This page details the particular case of install the REVEN server in a virtual machine (VM).
Most common hypervisors were tested. That includes QEMU/KVM (e.g. Proxmox, virt-manager, ...), ESXi, VMware Workstation, HyperV, but others should work too.
Here are some quick guidelines that should help you get in the right direction. In any case, please refer to the official documentation for your hypervisor or your system administrator to get the most accurate guidance.
The status of nested virtualization on Linux can be checked with the following files:
/sys/module/kvm_intel/parameters/nestedfor Intel CPUs.
/sys/module/kvm_amd/parameters/nestedfor AMD CPUs.
$ cat /sys/module/kvm_intel/parameters/nested Y
If nested virtualization is disabled, you can enable it by running the following as
- For Intel CPUs:
# echo 'options kvm_intel nested=1' > /etc/modprobe.d/kvm.conf
- For AMD CPUs:
# echo 'options kvm_amd nested=1' > /etc/modprobe.d/kvm.conf
The modification will be effective after the next reboot.
Nested virtualization on ESXi can be enabled by running the following command as
echo 'vhv.allow = "TRUE"' >> /etc/vmware/config
The nested virtualization option must then be further enabled on a per-guest basis. The option to look for is called
Hardware virtualization: Expose hardware assisted virtualization to the guest OS.
The nested virtualization setting on Workstation is set on a per-VM basis. Look for the
Virtualize Intel VT-x/EPT or AMD-V/RVI option in the VM Settings.
The nested virtualization setting on Hyper-V is set on a per-VM basis. It is activated by running the following in a Powershell console:
Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true
If you encounter the following error when running
start.sh to launch REVEN:
ERROR: '/dev/kvm' does not have read/write permissions with this user.
This may be due to the nested virtualization being ill-configured. You can check that easily with
kvm-ok directly in
the virtual machine:
sudo apt install cpu-checker
If the last command returned an error, then you should check that the VM does have nested virtualization enabled.
If during a
Prepare VM task, you happen to have
libguestfs complaining with the following error:
kvm_put_msrs: Assertion 'ret == cpu->kvm_msr_buf->nmsrs' failed.
Try running the following as
root on the guest VM you installed REVEN on:
echo Y > /sys/module/kvm/parameters/ignore_msrs
If this works, you can make it permanent after next reboot:
echo 'options kvm ignore_msrs=Y' > /etc/modprobe.d/kvm_ignore_msrs.conf