Intel IBT was disabled in your grub configuration to prevent an issue with NVIDIA graphics cards

Issues & Assistance
1

Hey,

I updated my garuda linux with sudo garuda-update and for the first time ever I got this message at the end. Tried to google it, but did not find any match with it.

Intel IBT was disabled in your grub configuration to prevent an issue with NVIDIA graphics cards.

image
image798×83 17.2 KB

What does it mean for me?

garuda-inxi

System:
Kernel: 5.17.9-zen1-1-zen arch: x86_64 bits: 64 compiler: gcc v: 12.1.0
parameters: BOOT_IMAGE=/@/boot/vmlinuz-linux-zen
root=UUID=6caa828b-1fe1-438c-b753-ec4d6173e158 rw rootflags=subvol=@
rd.udev.log_priority=3 vt.global_cursor_default=0
resume=UUID=55204ea6-05d6-4401-b78d-0fc6406bcba3 loglevel=3
Desktop: KDE Plasma v: 5.24.5 tk: Qt v: 5.15.4 info: latte-dock
wm: kwin_x11 vt: 1 dm: SDDM Distro: Garuda Linux base: Arch Linux
Machine:
Type: Laptop System: Dell product: XPS 15 7590 v: N/A
serial: <superuser required> Chassis: type: 10 serial: <superuser required>
Mobo: Dell model: 0T8KGX v: A00 serial: <superuser required> UEFI: Dell
v: 1.5.0 date: 12/25/2019
Battery:
ID-1: BAT0 charge: 75.9 Wh (96.1%) condition: 79.0/97.0 Wh (81.4%)
volts: 13.3 min: 11.4 model: SMP DELL GPM0365 type: Li-ion serial: <filter>
status: charging
Device-1: hidpp_battery_0 model: Logitech Wireless Mouse MX Master 3
serial: <filter> charge: 100% (should be ignored) rechargeable: yes
status: discharging
CPU:
Info: model: Intel Core i9-9980HK bits: 64 type: MT MCP arch: Coffee Lake
family: 6 model-id: 0x9E (158) stepping: 0xD (13) microcode: 0xF0
Topology: cpus: 1x cores: 8 tpc: 2 threads: 16 smt: enabled cache:
L1: 512 KiB desc: d-8x32 KiB; i-8x32 KiB L2: 2 MiB desc: 8x256 KiB
L3: 16 MiB desc: 1x16 MiB
Speed (MHz): avg: 2390 high: 2400 min/max: 800/5000 scaling:
driver: intel_pstate governor: performance cores: 1: 2266 2: 2400 3: 2400
4: 2400 5: 2400 6: 2400 7: 2400 8: 2400 9: 2400 10: 2400 11: 2400
12: 2400 13: 2400 14: 2380 15: 2400 16: 2400 bogomips: 76800
Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx
Vulnerabilities:
Type: itlb_multihit status: KVM: VMX disabled
Type: l1tf status: Not affected
Type: mds status: Not affected
Type: meltdown status: Not affected
Type: spec_store_bypass
mitigation: Speculative Store Bypass disabled via prctl
Type: spectre_v1
mitigation: usercopy/swapgs barriers and __user pointer sanitization
Type: spectre_v2
mitigation: Enhanced IBRS, IBPB: conditional, RSB filling
Type: srbds mitigation: TSX disabled
Type: tsx_async_abort mitigation: TSX disabled
Graphics:
Device-1: Intel CoffeeLake-H GT2 [UHD Graphics 630] vendor: Dell
driver: i915 v: kernel ports: active: eDP-1 empty: DP-1,DP-2,DP-3
bus-ID: 00:02.0 chip-ID: 8086:3e9b class-ID: 0300
Device-2: NVIDIA TU117M [GeForce GTX 1650 Mobile / Max-Q] vendor: Dell
driver: nvidia v: 515.43.04 alternate: nouveau,nvidia_drm non-free: 515.xx+
status: current (as of 2022-05) arch: Turing pcie: gen: 3 speed: 8 GT/s
lanes: 16 bus-ID: 01:00.0 chip-ID: 10de:1f91 class-ID: 0302
Device-3: Microdia Integrated_Webcam_HD type: USB driver: uvcvideo
bus-ID: 1-12:4 chip-ID: 0c45:6723 class-ID: 0e02
Display: x11 server: X.Org v: 21.1.3 with: Xwayland v: 22.1.2
compositor: kwin_x11 driver: X: loaded: modesetting,nvidia gpu: i915
display-ID: :0 screens: 1
Screen-1: 0 s-res: 1920x1080 s-dpi: 96 s-size: 507x285mm (19.96x11.22")
s-diag: 582mm (22.9")
Monitor-1: eDP-1 model: Samsung 0xa029 built: 2019 res: 1920x1080
dpi: 142 gamma: 1.2 size: 344x194mm (13.54x7.64") diag: 395mm (15.5")
ratio: 16:9 modes: 3840x2160
OpenGL: renderer: Mesa Intel UHD Graphics 630 (CFL GT2)
v: 4.6 Mesa 22.1.1 direct render: Yes
Audio:
Device-1: Intel Cannon Lake PCH cAVS vendor: Dell driver: snd_hda_intel
v: kernel alternate: snd_soc_skl,snd_sof_pci_intel_cnl bus-ID: 00:1f.3
chip-ID: 8086:a348 class-ID: 0403
Sound Server-1: ALSA v: k5.17.9-zen1-1-zen running: yes
Sound Server-2: PulseAudio v: 16.0 running: no
Sound Server-3: PipeWire v: 0.3.51 running: yes
Network:
Device-1: Intel Wi-Fi 6 AX200 vendor: Rivet Networks Killer™
driver: iwlwifi v: kernel pcie: gen: 2 speed: 5 GT/s lanes: 1
bus-ID: 3b:00.0 chip-ID: 8086:2723 class-ID: 0280
IF: wlp59s0 state: up mac: <filter>
IF-ID-1: anbox0 state: down mac: <filter>
IF-ID-2: wgpia0 state: unknown speed: N/A duplex: N/A mac: N/A
Bluetooth:
Device-1: Intel AX200 Bluetooth type: USB driver: btusb v: 0.8
bus-ID: 1-4:2 chip-ID: 8087:0029 class-ID: e001
Report: bt-adapter ID: hci0 rfk-id: 0 state: up address: <filter>
Drives:
Local Storage: total: 953.87 GiB used: 239.16 GiB (25.1%)
SMART Message: Unable to run smartctl. Root privileges required.
ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: A-Data model: SX8200PNP
size: 953.87 GiB block-size: physical: 512 B logical: 512 B
speed: 31.6 Gb/s lanes: 4 type: SSD serial: <filter> rev: 42AZS6AC
temp: 33.9 C scheme: GPT
Partition:
ID-1: / raw-size: 921.53 GiB size: 921.53 GiB (100.00%)
used: 239.16 GiB (26.0%) fs: btrfs dev: /dev/nvme0n1p3 maj-min: 259:3
ID-2: /boot/efi raw-size: 351 MiB size: 350.3 MiB (99.80%)
used: 576 KiB (0.2%) fs: vfat dev: /dev/nvme0n1p1 maj-min: 259:1
ID-3: /home raw-size: 921.53 GiB size: 921.53 GiB (100.00%)
used: 239.16 GiB (26.0%) fs: btrfs dev: /dev/nvme0n1p3 maj-min: 259:3
ID-4: /var/log raw-size: 921.53 GiB size: 921.53 GiB (100.00%)
used: 239.16 GiB (26.0%) fs: btrfs dev: /dev/nvme0n1p3 maj-min: 259:3
ID-5: /var/tmp raw-size: 921.53 GiB size: 921.53 GiB (100.00%)
used: 239.16 GiB (26.0%) fs: btrfs dev: /dev/nvme0n1p3 maj-min: 259:3
Swap:
Kernel: swappiness: 133 (default 60) cache-pressure: 100 (default)
ID-1: swap-1 type: zram size: 15.26 GiB used: 65.8 MiB (0.4%)
priority: 100 dev: /dev/zram0
ID-2: swap-2 type: partition size: 32 GiB used: 0 KiB (0.0%) priority: -2
dev: /dev/nvme0n1p2 maj-min: 259:2
Sensors:
System Temperatures: cpu: 57.0 C pch: 48.0 C mobo: N/A
Fan Speeds (RPM): cpu: 2410 fan-2: 2413
Info:
Processes: 432 Uptime: 30m wakeups: 1098 Memory: 15.26 GiB
used: 6.88 GiB (45.1%) Init: systemd v: 251 tool: systemctl Compilers:
gcc: 12.1.0 clang: 13.0.1 Packages: 1892 pacman: 1876 lib: 346 snap: 16
Shell: fish v: 3.4.1 default: Bash v: 5.1.16 running-in: konsole
inxi: 3.3.16
Garuda (2.6.3-2):
System install date:     2022-02-23
Last full system update: 2022-06-07 ↻
Is partially upgraded:   No
Relevant software:       NetworkManager
Windows dual boot:       Probably (Run as root to verify)
Snapshots:               Snapper
Failed units:            systemd-networkd-wait-online.service
2

Comes from this
https://gitlab.com/garuda-linux/packages/stable-pkgbuilds/garuda-migrations/-/commit/901db0d484b2f6e412f690edd5a3328149fb6cf0
Due to this

5 Likes
3

Its off :slight_smile:

1 Like
4

I meant functionally :smiley:

5

https://edc.intel.com/content/www/us/en/design/ipla/software-development-platforms/client/platforms/alder-lake-desktop/12th-generation-intel-core-processors-datasheet-volume-1-of-2/006/indirect-branch-tracking/
I read many times ibt=Intel Bridge Technology but this is something different.
The link above comes from the nVidia bug report

2 Likes
6

The ibt=off kernel parameter turns off the new Indirect Branch Tracking security feature that was added to kernel 5.18.

It's a new hardware security feature that works on Intel 11th gen and newer processors to prevent certain types of attacks. Most of these already have software mitigations added to the kernels of various OSes, so this is simply moving some of that mitigation into newer hardware.

Unfortunately it was discovered that Nvidia's latest GPU driver triggers this security measure, so for the time being it is being disabled so that the Nvidia driver will continue to work. Hopefully it gets fixed soon and can be re-enabled in the future.

Essentially, it just disables a new hardware-based security measure for newer CPUs but doesn't make the system any less safe than pre-5.18 kernels (as I stated, there are already software mitigations in place).

7 Likes
7

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.