Resume Time from [deep] Sleep vt-d on vs. off

Framework Laptop Linux
#1

Hello all,
since i am fiddling around with my framework laptop for better battery life, i found that with my current configuration there is a significant improvement in resume time form deep sleep if i switch off vt-d in Bios.

With vt-d enabled it takes ~10s pressing the powerbutton until the lockscreen is up.
With vt-d disabled it takes ~2s.

The Security Tab in Gnome Settings shows IOMMU-Protection not found if i disable it. Is this a serious Problem?

My Configuration:

diy framework 11th gen i5
32GB RAM (2x 16GB)
Bios 3.17 beta

Fedora 37
kernel 6.1.6-200.fc37.x86_64

Greetings Max

PS: sorry for my bad english

#2

Leave vt-d on, it is necessary for virtualization to work properly. 8 secs isn’t much of a cost.

1 Like
#3

Hello GhostLegion,
thank you for your answer.
In my understanding VT-d is only necessary for PCI passtrough:
https://en.wikipedia.org/wiki/X86_virtualization#I/O_MMU_virtualization_(AMD-Vi_and_Intel_VT-d)
My Windows 10 VM in Gnome Boxes runs well without VT-d enabled in BIOS.

Greetings Max

#4

Virtualization is used in more than just VM’s

All 4 ports on your laptop are Thunderbolt and thus expose a PCIe connection and are vulnerable to DMA attacks.

A good analogy would be that it is quicker to enter a house that is unlocked. You see quicker boot up times. It is also easier for bad actors.

I’m sure there are other reasons to leave it enabled that I am either not remembering or am unaware of. Either way, my advice stands, you should leave it enabled so that virtualization works properly.

#5

Hi again,

thanks for this point. That’s the answer to my question in the first post if it is a serious security issue for the system.
Am i right that the “long” resume is hitting all tb4 equipped systems?

Greetings Max

#6

@Max_D I can’t imagine why it wouldn’t. The quickest resume times will likely be found by enabling S2idle over S3 sleep.

#7

Just following this conversation, @GhostLegion is addressing the question.