Running proprietary firmware in virtualized environment, but not in host environment
Linux - Virtualization and CloudThis forum is for the discussion of all topics relating to Linux Virtualization and Linux Cloud platforms. Xen, KVM, OpenVZ, VirtualBox, VMware, Linux-VServer and all other Linux Virtualization platforms are welcome. OpenStack, CloudStack, ownCloud, Cloud Foundry, Eucalyptus, Nimbus, OpenNebula and all other Linux Cloud platforms are welcome. Note that questions relating solely to non-Linux OS's should be asked in the General forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Running proprietary firmware in virtualized environment, but not in host environment
I've got a fresh install of Debian Wheezy on my laptop, and for security reasons I would like to not have any proprietary firmware running on this system. However, I require iwlwifi non-free microcode for my wireless card ...
Is there any way for me to use Xen or some other form of virtualization to install another copy of Debian in a virtual environment that does have the proprietary Intel binary firmware installed, and can use the wireless card, without having this firmware installed on the host environment?
EDIT: To clarify, I do not need or want wireless access in the host environment - I only want wifi in the virtualized environment.
Last edited by jessetaylor84; 09-18-2014 at 09:11 PM.
Maybe. Some newer systems have more direct ways to connect real hardware. Your system and host os and vm app need to support it fully.
What I get from your statement(yet not said) is that you have a wireless device that you want to attach to a server. If it is usb then it can be directly supported in some vm's. Most servers may not have vm support by default.
I am not looking to attach a USB wifi device to a server. I am just trying to use the internal Intel wireless card that came in my laptop, without letting any closed-source/proprietary code interact with the Linux kernel.
But you are correct, regarding direct hardware access. Since I made the original post, I have learned of PCI Passthrough, which is available for both Xen and qemu/KVM ... This will allow me to grant the guest VM direct access to PCI devices, and have the iwlwifi driver running only on the guest VM. The proprietary firmware will still be installed on the physical wireless card by the guest VM's iwlwifi module and will be able to interact with the guest OS kernel, but there will be no drivers on the host VM running in kernel space that will be interacting with the firmware ... at least that is my understanding.
Am I correct in assuming that if I installed iwlwifi on a qemu/KVM guest OS and used PCI passthrough to give this guest direct access to the wireless card, and did *not* install iwlwifi on the host VM, that there would be no way that the proprietary firmware could interact with the host VM's kernel?
Last edited by jessetaylor84; 09-19-2014 at 04:04 PM.
I'd doubt the laptop supports pci but you can sure try.
My limited understanding is that like a usb attached to client so does a pci attach. It is almost transparent and for most it is transparent. It should not let the firmware in client affect the host.
There has been much discussion over the decade or so in vm's as to how secure or safe they are. In an odd twist, the more closely the vm uses hardware the more likely that some data issue will be shows to be a security hole.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.