[Bounty] After 6.2 Update, Keyboard @ Boot No Longer Works


Recommended Posts

Hi,

 

I have a somewhat unique setup. I directly pass my Windows 10 VM (under SeaBIOS) directly to my SSD disk (using /dev/disk/by-id). I also directly pass-through a USB 3.0 PCI-E as well. Finally, I also encrypt my drive (TrueCrypt, and now, VeraCrypt). As a result, it's important that at the earliest point during boot that a keyboard is available.

 

In 6.1, the keyboard I plugged into the USB 3 hub would not be recognized at boot so I couldn't type in a password. I then manually added a USB 2 Dell Keyboard plugged into a USB 2 port outside of the USB 3 hub and added it to the VM through the unRAID GUI. This worked; at boot, I had to use a different keyboard to type in my password but after that I could use everything else as normal after Windows booted.

 

Now, in 6.2, the Dell keyboard does not work at boot and neither does the USB 3 hub keyboard. I cannot boot my machine past the encryption bootloader because I cannot type in a password.

 

I know encrypted boot (or even VeraCrypt) is not supported by unRAID, so let's put this another way. I have no keyboard at boot so I cannot get into the SeaBIOS BIOS menu by hitting escape or F12 at boot. If that problem is solved, I highly suspect my real problem can be solved. So please don't dismiss this plea for help!

 

Here's what I've tried:

- Deselecting, update, and reselecting + update the VM for the Dell Keyboard from the unRAID GUI.

- Same steps above after changing the Dell Keyboard to a USB 3 port.

- Tried plugging Dell Keyboard directly into the USB 3 hub passthrough, no luck.

- Rolling back to 6.1; this worked but then I'm stuck on 6.1.

- Removing the encryption in 6.1, upgrading to 6.2, and ensuring Windows boots without that bootloader (it does).

- Re-adding the encryption in 6.2 to see if I can get past the bootloader again (I can't, and this is where I am now)

 

So I'm not totally without options:

- Search around for a similar problem/solution for anyone else using KVM / VirtIO / etc or unRAID. I've spent a few hours at this but so far, no luck.

- Post here to see if anyone else has had this problem and/or resolution. This is where I am now.

- Use VNC to hopefully bypass the bootloader once and then remove it. Continue using machine unencrypted.

- Finally, if VNC doesn't work, rollback to 6.1 to remain encrypted. I may do this even if VNC works; having full disk encryption in an audited open-source implementation is of high value to me.

 

My final solution might be to backup everything, nuke the VM and drive, and then recreate/reinstall the Windows 10 VM using OVMF which will likely be able to detect the USB 3 hub and devices plugged in at boot. This wasn't an option before because TrueCrypt/VeraCrypt did not support UEFI boot, but now it does. However, this is the "nuclear" option and would result in the most time & work, and still may not even be a solution in the end.

 

Here's the things I think you might need to help diagnose:

VM XML Before 6.2 Upgrade: http://pastebin.com/raw/piAntJ8t

VM XML After 6.2 Upgrade: http://pastebin.com/raw/xaipiALw

lspci:

login as: root
[email protected]'s password:
Last login: Thu Dec  8 12:04:11 2016 from 192.168.86.222
Linux 4.4.30-unRAID.
root@unRAID:~# lspci
00:00.0 Host bridge: Intel Corporation 4th Gen Core Processor DRAM Controller (rev 06)
00:01.0 PCI bridge: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor PCI Express x16 Controller (rev 06)
00:02.0 VGA compatible controller: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor Integrated Graphics Controller (rev 06)
00:03.0 Audio device: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor HD Audio Controller (rev 06)
00:14.0 USB controller: Intel Corporation 8 Series/C220 Series Chipset Family USB xHCI (rev 04)
00:16.0 Communication controller: Intel Corporation 8 Series/C220 Series Chipset Family MEI Controller #1 (rev 04)
00:1a.0 USB controller: Intel Corporation 8 Series/C220 Series Chipset Family USB EHCI #2 (rev 04)
00:1b.0 Audio device: Intel Corporation 8 Series/C220 Series Chipset High Definition Audio Controller (rev 04)
00:1c.0 PCI bridge: Intel Corporation 8 Series/C220 Series Chipset Family PCI Express Root Port #1 (rev d4)
00:1c.2 PCI bridge: Intel Corporation 8 Series/C220 Series Chipset Family PCI Express Root Port #3 (rev d4)
00:1c.4 PCI bridge: Intel Corporation 8 Series/C220 Series Chipset Family PCI Express Root Port #5 (rev d4)
00:1c.6 PCI bridge: Intel Corporation 8 Series/C220 Series Chipset Family PCI Express Root Port #7 (rev d4)
00:1c.7 PCI bridge: Intel Corporation 8 Series/C220 Series Chipset Family PCI Express Root Port #8 (rev d4)
00:1d.0 USB controller: Intel Corporation 8 Series/C220 Series Chipset Family USB EHCI #1 (rev 04)
00:1f.0 ISA bridge: Intel Corporation Z87 Express LPC Controller (rev 04)
00:1f.2 SATA controller: Intel Corporation 8 Series/C220 Series Chipset Family 6-port SATA Controller 1 [AHCI mode] (rev 04)
00:1f.3 SMBus: Intel Corporation 8 Series/C220 Series Chipset Family SMBus Controller (rev 04)
01:00.0 VGA compatible controller: NVIDIA Corporation GM204 [GeForce GTX 970] (rev a1)
01:00.1 Audio device: NVIDIA Corporation GM204 High Definition Audio Controller (rev a1)
03:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 0c)
04:00.0 SATA controller: Marvell Technology Group Ltd. Device 9215 (rev 11)
05:00.0 USB controller: Renesas Technology Corp. uPD720201 USB 3.0 Host Controller (rev 03)
06:00.0 Network controller: Qualcomm Atheros AR9485 Wireless Network Adapter (rev 01)

lsusb:

login as: root
[email protected]'s password:
Linux 4.4.30-unRAID.
root@unRAID:~# lsusb
Bus 002 Device 002: ID 8087:8000 Intel Corp.
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 8087:8008 Intel Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 002: ID 0781:5583 SanDisk Corp.
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 003: ID 058f:6362 Alcor Micro Corp. Flash Card Reader/Writer
Bus 003 Device 005: ID 413c:2112 Dell Computer Corp.
Bus 003 Device 004: ID 0cf3:e004 Atheros Communications, Inc.
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

 

Specific to each device, I'm passing through USB device 413c:2112 (Dell Keyboard) through the GUI, and passing through 1912:xxxx which is the USB hub, also manually stubbed in syslinux. The drive passthrough has been the /dev/disk/by-id/*SSD* device. All of this was the case before and after 6.2, although 6.2 actually makes some of this stuff visible in the GUI and prior I had to do it manually via XML editing.

 

I see a number of things I could also provide under the Tools menu, but I'm not sure what would be critical for this type of problem. I hope that I've provided enough to solve the problem as I suspect any solution will require a direct edit to the VM XML file related to VM settings and/or devices.

 

Thanks for any help anyone can provide.

 

P.S. Optionally, I'll give 0.1 Bitcoin (about $75 of value today) to the first person who gives me a lead that results in the working solution that:

- doesn't require me to reformat or reinstall Windows 10

- doesn't require me to stay on 6.1

- allows me to continue using VeraCrypt's full-disk encryption

- doesn't require me to purchase additional hardware

- ie. a solution (which may not exist) that requires only a few configuration edits

Link to comment

If you are passing your SSD directly, you don't need to nuke your install to test OVMF, you just need to create another VM and still pass the same SSD.

 

I have 2 Windows 10 VM with complete different emulation type and bios combination that perfectly boot from the same physical SSD, Windows 10 is surely capable of that.

Link to comment

Not an ideal solution, but have you tried https://lime-technology.com/forum/index.php?topic=47240.0? If you have access to the unraid webgui from another device, you should at least be able to live attach a USB keyboard to the VM. After install, the plugin lives at the bottom of the VM page. I use it regularly to reattach a misbehaving wireless keyboard.

 

That's a good lead and I tried it, unfortunately no luck. I tried detaching/reattaching when it was assigned at boot, and tried attaching/detaching/reattaching when it wasn't assigned at boot. The bootloader nor the BIOS seems to still not recognize any keypresses.

 

If you are passing your SSD directly, you don't need to nuke your install to test OVMF, you just need to create another VM and still pass the same SSD.

 

I have 2 Windows 10 VM with complete different emulation type and bios combination that perfectly boot from the same physical SSD, Windows 10 is surely capable of that.

 

I'll give that a try, although if memory serves this caused nothing to display on boot at all. Might try it with VNC enabled instead of video card to see if that makes any difference.

Link to comment

Booting with VNC worked; I was able to type the password and disable the encrypted bootloader from within windows.

 

From there I tried an identical VM but with OVMF with Nvidia passthrough, no luck (no video output to screen). Tried toggling the Hyper-V option to Off, still no dice.

 

Tried switching back the Hyper-V setting to On and using VNC without Nvidia, got video output but it pushes me to the EFI Shell. I booted the Windows disk (fs0:/efi/boot/bootx64.efi) and tried Startup Repair from there. No luck.

 

Moved to the repair Command Prompt. Tried to enter "C:", drive not found. Tried "diskpart" and "list disk", but no disks found.

 

Tried booting to the UEFI menu to see any boot devices listed; I only saw the EFI Shell and the Windows disk. And then there's some BLK devices but I couldn't "ls" or "dir" from within them.

 

Then I had a genius idea: The repair command prompt can't see the boot drive because it doesn't have viostor drivers installed. So I followed this tutorial for the most part, using "drvload" command: https://eastbaytechservice.com/loading-kvmvirtio-storage-drivers-windows-server-2012-recovery/

 

Sure enough, now I could access C:. I backed out of the command prompt and tried startup repair, but no luck. Explored C: but found no EFI directory. Figured out F: was the actual main disk partition for my Windows install. Went to F:\Windows and used "bootrec /fixboot". Rebooted the VM. No luck.

 

Booted to repair again, moved to command line, used drvload on viostor drivers.  Tried "bootrec /rebuildbcd". It found F:\Windows, asked me to add it to boot list, and upon confirmation it says "The requested system device cannot be found."

 

So from here I tried "bootrec /fixboot", and then "bcdboot F:\Windows /l en-us /s C: /f ALL" with F being the drive containing my old files and C being the EFI partition (apparently). Then a reboot.

 

No dice, still pushes me to EFI Shell. At this point I believe it's an issue with the bootloader not having what it needs to "see" or "load" the boot partition and/or windows partition (eg virtio drivers?) so...

 

At this point I'm giving up on converting to OVMF outside of doing a backup and fresh install. I'm worried switching back to the SeaBIOS VM would be broken, but it still boots fine! Phew.

 

So my next trick is trying to have VNC *and* Nvidia passthrough co-exist. It seems to get past the bootloader just fine with VNC as the primary display (so if encrypted, I'd use VNC to type in the password without issue as before when I removed the bootloader). However, in Windows the video card isn't outputting. Checking device manager shows the GTX 970 being passed through, but with an error "Windows has stopped this device because it has reported problems. (Code 43)". So I try to reinstall Nvidia drivers (fresh), still Code 43. Try toggling the Hyper-V option to "Yes". Still boots with VNC but Nvidia card reports Code 43.

 

At this point I give up and go back to raw Nvidia passthrough with no VNC and no fancy encrypted bootloader. After a few bootloops, automatic driver updates, and reinstalling the Nvidia drivers things appear back to normal.

 

The 0.1 Bitcoin bounty stands if anyone else has any ideas that would allow me to use my keyboard to get to the BIOS menu at boot (and thus be able to enter a bootloader password). I also am open to any suggestions to convert my Windows 10 VM to OVMF/UEFI from its current setup, but I feel like I've tried just about everything per above.

 

I'll probably give up in a few days, back up the machine, and do a fresh W10 install on a nuked drive with OVMF. I suspect the UEFI encrypted bootloader won't have too much trouble recognizing a keyboard. Bummer.

Link to comment

Try setting the USB controller to USB3/XHCI.  If you can't do through the wizard I think the model in the XML would be nec-xhci instead of ich9-ehci / ich9-uhci.

 

I think I have had similar issues with USB devices not being available at boot, either this helped me or it was the other way around and setting to USB2 which you already have.

Link to comment
  • 2 weeks later...

Try setting the USB controller to USB3/XHCI.  If you can't do through the wizard I think the model in the XML would be nec-xhci instead of ich9-ehci / ich9-uhci.

 

I think I have had similar issues with USB devices not being available at boot, either this helped me or it was the other way around and setting to USB2 which you already have.

You beautiful human being! I just started working on this again (after preparing for a wipe) and yours was the last ditch change I attempted (switching to USB Mode: 3.0 (XHCI)). My Dell keyboard now works at the password bootloader! I can stay encrypted and not have to change SeaBIOS/re-create the VM/stay on 6.1.

 

The 0.1 Bitcoin bounty is yours if you want (now worth closer to $80), just post a Bitcoin address via PM to me or on this post.

 

Cheers!

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.