Re: Problem enabling IOMMU with Buster and Xen
Intense Red wrote: > >What I want to do is to run multiple secure/separated VMs on a machine. > One > of those VMs will be to handle an Internet connection and firewall. Another > VM > will do filesharing via NFS and Samba; another VM is to run Kodi and output > videos/TV via HDMI to a TV/monitor. > >From everything I've read, Xen is the ideal choice -- but only if I can > get > it to run. :) You might want Proxmox, which is a virtualization management distro built on top of Debian. Or, maybe KVM/QEMU with libvirt management. In any case, remember that VMs generally don't provide much security from each other -- they're billed that way, but new escapes keep being found. -dsr-
Re: Problem enabling IOMMU with Buster and Xen
> Have you enabled SR-IOV in the bios? I love how the various BIOS entries have zero help even though AMI has an empty help/description field. No, that was not enabled -- thanks! -- but even enabling it, doing a cold/poweroff boot cycle does nothing. It still gives the exact same error message. > I also suspect that Xen doesnt allow to PCI passthrough host device > right? I actually haven't tried that. All of the various Xen "docs"/how-tos I've read say that each preceding step must be done or it won't work. (Based on your input, I'll try that but I'm not hopeful.) At this point I've read that Xen's passthrough might not work with some motherboard chipsets, so I'm wondering if Xen is a bit too cutting edge for what I want to do. What I want to do is to run multiple secure/separated VMs on a machine. One of those VMs will be to handle an Internet connection and firewall. Another VM will do filesharing via NFS and Samba; another VM is to run Kodi and output videos/TV via HDMI to a TV/monitor. From everything I've read, Xen is the ideal choice -- but only if I can get it to run. :) -- The first known legal proclamation in the history of the world is on display in Paris, in the Louvre. It was given about 2400 B.C. by Enmetena, ruler of the Sumerian city-state of Lagash. It was a decree of debt cancellation.
Re: Problem enabling IOMMU with Buster and Xen
On Tue, 10 Sep 2019 09:00:44 -0500 Intense Red wrote: >A box booting Xen with an updated Debian 10/Buster setup as Xen's > dom0, a Ryzen CPU and Radeon-based GPU. > >/etc/default/grub has been modified to include: > > GRUB_CMDLINE_LINUX_DEFAULT="quiet iommu=1 amd_iommu=on" > > and grub has been updated. > >After a reboot Xen reports: > > # xl dmesg | grep IOMMU > (XEN) AMD-Vi: IOMMU Extended Features: > (XEN) AMD-Vi: IOMMU 0 Enabled. > >Cool. But GNU/Linux says: > > # dmesg | grep IOMMU > [2.536053] AMD IOMMUv2 driver by Joerg Roedel > [2.536054] AMD IOMMUv2 functionality not available on this system > >WTF?! Can someone whack me with a clue-bat? TIA. > Have you enabled SR-IOV in the bios? I would personally trust the kernel output. I also suspect that Xen doesnt allow to PCI passthrough host device right? -- Regards, Nektarios Katakis
Problem enabling IOMMU with Buster and Xen
A box booting Xen with an updated Debian 10/Buster setup as Xen's dom0, a Ryzen CPU and Radeon-based GPU. /etc/default/grub has been modified to include: GRUB_CMDLINE_LINUX_DEFAULT="quiet iommu=1 amd_iommu=on" and grub has been updated. After a reboot Xen reports: # xl dmesg | grep IOMMU (XEN) AMD-Vi: IOMMU Extended Features: (XEN) AMD-Vi: IOMMU 0 Enabled. Cool. But GNU/Linux says: # dmesg | grep IOMMU [2.536053] AMD IOMMUv2 driver by Joerg Roedel [2.536054] AMD IOMMUv2 functionality not available on this system WTF?! Can someone whack me with a clue-bat? TIA. -- "It is a damn poor mind indeed which can't think of at least two ways to spell any word." -- US President Andrew Jackson.