Video Player is loading.
Advertisement
Current Time 0:00
Duration -:-
Loaded: 0%
Stream Type LIVE
Remaining Time -:-
1x

    Up next


    Using Virtual Machines for Privacy and Security

    JamesRoss
    JamesRoss - 455 Views
    455
    455 Views
    Published on 07 Jan 2022 / In Technology

    This is a discussion of how a Virtual Machine installation can help with your privacy and security on a computer. I will also demonstrate an installation of a VM on Windows 10 with Ubuntu as the VM. Then the video compares the speed of watching a Youtube video on a VM vs a native OS. This will indicate if there's a significant overhead to running a VM.

    I also discuss the different benefits of a VM with privacy and security and its limitations. Additionally I will introduce you to a specific secure Linux distro, intended for Virtual Box and that is WHONIX.

    Source: https://www.youtube.com/watch?v=GzMuZlm99g8&t=0s

    Activating the Intel VT Virtualization Feature https://www.thomas-krenn.com/en/wiki/Activating_the_Intel_VT_Virtualization_Feature
    Jump to navigation
    Jump to search
    Main Page > Server Hardware > Motherboards > BIOS Settings

    The Intel VT-x Virtualization Features (previously called VT) can be activated and deactivated from the BIOS for many systems.
    Contents

    1 Problem
    2 Solution
    2.1 Example: Intel SR2500 Server
    2.2 Example: Supermicro Server with a X7DBE Mainboard
    3 Testing the Configuration under Linux
    3.1 Does the CPU support VT-x?
    3.2 Do the BIOS Settings permit VT-x usage?
    3.2.1 Example 1: Deactivating Intel VT-x in the BIOS
    3.2.2 Example 2: Activating Intel VT-x in the BIOS
    4 References

    Problem

    Even when the features have been activated, the virtualization features are not available in the operating system. This will generate an error message indicating that Hardware Virtualization Support is not available.
    Solution

    Changing this setting in the BIOS requires turning the server off and back on. Only afterwards will the new setting take effect.

    Reason: When the computer is turned on, the BIOS must either activate or deactivate the VT-x features in the CPU. The selected setting will then be locked in order to prevent modification of the feature's setting while the computer is running.[1])
    Example: Intel SR2500 Server

    The BIOS setting can be changed from Advanced --> Processor Configuration --> Intel(R) Virtualization Technology.

    The following helpful information will be displayed in the right column of this view:

    Intel (R) Virtualization
    Technology allows a platform to
    run multiple operating systems
    and applications in independent
    partitions.
    Note: A change to this option
    requires the system to be
    powered off and then back on
    before the setting will take
    effect.

    A screenshot like the message on the screen will look like this:

    SR2500-bios-intel-vt.png

    After saving the configuration settings, the server must be turned off and back on again.
    Example: Supermicro Server with a X7DBE Mainboard

    The BIOS setting can be changed from Advanced --> Advanced Processor Options --> Intel(R) Virtualization Technology.

    The following helpful information will be displayed in the right column of this view:

    One power-cycle will
    occur after changed
    the setting.

    A screenshot like the message on the screen will look like this:

    X7DBE-bios-intel-vt.png

    Manually turning the power off and back on is not required for this server. The server will do this automatically.
    Testing the Configuration under Linux

    The following instructions will explain how to test if the CPU supports VT-x and, if that is the case, how to test if the BIOS settings permit this feature to be used.
    Does the CPU support VT-x?

    On a Linux system, you can test if the CPUs will support VT-x with the help of the /proc/cpuinfo utility. If the vmx setting is listed among the flags, the CPU will support VT-x, in principle:[2]

    root@grml~# cat /proc/cpuinfo
    processor : 0
    vendor_id : GenuineIntel
    cpu family : 6
    model 15 :
    model name : Intel(R) Xeon(R) CPU 5110 @ 1.60GHz
    stepping : 6
    cpu MHz : 1595.896
    cache size : 4096 KB
    physical id : 0
    siblings : 2
    core id : 0
    cpu cores : 2
    apicid : 0
    initial apicid : 0
    fpu : yes
    fpu_exception : yes
    cpuid level : 10
    wp : yes
    flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
    mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall
    nx lm constant_tsc arch_perfmon pebs bts rep_good pni dtes64 monitor ds_cpl
    vmx tm2 ssse3 cx16 xtpr pdcm dca lahf_lm tpr_shadow
    bogomips : 3193.78
    clflush size : 64
    cache_alignment : 64
    address sizes : 36 bits physical, 48 bits virtual
    power management:
    [...]

    Do the BIOS Settings permit VT-x usage?

    If the BIOS will permit the usage of VT-x can be determined with the help of the rdmsr (read msr) utility from the msr-tools tool package[3] MSR stands for machine-specific register, although sometimes model-specific register is used.[4] MSRs are used to set specific values for the hardware in use or to transfer values between the BIOS and the kernel.

    The VT-x lock function is stored in the IA32_FEATURE_CONTROL machine-specific register (MSR address 0x3a).[5] This MSR contains the following three bits:[6]

    Bit 0: lock bit
    Bit 1: activate VMXON in SMX mode
    Bit 2: activate VMXON outside of SMX mode

    The BIOS must set Bits 1 and 2, or all three bits (including Bit 0) so that VT-x support will be enabled.

    The Linux Live CD from grml 64 for May 2009 will be used in this example. The msr-tools will be installed by means of the apt-get update and subsequent apt-get install msr-tools commands. So that rdmsr can access the MSRs, the msr kernel module will have to be installed.
    Example 1: Deactivating Intel VT-x in the BIOS

    If Intel VT-x has been deactivated in the BIOS (or the server was not turned off and back on after the setting was activated), the rdmsr 0x3a command will return 1 (meaning that only Bit 0 has been set).

    root@grml ~ # modinfo msr
    filename: /lib/modules/2.6.28-grml64/kernel/arch/x86/kernel/msr.ko
    license: GPL
    description: x86 generic MSR driver
    author: H. Peter Anvin
    srcversion: 645F15590C9CD893B156AD6
    depends:
    vermagic: 2.6.28-grml64 SMP preempt mod_unload
    root@grml ~ # modprobe msr
    root@grml ~ # rdmsr 0x3a
    1
    root@grml ~ #

    Example 2: Activating Intel VT-x in the BIOS

    With the example server (an Intel SR2500), the rdmsr 0x3a command returns 5, if Intel VT-x has been activated in the BIOS (Bits 0 and 2 have therefore been set).

    root@grml ~ # modinfo msr
    filename: /lib/modules/2.6.28-grml64/kernel/arch/x86/kernel/msr.ko
    license: GPL
    description: x86 generic MSR driver
    author: H. Peter Anvin
    srcversion: 645F15590C9CD893B156AD6
    depends:
    vermagic: 2.6.28-grml64 SMP preempt mod_unload
    root@grml ~ # modprobe msr
    root@grml ~ # rdmsr 0x3a
    5
    root@grml ~ #

    Show more
    0 Comments sort Sort by

    Up next