Re: [Intel-wired-lan] [PATCH] e1000e: add option not to verify NVM checksum

From: Lifshits, Vitaly
Date: Mon Mar 31 2025 - 08:53:49 EST

Next message: Russell King (Oracle): "Re: Re: [PATCH] ARM: Fix support for CMDLINE_EXTEND"
Previous message: Nikolay Aleksandrov: "Re: [Patch net-next 1/3] net: bridge: mcast: Add offload failed mdb flag"
Next in thread: Andrew Lunn: "Re: [Intel-wired-lan] [PATCH] e1000e: add option not to verify NVM checksum"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/18/2025 10:46 PM, Jacek Kowalski wrote:

Many laptops and motherboards including I219-V network card have
invalid NVM checksum. While in most instances checksum is fixed by
e1000e module or by using bootutil, some setups are resistant to NVM
modifications. This result in the network card being completely
unusable.

It seems to be the case on Dell Latitude 5420 where UEFI firmware
corrupts (in this module's sense) checksums on each boot. No set of
BIOS options seems to help.

This commit adds e1000e module option called VerifyNVMChecksum
(defaults to 1) that allows advanced users to skip checkum verification
by setting it to 0.

Signed-off-by: Jacek Kowalski <Jacek@xxxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx

Hi Jacek,
Are you certain that the UEFI FW corrupts the checksum each time, or is it just that the system left the factory with incorrect checksum?
From what we know, the Latitude E5420 is 11th Gen Intel CPU (Tiger Lake).
Starting from this generation, a security change makes it impossible for software to write to the I219 NVM.
However, since in previous generations this was possible, it was, unfortunately, common practice by vendors to release the NVM without a valid checksum, relying on the e1000e module or on bootutil, as you mentioned, to “fix” it upon first boot.
By 12th Gen systems, this practice was discontinued, and all NVMs were shipped with proper checksum. It is possible that some 11th Gen systems such as yours “slipped through the cracks”.

From a technical perspective, your patch looks correct. However, if the checksum validation is skipped, there is no way to distinguish between the simple checksum error described above, and actual NVM corruption, which may result in loss of functionality and undefined behavior. This means, that if there is any functional issue with the network adapter on a given system, while checksum validation was suspended by the user, we will not be able to offer support

Next message: Russell King (Oracle): "Re: Re: [PATCH] ARM: Fix support for CMDLINE_EXTEND"
Previous message: Nikolay Aleksandrov: "Re: [Patch net-next 1/3] net: bridge: mcast: Add offload failed mdb flag"
Next in thread: Andrew Lunn: "Re: [Intel-wired-lan] [PATCH] e1000e: add option not to verify NVM checksum"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]