SEARCH

Enter your search query in the box above ^, or use the forum search tool.

You are not logged in.

#1 2012-08-06 19:32:16

tradetaxfree
#! CrunchBanger
Registered: 2011-03-05
Posts: 122

KVM with WinXP Guest + Virtio Drivers (working with Grsecurity)

I have recently been playing with Grsecurity & KVM is the only virtualization solution that will run under it with high security settings (Virtualbox & XEN both require the Grsecurity kernel options for KEXEC & UDEREF to be disabled). The performance with KVM is much better while using the Red Hat Virtio paravirtualized drivers for Disks & Networking. I also use the Vmware video driver. Overall the general performance (& particularly accessing files on the host) feels much snappier with KVM. Grsecurity settings for KVM are at the end of this post.

To use KVM your CPU needs to have Intel's VT-x or Amd's AMD-V Virtualization Extensions:

#For Intel CPU's check with#
cat /proc/cpuinfo | grep vmx
#For AMD check#
cat /proc/cpuinfo | grep svm
#if the above commands give you some output you have VT support#

& use the Liquorix Kernel which has KVM support built in.

Install KVM & Samba (for File Sharing with the Host)

sudo apt-get install qemu-kvm samba bridge-utils iproute

Create a Guest Disk Image

qemu-img create -f qcow2 WinXP.qcow2 8G 

Download the Windows Drivers

Virtio Disk Floppy & Vmware Video Drivers & also the Virtio Windows Drivers (for the Virtio Ethernet Drivers)

To create the Floppy Image yourself (or update the drivers on my floppy):

#create floppy & file system
dd bs=512 count=2880 if=/dev/zero of=viostor-0.1-xx-floppy.img
sudo mkfs.msdos viostor-0.1-xx-floppy.img
#mount images
sudo mkdir /mnt/img
sudo mount -o loop viostor-0.1-xx-floppy.img /mnt/img
sudo mkdir /mnt/iso
sudo mount -o loop virtio-win-0.1-xx.iso /mnt/iso

& copy the relevant Viostor files from the ISO onto the Floppy Image using my image as a guide.

Install XP Guest

It took me quite a few reinstalls to get the sound / virtio / vmware drivers working together correctly. Use the following script to install XP (& chmod +x /path/to/my/script):

#!/bin/sh
# WinXP Install Script with Virtio
##########################################
kvm -boot order=dca -soundhw ac97 -m 512 \
-cdrom /path/to/WinXP.iso \
-drive file=/path/to/WinXP.qcow2,if=virtio \
-fda /path/to/viostor-0.1-30-floppy.img 

Press F5 when prompted to specify additional SCSI drivers for the install & then "s" when prompted for the system disk. During the graphical part of the XP install you will also have to agree to install unsigned drivers at around the 37 minute mark of the time remaining for installation.

Once installation completes & you see your XP desktop for the first time shutdown XP.

Configure Samba

Next edit /etc/samba/smb.conf

(1) In the "Authentication" section uncomment "security = user"
(2) In the "Share Definitions" section add the folders you wish to share with the Host:

#example Samba Share Definitions #
[Docs]
   comment = My Documents
   browseable = yes
   path = /home/username/documents
   valid users = your-username
   public = no
   read only = no
   create mask = 0700
   directory mask = 0700

[Mount]
   comment = Mount Share
   browseable = yes
   path = /mnt
   valid users = your-username
   public = no
   read only = yes
   create mask = 0700
   directory mask = 0700

(3) Add your user to Samba:

sudo smbpasswd -L -a USERNAME
sudo smbpasswd -L -e USERNAME

I only start Samba with the Guest in the launch script so also remove Samba from starting on booting:

sudo update-rc.d samba remove

Launch the XP Guest & install Virtio Ethernet & Vmware Video Drivers

Use the following script to launch XP (& chmod +x /path/to/my/script):

#!/bin/sh
# WinXP KVM Launch Script with Virtio & Vmware Drivers
######################################################
service samba start
kvm \
-vga vmware \
-drive file=/path/to/WinXP.qcow2,cache=writeback,index=0,if=virtio,media=disk \
-cdrom /path/to/virtio-win-0.1-30.iso \
-usb -usbdevice tablet \
-soundhw ac97 \
-boot c \
-m 512 \
-netdev type=user,id=mynet0 -device virtio-net-pci,netdev=mynet0
service samba stop

Launch the script with:

gksu /path/to/my/script
#or
gksudo /path/to/my/script

XP will now prompt for the Ethernet drivers - choose "Search Automatically" & they will be found on the Virtio CD. Ignore installing the Vmware drivers for the moment.

Setup File Sharing with the Host

In the Guest:

Start ----> Run ----> (& type): ----> \\10.0.2.2

& in the Login Window that opens enter your username & password you setup in Samba above. You will now be able to see your Shared Folders, right click them & "Create Shortcut".

Installing Vmware Video Driver

You will now be able to update the Vmware Video Driver in Device Manager using Vmware Video Drivers & installing by choosing a "Specific Location" (& not "automatically").

The drivers in my zip are current at the time of writing (August 2012), if they are a little old the latest Vmware Windows Drivers are found here. The CD will only mount & run inside Vmware so to access them do the following:

(1) In the XP Guest install Daemon Tools Lite
(2) Mount the Vmware Windows Tools ISO
(3) In the XP Guest:

Start ----> Run ----> cmd <enter>

& at the Guest command prompt:

E:
setup /a

& extract the files to somewhere. The video drivers are found quite a few folders down under Drivers / video. Update the drivers in Device Manager by choosing a "Specific Location" (& not "automatically").

Grsecurity Settings for KVM

If you found this post trying to make KVM work in Grsecurity you need to do the following:

sudo apt-get install paxctl
sudo paxctl -cm /usr/bin/kvm
#* check where /etc/alternatives/qemu points to for the next line *#
sudo paxctl -cm /usr/bin/qemu-system-i386
sudo paxctl -cm /usr/bin/qemu-img
sudo paxctl -cm /usr/bin/qemu-io
sudo paxctl -cm /usr/bin/qemu-nbd

& KVM will work under the highest possible Grsecurity settings (everything enabled for PAX Control + High settings with Grsecurity + Trusted Path Execution)

See also how to bridge KVM VM's with Wireless for your Linux Guests

Last edited by tradetaxfree (2013-11-07 06:35:28)

Offline

Board footer

Powered by FluxBB

Copyright © 2012 CrunchBang Linux.
Proudly powered by Debian. Hosted by Linode.
Debian is a registered trademark of Software in the Public Interest, Inc.

Debian Logo