Feature Request - add x2APIC support to XG kernel

Whilst trying to install Sophos XG onto an x86_64 device via serial console, I encountered the following error:

*********************

Booting a command listBooting a command list

error: no suitable video mode found.
error: no suitable video mode found.
Booting in blind modeBooting in blind mode

[ 0.065428] Kernel panic - not syncing: BIOS has enabled x2apic but kernel doesn't support x2apic, please disable x2apic in BIOS.
[ 0.065428]
[ 0.068000] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.14.38-crl #2
[ 0.068000] Hardware name: Default string Default string/Default string, BIOS 5.13 10/04/2018
[ 0.068000] Call Trace:
[ 0.068000] dump_stack+0x5d/0x79
[ 0.068000] ? setup_disableapic+0x3/0x17
[ 0.068000] panic+0xd3/0x221
[ 0.068000] ? lapic_cal_handler+0xb6/0xb6
[ 0.068000] validate_x2apic+0x2b/0x2f
[ 0.068000] do_one_initcall+0x83/0x118
[ 0.068000] ? proc_create_data+0x78/0x8f
[ 0.068000] kernel_init_freeable+0x68/0x1a6
[ 0.068000] ? rest_init+0xa0/0xa0
[ 0.068000] kernel_init+0x5/0xe1
[ 0.068000] ret_from_fork+0x1f/0x30
[ 0.068000] Rebooting in 3 seconds..
[ 0.068000] ACPI MEMORY or I/O RESET_REG.

*********************

I was trying to install SW-18.0.4_MR-4-506.iso from USB.

The machine is running an Intel Atom C3558, and the BIOS doesn't allow for the disabling of x2APIC so I can't test the firewall on this chassis.

Kernel boot line:

********************

linux /LINUX loglevel=3 console=ttyS0,38400n8 ---

*************

Had to remove quiet and console=tty0 so I'd get output on the serial console.

I should be able to get around the problem by abstracting with KVM/QEMU but we're wanting to try the software natively on the chassis.

Other Linux distro's (Ubuntu, Centos) work fine.



Edited TAGs
[edited by: emmosophos at 9:31 PM (GMT -7) on 3 May 2021]
Parents
  • Hi,

    try turning off virtualisation support and see if that helps with being able to disable x2APIC.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • Hi Ian,

    Hadn't thought of that.  I'll give it a go next time I'm in the office (don't have any of the kit in my home lab).  I wonder if that would impact any sandboxing functions that the XG may have though.

    I would have thought that a 13-year-old function would have had been supported though.

    Regards,

    William

  • Hi William,

    the function will not be supported unless it is part of sophos hardware. XG does not use virtualisation.

    ian

     
    V18.0.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • Hi Ian,

    Some platforms use it for malware to help prevent escapes, wasn't sure if that was the same deal here.

    Just finished another round of launching the installer after taking it in turns disabling VT-x, VT-d and a couple of other options in BIOS to do with compatibility, all resulted in the same crash and reboot of the installer.

    Looks like I'll either need to virtualise on this platform, or wait for an updated kernel to be produced.

    Regards,

    William

Reply
  • Hi Ian,

    Some platforms use it for malware to help prevent escapes, wasn't sure if that was the same deal here.

    Just finished another round of launching the installer after taking it in turns disabling VT-x, VT-d and a couple of other options in BIOS to do with compatibility, all resulted in the same crash and reboot of the installer.

    Looks like I'll either need to virtualise on this platform, or wait for an updated kernel to be produced.

    Regards,

    William

Children
No Data