Some information about HP T620 Plus Flexible Thin Client machines for network appliance builds...

WANg

Well-Known Member
Jun 10, 2018
661
328
63
Hey @BLinux, can the t620 Plus do SR-IOV? The RX427BB in the t730 can definitely do it, but I have a sneaking suspicion that the GX420CA can support it as well (and for that matter, a bunch of Broadcom NetXtreme cards). Anyone with a t620 Plus care to verify?
Pay attention to your Linux boot-time dmesg for anything that mentions AMD-Vi, IOMMU or interrupt routing/re-directing, and post your results...
 

BLinux

cat lover server enthusiast
Jul 7, 2016
2,514
950
113
artofserver.com
Hey @BLinux, can the t620 Plus do SR-IOV? The RX427BB in the t730 can definitely do it, but I have a sneaking suspicion that the GX420CA can support it as well (and for that matter, a bunch of Broadcom NetXtreme cards). Anyone with a t620 Plus care to verify?
Pay attention to your Linux boot-time dmesg for anything that mentions AMD-Vi, IOMMU or interrupt routing/re-directing, and post your results...
I would try it out, except my T620+ has a i340-T4 NIC...
 

tigweld0101

Active Member
Apr 18, 2015
107
27
28
52
Ya'll are sandbagging. My pfsense box died so I finally had the 'opportunity' to try mine out. Turned it on with the pfsense memstick. Installed. Done. Stupid easy on the T620 Plus
 

Hefferbub

New Member
Aug 29, 2018
1
0
1
Thanks for posting this. Can anyone clarify a few things:

1. Is this vulnerability likely to actually effect someone running PFSense? If no keys have been created and stored in the TPM by me or PFSense itself, is there any relevant vulnerability?

2. It seems as if the updater programs all require Windows to run. I tried creating a UEFI FreeDOS bootable disk with Rufus, but when I run the updater programs they say they won't run in "DOS Mode". Is there a way to update without installing Windows on the box?

Thanks!
 

fohdeesha

Kaini Industries
Nov 20, 2016
1,802
1,556
113
29
fohdeesha.com
Thanks for posting this. Can anyone clarify a few things:

1. Is this vulnerability likely to actually effect someone running PFSense? If no keys have been created and stored in the TPM by me or PFSense itself, is there any relevant vulnerability?

2. It seems as if the updater programs all require Windows to run. I tried creating a UEFI FreeDOS bootable disk with Rufus, but when I run the updater programs they say they won't run in "DOS Mode". Is there a way to update without installing Windows on the box?

Thanks!
use rufus to write this iso to a usb drive, then UEFI boot off it. post has instructions

https://forums.servethehome.com/ind...r-network-appliance-builds.21014/#post-196215

that will get you the latest bios, not sure if there's tpm updates
 

WANg

Well-Known Member
Jun 10, 2018
661
328
63
Thanks for posting this. Can anyone clarify a few things:

1. Is this vulnerability likely to actually effect someone running PFSense? If no keys have been created and stored in the TPM by me or PFSense itself, is there any relevant vulnerability?

2. It seems as if the updater programs all require Windows to run. I tried creating a UEFI FreeDOS bootable disk with Rufus, but when I run the updater programs they say they won't run in "DOS Mode". Is there a way to update without installing Windows on the box?

Thanks!
...vulnerability? Someone mentioned a vulnerability?
 
  • Like
Reactions: Tha_14

arglebargle

H̸̖̅ȩ̸̐l̷̦͋l̴̰̈ỏ̶̱ ̸̢͋W̵͖̌ò̴͚r̴͇̀l̵̼͗d̷͕̈
Jul 15, 2018
653
228
43
...vulnerability? Someone mentioned a vulnerability?
There was an advisory about the TPM firmware not producing "as random as we said they were" random numbers. It's probably not important for our use case.
 

WANg

Well-Known Member
Jun 10, 2018
661
328
63
Wait. This thin client has a TPM chip embedded? Huh, I didn't know that. I must've turned it off in the BIOS or something.
I thought the vuln was something scarier, like an IOMMU version of Foreshadow/L1TF that allows rogue VMs from guessing IOMMU mappings of segregated VMs...
 

KopiJahe

New Member
Aug 30, 2018
6
8
3
Anyone with a t620 Plus care to verify?
Pay attention to your Linux boot-time dmesg for anything that mentions AMD-Vi, IOMMU or interrupt routing/re-directing, and post your results...
Just boot it up to a recent Debian LiveCD (Stretch/MATE works quite well) and see what the dmesg says - I just want to see if the IOMMU and the interrupt remapping works.
I would like IOMMU support too, but it seems like that this machine does not support it? ._.

Here's one of my T620 Plus' dmesg running Debian 9.5.0 MATE Live CD with the latest BIOS/UEFI 00.02.18 Rev.A: pastebin.com
 

WANg

Well-Known Member
Jun 10, 2018
661
328
63
I would like IOMMU support too, but it seems like that this machine does not support it? ._.

Here's one of my T620 Plus' dmesg running Debian 9.5.0 MATE Live CD with the latest BIOS/UEFI 00.02.18 Rev.A: pastebin.com
Ah, poop. Virtualization is enabled on the BIOS, right?