bastl Posted December 16, 2019 Share Posted December 16, 2019 @mojotaker Edit your VM like shown above and you should be good. 1 Quote Link to comment
mojotaker Posted December 17, 2019 Share Posted December 17, 2019 17 hours ago, bastl said: @mojotaker Edit your VM like shown above and you should be good. Thank you. Quote Link to comment
DZMM Posted December 17, 2019 Share Posted December 17, 2019 On 12/13/2019 at 3:32 PM, joelones said: @bastl So I updated to 6.8 stable and decided to try this workaround. I did try the Skylake emulation for my AMD FX8320 and it didn't quite seem to like it very much and gave an unsupported CPU error when I tried to start the VM. I guess my CPU is either too old or lacks the instructions to emulate Skylake properly. Maybe I need to model an older Intel CPU, like Sandybridge or something?? I know my model is a Opteron_G5. I had no choice but to opt for Emulated QEMU64 mode, hopefully the lack of AES-NI won't impact overall CPU performance with respect to VPN usage. EDIT: I seem to have gotten pfSense to boot with AES-NI on my AMD wit this: <cpu mode='custom' match='exact' check='full'> <model fallback='forbid'>Opteron_G5</model> <vendor>AMD</vendor> <feature policy='require' name='vme'/> <feature policy='require' name='x2apic'/> <feature policy='require' name='tsc-deadline'/> <feature policy='require' name='hypervisor'/> <feature policy='require' name='arat'/> <feature policy='require' name='tsc_adjust'/> <feature policy='require' name='bmi1'/> <feature policy='require' name='mmxext'/> <feature policy='require' name='fxsr_opt'/> <feature policy='require' name='cmp_legacy'/> <feature policy='require' name='cr8legacy'/> <feature policy='require' name='osvw'/> <feature policy='disable' name='rdtscp'/> <feature policy='disable' name='svm'/> </cpu> I'm about to try going from rc7 to 6.8 - rc8 failed for me, but I didn't know why until now. I currently have: <cpu mode='host-passthrough' check='none'> <topology sockets='1' cores='6' threads='1'/> <feature policy='require' name='topoext'/> </cpu> will this work for my threadripper and maintain AES-NI support? Thanks <cpu mode='custom' match='exact' check='full'> <model fallback='forbid'>Opteron_G5</model> <vendor>AMD</vendor> <topology sockets='1' cores='6' threads='1'/> <feature policy='require' name='vme'/> <feature policy='require' name='x2apic'/> <feature policy='require' name='tsc-deadline'/> <feature policy='require' name='hypervisor'/> <feature policy='require' name='arat'/> <feature policy='require' name='tsc_adjust'/> <feature policy='require' name='bmi1'/> <feature policy='require' name='mmxext'/> <feature policy='require' name='fxsr_opt'/> <feature policy='require' name='cmp_legacy'/> <feature policy='require' name='cr8legacy'/> <feature policy='require' name='osvw'/> <feature policy='disable' name='rdtscp'/> <feature policy='disable' name='svm'/> </cpu> This is all way beyond my VM level so it's a blind cut & paste job for me. 1 Quote Link to comment
testdasi Posted December 17, 2019 Share Posted December 17, 2019 1 hour ago, DZMM said: I'm about to try going from rc7 to 6.8 - rc8 failed for me, but I didn't know why until now. I currently have: This is all way beyond my VM level so it's a blind cut & paste job for me. You should go back to page 1 and look for bastl's post with the Skylake emulation and use that. The reason it didn't work for the previous poster was because his CPU is FX 8320 which came out before Skylake (so it can't emulate Skylake hence unsupported CPU). Threadripper works fine with Skylake emulation. Generally, as long as your host CPU has AES NI + your emulating CPU also has AES NI + you don't disable it then it should have it. 1 Quote Link to comment
jpowell8672 Posted December 27, 2019 Share Posted December 27, 2019 On 12/12/2019 at 5:45 AM, bastl said: I found a workaround for this! The culprit is the cpu-mode "host-passthrough". If I switch to "Emulated QEMU64" the VM boots up again. Switching it in the gui should work if you havn't setup any special CPU flags. Another way is to edit the xml like the following: change <cpu mode='host-passthrough' check='none'> <topology sockets='1' cores='2' threads='1'/> </cpu> to <cpu> <topology sockets='1' cores='2' threads='1'/> </cpu> also forces the CPU into emulated QEMU64 mode. Another option is to emulate a Intel Skylake CPU for example with the following: <cpu mode='custom' match='exact' check='full'> <model fallback='forbid'>Skylake-Client</model> <topology sockets='1' cores='2' threads='1'/> <feature policy='require' name='hypervisor'/> <feature policy='disable' name='pcid'/> <feature policy='disable' name='hle'/> <feature policy='disable' name='erms'/> <feature policy='disable' name='invpcid'/> <feature policy='disable' name='rtm'/> <feature policy='disable' name='mpx'/> <feature policy='disable' name='spec-ctrl'/> </cpu> Edit: "AES-NI CPU Crypto" isn't supported on "Emulated QEMU64" mode. For future Pfsense versions this is a requirement if I remember correctly. I also had this problem when upgrading to 6.8 and used your emulate a Intel Skylake CPU on my Threadripper as a workaround for now until this issue gets resolved. Thank You 1 Quote Link to comment
salora Posted January 26, 2020 Share Posted January 26, 2020 Greetings everybody, so I have the same issue as others here, so I stayed with 6.7.2 hoping that maybe 6.8.1 would solve this unfortunatly not, so besides the workaround (that may induce a loss in performance), will this be fixed ? or we shall wait for unraid 6.9? thank you regards Quote Link to comment
toastman Posted January 27, 2020 Share Posted January 27, 2020 As of 6.8.2 this is still an issue, although I can confirm using the emulated CPU still works Quote Link to comment
KriS Posted March 3, 2020 Share Posted March 3, 2020 I'm wonder.. it's a bug at unRaid software or Linux, and if we have any update date when it start works as worked at 6.7.2? I bought hardware firewall because this bug long time ago, and I would like back with pfSense at unRaid, but I need work stable as before. So with what is problem? Quote Link to comment
vw-kombi Posted June 20, 2020 Share Posted June 20, 2020 Any update on this ? I note that when I edit the xml with the skylake cpu stuff, then you cant save the 'non xml' VM as it throws a message 'xml error invalid cpu feature name'. Not sure if that's just me ? Quote Link to comment
potjoe Posted March 4, 2021 Share Posted March 4, 2021 Just to follow up, host-passthrough mode seems to be working again for me under 6.9 with my ryzen 1600! Quote Link to comment
sakh1979 Posted March 4, 2021 Share Posted March 4, 2021 5 hours ago, potjoe said: Just to follow up, host-passthrough mode seems to be working again for me under 6.9 with my ryzen 1600! Thank you for confirming! I came here to verify that the host-passthrough mode works before I upgrade to 6.9. I have been holding back upgrading from 6.7.2 to 6.8.3 just for this reason. Quote Link to comment
drumking53 Posted January 29, 2022 Share Posted January 29, 2022 On 12/12/2019 at 2:45 AM, bastl said: I found a workaround for this! The culprit is the cpu-mode "host-passthrough". If I switch to "Emulated QEMU64" the VM boots up again. Switching it in the gui should work if you havn't setup any special CPU flags. Another way is to edit the xml like the following: change <cpu mode='host-passthrough' check='none'> <topology sockets='1' cores='2' threads='1'/> </cpu> to <cpu> <topology sockets='1' cores='2' threads='1'/> </cpu> also forces the CPU into emulated QEMU64 mode. Another option is to emulate a Intel Skylake CPU for example with the following: <cpu mode='custom' match='exact' check='full'> <model fallback='forbid'>Skylake-Client</model> <topology sockets='1' cores='2' threads='1'/> <feature policy='require' name='hypervisor'/> <feature policy='disable' name='pcid'/> <feature policy='disable' name='hle'/> <feature policy='disable' name='erms'/> <feature policy='disable' name='invpcid'/> <feature policy='disable' name='rtm'/> <feature policy='disable' name='mpx'/> <feature policy='disable' name='spec-ctrl'/> </cpu> Edit: "AES-NI CPU Crypto" isn't supported on "Emulated QEMU64" mode. For future Pfsense versions this is a requirement if I remember correctly. This totally worked for me!!! by changing the XML, it booted right away to the install screen. Thank you so much! 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.