[qubes-users] Re: SUCCESS: GPU passthrough on Qubes 3.1 (Xen 4.6.1) / Radeon 6950 / Win 7 & Win 8.1 (TUTORIAL + HCL)
On Wednesday, June 22, 2016 at 8:26:50 AM UTC-7, Marcus at WetwareLabs wrote: > Hello all, > > I've been tinkering with GPU passthrough these couple of weeks and I thought > I should now share some of my findings. It's not so much unlike the earlier > report on GPU passthrough here > (https://groups.google.com/forum/#!searchin/qubes-users/passthrough/qubes-users/cmPRMOkxkdA/gIV68O0-CQAJ). > > I started with Nvidia GTX 980, but I had no luck with ANY of the Xen > hypervisors or Qubes versions. Please see my other thread for more > information > (https://groups.google.com/forum/#!searchin/qubes-users/passthrough/qubes-users/PuZLWxhTgM0/pWe7LXI-AgAJ). > > However after I switched to Radeon 6950, I've had success with all the Xen > versions. So I guess it's a thing with Nvidia driver initialization. On a > side note, someone should really test this with Nvidia Quadros that are > officially supported to be used in VMs. (And of course, there are the hacks > to convert older Geforces to Quadros..) > > Anyway, here's a quick and most likely incomplete list (for most users) for > getting GPU passthrough working on Win 8.1 VM. (works identically on Win7) > > Enclosed are the VM configuration file and HCL file for information about my > hardware setup (feel free to add this to HW compatibility list!) > > TUTORIAL > > Check which PCI addresses correspond to your GPU (and optionally, USB host) > with lspci.Here's mine: > ... > > > # lspci > > 03:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] > Cayman XT [Radeon HD 6970] > 03:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Cayman/Antilles > HDMI Audio [Radeon HD 6900 Series] > Note that you have to pass both of these devices if you have similar GPU with > dual functionality. > > Edit /etc/default/grub and add following options (change the pci address if > needed): > > GRUB_CMDLINE_LINUX=" rd.qubes.hide_pci=03:00.0,03:00.1 > modprobe=xen-pciback.passthrough=1 xen-pciback.permissive" > GRUB_CMDLINE_XEN_DEFAULT="... dom0_mem=min:1024M dom0_mem=max:4096M" > > For extra logging: > > > GRUB_CMDLINE_XEN_DEFAULT="... apic_verbosity=debug loglvl=all > guest_loglvl=all iommu=verbose" > > There are many other options available, but I didn't see any difference in > success rate. See here: > http://xenbits.xen.org/docs/unstable/misc/xen-command-line.html > http://wiki.xenproject.org/wiki/Xen_PCI_Passthrough > http://wiki.xenproject.org/wiki/XenVGAPassthrough > > Update grub: > > # grub2-mkconfig -o /boot/grub2/grub.cfg > Reboot. Check that VT-t is enabled: > > # xl dmesg > ... > (XEN) Intel VT-d iommu 0 supported page sizes: 4kB, 2MB, 1GB. > (XEN) Intel VT-d iommu 1 supported page sizes: 4kB, 2MB, 1GB. > (XEN) Intel VT-d Snoop Control not enabled. > (XEN) Intel VT-d Dom0 DMA Passthrough not enabled. > (XEN) Intel VT-d Queued Invalidation enabled. > (XEN) Intel VT-d Interrupt Remapping enabled. > (XEN) Intel VT-d Shared EPT tables enabled. > (XEN) I/O virtualisation enabled > (XEN) - Dom0 mode: Relaxed > Check that pci devices are available to be passed: > > # xl pci-assignable list > :03:00.0 > :03:00.1 > Create disk images: > > # dd if=/dev/zero of=win8.img bs=1M count=3 > # dd if=/dev/zero of=win8-user.img bs=1M count=3 > Install VNC server into Dom0 > > # qubes-dom0-update vnc > Modify the win8.hvm: Check that the disk images and Windows installation > CDROM image are correct, and that the IP address does not conflict with any > other VM (I haven't figured out yet how to set up dhcp) Check that 'pci = [ > ]' is commented for nowStart the VM ( -V option runs automatically VNC > client) > > # xl create win8.hvm -V > > If you happen to close the client (but VM is still running), start it again > with > > > # xl vncviewer win8 > Note that I had success starting the VM only as root. Also killing the VM > with 'xl destroy win8' would leave the qemu process lingering if not done as > root (if that occurs, you have to kill that process manually) > Install WindowsPartition the user image using 'Disk Manager'Download signed > paravirtualized drivers here (Qubes PV drivers work only in Win > 7):http://apt.univention.de/download/addons/gplpv-drivers/gplpv_Vista2008x64_signed_0.11.0.373.msi > Don't mind the name, it works on Win 8.1 as well. > For more info: > http://wiki.univention.com/index.php?title=Installing-signed-GPLPV-drivers > > Move the drivers inside user image partition (shut down VM first): > > # losetup (Check for free loop device) > # losetup -P /dev/loop10 win8-user.img (Setup loop device and scan > partition. Assuming loop10 is free) > # mount /dev/loop10p1 /mnt/removable ( Mount the first partition )- copy the > driver there and unmount. > > Reboot VM, install paravirtual drivers and reboot againCreate this script > inside sys-firewall (check that the sys-net vm ip address 10.137.1.1 is > correct though): > > fwcfg.sh: > #!/bin/bash >
[qubes-users] Do you use Qubes OS as your main OS on primary PC? What kind of work do you get done on it?
Without support for hardware acceleration of virtual machines, plus needing specific hardware compatible with Qubes OS, what kinds of work do you get done if Qubes is your main OS on primary PC? I want to run Davinci Resolve, which is a video editor that runs on Linux, but it takes advantage of the discrete GPU, and it seems Qubes does not support hardware acceleration nor virtual machines. So, I'm curious, for those who use Qubes, what actual work do you get done? I've also tried playing youtube videos but found audio out of sync and I could not resize or maximize the playback window. I may have tried the second to latest version released so maybe things have changed or will change in 4.x? Not being able to run VMs, Davinci Resolve, or youtube are making me have to look at other options like OS X, Windows 10, and Linux. I was leaning towards OS X but enabling case sensitivity for the file system can break certain apps like those from Adobe, or cause other problems.. And I prefer linux/unix like command-lines to DOS, so kind of leaning away from Windows 10. That leaves Linux distros like Debian, Mint, e bv But I'm wondering how secure it will be compared to Qubes? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e6383ea1-5152-4995-addd-36891420db58%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] DaVinci Resolve 14 - Possible to run in a Windows VM on Qubes OS?
I'd really like to use Qubes. The last time I tried it was on an Ultrabook and the install and setup was straightforward and painless. However, when I tried to view a YouTube video in a browser window, I noticed the video playback wasn't perfectly smooth and there was NO AUDIO. I'd like to revisit Qubes OS and see if it's feasible to use as my primary OS again, but this time I'd like to know if DaVinci Resolve 14 (there are Windows, Mac, and Linux versions) can be installed either to run under Linux or under a Windows VM. People have gotten Resolve 14 to install and run under CentOS, Debian, Ubuntu, and other distributions. I'd need audio to work. If I could get youtube working with no performance or audio issues and DaVinci Resolve working on Qubes, I would gladly move to it full time. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/79f7a40d-6c03-40ac-9477-31ec666a0a70%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Newbie Qubes questions.. please help!
On Thursday, September 8, 2016 at 1:19:09 AM UTC-7, Connor Page wrote: > Think of Whonix as a possible compartment of your digital life that gives > more anonymity online. It would be more or less securely separated from other > compartments. In order to save space and admin effort common parts of these > compartments (i.e., the root filesystem, kernels, modules) are made as > templates. Templates cannot be persistently modified by a running vm based on > that template. this is quite different from plain virtualbox machines. > moreover, the type of virtualisation of Linux-based vms is different for the > time being. > you can compile your own kernel for dom0 but then you're on your own. there > is a good reason to stick to LTS version though. > no boot partition won't stop from decrypting and mounting a LUKS partition > from any live DVD/ISO if the passphrase is known. wrong LUKS header may > actually help (if you carry the correct one on a USB stick) but that is a > very dangerous route. Just so I make sure I understand: simply doing full drive encryption and having a separate usb thumb drive for holding the /boot partition and GRUB won't really give you another layer of protection, it just makes it less convenient for intruders to get to your encrypted drive pw prompt, since they can use a rescue disc to boot and get to the same pw prompt? So encrypting and pw protecting your USB thumb drive would be a waste of time, since intruders don't really need that /boot partition and GRUB at all to access your main encrypted system drive. However, if you also copy luks header on USB drive, then it would add a true 2-factor authentication provided you encrypt & pw protect the USB drive that has the luks header on it? But this is dangerous because you could lose it and never be able to recover your data, or are there other reasons? Also, in regards to compiling own kernel for dom0 or sticking to LTS version, what do I do if I have a Radeon RX480 video card and want to use it w/ Qubes but it seems the driver/kernel support is in 4.7.x? Thanks! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6a891b02-fc15-4f2c-80de-4ebd192754a0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Newbie Qubes questions.. please help!
Hi, I could use some clarification on the below: 1. Is Qubes an actual OS/distro, or do you still have to pick a distro? I think it's based on Fedora, right? But you can have templates that use other OSes? 2. Is Whonix basically an add-on to Qubes that allows more anonymity online? Or is it a separate distro based on Qubes with a privacy focus? 3. Has anyone setup two-factor authentication on their Qubes setup using luks/dmcrypt for full drive encryption (for all partitions aside from /boot and GRUB boot manager), then putting /boot and GRUB on a USB stick that is also encrypted and requires its own password? If so, how can one implement this on Qubes? I have successfully setup on Debian before luks/dmcrypt full drive encryption on the system drive which has all partitions but /boot, and then put /boot and GRUB on a USB stick and it worked fine. I'm able to get prompted for my decryption password for the main drive upon boot. But as I understand it, this is not truly 2-factor authentication and anyone could reproduce a similar USB boot drive with any rescue disk to get to the main drive's password prompt? Thanks in advance. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/db6a03e0-7072-424e-a1ae-64e59c209fc2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
