0

Apologies in advance if I have incorrect assumptions in the post. I'm still getting the hang of DPDK.

Basically, I am trying to utilize DPDK on a Generation 2 Hyper-V VM that has Secure Boot enabled.

On boot up of the Ubuntu-based VHD that DPDK runs on, I am seeing this in the dmesg logs:

[    0.000000] Kernel is locked down from command line; see man kernel_lockdown.7

Along with:

raw io port access is restricted; see man kernel_lockdown.7

Since DPDK is meant to bypass the kernel stack, my assumption for its poor performance/no traffic over the virtual function is due to this lockdown mode.

Company policy requires Secure Boot to be enabled, so if anyone has advice or resources I could read to work towards a solution, that would be great.

Improve this question

1 Answer 1

Reset to default
1

SecureBoot is not the same thing as Kernel Lockdown – however, it makes sense to use them together.

So, yeah, you can use SecureBoot with DPDK (haven't tried it on this machine, but data center infrastructure people are the ones who like attested booting, and data center infrastructure people are the same who need userland dataplane handling, so it not working would surprise me); you just can't use it with lockdown mode, because that literally means userland mustn't get uncontrolled access to hardware-IO mapped memory. And that's exactly what DPDK does.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.