KVM (Kernel-based Virtual Machine) is a virtualization technology built into the Linux kernel. It provides an officially supported and continuously updated environment, for run virtual machines on a Linux host system.
Being implemented as a Linux kernel module, KVMM can act as hypervisor, taking advantage of the virtualization extensions offered by modern CPUs (Intel VT and AMD-V). These hardware extensions they allow the processor to execute virtualization-specific instructions very efficiently.
Optimized and even more powerful virtualization thanks to the compatibility between KVM and VirtualBox
The team of Cyberus Technology has made, over the last few months, considerable efforts to make compatible VirtualBox with KVM. The idea was to combine the capabilities of multi-platform management and the user interface user-friendly of VirtualBox with the power of KVM as a Linux kernel-level hypervisor.
KVM, with its integrated approach, offers superior performance: integration with VirtualBox opens the door to a more efficient solution, allowing virtual machines to fully exploit the capabilities of hardware acceleration.
L’isolation between the virtual machines and the host is a crucial aspect in terms of security: KVM, with its approach kernel-basedprovides further security layer. VirtualBox, known for its flexibility, can now benefit from this robust structure, ensuring a more secure environment for virtualized applications.
Thanks to integration with KVM, VirtualBox can offer better support for Windows virtual machines run on GNU/Linux systems. This is an important step forward for those scenarios where Windows security in virtualized environments is a priority.
The union of VirtualBox and KVM allows users to take advantage of the unique features of both frontend. This flexibility translates into new usage scenariossuch as the execution of VirtualBox and QEMU in parallel on Linux hosts (we recently also presented the Quickemu project). Users can now customize the virtualization environment based on their specific needs, achieving an optimal balance between security and user experience.
How to use VirtualBox KVM
The appearance of VirtualBox KVMas conceived by the developers of Cyberus Technology, it does not differ from the usual one. Users can launch the same guest virtual machines; however, we can summarize the most important differences by highlighting the following main aspects:
- QEMU/KVM parallel execution. VirtualBox KVM can work in parallel with QEMU/KVM, providing greater flexibility of the virtualization environment.
- Does not require the VirtualBox kernel driver. The kernel driver used by VirtualBox (
vboxdrv) is no longer necessary, simplifying the process of installing and managing the platform. - Using modern virtualization capabilities. With VirtualBox KVM you can automatically take advantage of modern virtualization features supported by KVM, such as APICv. APICvacronym for Advanced Programmable Interrupt Controller Virtualizationis a technology that extends computer virtualization interrupt in virtualized systems and facilitates their independent management.
- KVM is an integral part of the Linux kernel. Since KVM is integrated directly into the Linux kernel, it is always available with every operating system kernel update.
Available only upon completion
At the moment, unfortunately, Cyberus Technology does not provide precompiled packages and VirtualBox KVM must be compiled from source code. The compilation process to follow is the same as that found on the official VirtualBox website. Only a few “minor adjustments” are required so that you can KVM setup come backend.
The steps to follow, for example on a normal installation of Ubuntuare published at this address.
It should also be considered that for now only the platform Intel x86-64 is officially supported; use on systems based on AMD chips is considered experimental. Furthermore, you can always and only use Linux as a host system. Finally, with Intel 11th generation (Tiger Lake) and later processors, you need to disable the feature split lock detection.
It is therefore necessary to specify split_lock_detect=off as an additional kernel parameter when booting the Linux operating system. Or, alternatively, you can resort to using the command sysctl and the variable split_lock_mitigate.
Credit immagine in apertura: Microsoft Bing Image Creator.