Missing AESNI, RDRAND and RDSEED capabilities?

1

I've got a machine with a Core-i5 5200U. Its a 5th generation processor, so it has AESNI, RDRAND and RDSEED. Its the reason I bought the machine.

The machine is running Ubuntu Server 14.04.03. Ubuntu is providing KVM and libvirt. One of the guests is Debian 8.2, and Debian provides X32 support. X32 is different than X86 and X64; also see Debian x32 port on the Debian wiki.

When I grep dmesg on the Debian guest, I see the architecture is enabled:

$ dmesg | grep -i x32
[    0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-3.16.0-4-amd64 root=UUID=69773d98-b9fa-4695-8392-92759d8e6094 ro syscall.x32=y syscall.x32=y quiet
[    0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-3.16.0-4-amd64 root=UUID=69773d98-b9fa-4695-8392-92759d8e6094 ro syscall.x32=y syscall.x32=y quiet
[    0.328179] Enabled x32 syscalls

Two of the three native CPU features are listed in capabilities on the Ubuntu host, which is kind of surprising since I would expect to see AES before the others:

$ virsh capabilities | egrep "(aes|rdrand|rdseed)"
      <feature name='rdseed'/>
      <feature name='rdrand'/>

However, when I cat /proc/cpuinfo under the Debian guest, its missing the three CPU features I want to test under X32:

$ cat /proc/cpuinfo 
processor   : 0
vendor_id   : GenuineIntel
cpu family  : 6
model       : 6
model name  : QEMU Virtual CPU version 2.0.0
...
flags       : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx
              fxsr sse sse2 syscall nx lm rep_good nopl pni vmx cx16 x2apic popcnt
              hypervisor lahf_lm abm tpr_shadow vnmi flexpriority ept
...

I've reviewed Libvirt identifies host processor as a different model from the hardware documentation, but its not clear to me what I should do to enable the instructions I am trying to test under the architecture.

How can I enable AESNI, RDRAND and RDSEED on the CPU in the Debian VM?

Here is the script I used to create the VM:

$ cat mk-vm.sh
#!/bin/bash

NAME=Debian_8_x64
ISO_PATH=/opt/libvirt/images/debian-8.2.0-amd64-netinst.iso
DISK_PATH="/opt/libvirt/machines/$NAME/$NAME.img"

mkdir -p "/opt/libvirt/machines/$NAME"

virt-install \
  --connect qemu:///system \
  --virt-type kvm \
  --name "$NAME" \
  --ram 2048 \
  --disk path=$DISK_PATH,size=8 \
  --vnc \
  --cdrom $ISO_PATH \
  --livecd \
  --network network=host-bridge \
  --os-type linux

jww

Posted 2016-01-30T20:52:06.757

Reputation: 1

Answers

3

You must specify the CPU "model" that libvirt/qemu uses for the VM.

The simplest way is to use the "host" model, that will expose all libvirt/qemu supported flags from the host to the VM.

In libvirt XML stanza:

<cpu mode='host-model'/>

Full doc' here: https://libvirt.org/formatdomain.html#elementsCPU

Cédric Dufour

Posted 2016-01-30T20:52:06.757

Reputation: 46

Asked: 2016-01-30T20:52:06.757

Viewed: 1 207 times

Active: 2016-03-18T15:06:31.300