QEMU/KVM on ThinkPad X230T Laptop with Dual-boot
I was in need to access Windows 10 from Kali Linux on my dual booted Lenovo ThinkPad X230T laptop/tablet device. Actually I will passthrough one of the physical storage devices where Windows 10 is already installed. So here are the things I've done to achieve that.
Test the Virtualization Capabilities of the System
Check weather the system supports virtualization and it is enabled via the BIOS. The following command must return at least 1:
egrep -c '(vmx|svm)' /proc/cpuinfo
Install QEMU, KVM, LIBVIRT
Within the older versions of Debian based OS, like as Ubuntu 20.04, we was in need to install the packages qemu qemu-kvm, but in mot recent operating systems as Kali 2022 we need to install qemu-system-x86 instead.
sudo apt install qemu-system-x86 libvirt-daemon bridge-utils
sudo apt install libvirt-clients virtinst libosinfo-bin ovmf
sudo apt install virt-manager virt-viewer remmina # For desktop user
In order to get rid of the password dialogue for virt-manager – "System policy prevents management of local virtualization systems" – I've added my Linux user to the libvirt group.
sudo usermod -aG libvirt $USER
sudo usermod -aG kvm $USER
grep "$USER" /etc/group
Setup the Virtual Machine
Within my current setup the virtual machine will use a physical SSD drive, where Windows 10 is previously installed and fully operational via the dual boot option and I want to keep this way of accessing Windows 10 too.
The first "special" thing according to my setup is that both operating systems are installed in UEFI mode, so the virtual machine should have UEFI firmware and with chipset Q35.
Identify the SSD
There are two ways to pass the SSD as block device as it is described in this section and by passing the SATA controller as it is described in the article QEMU/KVM on AMD Ryzen 9 Desktop with Dual-boot and Passthrough.
At first glance there is not any significant performance difference. However when you use the block device approach you can use the write cache option for the device, which will increase the speed of handling of the large files. On the other hand, when passing the SATA controller approach is in use, Windows 10 will use the same driver within the VM environment and within the native boot. In both cases the SSD shouldn't be mounted at the host's side.
The setup of the virtual machine is done via the virt-manager GUI. The first "special" thing according to my setup is that both operating systems are installed in UEFI mode, so the virtual machine should be UEFI with chipset Q35.
In order to pass-through the physical SSD/HDD in this context, you need to identify by using an approach as the follow some other suitable way. In this example the searched ID is for the device /dev/sda.
ls -l /dev/disk/by-id/ | grep -Pwo "ata.*$(lsblk -d -o NAME,SERIAL | grep -oP '^sda\s+\K.*') "
ata-ADATA_SU800_2I0220056120
Create and Configure the Virtual machine
Create a virtual machine via wizard of the virt-manager GUI tool:
- Step 1/5: Choice "Manual Install".
- Step 2/5: Type
win10and choose the entry "Microsoft Windows 10". - Step 3/5: Provide suitable to your system amount of Memory and number of CPUs.
- Step 4/5: Don't enable any storage devices.
- Step 5/5: Tick the checkbox Customize configuration before install and choose the the type of the network connection – In this particular (laptop) case I prefer to use the NAT option.
Before proceed by clicking the button Begin install (upper left corner – see Video 1 from the article QEMU/KVM on AMD Ryzen 9 Desktop with Dual-boot and Passthrough), choose the following options:
- Chipset:
Q35, - Firmware:
UEFI x86_64: /usr/share/OVMF/OVMF_CODE_4M.ms.fd
- Then edit the XML configuration of the virtual machine as it is shown below. By default the XML is not editable, you can enable editing via
Edit>Preferencesfrom the main Manager window – reference .
<disk type="block" device="disk">
<driver name="qemu" type="raw" cache="none" discard="unmap"/>
<source dev="/dev/disk/by-id/ata-ADATA_SU800_2I0220056120"/>
<target dev="sda" bus="sata"/>
<address type="drive" controller="0" bus="0" target="0" unit="0"/>
</disk>
Note you don't need to type the 5‑th line if your using virt-manager to edit the XML entry for the drive – it will be generated automatically on save.
In most how-to manuals they propose to use <target dev="vdX" bus="virtio"/>, but it is not possible to use virtio while there is not driver installed within the Windows 10 OS. So you need to install the driver first… or during the installation of Windows if it is a new installation.
Install the Guest Tools
Once the guest OS is running successfully, the final step of the setup is installing the QEMU/KVM Guest tools for Windows, thus the screen will be automatically resized within the SPICE client of virt-manager and virt-viewer. And also allows you to gracefully shutdown the guest.
It is not mentioned anywhere above but you need to Enable the QEMU Guest Agent within the virtual machine configuration, otherwise the agent will not work and, for example, you will not be able to shutdown the VM from the host's side.
The Final Configuration of the Virtual machine
virsh --connect qemu:///system dumpxml "Win10.SSD.PT" | tee "Win10.SSD.PT.xml"
<domain type='kvm'>
<name>Win10</name>
<uuid>f45cd48b-449a-460c-bbfe-fdf06052f30e</uuid>
<title>Windows 10, Physical Disk Passthrough, Q35/UEFI</title>
<description>https://wiki.metalevel.tech/wiki/QEMU/KVM_on_Kali_Linux_2022_at_ThinkPad_X230T</description>
<metadata>
<libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
<libosinfo:os id="http://microsoft.com/win/10"/>
</libosinfo:libosinfo>
</metadata>
<memory unit='KiB'>8388608</memory>
<currentMemory unit='KiB'>8388608</currentMemory>
<memoryBacking>
<source type='memfd'/>
<access mode='shared'/>
</memoryBacking>
<vcpu placement='static'>2</vcpu>
<os>
<type arch='x86_64' machine='pc-q35-7.0'>hvm</type>
<loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE_4M.ms.fd</loader>
<nvram>/var/lib/libvirt/qemu/nvram/win10_VARS.fd</nvram>
<boot dev='hd'/>
<bootmenu enable='yes'/>
</os>
<features>
<acpi/>
<apic/>
<hyperv mode='custom'>
<relaxed state='on'/>
<vapic state='on'/>
<spinlocks state='on' retries='8191'/>
</hyperv>
<vmport state='off'/>
</features>
<cpu mode='host-passthrough' check='none' migratable='on'>
<topology sockets='1' dies='1' cores='2' threads='1'/>
</cpu>
<clock offset='localtime'>
<timer name='rtc' tickpolicy='catchup'/>
<timer name='pit' tickpolicy='delay'/>
<timer name='hpet' present='no'/>
<timer name='hypervclock' present='yes'/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<pm>
<suspend-to-mem enabled='no'/>
<suspend-to-disk enabled='no'/>
</pm>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
<disk type='block' device='disk'>
<driver name='qemu' type='raw' cache='none' discard='unmap'/>
<source dev='/dev/disk/by-id/ata-ADATA_SU800_2I0220056120'/>
<target dev='sda' bus='sata'/>
<address type='drive' controller='0' bus='0' target='0' unit='0'/>
</disk>
<controller type='usb' index='0' model='qemu-xhci' ports='15'>
<address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
</controller>
<controller type='pci' index='0' model='pcie-root'/>
<controller type='pci' index='1' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='1' port='0x10'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
</controller>
<controller type='pci' index='2' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='2' port='0x11'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
</controller>
<controller type='pci' index='3' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='3' port='0x12'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
</controller>
<controller type='pci' index='4' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='4' port='0x13'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
</controller>
<controller type='pci' index='5' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='5' port='0x14'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
</controller>
<controller type='pci' index='6' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='6' port='0x15'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
</controller>
<controller type='pci' index='7' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='7' port='0x16'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x6'/>
</controller>
<controller type='pci' index='8' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='8' port='0x17'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x7'/>
</controller>
<controller type='pci' index='9' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='9' port='0x18'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0' multifunction='on'/>
</controller>
<controller type='pci' index='10' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='10' port='0x19'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x1'/>
</controller>
<controller type='pci' index='11' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='11' port='0x1a'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x2'/>
</controller>
<controller type='pci' index='12' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='12' port='0x1b'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x3'/>
</controller>
<controller type='pci' index='13' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='13' port='0x1c'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x4'/>
</controller>
<controller type='pci' index='14' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='14' port='0x1d'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x5'/>
</controller>
<controller type='pci' index='15' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='15' port='0x1e'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x6'/>
</controller>
<controller type='pci' index='16' model='pcie-to-pci-bridge'>
<model name='pcie-pci-bridge'/>
<address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
</controller>
<controller type='sata' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
</controller>
<controller type='virtio-serial' index='0'>
<address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
</controller>
<interface type='network'>
<mac address='52:54:00:e0:6e:b1'/>
<source network='default'/>
<model type='e1000e'/>
<link state='up'/>
<address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
</interface>
<serial type='pty'>
<target type='isa-serial' port='0'>
<model name='isa-serial'/>
</target>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
<channel type='spicevmc'>
<target type='virtio' name='com.redhat.spice.0'/>
<address type='virtio-serial' controller='0' bus='0' port='2'/>
</channel>
<channel type='unix'>
<target type='virtio' name='org.qemu.guest_agent.0'/>
<address type='virtio-serial' controller='0' bus='0' port='3'/>
</channel>
<input type='tablet' bus='usb'>
<address type='usb' bus='0' port='1'/>
</input>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<graphics type='spice' autoport='yes' listen='127.0.0.1'>
<listen type='address' address='127.0.0.1'/>
<image compression='off'/>
</graphics>
<sound model='ich9'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x1b' function='0x0'/>
</sound>
<audio id='1' type='spice'/>
<video>
<model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
</video>
<redirdev bus='usb' type='spicevmc'>
<address type='usb' bus='0' port='2'/>
</redirdev>
<redirdev bus='usb' type='spicevmc'>
<address type='usb' bus='0' port='3'/>
</redirdev>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
</memballoon>
</devices>
</domain>
Additional Guides
- Virt-manager Setting-up Windows Virtual Machines
- Install QEMU/KVM Guest tools for Windows
- RDP use Remmina with Windows Account
- QEMU/KVM and GPU Passthrough Troubleshooting
References
- QEMU/KVM and GPU Passthrough in Details
- QEMU/KVM on AMD Ryzen 9 Desktop with Dual-boot and Passthrough
- Ubuntu Wiki: KVM Managing
- Chris Titus Tech Site: Setting up Windows inside Linux > Enable QEMU Guest Agent
- Ask Ubuntu: Add physical disk to KVM virtual machine
- Ask Fedora: Why does virt-manager ask for authentication password?
- Ronaldevers.nl: Adding a Physical Disk to a Guest with Libvirt / KVM
- Charleslabri.com: Adding Passthrough Physical Disk in KVM Guests
- Server Fault: I don't see the running guest in virsh
- Unix and Linux: How to list domains in virsh?
