Advanced Virtual Machines pre-requisites

This page details the particular case of install the REVEN server in a virtual machine (VM).

Most common hypervisors were tested. That includes QEMU/KVM (e.g. Proxmox, virt-manager, ...), VMware ESXi, VMware Workstation, Microsoft Hyper-V, but others should work too.

Tips and tricks

Here are some quick guidelines that should help you get in the right direction. In any case, please refer to the official documentation for your hypervisor or your system administrator to get the most accurate guidance.

QEMU/KVM

The status of nested virtualization on Linux can be checked with the following files:

  • /sys/module/kvm_intel/parameters/nested for Intel CPUs.
  • /sys/module/kvm_amd/parameters/nested for AMD CPUs.

For example:

$ cat /sys/module/kvm_intel/parameters/nested
Y

If nested virtualization is disabled, you can enable it by running the following as root:

  • For Intel CPUs:
    # echo 'options kvm_intel nested=1' > /etc/modprobe.d/kvm.conf
    
  • For AMD CPUs:
    # echo 'options kvm_amd nested=1' > /etc/modprobe.d/kvm.conf
    

The modification will be effective after the next reboot.

VMware ESXi

Nested virtualization on ESXi can be enabled by running the following command as root:

echo 'vhv.allow = "TRUE"' >> /etc/vmware/config

The nested virtualization option must then be further enabled on a per-guest basis. The option to look for is called Hardware virtualization: Expose hardware assisted virtualization to the guest OS.

VMware Workstation

The nested virtualization setting on Workstation is set on a per-VM basis. Look for the Virtualize Intel VT-x/EPT or AMD-V/RVI option in the VM Settings.

Microsoft Hyper-V

The nested virtualization setting on Hyper-V is set on a per-VM basis. It is activated by running the following in a Powershell console:

Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true

Troubleshooting

start.sh refuses to launch REVEN with a /dev/kvm problem

If you encounter the following error when running start.sh to launch REVEN:
ERROR: '/dev/kvm' does not have read/write permissions with this user.

This may be due to the nested virtualization being ill-configured. You can check that easily with kvm-ok directly in the virtual machine:

  1. sudo apt install cpu-checker
  2. sudo kvm-ok

If the last command returned an error, then you should check that the VM does have nested virtualization enabled.

Issue during 'Prepare VM'

If during a Prepare VM task, you happen to have libguestfs complaining with the following error:
kvm_put_msrs: Assertion 'ret == cpu->kvm_msr_buf->nmsrs' failed.

Try running the following as root on the guest VM you installed REVEN on:
echo Y > /sys/module/kvm/parameters/ignore_msrs

If this works, you can make it permanent after next reboot:
echo 'options kvm ignore_msrs=Y' > /etc/modprobe.d/kvm_ignore_msrs.conf