Ask Your Question
0

NX CPU feature disabled by default - I need to enable it.

asked 2013-03-07 21:36:51 -0600

tatenda-mupaso gravatar image

Does anyone know how to enable the NX CPU pin for VM's running in OpenStack. I'm having this problem with Win8 images only. When I boot up my Win8 images they error out with a 0x0000005D error, which turns out is the NX CPU feature being disabled that causes this problem. Usually it's solved by configuring the BIOS of the box you're working on. But I can't reach the BIOS. I have Windows Server 2012 and 2008R2, 7 both x64 and x86 versions too which all work and are configured fine with virtio drivers for OpenStack.

I have done extensive research and it seems like a qemu-libvirt problem that automatically disables this feature. And I guess before I get ahead of myself here, is it even possible to enable this feature...

Any help and input will be greatly appreciated :)

Thanks ahead.

edit retag flag offensive close merge delete

4 answers

Sort by ยป oldest newest most voted
0

answered 2013-03-10 13:57:12 -0600

keith-tobin gravatar image

If you create the windows8 image on a system with nx turned off, then when it is put on openstack it should work as the windows image will not want to use this feature. I will check if it is possible to do it through libvirt, but I expect the the reason you can't get to it from bios is bios dose not support it. If it is disabled in bios I am near sure that libvirt will not be able to turn it on durin a VM deploy, I expect the if it was available that libvirt may be able to disable it through qemu, but I will check for you.

I also expect the the reason for the error is image was built on a system with nx support and is no trying to run an a system with no nx support, the hypervisor will not protect you from this, try rebuilding Windows's image but trun off nx support on build system, then use the new image on openstack.

edit flag offensive delete link more
0

answered 2013-03-11 14:16:39 -0600

tatenda-mupaso gravatar image

Thanks for swift response Keith.

I will try to recreate images with the feature turned off but I feel a little pessimistic about it right now because when I tried to create the image through kvm-create i ran into the error before i got to go through the setup. Tried with virt-manager and it was the same result there as well before setup. Then I tried to work around it using virtual box; virtual box let me do the setup and install virtio drivers etc. I uploaded the image as a vdi through glance, and I got a BSOD on image startup...

With that said, would disabling the feature be a flag in the image create command for kvm or qemu? I'll keep looking around and working on this for the mean time and thanks again.

edit flag offensive delete link more
0

answered 2013-03-11 15:33:26 -0600

tatenda-mupaso gravatar image

So I have tried to recreate a win8 image with NX disabled in CPU features and my machine pretty much takes a dump and is unable to boot the image.

I came across a document that stated the importance of this NX features in cpu's running win8, "Windows 8 requires that systems must have processors that support NX, and NX must be turned on for important security safeguards to function effectively and avoid potential security vulnerabilities"

So I think I'll have to find out how to enable it in kvm/qemu with libvirt. I came across this article, http://opensourcefishcake.wordpress.com/2012/11/01/virtualwindows8/ (http://opensourcefishcake.wordpress.c...) which seems to be helpful but I don't know where the xml files described in the file are located.

edit flag offensive delete link more
0

answered 2013-03-16 10:36:18 -0600

keith-tobin gravatar image

File lis located on the openstack compute node, each time openstack creates a domain/instance/VM a file will be created for that VM. I will do a search and pols the location here for you later today. Here is a link to the libvirt info about the file

http://libvirt.org/formatdomain.html

The problem will be that if you edit it and delete the VM and recreate the VM in openstack openstack will create a new file with out you changes.

I will also check and see if NX bit is set or not in my instances.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2013-03-07 21:36:51 -0600

Seen: 774 times

Last updated: Mar 16 '13