Running Windows as a Pass-through VM

This is extremely difficult for so many reasons. I’ve never successfully gotten a non-brittle setup working, but this is what I know so far

Goals:

1. Running Proxmox as a primary Host
2. Ability to boot Windows directly¹
3. Ability to use Linux desktop with Windows as a Window.

(Out of scope is setting up Proxmox)

Notes on Win install on Proxmox Link to heading

• Download proper Windows ISO from Microsoft
• Configure VM CPU to be “hidden”
• pass through GPU
  • enable IOMMU
  • disable using GPU on BIOS (I set to iGPU)
• storage
  • SCSI
    • virtIO
    • discard
• networking
  • virtIO

Links:

• Only guide to setup GPU Passthrough which worked (Reddit post)
• Proxmox - Win 10 best practices
• Manjaro - Guide to setting up GPU passthrough in Proxmox 6.2
• Proxmox - Enabling the IOMMU for PCI passthrough
• Forum posts on fixing passthrough for Proxmox in Win 10
• Fedora docs on setting up Win 10 machines with Virtio drivers
• Proxmox thread about GPU 43 error
• Line based vs signal based interrupts (setting attempting to fix code 43)
• Unraid - forum thread about fixing code 43
• Proxmox - forum thread about fixing code 43
• Nvidia vBIOS VFIO patcher (github project)
  • This was in my notes, but I’m not really sure what it’s for anymore. I didn’t use it.
• Installing LookingGlass
• LookingGlass github repo - github.com/gnif/LookingGlass
• Setting up sound in LookingGlass using Scream over LAN
  • LookingGlass doesn’t handle Audio by itself so it needs to be configured seperately.

what is IOMMU Link to heading

IOMMU groups of the graphics card we want to pass through to the VM. For those of you who don’t already know,  IOMMU refers to the chipset device that maps virtual addresses to physical addresses on your I/O devices (i.e. GPU, disk, etc.). Its function is analogous to the memory management unit ( MMU) that maps virtual addresses to physical addresses on your CPU.

We want to make sure that our system has an appropriate IOMMU grouping scheme. Essentially, we need to remember that devices residing within the same IOMMU group need to be passed through to the VM (they can’t be separated).

ACS hack for IOMMU (SECURITY RISK) Link to heading

If you have GPU or something in same IOMMU group you need to move it. In my case I have only a single PCI slot for the graphics card to fit so I need something called the ACS Hack.

However, it’s insecure because by passing that group the VM you give it memory access to other devices and it’s not just insecure but possible to get memory corruption without anything being done on accident because of how the MMU works and gives out addresses to use.