[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9ad46cc5-0d49-8f51-52ff-05eb7691ef61@intel.com>
Date: Mon, 31 Mar 2025 15:52:58 +0300
From: "Lifshits, Vitaly" <vitaly.lifshits@...el.com>
To: Jacek Kowalski <jacek@...ekk.info>, Tony Nguyen
<anthony.l.nguyen@...el.com>, Przemek Kitszel <przemyslaw.kitszel@...el.com>,
Andrew Lunn <andrew+netdev@...n.ch>, "David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, "Paolo
Abeni" <pabeni@...hat.com>
CC: <intel-wired-lan@...ts.osuosl.org>, <netdev@...r.kernel.org>,
<linux-kernel@...r.kernel.org>
Subject: Re: [Intel-wired-lan] [PATCH] e1000e: add option not to verify NVM
checksum
On 3/18/2025 10:46 PM, Jacek Kowalski wrote:
> Many laptops and motherboards including I219-V network card have
> invalid NVM checksum. While in most instances checksum is fixed by
> e1000e module or by using bootutil, some setups are resistant to NVM
> modifications. This result in the network card being completely
> unusable.
>
> It seems to be the case on Dell Latitude 5420 where UEFI firmware
> corrupts (in this module's sense) checksums on each boot. No set of
> BIOS options seems to help.
>
> This commit adds e1000e module option called VerifyNVMChecksum
> (defaults to 1) that allows advanced users to skip checkum verification
> by setting it to 0.
>
> Signed-off-by: Jacek Kowalski <Jacek@...ekk.info>
> Cc: stable@...r.kernel.org
Hi Jacek,
Are you certain that the UEFI FW corrupts the checksum each time, or is
it just that the system left the factory with incorrect checksum?
From what we know, the Latitude E5420 is 11th Gen Intel CPU (Tiger Lake).
Starting from this generation, a security change makes it impossible for
software to write to the I219 NVM.
However, since in previous generations this was possible, it was,
unfortunately, common practice by vendors to release the NVM without a
valid checksum, relying on the e1000e module or on bootutil, as you
mentioned, to “fix” it upon first boot.
By 12th Gen systems, this practice was discontinued, and all NVMs were
shipped with proper checksum. It is possible that some 11th Gen systems
such as yours “slipped through the cracks”.
From a technical perspective, your patch looks correct. However, if the
checksum validation is skipped, there is no way to distinguish between
the simple checksum error described above, and actual NVM corruption,
which may result in loss of functionality and undefined behavior. This
means, that if there is any functional issue with the network adapter on
a given system, while checksum validation was suspended by the user, we
will not be able to offer support
Powered by blists - more mailing lists