Coding out of the Box
virtualization
I’m trying to use virgil OpenGL acceleration on ubuntu 20.04.2 both host and guest, but I get only 1/4 of the screen no matter what I do:
It’s an intel i7 11th gen, Iris Xe GPU (Dell XPS 13)
UPDATE: as pointed out below, the problem is with scaling. How can I make this work with scaling on?
I’m trying to emulate Raspberry Pi 3 B in QEMU and I was able to successfully boot the oldest OS release from here:
https://downloads.raspberrypi.org/raspios_lite_arm64/images/raspios_lite_arm64-2020-08-24/2020-08-20-raspios-buster-arm64-lite.zip
I used the following sequence of commands (on MacOS host) to obtain the kernel and dtb files:
wget "${URL}"
FILENAME=$(basename $URL)
NAME=$(basename $URL .zip)
unzip $FILENAME
rm -f $FILENAME
hdiutil mount "${NAME}.img" -mountpoint "/Volumes/${NAME}"
mkdir $NAME
# Copy kernel files
cp -r /Volumes/$NAME/kernel*.img ./$NAME/
# Copy dtb files
cp -r /Volumes/$NAME/*.dtb ./$NAME/
hdiutil unmount "/Volumes/${NAME}"
qemu-img convert -f raw -O qcow2 "${NAME}.img" "${NAME}.qcow"
# resize the image so it can be used as SD card
qemu-img resize -f qcow2 "${NAME}.qcow" 2G
and then the following command to launch the VM in QEMU:
NAME="2020-08-20-raspios-buster-arm64-lite"
qemu-system-aarch64
-M raspi3
-append "rw earlyprintk loglevel=8 console=ttyAMA0,115200 dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootdelay=1"
-dtb ./$NAME/bcm2710-rpi-3-b.dtb
-drive id=card0,if=none,format=qcow2,index=0,file=./$NAME.qcow
-device sd-card,drive=card0
-kernel ./$NAME/kernel8.img
-m 1G
-smp 4
-serial stdio
-usb
-device usb-mouse
-device usb-kbd
This works with the above release, but not the two later releases downloadable from here:
Instead of successful boot I get just a black QEMU window and no output in the terminal.
Is there any way I can debug this to understand the differences between these OS releases and why the two don’t work?
I’ve been trying all day to have this (v100) GPU working on a new ubuntu VM. I tried installing the drivers and rebooting and also purging/uninstalling everything to do with nvidia but none of these things seem to work.
In particular I ran this specifically:
apt update;
apt install build-essential;
sudo add-apt-repository ppa:graphics-drivers
sudo apt install ubuntu-drivers-common
ubuntu-drivers devices
sudo apt-get install nvidia-driver-460
sudo reboot now
Then sometimes it seems that nvidia-smi is working (as of the writing of this question it wasn’t so I wasn’t able to copy paste what is said when it works) but when it doesn’t work it says this:
(synthesis) miranda9@miranda9:~$ nvidia-smi
Unable to determine the device handle for GPU 0000:00:06.0: Unknown Error
any help is appreciated.
Note I also do not have access to the VMs vmx file so this question and answers are useless/meaningless to me: https://forums.developer.nvidia.com/t/nvidia-smi-reports-unable-to-determine-the-device-handle-for-gpu/46835
In addition I have tried to uninstall everything from nivida and re-install it with:
sudo apt-get --purge remove "*nvidia*"
sudo /usr/bin/nvidia-uninstall
then
apt update;
apt install build-essential;
sudo add-apt-repository ppa:graphics-drivers
sudo apt install ubuntu-drivers-common
ubuntu-drivers devices
sudo apt-get install nvidia-driver-460
sudo reboot now
but that doesnt seem to work
More info in case it helps:
(synthesis) miranda9@miranda9:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.2 LTS
Release: 20.04
Codename: focal
also:
(synthesis) miranda9@miranda9:~$ python
Python 3.9.5 (default, Jun 4 2021, 12:28:51)
[GCC 7.5.0] :: Anaconda, Inc. on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import torch
>>> torch.cuda.is_available()
/home/miranda9/miniconda3/envs/synthesis/lib/python3.9/site-packages/torch/cuda/__init__.py:52: UserWarning: CUDA initialization: Unexpected error from cudaGetDeviceCount(). Did you run some cuda functions before calling NumCudaDevices() that might have already set an error? Error 101: invalid device ordinal (Triggered internally at /opt/conda/conda-bld/pytorch_1623448238472/work/c10/cuda/CUDAFunctions.cpp:115.)
return torch._C._cuda_getDeviceCount() > 0
False
As requested by comment:
# lspci
00:00.0 Host bridge: Intel Corporation 440FX - 82441FX PMC [Natoma] (rev 02)
00:01.0 ISA bridge: Intel Corporation 82371SB PIIX3 ISA [Natoma/Triton II]
00:01.1 IDE interface: Intel Corporation 82371SB PIIX3 IDE [Natoma/Triton II]
00:01.2 USB controller: Intel Corporation 82371SB PIIX3 USB [Natoma/Triton II] (rev 01)
00:01.3 Bridge: Intel Corporation 82371AB/EB/MB PIIX4 ACPI (rev 01)
00:02.0 VGA compatible controller: Cirrus Logic GD 5446
00:03.0 SCSI storage controller: XenSource, Inc. Xen Platform Device (rev 01)
00:05.0 System peripheral: XenSource, Inc. Citrix XenServer PCI Device for Windows Update (rev 01)
00:06.0 3D controller: NVIDIA Corporation GV100GL [Tesla V100 PCIe 16GB] (rev a1)
another vm:
$ lspci
00:00.0 Host bridge: Intel Corporation 440FX - 82441FX PMC [Natoma] (rev 02)
00:01.0 ISA bridge: Intel Corporation 82371SB PIIX3 ISA [Natoma/Triton II]
00:01.1 IDE interface: Intel Corporation 82371SB PIIX3 IDE [Natoma/Triton II]
00:01.2 USB controller: Intel Corporation 82371SB PIIX3 USB [Natoma/Triton II] (rev 01)
00:01.3 Bridge: Intel Corporation 82371AB/EB/MB PIIX4 ACPI (rev 01)
00:02.0 VGA compatible controller: Cirrus Logic GD 5446
00:03.0 SCSI storage controller: XenSource, Inc. Xen Platform Device (rev 01)
00:05.0 System peripheral: XenSource, Inc. Citrix XenServer PCI Device for Windows Update (rev 01)
00:06.0 3D controller: NVIDIA Corporation GV100GL [Tesla V100 PCIe 16GB] (rev a1)
Resources I’ve search for help:
I installed xen on ubuntu following this question. Now, when I boot ubuntu 18.04, it takes ages and it says in the beginning:
Loading Xen 4.9-amd64 ...
WARNING: no console will be available to OS
Loading Linux 4.15.0-144-generic ...
Loading initial ramdisk ...
How can I stop Xen from loading and delete it altogether. In short how do I get back my old OS or What did Xen destroy in my system settings?
When I installed Xen also messed with /etc/network/interfaces, which now looks like this:
# interfaces(5) file used by ifup(8) and ifdown(8)
# The loopback network interface
auto lo eth0
iface lo inet loopback
# The primary network interface
iface eth0 inet dhcp
Maybe that could be the cause?
Currently on Ubuntu 20.04 both as host and guest, I followed http://ryan.himmelwright.net/post/virtio-3d-vms/ and activated 3D acceleration on video, and OpenGL on dsplay, but on VM launch I get
SPICE GL support is local only for now and incompatible with -spice port/tls-port
How can I make it work?
UPDATE:
I disabled Listen Type to None
like this
but I get a very glitchy image:
I am trying to run a Linux kernel based VM image (1) using QEMU on Windows 10 host. I have installed QEMU from https://qemu.weilnetz.de/w64/qemu-w64-setup-20190815.exe and SPICE client from https://virt-manager.org/download/sources/virt-viewer/virt-viewer-x64-8.0.msi .
I noticed that
qemu-system-x86_64 -vga help
does not list qxl as one of the available options.
Also,
qemu-system-x86_64 -chardev help
does not list spicevmc either.
Therefore, I assume I am either missing some drivers and libraries, or they exist, but somehow qemu binary on Windows is not aware of them.
Can anyone enlighten me how to run the VM using SPICE and have the QXL driver available? I might be missing something obvious, since I haven’t been using MS products for anything serious until I was recently forced to.
(1) The image is based on https://ftp.gnu.org/gnu/guix/guix-system-vm-image-1.0.1.x86_64-linux.xz .
I am running Windows 10 20H2 on a HP EliteBook G4.
I cannot run VMs attached to a virtual switch.
I expect that I can run VMs connected to virtual switches.
In total I already spent about 20h also involving people from IT on this problem researching and trying various commands, following various websites. It is a problem I have not found so far (or still missed?). I hope to find someone that had the exact same problem and can remember the solution.
I think these are the relevant ones:
I’m runing ubuntu 20.04 on the host and Ubuntu 20.10 on two VMs. I always let them open and running. Sometimes, after waking the laptop from sleep, one of them has the screen locked (they both are configured to never lock screen/sleep). Then I put the password and unlock it, the screen gets black and I have to force reset the VM for it to work again.
It’s annoying because I then have to reopen everything I was working on.
What can I do to solve this problem? It’s not always that it happens and not on both VMs at the same time.
I use virt-manager for the virtualization
A cloud operator such as Google can take a snapshot of a normal VM. This includes CPU state, RAM and disk. This can then be copied to another physical and resumed there. Or it can be analyzed off-line, and any cryptokeys in memory or in the CPU state can be extracted.
This means that if you do not trust your cloud VM provider (maybe your cloud VM provider is owned by your worst competitor), you should not process confidential data on those VMs.
https://cloud.google.com/confidential-computing seems to use AMD’s Secure Encrypted Virtualization which includes hardware RAM encryption: https://developer.amd.com/sev/
If the RAM is encrypted, it will make it harder to use attacks like https://rambleed.com/
But will it also protect against Google?
It seems the RAM is encrypted with a key, that lives in the CPU. But is this key included when Google takes a snapshot of the CPU state of the VM?
In theory I could see it work like this: The CPU has a small web server with a TLS certificate signed by AMD. I access the web server, verify AMD’s certificate, and now I have a secure connection to the CPU that Google cannot access.
Then I give the CPU a secret key to encrypt RAM with. Then I give it a disk image encrypted with the same key. Then I boot the VM.
If the secret key physically cannot leave the CPU, then it should be impossible for Google to access my data: The RAM is encrypted, data to the disk and to the network is encrypted. So I do not need to trust neither the RAM, the storage, nor the network. It will, however, also mean Google cannot snapshot my VM and restore it on another CPU.
This would also mean that this answer is outdated: https://security.stackexchange.com/a/215927/84564
Currently I see no way to do something similar to
verifing the AMD certificate in Google’s current solution. And thus I see no way to securely set a key that Google does not have access to.
Can Google take a snapshot of a running confidential computing VM and restore it?
Using AMD’s SEV can CIA safely process their most secret data on North Korea’s Confidential cloud (assuming they have that) without North Korea being able to access the data – assuming that AMD is trustworthy, but all other hardware apart from the CPU is made in North Korea?
I want to make a network share with read/write and it will be accessed by multiple computers.
Every time a new computer connects to it, they should find it in an initial state.
Every change made on the files after should be stored separately as snapshots for each User accessing it.
For example:
Initial state - A
Computer 1 - State B
Computer 2 - State C
Computer 3 - State D etc
If Computer 1 for example deleted some files or made bad changes, I will reset the share to state A so everything is functional again.
Computer 2 and Computer 3 will still have access to the network share in state C and D.
Is there any way to do it?