Is there a way to get Qubes OS working in KVM, it freezes short after into boot.
I tried to boot into new kernel but result is still the same.
Asked
Active
Viewed 1,906 times
2 Answers
1
This subject is discussed in the Support post Trouble running Qubes on KVM/QEMU, where it got a negative answer :
I tried running Qubes on KVM/QEMU, but it didn’t work. Is it even possible to do that? I just want to test the OS without reformatting the whole computer.
The answer was a quote from the Qubes OS Installation Guide :
Note: Qubes OS is not meant to be installed inside a virtual machine as a guest hypervisor. In other words, nested virtualization is not supported. In order for a strict compartmentalization to be enforced, Qubes OS needs to be able to manage the hardware directly.
The final advice was :
Your options are:
- Install on another (external) drive
- Bear in mind that if your external drive is a USB drive, you won’t be able to take advantage of USB passthrough. Qubes OS will implode if you do that. (No, this is not a Qubes OS vulnerability, as Qubes OS is not designed to run this way. It’s the equivalent of removing the internal boot drive once the machine has already booted.)
- Get a cheap computer to try it on
- Make sure that it’s a 64-bit X86 CPU that has VT-x and VT-d in its instruction set, otherwise it won’t boot.
An option that wasn't discussed is to install Qubes OS to a separate partition on the hard disk in dual-boot, but you might there be taking risks with your current installation.
harrymc
- 498,455
1
While not recommended and not officially supported, it is technically possible. If you know what you're doing, don't mind the performance penalty that comes with emulation, and want to ignore all the warnings others give you, here is how to do it:
TLDR: you need to emulate VT-d aka iommu
First, make sure that your host supports nested virtualization.
If using libvirt, create a VM (you can use the fedora template as that's what dom0 runs on), make sure you're using the Q35 chipset (others don't support iommu), edit the XML, and add:
<iommu model="intel">
<driver intremap="on" caching_mode="on" iotlb="on"/>
</iommu>
to the <devices></devices> section and
<ioapic driver="qemu"/>
into the <features></features> section
If using qemu directly, add
-machine q35,accel=kvm,kernel-irqchip=split -device intel-iommu,intremap=on,caching-mode=on,device-iotlb=on
to the command line
I would also recommend using cpu mode="host-passthrough" check="none" migratable="on"/> (libvirt) or -cpu host (qemu) to make sure all the virtualization extensions are turned on in the gues
docs:
https://wiki.qemu.org/Features/VT-d
https://libvirt.org/formatdomain.html#iommu-devices
nezu
- 111
- 4