This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Feature Request - add x2APIC support to XG kernel

Whilst trying to install Sophos XG onto an x86_64 device via serial console, I encountered the following error:

*********************

Booting a command listBooting a command list

error: no suitable video mode found.
error: no suitable video mode found.
Booting in blind modeBooting in blind mode

[ 0.065428] Kernel panic - not syncing: BIOS has enabled x2apic but kernel doesn't support x2apic, please disable x2apic in BIOS.
[ 0.065428]
[ 0.068000] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.14.38-crl #2
[ 0.068000] Hardware name: Default string Default string/Default string, BIOS 5.13 10/04/2018
[ 0.068000] Call Trace:
[ 0.068000] dump_stack+0x5d/0x79
[ 0.068000] ? setup_disableapic+0x3/0x17
[ 0.068000] panic+0xd3/0x221
[ 0.068000] ? lapic_cal_handler+0xb6/0xb6
[ 0.068000] validate_x2apic+0x2b/0x2f
[ 0.068000] do_one_initcall+0x83/0x118
[ 0.068000] ? proc_create_data+0x78/0x8f
[ 0.068000] kernel_init_freeable+0x68/0x1a6
[ 0.068000] ? rest_init+0xa0/0xa0
[ 0.068000] kernel_init+0x5/0xe1
[ 0.068000] ret_from_fork+0x1f/0x30
[ 0.068000] Rebooting in 3 seconds..
[ 0.068000] ACPI MEMORY or I/O RESET_REG.

*********************

I was trying to install SW-18.0.4_MR-4-506.iso from USB.

The machine is running an Intel Atom C3558, and the BIOS doesn't allow for the disabling of x2APIC so I can't test the firewall on this chassis.

Kernel boot line:

********************

linux /LINUX loglevel=3 console=ttyS0,38400n8 ---

*************

Had to remove quiet and console=tty0 so I'd get output on the serial console.

I should be able to get around the problem by abstracting with KVM/QEMU but we're wanting to try the software natively on the chassis.

Other Linux distro's (Ubuntu, Centos) work fine.



This thread was automatically locked due to age.
Parents Reply Children
  • Hi Ian,

    Hadn't thought of that.  I'll give it a go next time I'm in the office (don't have any of the kit in my home lab).  I wonder if that would impact any sandboxing functions that the XG may have though.

    I would have thought that a 13-year-old function would have had been supported though.

    Regards,

    William

  • Hi William,

    the function will not be supported unless it is part of sophos hardware. XG does not use virtualisation.

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    Some platforms use it for malware to help prevent escapes, wasn't sure if that was the same deal here.

    Just finished another round of launching the installer after taking it in turns disabling VT-x, VT-d and a couple of other options in BIOS to do with compatibility, all resulted in the same crash and reboot of the installer.

    Looks like I'll either need to virtualise on this platform, or wait for an updated kernel to be produced.

    Regards,

    William