Both Intel and AMD CPU support virtualization technology which allows multiple operating systems to run simultaneously on an x86 server or computer in a safe and efficient manner using hardware virtualization. XEN, KVM, Vmware and other virtualization software can use Intel and AMD hardware virtualization for full virtualization. In other words with Intel VT, or AMD-V you can run an unmodified guest OS, like MS-Windows without any problems. To run KVM, you need a CPU that supports hardware virtualization.[donotprint]
|Requirements||Intel/AMD x86 server|
Say hello to /proc/cpuinfo file
The /proc/cpuinfo file has information about your CPU. The information includes, the number of CPUs, threads, cores, sockets, and Non-Uniform Memory Access (NUMA) nodes. There is also formation about the CPU caches and cache sharing, family, model, bogoMIPS, byte order, and stepping. You need to note down the following vendor specific cpu flags:
Am I using 64 bit CPU/system [x86_64/AMD64/Intel64]?
- lm – If you see lm flag means you’ve 64 bit Intel or AMD cpu.
Do I have hardware virtualization support?
- vmx – Intel VT-x, virtualization support enabled in BIOS.
- svm – AMD SVM,virtualization enabled in BIOS.
Do I have hardware AES/AES-NI advanced encryption support?
- aes – Applications performing encryption and decryption using the Advanced Encryption Standard on Intel and AMD cpus.
Commands to check if your hardware supports virtualization
Use the following commands to verify if hardware virtualization extensions is enabled or not in your BIOS.
Verify Intel VT CPU virtualization extensions on a Linux
Type the following command as root to verify that host cpu has support for Intel VT technology, enter:
# grep --color vmx /proc/cpuinfo
Verify AMD V CPU virtualization extensions on a Linux
Type the following command as root to verify that host cpu has support for AMD – V technology:
# grep --color svm /proc/cpuinfo
Verify Intel or AMD 64 bit CPU
The lscpu command shows CPU architecture information on a Linux server:
Sample outputs from Intel server:
Putting it all together
Type the following egrep command:
egrep -wo 'vmx|ept|vpid|npt|tpr_shadow|flexpriority|vnmi|lm|aes' /proc/cpuinfo ## Only show Intel CPU flags ## egrep -wo 'vmx|ept|vpid|npt|tpr_shadow|flexpriority|vnmi|lm|aes' /proc/cpuinfo | sort | uniq ## OR better use the following ## egrep -wo 'vmx|lm|aes' /proc/cpuinfo | sort | uniq\ | sed -e 's/aes/Hardware encryption=Yes (&)/g' \ -e 's/lm/64 bit cpu=Yes (&)/g' -e 's/vmx/Intel hardware virtualization=Yes (&)/g'
Additional Intel x86 CPU specific virtualization flags
- ept – Intel extended page table support enabled to make emulation of guest page tables faster.
- vpid – Intel virtual processor ID. Make expensive TLB flushes unnecessary when context switching between guests.
- tpr_shadow and flexpriority – Intel feature that reduces calls into the hypervisor when accessing the Task Priority Register, which helps when running certain types of SMP guests.
- vnmi – Intel Virtual NMI helps with selected interrupt events in guests.
Additional AMD x86 CPU specific virtualization flags
- npt – AMD Nested Page Tables, similar to Intel EPT.
- lbrv – AMD LBR Virtualization support.
- svm_lock – AMD SVM locking MSR.
- nrip_save – AMD SVM next_rip save.
- tsc_scale – AMD TSC scaling support.
- vmcb_clean – AMD VMCB clean bits support.
- flushbyasid – AMD flush-by-ASID support.
- decodeassists – AMD Decode Assists support.
- pausefilter – AMD filtered pause intercept.
- pfthreshold – AMD pause filter threshold.
Some tips to solve your problems.
Tip #1: See Linux kernel messages
Type the following command to see kvm support enabled or not in BIOS:
# dmesg | less
# dmesg | grep -i kvm
Tip # 2: Check your BIOS settings
By default, many system manufacturers disables an AMD or Intel hardware CPU virtualization technology in the BIOS. You need to reboot the system and turn it in the BIOS. Once turned on, run lscpu or grep command as discussed earlier to see if your virtualization support enabled:
$ egrep -wo 'vmx|ept|vpid|npt|tpr_shadow|flexpriority|vnmi|lm|aes' /proc/cpuinfo | sort | uniq
$ egrep -o '(vmx|svm)' /proc/cpuinfo | sort | uniq
Tip # 3: XEN Kernel
By default, if you booted into XEN kernel it will not display svm or vmx flag using the grep command. To see if it is enabled or not from xen, enter:
You must see hvm flags in the output. If not reboot the box and set Virtualization in the BIOS.
- The Linux kernel source/header file located at /usr/src/kernels/$(uname -r)/arch/x86/include/asm/cpufeature.h (or click here to see cpufeature.h online)
- Man pages – proc(5)
|Category||List of Unix and Linux commands|
|Firewall||CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04|
|Network Utilities||dig • host • ip • nmap|
|OpenVPN||CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04|
|Package Manager||apk • apt|
|Processes Management||bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time|
|Searching||grep • whereis • which|
|User Information||groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w|
|WireGuard VPN||CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04|