2023, but has been updated and iterated on over time, so should be reasonably current.
It is... still an awful lot of work, though. I'm glad it can be done, though I've certainly not been motivated enough to try. I just keep a different machine around for anything gaming-ish, and don't worry about it.
That said, if you have skipped out on trying Qubes because you think you lack sufficient hardware, my Qubes daily driver (and primary computer for personal use) is a 2015-era Lenovo X250, with a 2C/4T I7-5600U, 16GB RAM, and a SATA SSD. It's limited in some ways, I can feel when I'm trying to do too much on it, but it is quite useful, and has been for some while. The memory balancing between AppVMs works nicely, and you can safely reduce memory allocation for a lot of VMs. A lot of my running Debian12 VMs are between 1GB and 2GB practical allocation, and work just fine.
Hi there. I just wanted to say that I like your blog, specifically the little kitty that follows your cursor. Incredible how endearing that little animation is!
I can't quite figure out what this is. Is it a way to run KVM VMs but make their windows show up on the host without a virtual "screen" that you have in a window?
I appreciate that the journey might be the destination here, but you really don't need to do this anymore if the goal is to play games on Linux. Valve et al. have done so much Proton work that nearly every game I try just works.
Aside from the experience, this could be useful if you want to play games that have kernel level rootkits.
The concept is that you have a lot of isolated "AppVMs" running applications, in silos that cannot talk to each other. So, right now, I'm logged into HN with my "random-web" VM - that has nothing of interest in it beyond some PDFs I've downloaded. This, for instance, has zero access (except by exploiting and passing through Xen) my "sysadmin" VM, which contains my SSH keys for various things, and which I use for sysadmin type tasks. I've got other silos as well. All the windows from all these VMs interact like normal on my desktop - I'm not dealing with "Okay, this VM is for this, that VM is for that." Things just work smoothly and as expected.
A side effect of this, though, is that the AppVMs have no hardware acceleration of anything graphical. It's all software rendering in them. So gaming is normally right out - except, this talks about how to pass another GPU through to do this sort of thing, if you want.
You still need GPU passthrough if you want to use ant actual GPU instead of llvmpipe or whatever else renderer. Mind you, QubeOS is virtualization OS, Linux on QubesOS does not have access to GPU by default
I'd be curios to try vGpu with Qubes. It's definitely a security issue and has been left behind on newer NV consumer hardware but would be neat for low-risk qubes. I do have to admit that the performance is still great w/o hardware acceleration.
A fee years ago (~2017-2018) I configured a machine with UnRAID where i had a vm running windows 10 for gaming. It worked great passed the hard configuration haha
I was able to play on my windows 10 machine vm and work on a macos vm.
While it is possible and very cool to do PCI pass-through for GPUs, a huge problem with this approach is that online games have anti-cheat that checks to see if the game is running in a VM. So games without that mostly games that are single player will work but anything networked will likely not.
While it’s absolutely possible to play the cat and mouse game where you beat the Anti-cheat engine, It’s frankly an awful lot of work for such little benefit. You’re better off just using the service like GeForce Now Or something similar for networked games.
[+] [-] Syonyk|1 year ago|reply
It is... still an awful lot of work, though. I'm glad it can be done, though I've certainly not been motivated enough to try. I just keep a different machine around for anything gaming-ish, and don't worry about it.
That said, if you have skipped out on trying Qubes because you think you lack sufficient hardware, my Qubes daily driver (and primary computer for personal use) is a 2015-era Lenovo X250, with a 2C/4T I7-5600U, 16GB RAM, and a SATA SSD. It's limited in some ways, I can feel when I'm trying to do too much on it, but it is quite useful, and has been for some while. The memory balancing between AppVMs works nicely, and you can safely reduce memory allocation for a lot of VMs. A lot of my running Debian12 VMs are between 1GB and 2GB practical allocation, and work just fine.
[+] [-] zvmaz|1 year ago|reply
[+] [-] z_|1 year ago|reply
https://looking-glass.io/
[+] [-] yjftsjthsd-h|1 year ago|reply
[+] [-] unknown|1 year ago|reply
[deleted]
[+] [-] moondev|1 year ago|reply
[+] [-] rubatuga|1 year ago|reply
[+] [-] jakebasile|1 year ago|reply
Aside from the experience, this could be useful if you want to play games that have kernel level rootkits.
[+] [-] Syonyk|1 year ago|reply
I wrote on it some while back: https://www.sevarg.net/2023/07/29/qubes-os-silos-of-isolatio...
The concept is that you have a lot of isolated "AppVMs" running applications, in silos that cannot talk to each other. So, right now, I'm logged into HN with my "random-web" VM - that has nothing of interest in it beyond some PDFs I've downloaded. This, for instance, has zero access (except by exploiting and passing through Xen) my "sysadmin" VM, which contains my SSH keys for various things, and which I use for sysadmin type tasks. I've got other silos as well. All the windows from all these VMs interact like normal on my desktop - I'm not dealing with "Okay, this VM is for this, that VM is for that." Things just work smoothly and as expected.
A side effect of this, though, is that the AppVMs have no hardware acceleration of anything graphical. It's all software rendering in them. So gaming is normally right out - except, this talks about how to pass another GPU through to do this sort of thing, if you want.
[+] [-] orbital-decay|1 year ago|reply
[+] [-] fsflover|1 year ago|reply
[+] [-] NullPrefix|1 year ago|reply
[+] [-] jbverschoor|1 year ago|reply
[+] [-] postcert|1 year ago|reply
[+] [-] transpute|1 year ago|reply
> It's definitely a security issue
Have there been public exploits of Intel or Nvidia SR-IOV implementations, to identify where hardening is needed?
[+] [-] codecraze|1 year ago|reply
[+] [-] robcohen|1 year ago|reply
While it’s absolutely possible to play the cat and mouse game where you beat the Anti-cheat engine, It’s frankly an awful lot of work for such little benefit. You’re better off just using the service like GeForce Now Or something similar for networked games.