undefined | Better HN

0 pointsdharmab5y ago0 comments

My next gaming PC will run a Linux hypervisors and use PCI passthru to run Windows as a full-performance guest. Then if I need to use a web browser, I can switch to a Linux guest without interrupting the game.

0 comments

prussian5y ago

Honestly, you're just risking getting banned then; some games already ban wine users and a hypervisoris basically the peak of hiding direct memory access so I imagine anticheat engines look for them.

Also, I did this around 3-4 years ago. It works, but once you have it set up its basically the same as if you had two computers effectively on your desk with a kvm switch in software. It also has a tendency to be unstable as all sin and some iommu isolated hardware may misbehave when assigned to a virtual machine.

blattimwind5y ago

Most anti-cheats and some "DRM solutions" do not allow you to run inside a VM, trying to mask the fact you do might be enough to get banned. Even with PCI passthru you can't expect full performance (CPU is also still virtualized).

It's much simpler to just have a second PC/laptop or dual-boot (less secure).

alias_neo5y ago

Simpler in a technical sense, but given high end gaming PC's run into the thousands of £s, It's not really the right solution to just buy another machine; the better choice is probably to not play their game (in all senses of the phrase).

Maybe a viable option is to hot swap your drives, and use something with firmware you can sign personally and verify on boot.

dharmabOP5y ago

> CPU is also still virtualized

IOMMU also grants the guest hardware access to the CPU, although it does have to be shared between the host and guests.

gruez5y ago

>or dual-boot (less secure).

There shouldn't be any risks to that if your main OS is encrypted and the keys are sealed by a TPM.

blattimwind5y ago

The untrusted system could flash malicious firmware to a component with DMA (e.g. GPU VBIOS) to infect the second system.

fendy30025y ago

I wanna try this but PCI pass through seems hard. And with KVM win7 guest, I get too many cert invalid error during accessing https, which is annoying.

Sholmesy5y ago

I've done it all.

It's a hassle, mostly because you need to disable the GPU from the linux host; before passing through; which means you need a second GPU to power the linux host (integrated GPU is fine).

Then there's a bunch of config regarding IOMMU groups and other shit to make sure it picks it up fine, and when it finally does you get 90-95% of the performance for average FPS and then 60-70% min-fps (spikes are way worse).

mormegil5y ago

This was my exact plan for my (current) computer a few years ago. But after learning about all the real-world complications I became lazy and abandoned the idea. Is this in a realm of "easily achievable out-of-the-box on a standard Linux installation" now?

dharmabOP5y ago

Assuming you have recent hardware and a compatible UEFI firmware, yes. https://wiki.archlinux.org/index.php/PCI_passthrough_via_OVM...

gear54rus5y ago

Are you sure that you've researched this thoroughly and there would be no problems with that PCI thing (compatibility, unknown errors, performance regressions)?

dharmabOP5y ago

It's hardware-level passthrough with zero performance or compatibility hit. The catch is that the guest needs exclusive access to the device, i.e. you need two GPUs, one for the host and any other guests and one dedicated entirely to the passthrough VM. There's a few applications like Chromium that incorrectly detect the GPU configuration and need manual overrides.

Also, it helps to use a recent AMD card and the in-tree amdgpu driver instead of the out-of-tree nvidia driver.

Overall, you trade software problems for hardware problems (UEFI firmware versions can break the setup), but if you get it working it works great.

j / k navigate · click thread line to collapse

0 comments

prussian5y ago

Honestly, you're just risking getting banned then; some games already ban wine users and a hypervisoris basically the peak of hiding direct memory access so I imagine anticheat engines look for them.

blattimwind5y ago

It's much simpler to just have a second PC/laptop or dual-boot (less secure).

alias_neo5y ago

Maybe a viable option is to hot swap your drives, and use something with firmware you can sign personally and verify on boot.

dharmabOP5y ago

> CPU is also still virtualized

IOMMU also grants the guest hardware access to the CPU, although it does have to be shared between the host and guests.

gruez5y ago

>or dual-boot (less secure).

There shouldn't be any risks to that if your main OS is encrypted and the keys are sealed by a TPM.

blattimwind5y ago

The untrusted system could flash malicious firmware to a component with DMA (e.g. GPU VBIOS) to infect the second system.

fendy30025y ago

I wanna try this but PCI pass through seems hard. And with KVM win7 guest, I get too many cert invalid error during accessing https, which is annoying.

Sholmesy5y ago

I've done it all.

It's a hassle, mostly because you need to disable the GPU from the linux host; before passing through; which means you need a second GPU to power the linux host (integrated GPU is fine).

mormegil5y ago

dharmabOP5y ago

Assuming you have recent hardware and a compatible UEFI firmware, yes. https://wiki.archlinux.org/index.php/PCI_passthrough_via_OVM...

gear54rus5y ago

Are you sure that you've researched this thoroughly and there would be no problems with that PCI thing (compatibility, unknown errors, performance regressions)?

dharmabOP5y ago

Also, it helps to use a recent AMD card and the in-tree amdgpu driver instead of the out-of-tree nvidia driver.

Overall, you trade software problems for hardware problems (UEFI firmware versions can break the setup), but if you get it working it works great.

j / k navigate · click thread line to collapse