Hello. First of all I want to compliment the OS team for creating such an amazing secure OS. I fell in love with the system ever since I tried. I am using it now as my regular OS of choice, and if not for a few feature that the OS still not having I would not even be thinking using a second VM OS to make up for those lack of features.
Before I begin here are a list of my PCI devices.
00:00.0 Host bridge: Intel Corporation 4th Gen Core Processor DRAM Controller (rev 06)
00:01.0 PCI bridge: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor PCI Express x16 Controller (rev 06)
00:02.0 VGA compatible controller: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor Integrated Graphics Controller (rev 06)
00:03.0 Audio device: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor HD Audio Controller (rev 06)
00:14.0 USB controller: Intel Corporation 8 Series/C220 Series Chipset Family USB xHCI (rev 05)
00:16.0 Communication controller: Intel Corporation 8 Series/C220 Series Chipset Family MEI Controller #1 (rev 04)
00:1a.0 USB controller: Intel Corporation 8 Series/C220 Series Chipset Family USB EHCI #2 (rev 05)
00:1b.0 Audio device: Intel Corporation 8 Series/C220 Series Chipset High Definition Audio Controller (rev 05)
00:1c.0 PCI bridge: Intel Corporation 8 Series/C220 Series Chipset Family PCI Express Root Port #1 (rev d5)
00:1c.2 PCI bridge: Intel Corporation 8 Series/C220 Series Chipset Family PCI Express Root Port #3 (rev d5)
00:1c.7 PCI bridge: Intel Corporation 8 Series/C220 Series Chipset Family PCI Express Root Port #8 (rev d5)
00:1d.0 USB controller: Intel Corporation 8 Series/C220 Series Chipset Family USB EHCI #1 (rev 05)
00:1f.0 ISA bridge: Intel Corporation Z87 Express LPC Controller (rev 05)
00:1f.2 RAID bus controller: Intel Corporation SATA Controller [RAID mode] (rev 05)
00:1f.3 SMBus: Intel Corporation 8 Series/C220 Series Chipset Family SMBus Controller (rev 05)
03:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 0c)
04:00.0 Network controller: Qualcomm Atheros AR9485 Wireless Network Adapter (rev 01)
I am trying to do a VGA pass through to Xen HVM and as you can see is an integrated VGA that comes with the motherboard. I unfortunately do not have any GPU and this times find one is near to impossible. I am following this guide from this website Xen VGA Passthrough - Xen. I am aware that enabling this is a security risk. I am planing using it like this whenever I know I am watch a video I will enable the PCI in devices by passing it to the HVM OS, but when I know I am not going to I will remove it from the HVM OS. I wonder if by doing this the security risk is annulled when I remove the PCI from the devices? or if this is in vain and there is a security issue regardless since I edited some code already to enable the PCI device?hopefully someone can answer that question, but understand if no one does because I think is a hard question. I already edited the file in /etc/xen/ in dom0 and added this two lines.
gfx_passthru=1
pci=[‘00:02.0’]
After that I go to qbsettings and add the PCI device to the HVM created OS, however, when I boot the screen goes black and stays like that and I received the display image no signal received. For what I understood you do not need second gpu, but is like if the gpu of the qube OS is removed from the OS and is been trying to go to the HVM OS but it does not work. That is just what I feel not sure what the real problem is. So my first question is is it possible to actually do a VGA pass-through from the integrated card that my motherboard has or do you actually need a second GPU specifically for that second OS? or if not a second GPU is needed can someone please guide me to what is it that I am doing wrong or point me to a tutorial that can help me because I had search a lot and haven’t been able to find anything helpful. Another question is that may be I also need to add the audio PCI device to the above code, but how you would do it? just put a comma inside and put the audio code number? or a second line with the audio number? or what is the correct syntax? Also do I need to edit any files in the HVM OS machines so that it works because the only things I have edited is in the qubes dom0.
Another problem I am having is that I use the monitors in a vertical position all the time. When I use qubes os display to make the OS function in a vertical orientation I have no issues at all. However, when I do the samething inside HVM VM the orientention is not working properly I can see two pointer mouse one like a shadow that I think is like is working in the normal horizontal orientation and the other one that is I think the correct one but when you give the click is click the other shadow horizontal pointer mouse area. Also the screen do get vertical orientation but only in the HVM window and not in the television. To make me understand better is like I have a cross the qubes os is properly vertical and the HVM OS is vertical but only the window not in the television. LOL I do not know how to explain it. Anyhow, does anyone know how I would be able to fix this particular issue? I would love to fix this ASAP.
Lastly I would like to make a suggestion. Is it not possible for Qubes to actually add a template with an OS where you are able to have the GPU pre-enable and of course isolated from all the other VMs or have like a feature like the idea that I have to be able to enable the GPU when you know when you are going to use it and disable it immediately after like a simple bottom or something because that would be pretty cool. Of course I know security is the main goal of qubes OS so this may not be possible.
Thank you anyone that takes the time to read this post and answer it.