flisboac/_README.md

## _README.md

      
    Raw
  

              _README.md
            
          
    Some notes:

Disable Above 4G in BIOS, otherwise vfio-pci (on the host) will panic all the time when turning off the Opnsense VM, and the only way to get off the problem is to hard-reset the host entirely.
On Opnsense Guest, go to the Web GUI, option System -> Settings -> Tunables, click "Add", and add the virtio_console_load=YES config Make sure QEMU Guest Agent is disabled.


## grub-defaults.conf
# Edit "/etc/default/grub" and append the following
# to the GRUB_CMDLINE_LINUX_DEFAULT variable:
#   For Intel:
#      intel_iommu=on iommu=pt kvm.ignore_msrs=1
#
# After editing the file, don't forget to execute:
#   update-grub
#

GRUB_CMDLINE_LINUX_DEFAULT="intel_iommu=on iommu=pt kvm.ignore_msrs=1"

## vfio-pci-eth-rebind.service
# Put this file at location: /etc/systemd/system/vfio-pci-eth-rebind.service
# Don't forget to execute:
#   sudo systemctl enable --now vfio-pci-eth-rebind.service
#

[Unit]
Description=Disables PCI Passthrough for specific network devices.

[Service]
ExecStart=/usr/local/bin/vfio-pci-eth-rebind.sh

[Install]
WantedBy=network.target

## vfio-pci-eth-rebind.sh
#!/bin/sh

# Put this file at location: /usr/local/bin/vfio-pci-eth-rebind.sh

# Specify here the driver that will
# override vfio-pci.
# `igc` is intel's drivers. Check
# `lspci -v` for a list of suitable
# drivers per device.
DRIVER="igc"

# List here all devices that need to be
# controlled by the driver you want.
# For the CWWK mini-pc I have, this will
# make eth0 non-passthrough.
DEVICES="0000:02:00.0"

for DEV in $DEVICES; do
  DEV_UNBIND="/sys/bus/pci/devices/${DEV}/driver/unbind"
  if [ -w "$DEV_UNBIND" ]; then
    printf '%s\n' "$DEV" >"$DEV_UNBIND"
  fi
  echo "$DEV" >"/sys/bus/pci/drivers/${DRIVER}/bind"
done

unset DEV
unset DEV_UNBIND

## vfio-pci-eth.conf
# Put this file at location: /etc/modprobe.d/vfio-pci-eth.conf
# Don't forget to execute:
#   update-initramfs -u -k all

# Change "igc" to the driver which Linux would normally
# use to bind your network device.
# (e.g. Realtek Ethernet devices are bound via a different
# driver). Check `lspci -v` for details.
softdep igc pre: vfio-pci

# Change the `ids`' value to the device and vendor ID of
# your network device. All devices that share the same
# vendor:device identification will be passthrough at
# system initialization. The vfio-pci-eth-rebind.sh will then
# be called by SystemD and will override specific devices,
# disable passthrough and assign them to some other driver,
# so that they can be accessed by the VM host.
# This ID is for the Intel I226-V ethernet chip.
options vfio-pci ids=8086:125c
	# Edit "/etc/default/grub" and append the following
	# to the GRUB_CMDLINE_LINUX_DEFAULT variable:
	# For Intel:
	# intel_iommu=on iommu=pt kvm.ignore_msrs=1
	#
	# After editing the file, don't forget to execute:
	# update-grub
	#

	GRUB_CMDLINE_LINUX_DEFAULT="intel_iommu=on iommu=pt kvm.ignore_msrs=1"
	# Put this file at location: /etc/systemd/system/vfio-pci-eth-rebind.service
	# Don't forget to execute:
	# sudo systemctl enable --now vfio-pci-eth-rebind.service
	#

	[Unit]
	Description=Disables PCI Passthrough for specific network devices.

	[Service]
	ExecStart=/usr/local/bin/vfio-pci-eth-rebind.sh

	[Install]
	WantedBy=network.target
	#!/bin/sh

	# Put this file at location: /usr/local/bin/vfio-pci-eth-rebind.sh

	# Specify here the driver that will
	# override vfio-pci.
	# `igc` is intel's drivers. Check
	# `lspci -v` for a list of suitable
	# drivers per device.
	DRIVER="igc"

	# List here all devices that need to be
	# controlled by the driver you want.
	# For the CWWK mini-pc I have, this will
	# make eth0 non-passthrough.
	DEVICES="0000:02:00.0"

	for DEV in $DEVICES; do
	DEV_UNBIND="/sys/bus/pci/devices/${DEV}/driver/unbind"
	if [ -w "$DEV_UNBIND" ]; then
	printf '%s\n' "$DEV" >"$DEV_UNBIND"
	fi
	echo "$DEV" >"/sys/bus/pci/drivers/${DRIVER}/bind"
	done

	unset DEV
	unset DEV_UNBIND
	# Put this file at location: /etc/modprobe.d/vfio-pci-eth.conf
	# Don't forget to execute:
	# update-initramfs -u -k all

	# Change "igc" to the driver which Linux would normally
	# use to bind your network device.
	# (e.g. Realtek Ethernet devices are bound via a different
	# driver). Check `lspci -v` for details.
	softdep igc pre: vfio-pci

	# Change the `ids`' value to the device and vendor ID of
	# your network device. All devices that share the same
	# vendor:device identification will be passthrough at
	# system initialization. The vfio-pci-eth-rebind.sh will then
	# be called by SystemD and will override specific devices,
	# disable passthrough and assign them to some other driver,
	# so that they can be accessed by the VM host.
	# This ID is for the Intel I226-V ethernet chip.
	options vfio-pci ids=8086:125c