Some information about HP T620 Plus Flexible Thin Client machines for network appliance builds...

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

WANg

Well-Known Member
Jun 10, 2018
1,302
967
113
46
New York, NY
Hey @BLinux, can the t620 Plus do SR-IOV? The RX427BB in the t730 can definitely do it, but I have a sneaking suspicion that the GX420CA can support it as well (and for that matter, a bunch of Broadcom NetXtreme cards). Anyone with a t620 Plus care to verify?
Pay attention to your Linux boot-time dmesg for anything that mentions AMD-Vi, IOMMU or interrupt routing/re-directing, and post your results...
 

BLinux

cat lover server enthusiast
Jul 7, 2016
2,669
1,081
113
artofserver.com
Hey @BLinux, can the t620 Plus do SR-IOV? The RX427BB in the t730 can definitely do it, but I have a sneaking suspicion that the GX420CA can support it as well (and for that matter, a bunch of Broadcom NetXtreme cards). Anyone with a t620 Plus care to verify?
Pay attention to your Linux boot-time dmesg for anything that mentions AMD-Vi, IOMMU or interrupt routing/re-directing, and post your results...
I would try it out, except my T620+ has a i340-T4 NIC...
 

tigweld0101

Active Member
Apr 18, 2015
121
42
28
56
Ya'll are sandbagging. My pfsense box died so I finally had the 'opportunity' to try mine out. Turned it on with the pfsense memstick. Installed. Done. Stupid easy on the T620 Plus
 

Hefferbub

New Member
Aug 29, 2018
13
0
1
Thanks for posting this. Can anyone clarify a few things:

1. Is this vulnerability likely to actually effect someone running PFSense? If no keys have been created and stored in the TPM by me or PFSense itself, is there any relevant vulnerability?

2. It seems as if the updater programs all require Windows to run. I tried creating a UEFI FreeDOS bootable disk with Rufus, but when I run the updater programs they say they won't run in "DOS Mode". Is there a way to update without installing Windows on the box?

Thanks!
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,728
3,078
113
33
fohdeesha.com
Thanks for posting this. Can anyone clarify a few things:

1. Is this vulnerability likely to actually effect someone running PFSense? If no keys have been created and stored in the TPM by me or PFSense itself, is there any relevant vulnerability?

2. It seems as if the updater programs all require Windows to run. I tried creating a UEFI FreeDOS bootable disk with Rufus, but when I run the updater programs they say they won't run in "DOS Mode". Is there a way to update without installing Windows on the box?

Thanks!
use rufus to write this iso to a usb drive, then UEFI boot off it. post has instructions

https://forums.servethehome.com/ind...r-network-appliance-builds.21014/#post-196215

that will get you the latest bios, not sure if there's tpm updates
 

WANg

Well-Known Member
Jun 10, 2018
1,302
967
113
46
New York, NY
Thanks for posting this. Can anyone clarify a few things:

1. Is this vulnerability likely to actually effect someone running PFSense? If no keys have been created and stored in the TPM by me or PFSense itself, is there any relevant vulnerability?

2. It seems as if the updater programs all require Windows to run. I tried creating a UEFI FreeDOS bootable disk with Rufus, but when I run the updater programs they say they won't run in "DOS Mode". Is there a way to update without installing Windows on the box?

Thanks!
...vulnerability? Someone mentioned a vulnerability?
 
  • Like
Reactions: Tha_14

arglebargle

H̸̖̅ȩ̸̐l̷̦͋l̴̰̈ỏ̶̱ ̸̢͋W̵͖̌ò̴͚r̴͇̀l̵̼͗d̷͕̈
Jul 15, 2018
657
244
43
...vulnerability? Someone mentioned a vulnerability?
There was an advisory about the TPM firmware not producing "as random as we said they were" random numbers. It's probably not important for our use case.
 

WANg

Well-Known Member
Jun 10, 2018
1,302
967
113
46
New York, NY
Wait. This thin client has a TPM chip embedded? Huh, I didn't know that. I must've turned it off in the BIOS or something.
I thought the vuln was something scarier, like an IOMMU version of Foreshadow/L1TF that allows rogue VMs from guessing IOMMU mappings of segregated VMs...
 

KopiJahe

New Member
Aug 30, 2018
6
8
3
Anyone with a t620 Plus care to verify?
Pay attention to your Linux boot-time dmesg for anything that mentions AMD-Vi, IOMMU or interrupt routing/re-directing, and post your results...
Just boot it up to a recent Debian LiveCD (Stretch/MATE works quite well) and see what the dmesg says - I just want to see if the IOMMU and the interrupt remapping works.
I would like IOMMU support too, but it seems like that this machine does not support it? ._.

Here's one of my T620 Plus' dmesg running Debian 9.5.0 MATE Live CD with the latest BIOS/UEFI 00.02.18 Rev.A: pastebin.com