Hello,
My dream is to have a desktop running Qubes that can also do a bit of gaming.
But for that I have a question: If you get GPU passthrough to work correctly, is there any performance loss expected compared to native gaming?
I.e. is there any performance loss running a Qubes Windows VM with GPU passthrough compared to running Windows natively? What if it’s a Linux VM?
I hope some people with working GPU passthrough can share their experience and performance numbers.
Thank you
I don’t know about Windows, but for Linux there is a slight performance loss, my guesstimate would be around 5-10%.
The performance difference is so small it shouldn’t prevent you from playing any games that would run natively, at least that has been my experience.
Thank Rene.
Is this using Proton or games running natively on Linux?
I would be very interested in hearing about the performance in a Windows VM if you ever get the chance.
It’s Windows games running through Proton.
I’d say the performance loss itself is noticeable (up to 25% maybe) but not terrible and it beats the alternative (dual-booting). The real issue you may run into are performance issues due to thermal throttling on laptops, it gets way worse than on traditional Linux distros or PCs.
When it comes to managing thermal throttling on laptops, I can heavily recommend a cooling pad that creates a seal and forces air into the intakes, I’ve had really good results with something of that sort: GT351 Laptop Cooling Pad, Fast Cooling for Laptops 10-17in, Adjustable Speed, 4000 RPM Turbo Fan | IETS
gaming and qubesos does not mix, on all aspects.
I have Linux gaming qube with Steam running same simple games without even GPU pass-through. Heroes 3 for example…
I use pvh where it possible and found well performance with disto kernel, using pvgrub2-pvh, as standalone qube.
But don’t expect it to function well as gaming PC, even with GPU passthroug you have to trade off same security for gaming convenience (aka, mouse input) so better to have dedicated gaming PC.
Yes but it’s only the gaming qube that is a security threat to other qubes right? What is it with mouse input?
I would also expect these security issues to be solved in the future.
https://wiki.xenproject.org/wiki/Understanding_the_Virtualization_Spectrum
For gaming qube you most likely use HVM virtualization, when most secure is PVH.
For GPU passthrough you should use HVM, and can’t use PVH.
QubesOS by default mask your mouse pointer, but in order to play many 3D games you should fully expose it to gaming qube.
Infected mouse may infect gaming qube and vice versa, and spyware risk that let programs running within qube to direct access to mouse data.
How it works:
How to use USB devices — Qubes OS Documentation (for gaming you should change this behavior)
Hope you have few billions to open new brand semiconductor factory, and keep it out of any state influence.
You mean just the game qube or also other qubes?
Maybe I should state my threat model.
My threat model is just corporate mass surveillance.
It came to my attention recently that a game I had played for maybe a week had deployed spyware as part of its anti-cheat: https://imgur.com/lvs1XzZ
I was just disgusted by the fact that whenever I was playing that game, not only were they looking at every program you had running, but also the website you were viewing in your browser.
So I got interested in Qubes again because I just want to compartmentalise everything. Linux, Windows, Mac have almost non-existing sandboxing unlike Android and iOS, so Qubes is the only choice.
Using PCI pass-through increases the attack surface of Xen, but it would still require the attacker to have access to the qube with the device attached, and the attacker would also need a zero-day exploit.
Another possible security issue with GPU pass-through is that the firmware loaded into the GPU might not reset unless you power off the system. This could be an issue if you use the GPU with multiple qubes in different trust domains, where in theory one qube could compromise the firmware. If the GPU is detached from the hostile qube and attached to a different qube, the firmware could be used to attack that qube.
Probably not something you need to worry about unless you are targeted by government-sponsored attackers.
if the ‘anti-cheat’ is your main concern… such rootkit will simply detect that your ‘game’ is running in a VM, and refuse to start. Fortnite (by Epic Games) is surely doing this using easy ‘anti-cheat’. So virtualistation is not helping here at all.
Another point that ‘performance loss’ is not the usual concern, but if your hardware is ‘supported’ and if you are able to create a VM with woring GPU passtrough. - and how much manual hacking is required to do so under Qubes OS.
Another issue that ‘windows support’ under Qubes OS is really experimental and it is far from ‘game ready’ state - if you ask me.
I will keep my answer simple, and you welcome to dive deep if you need. Because it behind your threat model.
By default sys-usb handle mouse status, it pass to requested qube via special proxy only necessary data about mouse position and click.
Also, qube don’t know in each moment and time where mouse location is.
For gaming and 3D app’s you should pass to qube (vm) exactly position of mouse at any moment: for targeting, for graphic movment and etc.
In my opinion, anticheat with so huge privacy issue that collect data of all possible apps and programs - could use this attack surface against you.
I agree with Zrubi, In same case as your I would prefer separated dedicate gaming PC and consider it as infected device.
Maybe even place it in DMZ network and isolate from all devices in home, including WiFi and etc.
Yes but has anyone actually tried and run some benchmarks?
Even if any would do such, what would you really compare?
I do run benchmarks (performance test by passmark) on my VGA Passtrough VM (not on Qubes, but a standard qemu/libvirt/KVM) to compare different settings and scenarios on the same physical hardware.
However, I’m not plannig to install bare metal windows just to get some results there.
On my setup it reports:
All compared to reports from other users, which implies different setups.
Obviously it would only be meaningful up against bare metal windows.