This page is part of my digital garden.

This page might be unfinished or have typos. These pages are meant as part of a public living notebook to be edited over time. For more, visit the page explaining the concept of a digitial garden.

Running Windows as a Pass-through VM

This is extremely difficult for so many reasons. I’ve never successfully gotten a non-brittle setup working, but this is what I know so far

Goals:

  1. Running Proxmox as a primary Host
  2. Ability to boot Windows directly1
  3. Ability to use Linux desktop with Windows as a Window.

(Out of scope is setting up Proxmox)

Notes on Win install on Proxmox

  • Download proper Windows ISO from Microsoft
  • Configure VM CPU to be “hidden”
  • pass through GPU
    • enable IOMMU
    • disable using GPU on BIOS (I set to iGPU)
  • storage
    • SCSI
      • virtIO
      • discard
  • networking
    • virtIO

Links:

what is IOMMU

IOMMU groups of the graphics card we want to pass through to the VM. For those of you who don’t already know,  IOMMU refers to the chipset device that maps virtual addresses to physical addresses on your I/O devices (i.e. GPU, disk, etc.). Its function is analogous to the memory management unit ( MMU) that maps virtual addresses to physical addresses on your CPU.

We want to make sure that our system has an appropriate IOMMU grouping scheme. Essentially, we need to remember that devices residing within the same IOMMU group need to be passed through to the VM (they can’t be separated).

ACS hack for IOMMU (SECURITY RISK)

If you have GPU or something in same IOMMU group you need to move it. In my case I have only a single PCI slot for the graphics card to fit so I need something called the ACS Hack.

However, it’s insecure because by passing that group the VM you give it memory access to other devices and it’s not just insecure but possible to get memory corruption without anything being done on accident because of how the MMU works and gives out addresses to use.


  1. Games which do anti-cheat won’t work unless not in a VM because it can be detected and becomes a cat/mouse game to be able to play. Since I am not cheating I’d rather avoid the suspicion/bans. ↩︎

Last updated on