KVM - Virtual CPU for AES-NI
-
Hi, sorry if this is a stupid question, but I have been strugling with this for a couple of days and cannot find the right answer.
I have my pfSense virtualized with KVM and everything works quite good, except that I have not been able to enable AES-NI no matter how hard I tried.
My host CPU is an AMD FX-8350 wich indeed supports AES-NI.
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 popcnt aes xsave avx f16c lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs xop skinit wdt lwp fma4 tce nodeid_msr tbm topoext perfctr_core perfctr_nb cpb hw_pstate vmmcall bmi1 arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthresholdGoogling around I found that I can pass all host CPU functionality to the gest OS using this:
I have done that, but then my VM does not load and just get stucked while booting…. This seems to be a FREEBSD problem, but I'm not sure.
So, wich CPU should I choose that DO supports AES-NI with my host CPU being an AMD FX-8350 ?. I've been using Opteron G2, but seems that it does not support AES-NI.
-
Don't 'choose' a CPU, just use the host CPU.
-
@johnkeates:
Don't 'choose' a CPU, just use the host CPU.
I think that is what this code is for, or I'm wrong?
That is the code that gets written to the VM config when I choose "Copy host CPU configuration" from the virt-manager GUI.
But as I said, it get stucked at boot.
-
I have no idea what the virt-manager GUI does, I either use bare config files or managed configuration. I probably missed the boat on the GUI part before it came out, and when it did come out, I already moved on to configuration management :-\
Anyway, I pretty much left the KVM bandwagon and only run Xen, and a bit of vmware, and they all just take the host CPU and all it's features by default and give it to the VM.
Maybe removing the fallback option is what you need? Also, did you enable hardware assisted virtualisation?
-
@johnkeates:
I have no idea what the virt-manager GUI does, I either use bare config files or managed configuration. I probably missed the boat on the GUI part before it came out, and when it did come out, I already moved on to configuration management :-\
Anyway, I pretty much left the KVM bandwagon and only run Xen, and a bit of vmware, and they all just take the host CPU and all it's features by default and give it to the VM.
Maybe removing the fallback option is what you need? Also, did you enable hardware assisted virtualisation?
I've been quite happy with KVM, but I think I should give Xen a try. Anyway, I've managed to get it to work using "Westmere" CPU. I've not tryied removing "fallback" option yet,but will try that.
Also, what I think is strange is that my real CPU is an AMD FX-8350 but the "emulated" one is an "Intel Westmere"…. I though that you can only "emulate" AMD CPUs on AMD CPUs and Intel CPUs on Intel CPUs but obviously I was wrong!.