anaconda: disable iommu for IGFX

Many Intel processors (and BIOSes) have invalid IOMMU configuration for IGFX, which cause multiple problems - from screen glitches, to system hang. Since IGFX currently is still in dom0 (isn't isolated from other system components), disabling IOMMU for it doesn't lower overall security. When GUI domain will be implemented, we need to re-enable IOMMU here and hope hardware manufacturers will fix it in the meantime. Fixes QubesOS/qubes-issues#2836
2017-06-14 05:07:13 +02:00 · 2017-06-14 05:07:13 +02:00 · e0d30d499f
commit e0d30d499f
parent 4f8e2227e5
1 changed files with 2 additions and 2 deletions
--- a/anaconda/pyanaconda/bootloader.py
+++ b/anaconda/pyanaconda/bootloader.py
@ -1504,7 +1504,7 @@ class GRUB2(GRUB):
        # boot arguments
        log.info("bootloader.py: used boot args: %s ", self.boot_args)
        defaults.write("GRUB_CMDLINE_LINUX=\"%s\"\n" % self.boot_args)
-        defaults.write("GRUB_CMDLINE_XEN_DEFAULT=\"console=none dom0_mem=min:1024M dom0_mem=max:4096M\"\n")
+        defaults.write("GRUB_CMDLINE_XEN_DEFAULT=\"console=none dom0_mem=min:1024M dom0_mem=max:4096M iommu=no-igfx\"\n")
        defaults.write("GRUB_DISABLE_RECOVERY=\"true\"\n")
        defaults.write("GRUB_THEME=\"/boot/grub2/themes/system/theme.txt\"\n")
        defaults.write("GRUB_DISABLE_OS_PROBER=\"true\"\n")
@ -1886,7 +1886,7 @@ class XenEFI(EFIGRUB):
        for image in self.images:
            config.write("\n")
            config.write("[{}]\n".format(image.version))
-            config.write("options=loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M\n")
+            config.write("options=loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M iommu=no-igfx\n")
            config.write("kernel={} root={} {}\n".format(
                image.kernel,
                image.device.fstab_spec,