Hundreds of years ago the poet William Shakespeare wrote:
To be, or not to be?
Today, users of some HP Notebook laptops with AMD CPU (like HP Notebook 15-ba006nm) wanting to have Linux often have different dilemma:
amd_iommu=off or amd_iommu=fullflush ?
As I experienced myself, Linux with kernel in version between 4.8 and 4.12 has problems to boot on such laptops. The solution that I found in September 2017 was to add following boot-parameter for kernel: amd_iommu=off
. But as I’ve recently discovered the 2nd variant (amd_iommu=fullflush
) helps as well in this situation (verified with Linux Mint 18.3 LTS).
The problem with the 1st variant (amd_iommu=off
) is that it turns off the IOMMU. I can bet this is not obvious for many people what the hell is this “IOMMU”? And if it can safely be turned off?
In practice you can live without IOMMU – as I did. Actually nothing changes in normal, daily using of a computer (my impression).
But only last days I’ve learned more about the IOMMU. Especially this page was very helpful: IOMMU: Virtualizing IO through IO Memory Management Unit (IOMMU), Use Cases and Internals of IOMMU. The title says about virtualization however it’s not what I see as the most important thing related to IOMMU. Thanks to the presentation found on this page, I have learned that the IOMMU is a piece of hardware that is important from the security point of view. It’s because without IOMMU:
- there is no protection from malicious (or vulnerable?) devices (DMA Attack)
- there is no protection from buggy device drivers – so poor driver can destabilize your system or even cause some corruption
There are more, but the 2 points above I see as the most important advantages of using IOMMU.
Of course there are other ways the IOMMU functionality can be… emulated. For example by OS software (bounce buffer). But it doesn’t perform as good as IOMMU – because the IOMMU is hardware. And I’m not sure if a software solution is as safe as IOMMU.
Conclusion
If you find yourself in a situation that you have to add amd_iommu=off
as parameter for kernel to boot your Linux first try if this parameter instead does the job:
amd_iommu=fullflush
As the value suggests it should make that IOMMU is used, what is safer than turning IOMMU off. So dilemma solved! 🙂
How to check if IOMMU is used?
Examine output of the following command:
dmesg|grep -i iommu
If there is some output and it doesn’t mention any warning or error then it’s good.
Good news!
If you have such a problem with booting Linux on your computer that was solved only by adding kernel boot-param amd_iommu=off
then try newer Linux version! Ubuntu 18.04 LTS has kernel 4.15 and the problem is gone on my HP laptop! 🙂
Sample description of DMA Attack: https://link.springer.com/article/10.1186/s13173-017-0066-7
Not a good news! I have Kernel 5.4.17-200.fc31.x86_64 and problem still exists!
Can you share what hardware did you use? Something like a computer producer & model or CPU/chipset/GPU/etc?
fullflush worked for me (had it off beforehand). Now the only thing I have to figure out is bluetooth and suspend. The model is 13-ar0010nw BTW.