Re: r285947: broken AESNI support? No aesni0 on Intel XEON E5-1650-v3 on Fujitsu Celsius M740

From: O. Hartmann <ohartman_at_zedat.fu-berlin.de>
Date: Tue, 18 Aug 2015 06:59:29 +0200
On Wed, 29 Jul 2015 08:19:34 -0700
John-Mark Gurney <jmg_at_funkthat.com> wrote:

> O. Hartmann wrote this message on Wed, Jul 29, 2015 at 10:20 +0200:
> > On Wed, 29 Jul 2015 00:36:16 -0700
> > John-Mark Gurney <jmg_at_funkthat.com> wrote:
> > 
> > > O. Hartmann wrote this message on Wed, Jul 29, 2015 at 07:39 +0200:
> > > > Running a workstation with CURRENT (FreeBSD 11.0-CURRENT #5 r285947: Tue
> > > > Jul 28 13:39:03 CEST 2015 amd64) equipted with an Intel XEON E5-1650 v3,
> > > > see the extraction from recent "dmesg" below.
> > > > 
> > > > I double checked the UEFI settings (the box is a Fujitsu Celsius M740
> > > > with most recent firmware 1.8.0) and I didn't find anything indicating
> > > > that AES-NI has been deactivated.
> > > > 
> > > > I checked the data sheet at Intel, the CPU should support AES-NI.
> > > > 
> > > > I also filed a PR: Bug 201960 
> > > > 
> > > > I'd like to know whether this is by intention, by bug (feature mask
> > > > wrong?) or by a faulty firmware? Any hints?
> > > 
> > > Can you send me the output of cpuid-etallen?  It's pretty long, so
> > > maybe off list would be better...  It's from a port of the same
> > > name...
> > 
> > I'm sorry, since I work in a pretty restricted area, I can not offer
> > webspace-similar download areas, but if it is not offending the list, i
> > could provide a compressed output.
> > 
> > Find the output attached xz-compressed ... I cleared intentionally the
> > serial number, just as a notice.
> 
> Yep, this confirms that AES-NI is off:
>       AES instruction                         = false
> 
> Which isn't a surprise from our other data points.  Just wanted to
> make sure...
> 
> > > Also, it looks like a microcode update could fix this issue, have you
> > > tried to look at that?
> > > 
> > > https://albertveli.wordpress.com/2013/03/05/aes-ni-enabled/
> > > 
> > > Looks very similar to your issue, though it's a different microarch..
> > > Your's is a Haswell that has the TSX bug in it, and it could be that
> > > the bios is disabling too many feature bits...
> > > 
> > > Have you made sure that your machine has the latest BIOS?  A newer
> > > BIOS could reenable the feature too...
> > 
> > I just checked this moment again, but the latest UEFI firmware Fujitsu is
> > offering is version 1.8.0 from April of this year.
> 
> I would complain to the vendor of your machine...  I'd contact them
> and try to return the machine as defective...  It clearly is...
> 
> > > > [...]
> > > > FreeBSD clang version 3.6.1 (tags/RELEASE_361/final 237755) 20150525
> > > > VT: running with driver "efifb".
> > > > CPU: Intel(R) Xeon(R) CPU E5-1650 v3 _at_ 3.50GHz (3491.98-MHz K8-class
> > > > CPU) Origin="GenuineIntel"  Id=0x306f2  Family=0x6  Model=0x3f
> > > > Stepping=2
> > > > Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
> > > > Features2=0x7dfefbff<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,TSCDLT,XSAVE,OSXSAVE,AVX,F16C,RDRAND>
> > > 
> > > There should be an AESNI feature on this line, but clearly not...
> > 
> > On another machine, also Fujitsu, but a 19 inch rack server module with a
> > low energy XEON E5-12XXv3, I can clearly see the AESNI feature in Feature2
> > list and, conclusively, the aesni0 device is present and reported.
> > 
> > > 
> > > [...]
> > > 
> > > > aesni0: No AESNI support.
> > > > [...]
> > > 
> > > Which is why you get this...
> > > 
> > 
> > I applied the port sysutils/cpuid to another system, runnin a i5-4200M
> > mobile CPU (Lenovo notebook). The rows indicating
> > 
> > family          = Intel ...
> > (simple synth)  = ...
> > 
> > look much more "modern" for my opinion as the output I provided shows on the
> > CPU in question. It is just a hunch ... Seems, I've bought Intel(ian)
> > crap ;-) with no features and from another mellenium ...
> 
> Yep...
> 

Hello.

I contacted the Fujitsu support in Munich, explained the problem of missing
AES-NI and TXT facility and also explained the fact, that he most recent
firmware for the Celsius M-740 does not allow enabling TXT in the firmware - it
switches back to disabled all the time I reboot the box. I made myself very
clear that I expect those features on the CPU built in.

The service wrote me an email back that is more than disappointing - and a kind
of scaring! The translation is done very simple - as the answer was very simple:

a) the CPU has feature AES-NI
b) the CPU has feature TXT
c) UNIX is no supported OS (I told I'm faciliating FreeBSD as OS uppon the
question what OS I use since I guess Fujitsu would run their "diagnostics
program" to confirm my reported issue)

Well, my understanding is that the firmware is responsible for detecting CPU
features and provide those in a suitable way the overlaying operating system
for further use. I deduce this from the fact that someone can disable features
of the CPU, like VT-d, in the firmware/BIOS and then such disabled features are
not seen by the OS anymore.

At this point I need to be 100% sure that FreeBSD isn't the culprit before
escalating this boring show with Fujitsu.

Thanks in advance and best regards,

O. Hartmann
Received on Tue Aug 18 2015 - 02:59:45 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:59 UTC