Will Crosvm / Crostini's untrusted VM support allow accelerated graphics via GVTg on Intel Chromebooks at some point?

[dragon788]

I've been loving running Windows 10 and macOS (ssshhhhhh) on my Chromebook via the untrusted VMs functionality, but I just stumbled across GVTg while looking at the libvirt options for making VMs more responsive, and I think this could be a huge boost to running REAL Windows apps on Chromebooks that might otherwise never get ported to Linux or that might be incompatible with Wine/Proton/etc.

https://github.com/intel/gvt-linux/wiki/GVTg_Setup_Guide

[Emre Erenoglu]

On Thursday, March 19, 2020 at 12:13:03 AM UTC+4, dragon788 wrote:

I've been loving running Windows 10 and macOS (ssshhhhhh) on my Chromebook via the untrusted VMs functionality, but I just stumbled across GVTg while looking at the libvirt options for making VMs more responsive, and I think this could be a huge boost to running REAL Windows apps on Chromebooks that might otherwise never get ported to Linux or that might be incompatible with Wine/Proton/etc.

https://github.com/intel/gvt-linux/wiki/GVTg_Setup_Guide

Hi @dragon788, would you mind giving some hints how you got to run Windows 10 with crosvm? Command line? GUI like Virt Manager or libvirt? I'm also running it but need to use a lot of hacks with Crouton, if there's a better way using native tools, it'd be great. Which version of ChromeOS is this available to test? V80? V81? V82?

[dragon788]

https://reddit.com/r/Crostini/w/howto/install-and-use-vagrant-libvirt?utm_source=share&utm_medium=android_app

[Emre Erenoglu]

On Thursday, March 19, 2020 at 9:22:32 PM UTC+4, dragon788 wrote:

https://reddit.com/r/Crostini/w/howto/install-and-use-vagrant-libvirt?utm_source=share&utm_medium=android_app

Thanks, this looks like nested kvm solution, ie the /dev/kvm inside the crostini linux instance is being used to run the VM. So actually the Windows 10 is running inside the crostini running inside chromeos. 

I was hoping this would directly run on Chromeos instead, to be able to access other partitions and underlying hardware. Is my understanding correct? 

[dragon788]

The /dev/kvm instance inside crostini *is* the one from the host. You can load in ISOs from the Downloads folder on ChromeOS though I'm not sure what else is actually available since Google runs a slightly modified KVM/libvirt for crosvm.

[Mike Frysinger]

mmm some technical inaccuracies there

if you're inside a VM, then Emre is correct -- it'd be a nested VM.  if you're booting your own VM and not the default Termina, then it'd be the outermost kvm, but you're not really using what we would consider "crostini".  we've been exploring supporting nested KVM, but it has a lot of security issues we need to handle before we can launch it.  we've also been exploring so called "untrusted VMs" which don't use Termina, but those also have security issues associated with them.  nothing is easy :/.

we don't run a modified KVM, we use the standard Linux KVM.  crosvm replaces QEMU as it is a VMM -- virtual machine monitor.  both use KVM underneath.

QEMU has libvirt support built in, but crosvm doesn't use it at all as we don't need or care about providing that userspace API to other tools.

you might be confusing libvirt with the virtio standard which both QEMU & crosvm & Linux support for virtualizing devices.  they have no relation :).

we have been looking into virtualized GPUs, but i don't know where we're at with it, and i'm not sure existing hardware in Chromebooks has what we need.  maybe someone else on the team with more real experience can comment.

-mike

--
--
Chromium OS Discussion mailing list: chromium-...@chromium.org
View archives, change email options, or unsubscribe:
https://groups.google.com/a/chromium.org/group/chromium-os-discuss

[David Riley]

On Thu, Mar 19, 2020 at 4:25 PM Mike Frysinger <vap...@chromium.org> wrote:

mmm some technical inaccuracies there

if you're inside a VM, then Emre is correct -- it'd be a nested VM.  if you're booting your own VM and not the default Termina, then it'd be the outermost kvm, but you're not really using what we would consider "crostini".  we've been exploring supporting nested KVM, but it has a lot of security issues we need to handle before we can launch it.  we've also been exploring so called "untrusted VMs" which don't use Termina, but those also have security issues associated with them.  nothing is easy :/.

we don't run a modified KVM, we use the standard Linux KVM.  crosvm replaces QEMU as it is a VMM -- virtual machine monitor.  both use KVM underneath.

QEMU has libvirt support built in, but crosvm doesn't use it at all as we don't need or care about providing that userspace API to other tools.

you might be confusing libvirt with the virtio standard which both QEMU & crosvm & Linux support for virtualizing devices.  they have no relation :).

we have been looking into virtualized GPUs, but i don't know where we're at with it, and i'm not sure existing hardware in Chromebooks has what we need.  maybe someone else on the team with more real experience can comment.

Virtualized GPU support is available through Virgl for x86 systems by default and ARM systems behind a flag.  I don't know of any plans to support proprietary technologies such as GVT-g.

[Emre Erenoglu]

On Friday, March 20, 2020 at 3:25:35 AM UTC+4, Mike Frysinger wrote:

mmm some technical inaccuracies there

if you're inside a VM, then Emre is correct -- it'd be a nested VM.  if you're booting your own VM and not the default Termina, then it'd be the outermost kvm, but you're not really using what we would consider "crostini".  we've been exploring supporting nested KVM, but it has a lot of security issues we need to handle before we can launch it.  we've also been exploring so called "untrusted VMs" which don't use Termina, but those also have security issues associated with them.  nothing is easy :/.

for nested KVM, if /dev/kvm is available inside crostini, despite being unsupported, it works in V81 to test with? I'm more concerned of performance in this mode and file systems (ie win10) being inside a filesystem (ie crostini) inside another filesystem (chromeos stateful_partition, which for sure kills some performance.

   

we don't run a modified KVM, we use the standard Linux KVM.  crosvm replaces QEMU as it is a VMM -- virtual machine monitor.  both use KVM underneath.

QEMU has libvirt support built in, but crosvm doesn't use it at all as we don't need or care about providing that userspace API to other tools.

Yes, the crosvm VMM is a decision taken by Google, makes our (i'd call myself advanced linux user) life harder but may be good for majority of users. Still, I'd be extremely excited if crosvm could have an unsupported feature to boot Windows 10 (ie in dev mode) since this is what we need at corporate work (Office 365 / Excel with Macro and AIP Encryption not being supported by linux office suites).

Hence I had to install crouton and launch my own qemu-system-x86_64 binary using the /dev/kvm on chromeos side, launching a windows 10 on a partition on my nvme disk. Hacky but fast, except still struggling with spice client as linux clients dont see to be aware of their app resolutions. (I filed a bug for that).

you might be confusing libvirt with the virtio standard which both QEMU & crosvm & Linux support for virtualizing devices.  they have no relation :).

Yep, would be superb to have libvirt service running on the chromeos side! :)

 

we have been looking into virtualized GPUs, but i don't know where we're at with it, and i'm not sure existing hardware in Chromebooks has what we need.  maybe someone else on the team with more real experience can comment.

I think virgl is not supported on Windows, and the GVTg seems like a neat solution for recent Intel GPUs, which are found on recent high powered Chromebooks (ie which could run win10)

Thanks,

Emre

[dragon788]

https://reddit.com/r/Crostini/w/howto/install-and-use-vagrant-libvirt

[Emre Erenoglu]

Hi dragon788, that would be inside crostini and could not access resources on Chromeos side such as disk partitions.(very special problem though)

Our hope might be if some day chromeos developers add Win10 VM support to crosvm

[dragon788]

Emre, if I'm understanding you correctly, even using `dev_install` or Crouton instead of Crostini to access /dev/kvm from the host we'd still get the same behavior, i.e. no using raw USB devices for storage or accessing raw partitions from the host's disk?

[Emre Erenoglu]

On Thursday, March 26, 2020 at 6:50:19 AM UTC+4, dragon788 wrote:

Emre, if I'm understanding you correctly, even using `dev_install` or Crouton instead of Crostini to access /dev/kvm from the host we'd still get the same behavior, i.e. no using raw USB devices for storage or accessing raw partitions from the host's disk?

No. If you use crouton, the chroot (crouton) runs on the system kernel (chromeos kernel) and uses that kernel's resources. In this case, you can access all HW resources.

Crostini is a Container running inside a secure read only Virtual Machine with a minimal kernel. if nested KVM module is used in Chromeos Kernel, it exposes this KVM to the Crostini's virtual machine which then exposes it to the Crostini container. In this case,  you can use the HW accelerations but you can only access resources exposed by the Crostini kernel, not the host kernel (ie no system partitions).

I'm not sure if such host devices can be exposed to the VM & containe and if possible, what would be the speed impact.

That's why I'm hoping Google will add Win10 support to its crosvm/vmc virtual machine infrastructure (think of it like stripped down qemu/libvirt) so we could launch Win10 w/o going into Crostini.