys-net.log does show some interesting information, however once the system freezes, the logs are not present after rebooting, so I cannot save them.

I will upload the logs once I figure out how to get them, and would appreciate any help/guidance anyone would be able to offer.

Thanks in advance!

And as soon as I write this, it appears to work flawlessly… :expressionless:


Either way, here are the logs when it works:
when the following commands are executed:

qvm-start sys-net # WITHOUT BCM43221 attached
# Once sys-net is fully started
sudo xl pci-attach sys-net 02:00.0

/var/log/xen/console/guest-sys-net.log:

[   32.173530] pcifront pci-0: Rescanning PCI Frontend Bus 0000:00
[   32.179777] pci 0000:00:01.0: [14e4:4353] type 00 class 0x028000
[   32.183329] pci 0000:00:01.0: reg 0x10: [mem 0xa0400000-0xa0403fff 64bit]
[   32.216867] pci 0000:00:01.0: supports D1 D2
[   32.218244] pcifront pci-0: New device on 0000:00:01.0 found.
[   32.228176] pcifront pci-0: claiming resource 0000:00:01.0/0
[   32.393976] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[   32.444319] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[   32.552251] wl: module license 'MIXED/Proprietary' taints kernel.
[   32.552271] Disabling lock debugging due to kernel taint
[   32.578834] wl: module verification failed: signature and/or required key missing - tainting kernel
[   32.611338] wl 0000:00:01.0: Xen PCI mapped GSI17 to IRQ31
[   32.739627] eth0: Broadcom BCM4353 802.11 Hybrid Wireless Controller 6.30.223.271 (r587334)
[   32.739632] 
[   32.860701] wl 0000:00:01.0 wlp0s1: renamed from eth0

This sometimes works, and sometimes causes a system freeze (still not sure why…)


…and when it causes a system freeze:
/var/log/xen/console/guest-sys-net.log

[    0.000000] Linux version 5.14.15-1.fc25.qubes.x86_64 (mockbuild@build-fedora4) (gcc (GCC) 6.4.1 20170727 (Red Hat 6.4.1-1), GNU ld version 2.26.1-1.fc25) #1 SMP Fri Oct 29 07:08:08 CEST 2021
[    0.000000] Command line: root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 xen_scrub_pages=0 nopat iommu=soft swiotlb=8192
[    0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
[    0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
[    0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
[    0.000000] x86/fpu: xstate_offset[2]:  576, xstate_sizes[2]:  256
[    0.000000] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'standard' format.
[    0.000000] signal: max sigframe size: 1776
[    0.000000] ACPI in unprivileged domain disabled
[    0.000000] Released 0 page(s)
[    0.000000] BIOS-provided physical RAM map:
[    0.000000] Xen: [mem 0x0000000000000000-0x000000000009ffff] usable
[    0.000000] Xen: [mem 0x00000000000a0000-0x00000000000fffff] reserved
[    0.000000] Xen: [mem 0x0000000000100000-0x0000000018ffffff] usable
[    0.000000] Xen: [mem 0x0000000019000000-0x000000001fffffff] unusable
[    0.000000] Xen: [mem 0x0000000020000000-0x00000000201fffff] reserved
[    0.000000] Xen: [mem 0x0000000020200000-0x000000003fffffff] unusable
[    0.000000] Xen: [mem 0x0000000040000000-0x00000000401fffff] reserved
[    0.000000] Xen: [mem 0x0000000040200000-0x000000008ad33fff] unusable
[    0.000000] Xen: [mem 0x000000008ad34000-0x000000008ad5efff] ACPI NVS
[    0.000000] Xen: [mem 0x000000008ad5f000-0x000000008ad6efff] unusable
[    0.000000] Xen: [mem 0x000000008ad6f000-0x000000008ad8efff] ACPI data
[    0.000000] Xen: [mem 0x000000008ad8f000-0x000000008ae30fff] unusable
[    0.000000] Xen: [mem 0x000000008ae31000-0x000000008ae8efff] reserved
[    0.000000] Xen: [mem 0x000000008ae8f000-0x000000008aed0fff] unusable
[    0.000000] Xen: [mem 0x000000008aed1000-0x000000008aefefff] reserved
[    0.000000] Xen: [mem 0x000000008aeff000-0x000000008afa1fff] unusable
[    0.000000] Xen: [mem 0x000000008afa2000-0x000000008f9fffff] reserved
[    0.000000] Xen: [mem 0x00000000e00f8000-0x00000000e00f8fff] reserved
[    0.000000] Xen: [mem 0x00000000fec00000-0x00000000fec00fff] reserved
[    0.000000] Xen: [mem 0x00000000fed1c000-0x00000000fed1ffff] reserved
[    0.000000] Xen: [mem 0x00000000fee00000-0x00000000feefffff] reserved
[    0.000000] Xen: [mem 0x00000000ffed0000-0x00000000ffefffff] reserved
[    0.000000] x86/PAT: PAT support disabled via boot option.
[    0.000000] NX (Execute Disable) protection: active
[    0.000000] DMI not present or invalid.
[    0.000000] Hypervisor detected: Xen PV
[    0.136503] tsc: Fast TSC calibration failed
[    0.136513] tsc: Detected 1696.155 MHz processor
[    0.136544] last_pfn = 0x19000 max_arch_pfn = 0x400000000
[    0.136546] Disabled
[    0.136552] x86/PAT: Configuration [0-7]: WB  WT  UC- UC  WC  WP  UC  UC  
[    0.315899] Kernel/User page tables isolation: disabled on XEN PV.
[    0.435327] RAMDISK: [mem 0x04000000-0x04ed3fff]
[    0.435430] NUMA turned off
[    0.435432] Faking a node at [mem 0x0000000000000000-0x0000000018ffffff]
[    0.435445] NODE_DATA(0) allocated [mem 0x18f2e000-0x18f58fff]
[    0.440224] Zone ranges:
[    0.440231]   DMA      [mem 0x0000000000001000-0x0000000000ffffff]
[    0.440234]   DMA32    [mem 0x0000000001000000-0x0000000018ffffff]
[    0.440236]   Normal   empty
[    0.440238]   Device   empty
[    0.440239] Movable zone start for each node
[    0.440243] Early memory node ranges
[    0.440244]   node   0: [mem 0x0000000000001000-0x000000000009ffff]
[    0.440246]   node   0: [mem 0x0000000000100000-0x0000000018ffffff]
[    0.440249] Initmem setup node 0 [mem 0x0000000000001000-0x0000000018ffffff]
[    0.440256] On node 0, zone DMA: 1 pages in unavailable ranges
[    0.440290] On node 0, zone DMA: 96 pages in unavailable ranges
[    0.441441] On node 0, zone DMA32: 28672 pages in unavailable ranges
[    0.441450] p2m virtual area at (____ptrval____), size is 40000000
[    0.765665] Remapped 0 page(s)
[    0.765757] smpboot: Allowing 2 CPUs, 0 hotplug CPUs
[    0.765786] [mem 0x8fa00000-0xe00f7fff] available for PCI devices
[    0.765791] Booting paravirtualized kernel on Xen
[    0.765792] Xen version: 4.8.5-35.fc25 (preserve-AD)
[    0.765796] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1910969940391419 ns
[    0.772298] setup_percpu: NR_CPUS:8192 nr_cpumask_bits:2 nr_cpu_ids:2 nr_node_ids:1
[    0.772469] percpu: Embedded 55 pages/cpu s188416 r8192 d28672 u1048576
[    0.772549] PV qspinlock hash table entries: 256 (order: 0, 4096 bytes, linear)
[    0.772556] Built 1 zonelists, mobility grouping on.  Total pages: 100544
[    0.772559] Policy zone: DMA32
[    0.772561] Kernel command line: root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 xen_scrub_pages=0 nopat iommu=soft swiotlb=8192
[    0.772598] You have booted with nomodeset. This means your GPU drivers are DISABLED
[    0.772599] Any video related functionality will be severely degraded, and you may not even be able to suspend the system properly
[    0.772601] Unless you actually understand what nomodeset does, you should reboot without enabling it
[    0.772740] Unknown command line parameters: rd_NO_PLYMOUTH
[    0.772767] Dentry cache hash table entries: 65536 (order: 7, 524288 bytes, linear)
[    0.772786] Inode-cache hash table entries: 32768 (order: 6, 262144 bytes, linear)
[    0.773129] mem auto-init: stack:byref_all(zero), heap alloc:on, heap free:on
[    0.773131] mem auto-init: clearing system memory may take some time...
[    0.827149] Memory: 316032K/409212K available (16393K kernel code, 3496K rwdata, 5552K rodata, 3316K init, 4720K bss, 92928K reserved, 0K cma-reserved)
[    0.827160] random: get_random_u64 called from __kmem_cache_create+0x2b/0x4a0 with crng_init=0
[    0.827571] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1
[    0.828452] ftrace: allocating 47882 entries in 188 pages
[    0.846938] ftrace: allocated 188 pages with 5 groups
[    0.847358] rcu: Hierarchical RCU implementation.
[    0.847361] rcu: 	RCU restricting CPUs from NR_CPUS=8192 to nr_cpu_ids=2.
[    0.847363] 	Trampoline variant of Tasks RCU enabled.
[    0.847364] 	Rude variant of Tasks RCU enabled.
[    0.847365] 	Tracing variant of Tasks RCU enabled.
[    0.847366] rcu: RCU calculated value of scheduler-enlistment delay is 100 jiffies.
[    0.847368] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=2
[    0.861250] Using NULL legacy PIC
[    0.861255] NR_IRQS: 524544, nr_irqs: 48, preallocated irqs: 0
[    0.861317] xen:events: Using FIFO-based ABI
[    0.861417] Console: colour dummy device 80x25
[    0.861548] printk: console [tty0] enabled
[    0.862792] printk: console [hvc0] enabled
[    0.862839] clocksource: xen: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
[    0.863208] installing Xen timer for CPU 0
[    0.863452] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x1872f71be9c, max_idle_ns: 440795240018 ns
[    0.863479] Calibrating delay loop (skipped), value calculated using timer frequency.. 3392.31 BogoMIPS (lpj=1696155)
[    0.863498] pid_max: default: 32768 minimum: 301
[    0.863614] LSM: Security Framework initializing
[    0.863642] Yama: becoming mindful.
[    0.863713] Mount-cache hash table entries: 1024 (order: 1, 8192 bytes, linear)
[    0.863729] Mountpoint-cache hash table entries: 1024 (order: 1, 8192 bytes, linear)
[    0.864642] Last level iTLB entries: 4KB 512, 2MB 8, 4MB 8
[    0.864656] Last level dTLB entries: 4KB 512, 2MB 32, 4MB 32, 1GB 0
[    0.864672] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization
[    0.864688] Spectre V2 : Mitigation: Full generic retpoline
[    0.864697] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch
[    0.864709] Spectre V2 : Enabling Restricted Speculation for firmware calls
[    0.864721] Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier
[    0.864736] Spectre V2 : User space: Mitigation: STIBP via seccomp and prctl
[    0.864748] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled via prctl and seccomp
[    0.864765] MDS: Mitigation: Clear CPU buffers
[    0.949306] cpu 0 spinlock event irq 1
[    0.949327] VPMU disabled by hypervisor.
[    0.949791] Performance Events: unsupported p6 CPU model 42 no PMU driver, software events only.
[    0.949922] rcu: Hierarchical SRCU implementation.
[    0.950472] NMI watchdog: Perf NMI watchdog permanently disabled
[    0.950651] smp: Bringing up secondary CPUs ...
[    0.950917] installing Xen timer for CPU 1
[    0.950970] SMP alternatives: switching to SMP code
[    1.027707] cpu 1 spinlock event irq 11
[    1.028761] MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details.
[    1.029238] smp: Brought up 1 node, 2 CPUs
[    1.029249] smpboot: Max logical packages: 1
[    1.029633] devtmpfs: initialized
[    1.029633] x86/mm: Memory block size: 128MB
[    1.030593] ACPI: PM: Registering ACPI NVS region [mem 0x8ad34000-0x8ad5efff] (176128 bytes)
[    1.030664] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1911260446275000 ns
[    1.030685] futex hash table entries: 512 (order: 3, 32768 bytes, linear)
[    1.030783] pinctrl core: initialized pinctrl subsystem
[    1.031083] NET: Registered PF_NETLINK/PF_ROUTE protocol family
[    1.031127] xen:grant_table: Grant tables using version 1 layout
[    1.031157] Grant table initialized
[    1.031278] DMA: preallocated 128 KiB GFP_KERNEL pool for atomic allocations
[    1.031298] DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations
[    1.031315] DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations
[    1.031486] audit: initializing netlink subsys (disabled)
[    1.031569] audit: type=2000 audit(1636173318.784:1): state=initialized audit_enabled=0 res=1
[    1.031617] thermal_sys: Registered thermal governor 'fair_share'
[    1.031617] thermal_sys: Registered thermal governor 'bang_bang'
[    1.031617] thermal_sys: Registered thermal governor 'step_wise'
[    1.031626] thermal_sys: Registered thermal governor 'user_space'
[    1.033499] PCI: setting up Xen PCI frontend stub
[    1.035542] Kprobes globally optimized
[    1.063481] random: fast init done
[    1.309704] cryptd: max_cpu_qlen set to 1000
[    1.316507] alg: No test for 842 (842-generic)
[    1.316530] alg: No test for 842 (842-scomp)
[    1.323618] raid6: skip pq benchmark and using algorithm sse2x4
[    1.323618] raid6: using ssse3x2 recovery algorithm
[    1.323631] fbcon: Taking over console
[    1.323646] ACPI: Interpreter disabled.
[    1.323666] xen:balloon: Initialising balloon driver
[    1.329545] iommu: Default domain type: Translated 
[    1.329545] vgaarb: loaded
[    1.329616] SCSI subsystem initialized
[    1.329646] usbcore: registered new interface driver usbfs
[    1.329646] usbcore: registered new interface driver hub
[    1.329646] usbcore: registered new device driver usb
[    1.329656] pps_core: LinuxPPS API ver. 1 registered
[    1.329666] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it>
[    1.329684] PTP clock support registered
[    1.330534] EDAC MC: Ver: 3.0.0
[    1.330694] NetLabel: Initializing
[    1.330706] NetLabel:  domain hash size = 128
[    1.330716] NetLabel:  protocols = UNLABELED CIPSOv4 CALIPSO
[    1.330747] NetLabel:  unlabeled traffic allowed by default
[    1.330763] PCI: System does not support PCI
[    1.331634] clocksource: Switched to clocksource xen
[    1.344716] VFS: Disk quotas dquot_6.6.0
[    1.344753] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
[    1.344797] hugetlbfs: disabling because there are no supported hugepage sizes
[    1.344835] pnp: PnP ACPI: disabled
[    1.347436] NET: Registered PF_INET protocol family
[    1.347493] IP idents hash table entries: 8192 (order: 4, 65536 bytes, linear)
[    1.347696] tcp_listen_portaddr_hash hash table entries: 256 (order: 0, 4096 bytes, linear)
[    1.347717] TCP established hash table entries: 4096 (order: 3, 32768 bytes, linear)
[    1.347740] TCP bind hash table entries: 4096 (order: 4, 65536 bytes, linear)
[    1.347762] TCP: Hash tables configured (established 4096 bind 4096)
[    1.347823] MPTCP token hash table entries: 512 (order: 1, 12288 bytes, linear)
[    1.347851] UDP hash table entries: 256 (order: 1, 8192 bytes, linear)
[    1.347866] UDP-Lite hash table entries: 256 (order: 1, 8192 bytes, linear)
[    1.347914] NET: Registered PF_UNIX/PF_LOCAL protocol family
[    1.347932] NET: Registered PF_XDP protocol family
[    1.347946] PCI: CLS 0 bytes, default 64
[    1.348047] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x1872f71be9c, max_idle_ns: 440795240018 ns
[    1.349130] Trying to unpack rootfs image as initramfs...
[    1.362835] Freeing initrd memory: 15184K
[    1.363163] Initialise system trusted keyrings
[    1.363192] Key type blacklist registered
[    1.363559] workingset: timestamp_bits=36 max_order=17 bucket_order=0
[    1.365275] zbud: loaded
[    1.365986] integrity: Platform Keyring initialized
[    1.378394] NET: Registered PF_ALG protocol family
[    1.378420] xor: automatically using best checksumming function   avx       
[    1.378436] Key type asymmetric registered
[    1.378447] Asymmetric key parser 'x509' registered
[    1.378490] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 245)
[    1.378610] io scheduler mq-deadline registered
[    1.378623] io scheduler kyber registered
[    1.378678] io scheduler bfq registered
[    1.379271] atomic64_test: passed for x86-64 platform with CX8 and with SSE
[    1.380434] Serial: 8250/16550 driver, 32 ports, IRQ sharing enabled
[    1.383646] Non-volatile memory driver v1.3
[    1.383712] Linux agpgart interface v0.103
[    1.384401] libphy: Fixed MDIO Bus: probed
[    1.384631] usbcore: registered new interface driver usbserial_generic
[    1.384651] usbserial: USB Serial support registered for generic
[    1.384678] i8042: PNP: No PS/2 controller found.
[    1.384687] i8042: Probing ports directly.
[    1.385572] i8042: No controller found
[    1.385650] mousedev: PS/2 mouse device common for all mice
[    1.385739] device-mapper: uevent: version 1.0.3
[    1.385840] device-mapper: ioctl: 4.45.0-ioctl (2021-03-22) initialised: dm-devel@redhat.com
[    1.386021] intel_pstate: CPU model not supported
[    1.386061] hid: raw HID events driver (C) Jiri Kosina
[    1.386113] usbcore: registered new interface driver usbhid
[    1.386124] usbhid: USB HID core driver
[    1.386173] drop_monitor: Initializing network drop monitor service
[    1.386272] Initializing XFRM netlink socket
[    1.386392] NET: Registered PF_INET6 protocol family
[    1.394313] Segment Routing with IPv6
[    1.394330] RPL Segment Routing with IPv6
[    1.394367] mip6: Mobile IPv6
[    1.394377] NET: Registered PF_PACKET protocol family
[    1.394789] IPI shorthand broadcast: enabled
[    1.394808] AVX version of gcm_enc/dec engaged.
[    1.395002] AES CTR mode by8 optimization enabled
[    1.447339] sched_clock: Marking stable (1445172892, 2140885)->(1456576658, -9262881)
[    1.447766] registered taskstats version 1
[    1.447906] Loading compiled-in X.509 certificates
[    1.449081] Loaded X.509 cert 'Build time autogenerated kernel key: d03835a189de2f80f24050d3b47880ca1ad36aa7'
[    1.449347] zswap: loaded using pool lzo/zbud
[    1.449591] page_owner is disabled
[    1.449702] Key type ._fscrypt registered
[    1.449713] Key type .fscrypt registered
[    1.449721] Key type fscrypt-provisioning registered
[    1.450126] Btrfs loaded, crc32c=crc32c-generic, zoned=yes
[    1.450155] Key type big_key registered
[    1.457069] Key type encrypted registered
[    1.457097] ima: No TPM chip found, activating TPM-bypass!
[    1.457112] Loading compiled-in module X.509 certificates
[    1.510739] Loaded X.509 cert 'Build time autogenerated kernel key: d03835a189de2f80f24050d3b47880ca1ad36aa7'
[    1.510764] ima: Allocated hash algorithm: sha256
[    1.510789] ima: No architecture policies found
[    1.510823] evm: Initialising EVM extended attributes:
[    1.510833] evm: security.selinux
[    1.510841] evm: security.SMACK64 (disabled)
[    1.510850] evm: security.SMACK64EXEC (disabled)
[    1.510858] evm: security.SMACK64TRANSMUTE (disabled)
[    1.510867] evm: security.SMACK64MMAP (disabled)
[    1.510876] evm: security.apparmor
[    1.510883] evm: security.ima
[    1.510890] evm: security.capability
[    1.510898] evm: HMAC attrs: 0x1
[    1.512364] xenbus_probe_frontend: Device with no driver: device/vbd/51712
[    1.512414] xenbus_probe_frontend: Device with no driver: device/vbd/51728
[    1.512448] xenbus_probe_frontend: Device with no driver: device/vbd/51744
[    1.512474] xenbus_probe_frontend: Device with no driver: device/vbd/51760
[    1.512499] xenbus_probe_frontend: Device with no driver: device/pci/0
[    1.512778] RAS: Correctable Errors collector initialized.
[    1.519844] Freeing unused decrypted memory: 2036K
[    1.522424] Freeing unused kernel image (initmem) memory: 3316K
[    1.526541] Write protecting the kernel read-only data: 24576k
[    1.550554] Freeing unused kernel image (text/rodata gap) memory: 2036K
[    1.551159] Freeing unused kernel image (rodata/data gap) memory: 592K
[    1.551190] rodata_test: all tests were successful
[    1.551222] Run /init as init process
Qubes initramfs script here:
[    1.588468] Invalid max_queues (4), will use default max: 2.
[    1.770707] blkfront: xvda: flush diskcache: enabled; persistent grants: enabled; indirect descriptors: enabled;
[    1.789997]  xvda: xvda1 xvda2 xvda3
[    1.797257] blkfront: xvdb: flush diskcache: enabled; persistent grants: enabled; indirect descriptors: enabled;
[    1.806739] blkfront: xvdc: flush diskcache: enabled; persistent grants: enabled; indirect descriptors: enabled;
[    1.812140] blkfront: xvdd: flush diskcache: enabled; persistent grants: enabled; indirect descriptors: enabled;
Waiting for /dev/xvda* devices...
Qubes: Doing R/W setup for TemplateVM...
[    1.859957] random: sfdisk: uninitialized urandom read (4 bytes read)
[    1.868746]  xvdc: xvdc1 xvdc3
[    1.877117] random: mkswap: uninitialized urandom read (16 bytes read)
Setting up swapspace version 1, size = 1024 MiB (1073737728 bytes)
no label, UUID=14104cef-9c49-4c6f-9f25-a8930b228f28
Qubes: done.
[    1.961049] EXT4-fs (xvda3): mounted filesystem with ordered data mode. Opts: (null). Quota mode: none.
Waiting for /dev/xvdd device...
mount: /dev/xvdd is write-protected, mounting read-only
[    2.010947] EXT4-fs (xvdd): mounting ext3 file system using the ext4 subsystem
[    2.018275] EXT4-fs (xvdd): mounted filesystem with ordered data mode. Opts: (null). Quota mode: none.
[    2.091093] EXT4-fs (xvda3): re-mounted. Opts: (null). Quota mode: none.
switch_root: failed to mount moving /dev to /sysroot/dev: Invalid argument
switch_root: forcing unmount of /dev
switch_root: failed to mount moving /proc to /sysroot/proc: Invalid argument
switch_root: forcing unmount of /proc
switch_root: failed to mount moving /sys to /sysroot/sys: Invalid argument
switch_root: forcing unmount of /sys
switch_root: failed to mount moving /run to /sysroot/run: Invalid argument
switch_root: forcing unmount of /run
libbpf: failed to find valid kernel BTF
libbpf: Error loading vmlinux BTF: -3
libbpf: failed to load object 'iterators_bpf'
libbpf: failed to load BPF skeleton 'iterators_bpf': -3
Failed load could be due to wrong endianness
[    2.603404] systemd[1]: systemd v248.9-1.fc34 running in system mode. (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[    2.603722] systemd[1]: Detected virtualization xen.
[    2.603752] systemd[1]: Detected architecture x86-64.

Welcome to .[0;38;2;60;110;180mFedora 34 (Thirty Four).[0m!

[    2.607445] systemd[1]: No hostname configured, using default hostname.
[    2.607695] systemd[1]: Hostname set to <fedora>.

--SYSTEM FREEZE--

SOLVED!

(well, it’s ugly, but it works…)

Still not sure why, but this seems to work to get the Broadcom BCM43221 wifi card to pass through correctly without having the entire machine spontaneously combust, and is repeatably consistent (as in, it works again and again without me having to watch it).

I’m sure there are much more elegant solutions available, and anyone is more than welcome to take my work and improve on it :slight_smile:

Add this in addition to the systemd service file mentioned above:

/etc/systemd/system/start-sys-net.service

[Unit]
Description=Start Qubes VM sys-net without IMPLODING
Before=qubes-vm@sys-firewall.service qubes-vm@sys-whonix.service
After=qubesd.service qubes-meminfo-writer-dom0.service
ConditionKernelCommandLine=!qubes.skip_autostart

[Service]
Type=oneshot
Environment=DISPLAY=:0
ExecStart=/usr/local/bin/start-sys-net
Group=qubes
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

/usr/local/bin/start-sys-net

#!/bin/bash
qvm-start sys-net
sleep 10
sudo xl pci-attach sys-net 02:00.0
sleep 10

Do NOT select sys-net to start automatically on boot through the Qube Settings GUI or through systemd (qubes-vm@sys-net.service). It will just cause your machine to crash before you even get to your login screen, and you’ll have to rescure your entire machine.

Full credit to arno01 on GitHub for the solution which this is based on :slight_smile:

1 Like