Jump to content

Windows 10 Vm Kernel security check failure


Recommended Posts

Posted

Hi all recently upgraded to 6.9.0 beta 22 Some great new features and k10temp readings being displayed but since changing from 6.9.0 beta 1 my Vm has stopped working no signal on tv what so ever I’m using vnc and you can see windows starting and restarting with a kernel security check failure I’ve seen other posts but I think this could be a big issue for people especially if you don’t want to downgrade any in detailed help getting around this would be Great 👍🏻 

Posted

 

  <qemu:commandline>
    <qemu:arg value='-cpu'/>
    <qemu:arg value='-amd-stibp'/>
 </qemu:commandline>

 

I think these lines at the end of your VMs xml should do it. Changing the CPU passthrough method from host-passthrough to host-model I think works as well.

Posted (edited)

Not OK for me:

 

<qemu:commandline>
    <qemu:arg value='-cpu'/>
    <qemu:arg value='-amd-stibp'/>
 </qemu:commandline>

Execution error:

internal error: qemu unexpectedly closed the monitor: 2020-06-19T12:55:42.118694Z qemu-system-x86_64: unable to find CPU model '-amd-stibp'

 

OK for me:

 

Before

<cpu mode='host-passthrough' check='none'>
    <topology sockets='1' dies='1' cores='4' threads='2'/>
    <cache mode='passthrough'/>
    <feature policy='require' name='topoext'/>
</cpu>

After

<cpu mode='host-model' check='none'>
    <topology sockets='1' dies='1' cores='4' threads='2'/>
    <feature policy='require' name='topoext'/>
</cpu>

Asus Strix X570-E Gaming + AMD Ryzen 3600

 

 

Edited by xommit
  • Like 2
  • Thanks 3
Posted

Just tested on my system but these line will work with host-passthrough if you want to keep using that.

 

 <qemu:commandline>
    <qemu:arg value='-cpu'/>
    <qemu:arg value='host,topoext=on,invtsc=on,hv-time,hv-relaxed,hv-vapic,hv-spinlocks=0x1fff,hv-vpindex,hv-synic,hv-stimer,hv-reset,hv-frequencies,host-cache-info=on,l3-cache=off,-amd-stibp'/>
  </qemu:commandline>

 

  • Thanks 1
Posted (edited)

So I went to the end of my xml where domain was I cut <domain> out and pasted

 

<qemu:commandline> <qemu:arg value='-cpu'/> <qemu:arg value='host,topoext=on,invtsc=on,hv-time,hv-relaxed,hv-vapic,hv-spinlocks=0x1fff,hv-vpindex,hv-synic,hv-stimer,hv-reset,hv-frequencies,host-cache-info=on,l3-cache=off,-amd-stibp'/> </qemu:commandline>
 

I then added <domain> To the end of the line which worked for VNC but when trying to use Graphics passthrough just crazy 100% core readings for me with nothing on screen 😑

But I couldn’t access through vnc before so.. we’re getting there lol 

 

Edited by Dava2k7
Posted

My VM Log

 

 

-nodefaults \
-chardev socket,id=charmonitor,fd=31,server,nowait \
-mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=localtime \
-no-hpet \
-no-shutdown \
-boot strict=on \
-device qemu-xhci,p2=15,p3=15,id=usb,bus=pci.0,addr=0x7 \
-device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x3 \
-blockdev '{"driver":"file","filename":"/mnt/cache/domains/Gaming VM/vdisk1.img","node-name":"libvirt-3-storage","cache":{"direct":false,"no-flush":false},"auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-3-format","read-only":false,"cache":{"direct":false,"no-flush":false},"driver":"raw","file":"libvirt-3-storage"}' \
-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=libvirt-3-format,id=virtio-disk2,bootindex=1,write-cache=on \
-blockdev '{"driver":"file","filename":"/mnt/user/isos/Win10_1909_English_x64.iso","node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-2-format","read-only":true,"driver":"raw","file":"libvirt-2-storage"}' \
-device ide-cd,bus=ide.0,unit=0,drive=libvirt-2-format,id=ide0-0-0,bootindex=2 \
-blockdev '{"driver":"file","filename":"/mnt/user/isos/virtio-win-0.1.173-2.iso","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":true,"driver":"raw","file":"libvirt-1-storage"}' \
-device ide-cd,bus=ide.0,unit=1,drive=libvirt-1-format,id=ide0-0-1 \
-netdev tap,fd=33,id=hostnet0 \
-device virtio-net,netdev=hostnet0,id=net0,mac=52:54:00:fa:9e:8d,bus=pci.0,addr=0x2 \
-chardev pty,id=charserial0 \
-device isa-serial,chardev=charserial0,id=serial0 \
-chardev socket,id=charchannel0,fd=34,server,nowait \
-device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0 \
-device usb-tablet,id=input0,bus=usb.0,port=5 \
-device vfio-pci,host=0000:09:00.0,id=hostdev0,bus=pci.0,addr=0x5 \
-device vfio-pci,host=0000:09:00.1,id=hostdev1,bus=pci.0,addr=0x6 \
-device usb-host,hostbus=5,hostaddr=14,id=hostdev2,bus=usb.0,port=1 \
-device usb-host,hostbus=5,hostaddr=19,id=hostdev3,bus=usb.0,port=2 \
-device usb-host,hostbus=5,hostaddr=5,id=hostdev4,bus=usb.0,port=3 \
-device usb-host,hostbus=5,hostaddr=7,id=hostdev5,bus=usb.0,port=4 \
-cpu host,topoext=on,invtsc=on,hv-time,hv-relaxed,hv-vapic,hv-spinlocks=0x1fff,hv-vpindex,hv-synic,hv-stimer,hv-reset,hv-frequencies,host-cache-info=on,l3-cache=off,-amd-stibp \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
2020-06-19 15:20:27.761+0000: Domain id=24 is tainted: high-privileges
2020-06-19 15:20:27.761+0000: Domain id=24 is tainted: custom-argv
2020-06-19 15:20:27.761+0000: Domain id=24 is tainted: host-cpu
char device redirected to /dev/pts/0 (label charserial0)
2020-06-19T15:22:22.676691Z qemu-system-x86_64: terminating on signal 15 from pid 11543 (/usr/sbin/libvirtd)
2020-06-19 15:22:25.078+0000: shutting down, reason=destroyed

Posted (edited)

It seems to be working via VNC but cant see nothing cause my signal to tv isnt coming on don’t think it’s passing through the graphics card properly I can see bios on startup both ways worked for me via VNC host-model and host-passthrough 👍🏻 here’s my xml I hope this helps 

 

 

<?xml version='1.0' encoding='UTF-8'?>
<domain type='kvm'>
  <name>Gaming Vm</name>
  <uuid>eb4747a6-bb10-6ce9-2d0d-a704560b5992</uuid>
  <metadata>
    <vmtemplate xmlns="unraid" name="Windows 10" icon="windows.png" os="windows10"/>
  </metadata>
  <memory unit='KiB'>17301504</memory>
  <currentMemory unit='KiB'>17301504</currentMemory>
  <memoryBacking>
    <nosharepages/>
  </memoryBacking>
  <vcpu placement='static'>12</vcpu>
  <cputune>
    <vcpupin vcpu='0' cpuset='6'/>
    <vcpupin vcpu='1' cpuset='18'/>
    <vcpupin vcpu='2' cpuset='7'/>
    <vcpupin vcpu='3' cpuset='19'/>
    <vcpupin vcpu='4' cpuset='8'/>
    <vcpupin vcpu='5' cpuset='20'/>
    <vcpupin vcpu='6' cpuset='9'/>
    <vcpupin vcpu='7' cpuset='21'/>
    <vcpupin vcpu='8' cpuset='10'/>
    <vcpupin vcpu='9' cpuset='22'/>
    <vcpupin vcpu='10' cpuset='11'/>
    <vcpupin vcpu='11' cpuset='23'/>
  </cputune>
  <os>
    <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type>
    <loader readonly='yes' type='pflash'>/usr/share/qemu/ovmf-x64/OVMF_CODE-pure-efi.fd</loader>
    <nvram>/etc/libvirt/qemu/nvram/eb4747a6-bb10-6ce9-2d0d-a704560b5992_VARS-pure-efi.fd</nvram>
  </os>
  <features>
    <acpi/>
    <apic/>
    <hyperv>
      <relaxed state='on'/>
      <vapic state='on'/>
      <spinlocks state='on' retries='8191'/>
      <vendor_id state='on' value='none'/>
    </hyperv>
  </features>
  <cpu mode='host-passthrough' check='none'>
    <topology sockets='1' dies='1' cores='6' threads='2'/>
    <cache mode='passthrough'/>
    <feature policy='require' name='topoext'/>
  </cpu>
  <clock offset='localtime'>
    <timer name='hypervclock' present='yes'/>
    <timer name='hpet' present='no'/>
  </clock>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>restart</on_crash>
  <devices>
    <emulator>/usr/local/sbin/qemu</emulator>
    <disk type='file' device='disk'>
      <driver name='qemu' type='raw' cache='writeback'/>
      <source file='/mnt/cache/domains/Gaming VM/vdisk1.img'/>
      <target dev='hdc' bus='virtio'/>
      <boot order='1'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
    </disk>
    <disk type='file' device='cdrom'>
      <driver name='qemu' type='raw'/>
      <source file='/mnt/user/isos/Win10_1909_English_x64.iso'/>
      <target dev='hda' bus='ide'/>
      <readonly/>
      <boot order='2'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>
    <disk type='file' device='cdrom'>
      <driver name='qemu' type='raw'/>
      <source file='/mnt/user/isos/virtio-win-0.1.173-2.iso'/>
      <target dev='hdb' bus='ide'/>
      <readonly/>
      <address type='drive' controller='0' bus='0' target='0' unit='1'/>
    </disk>
    <controller type='usb' index='0' model='qemu-xhci' ports='15'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
    </controller>
    <controller type='ide' index='0'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
    </controller>
    <controller type='virtio-serial' index='0'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </controller>
    <controller type='pci' index='0' model='pci-root'/>
    <interface type='bridge'>
      <mac address='52:54:00:fa:9e:8d'/>
      <source bridge='virbr0'/>
      <model type='virtio-net'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
    </interface>
    <serial type='pty'>
      <target type='isa-serial' port='0'>
        <model name='isa-serial'/>
      </target>
    </serial>
    <console type='pty'>
      <target type='serial' port='0'/>
    </console>
    <channel type='unix'>
      <target type='virtio' name='org.qemu.guest_agent.0'/>
      <address type='virtio-serial' controller='0' bus='0' port='1'/>
    </channel>
    <input type='tablet' bus='usb'>
      <address type='usb' bus='0' port='5'/>
    </input>
    <input type='mouse' bus='ps2'/>
    <input type='keyboard' bus='ps2'/>
    <hostdev mode='subsystem' type='pci' managed='yes'>
      <driver name='vfio'/>
      <source>
        <address domain='0x0000' bus='0x09' slot='0x00' function='0x0'/>
      </source>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
    </hostdev>
    <hostdev mode='subsystem' type='pci' managed='yes'>
      <driver name='vfio'/>
      <source>
        <address domain='0x0000' bus='0x09' slot='0x00' function='0x1'/>
      </source>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
    </hostdev>
    <hostdev mode='subsystem' type='usb' managed='no'>
      <source>
        <vendor id='0x046d'/>
        <product id='0xc08b'/>
      </source>
      <address type='usb' bus='0' port='1'/>
    </hostdev>
    <hostdev mode='subsystem' type='usb' managed='no'>
      <source>
        <vendor id='0x046d'/>
        <product id='0xc21c'/>
      </source>
      <address type='usb' bus='0' port='2'/>
    </hostdev>
    <hostdev mode='subsystem' type='usb' managed='no'>
      <source>
        <vendor id='0x046d'/>
        <product id='0xc534'/>
      </source>
      <address type='usb' bus='0' port='3'/>
    </hostdev>
    <hostdev mode='subsystem' type='usb' managed='no'>
      <source>
        <vendor id='0x0a12'/>
        <product id='0x0001'/>
      </source>
      <address type='usb' bus='0' port='4'/>
    </hostdev>
    <memballoon model='none'/>
  </devices>
  <qemu:commandline> <qemu:arg value='-cpu'/> <qemu:arg value='host,topoext=on,invtsc=on,hv-time,hv-relaxed,hv-vapic,hv-spinlocks=0x1fff,hv-vpindex,hv-synic,hv-stimer,hv-reset,hv-frequencies,host-cache-info=on,l3-cache=off,-amd-stibp'/> </qemu:commandline>
</domain>
 

Edited by Dava2k7
Posted
1 hour ago, xommit said:

Are you try :

<cpu mode='host-model' check='none'>
And delete :
    <cache mode='passthrough'/>

 

?

yeah that works aswell but only for VNC cant see nothing through hdmi

Posted
1 minute ago, david279 said:

Try making a brand new VM using the GPU but using the your current windows vdisk. Just want to see if a clean VM setup will fix it. 

first thing i done bud that xml is after i recreated it

Posted (edited)
5 minutes ago, david279 said:

What GPU are you using?

Gigabyte gtx 1050ti 4gb mini and thanks for your help btw 

Edited by Dava2k7
Posted
2 minutes ago, david279 said:

You need to pass the bios from the card in the xml if it's the only GPU. 

are you on about the hacked rom bios? cause i have that no joy

 

Posted (edited)

i done it before cause it was working on 6.9.0 beta 1 and 6.8.3 im at a loss to be honest i love my vm and have had great times on it already i finally get my ryzen k10temp Drivers on this kernal and this happens lol not what i need no doubt i'm the only one with a setup like this and alot of people be in the same boat

Edited by Dava2k7
Posted (edited)
1 hour ago, david279 said:

Yeah that's usually the best way to go about passing a single GPU thru to a VM. 

Do you think passing through gpu and usbs via vfio in system devices will do the trick??  just read on beta release thats the way they want people to do it maybe that's my problem

Edited by Dava2k7

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...