I want to enable 3d acceleration but the documentation seems to be outdated. It says it is not possible in Debian Buster but we are in Bullseye and the required patches to make it possible should’ve been applied by now. Anyone knows what packages are needed to make this work? What packages should I install in the Whonix guest? Does it work when using virt-manager in the host?
If anyone has got this working for Whonix on a Debian host let me know and I’ll add it to the wiki. So far no success running this feature on my system despite having all the prerequisite packages installed.
Please include a benchmarking application a user can install to verify this is indeed working.
I updated KVM, 3D Graphics Acceleration just now for better usability. (Only based on reading manual, search engines, AI. Not actually tested. Testers welcome.)
Which packages?
Got it working and ran benchmark tests last couple of hours under different conditions. You can verify it’s on by seeing the host GPU driver listed in glmark.
There was one more required tweak to get the vm to boot, namely configuring spice to connect locally or via UNIX sockets because remote GL is currently unavailable so this needs to be added too under the following settings block:
<graphics type="spice">
<listen type="socket"/>
Benchmark:
sudo apt install glmark2-x11
glmark2
Results:
Deeply disappointing.
With 3D enabled I got half the performance of without under comparable conditions (4 CPUs unpinned)
Without 3D I get 1/3 of the baremetal score. So with 3D that drops to 1/6.
Within the disappointing 3D on trials battery, it seems CPU no. does have a slight positive effect doubling the score from just assigning 1.
1 Like
<domain type='kvm'>
<name>Whonix-Gateway</name>
<uuid>c011d3d3-8383-47a8-b2cd-d54f883d8af1</uuid>
<genid>bc5b233c-46ea-4bfb-ad99-00f1165a09e6</genid>
<description>Do not change any settings if you do not understand the consequences! Learn more: https://www.whonix.org/wiki/KVM#XML_Settings</description>
<memory dumpCore='off' unit='KiB'>1250000</memory>
<currentMemory unit='KiB'>1250000</currentMemory>
<blkiotune>
<weight>250</weight>
</blkiotune>
<memoryBacking>
<nosharepages/>
<allocation mode='ondemand'/>
<discard/>
</memoryBacking>
<vcpu placement='static' cpuset='0'>1</vcpu>
<os>
<type arch='x86_64' machine='pc-q35-9.0'>hvm</type>
<boot dev='hd'/>
</os>
<features>
<acpi/>
<hap state='on'/>
<pvspinlock state='on'/>
<pmu state='off'/>
<vmport state='off'/>
</features>
<cpu mode='host-passthrough' check='none' migratable='on'/>
<clock offset='utc'>
<timer name='rtc' tickpolicy='catchup' track='guest'/>
<timer name='kvmclock' present='yes'/>
<timer name='pit' present='no'/>
<timer name='hpet' present='no'/>
<timer name='hypervclock' present='no'/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<pm>
<suspend-to-mem enabled='no'/>
<suspend-to-disk enabled='no'/>
</pm>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/var/lib/libvirt/images/Whonix-Gateway.qcow2'/>
<target dev='vda' bus='virtio'/>
<address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
</disk>
<controller type='virtio-serial' index='0'>
<address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
</controller>
<controller type='usb' index='0' model='qemu-xhci'>
<address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
</controller>
<controller type='sata' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pcie-root'/>
<controller type='pci' index='1' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='1' port='0x10'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
</controller>
<controller type='pci' index='2' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='2' port='0x11'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
</controller>
<controller type='pci' index='3' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='3' port='0x12'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
</controller>
<controller type='pci' index='4' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='4' port='0x13'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
</controller>
<controller type='pci' index='5' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='5' port='0x14'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
</controller>
<controller type='pci' index='6' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='6' port='0x15'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
</controller>
<controller type='pci' index='7' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='7' port='0x16'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x6'/>
</controller>
<interface type='network'>
<mac address='52:54:00:c1:95:49'/>
<source network='Whonix-External'/>
<model type='virtio'/>
<driver name='qemu'/>
<address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
</interface>
<interface type='network'>
<mac address='52:54:00:bf:80:2e'/>
<source network='Whonix-Internal'/>
<model type='virtio'/>
<driver name='qemu'/>
<address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
</interface>
<serial type='pty'>
<target type='isa-serial' port='0'>
<model name='isa-serial'/>
</target>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
<channel type='spicevmc'>
<target type='virtio' name='com.redhat.spice.0'/>
<address type='virtio-serial' controller='0' bus='0' port='1'/>
</channel>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<graphics type='spice' autoport='yes'>
<listen type='address'/>
<clipboard copypaste='no'/>
<filetransfer enable='no'/>
<gl enable='yes'/>
</graphics>
<audio id='1' type='spice'/>
<video>
<model type='virtio' heads='1' primary='yes'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
<acceleration accel3d='yes' accel2d='yes'/>
<gl enable='yes'/>
</video>
<watchdog model='itco' action='reset'/>
<memballoon model='none'/>
<rng model='virtio'>
<rate bytes='1024' period='1000'/>
<backend model='random'>/dev/random</backend>
<address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0'/>
</rng>
</devices>
</domain>
This is the full xml, with edits from 3D Graphics Acceleration.
But it will always show:
error: XML document failed to validate against schema: Unable to validate doc against /usr/share/libvirt/schemas/domain.rng
Extra element devices in interleave
Element domain failed to validate content
Note: I don’t have a real GPU on the PC im testing this on, only CPU, but this according to my research shouldn’t be the cause of the issue.
1 Like
Documentation updated accordingly.
Please elaborate. Any error messages or how did you conclude that?
Asked on libvirt mailing list.
1 Like
With the help of this mailing list, was able to make Whonix work with 3D acceleration:
<graphics type='spice'>
<listen type='none'/>
<clipboard copypaste='yes'/>
<filetransfer enable='no'/>
<gl enable='yes'/>
</graphics>
<audio id='1' type='spice'/>
<video>
<model type='virtio' heads='1' primary='yes'>
<acceleration accel3d='yes'/>
</model>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
</video>
<listen type='none'/> : SPICE doesnt support TLS + OpenGL with remote connection, so it must be only locally enabled.
<gl enable='yes'/> : Enable OpenGL.
<acceleration accel3d='yes'/> : Enable 3D acceleration.
On the host install (specially if you dont have dedicated GPU):
sudo apt install mesa-utils libgl1-mesa-dri
On the guest install:
sudo apt install mesa-utils mesa-vulkan-drivers libgl1-mesa-dri spice-vdagent
- What if OpenGL not found/installed on the host?
Error starting domain: internal error: QEMU unexpectedly closed the monitor (vm='Whonix-Gateway'): 2024-09-04T04:29:19.732050Z qemu-system-x86_64: -device {"driver":"virtio-vga-gl","id":"video0","max_outputs":1,"bus":"pcie.0","addr":"0x1"}: opengl is not available
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 72, in cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 108, in tmpcb
callback(*args, **kwargs)
File "/usr/share/virt-manager/virtManager/object/libvirtobject.py", line 57, in newfn
ret = fn(self, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/share/virt-manager/virtManager/object/domain.py", line 1402, in startup
self._backend.create()
File "/usr/lib/python3/dist-packages/libvirt.py", line 1379, in create
raise libvirtError('virDomainCreate() failed')
libvirt.libvirtError: internal error: QEMU unexpectedly closed the monitor (vm='Whonix-Gateway'): 2024-09-04T04:29:19.732050Z qemu-system-x86_64: -device {"driver":"virtio-vga-gl","id":"video0","max_outputs":1,"bus":"pcie.0","addr":"0x1"}: opengl is not available
- What if the host doesnt has graphic card?
Error starting domain: internal error: QEMU unexpectedly closed the monitor (vm='Whonix-Gateway'): qemu_gl_create_compile_shader: compile vertex error
0:1(10): error: GLSL ES 3.00 is not supported. Supported versions are: 1.10, 1.20, and 1.00 ES
qemu_gl_create_compile_shader: compile fragment error
0:1(10): error: GLSL ES 3.00 is not supported. Supported versions are: 1.10, 1.20, and 1.00 ES
qemu_gl_create_compile_shader: compile vertex error
0:1(10): error: GLSL ES 3.00 is not supported. Supported versions are: 1.10, 1.20, and 1.00 ES
qemu_gl_create_compile_shader: compile fragment error
0:1(10): error: GLSL ES 3.00 is not supported. Supported versions are: 1.10, 1.20, and 1.00 ES
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 72, in cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 108, in tmpcb
callback(*args, **kwargs)
File "/usr/share/virt-manager/virtManager/object/libvirtobject.py", line 57, in newfn
ret = fn(self, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/share/virt-manager/virtManager/object/domain.py", line 1402, in startup
self._backend.create()
File "/usr/lib/python3/dist-packages/libvirt.py", line 1379, in create
raise libvirtError('virDomainCreate() failed')
libvirt.libvirtError: internal error: QEMU unexpectedly closed the monitor (vm='Whonix-Gateway'): qemu_gl_create_compile_shader: compile vertex error
0:1(10): error: GLSL ES 3.00 is not supported. Supported versions are: 1.10, 1.20, and 1.00 ES
qemu_gl_create_compile_shader: compile fragment error
0:1(10): error: GLSL ES 3.00 is not supported. Supported versions are: 1.10, 1.20, and 1.00 ES
qemu_gl_create_compile_shader: compile vertex error
0:1(10): error: GLSL ES 3.00 is not supported. Supported versions are: 1.10, 1.20, and 1.00 ES
qemu_gl_create_compile_shader: compile fragment error
0:1(10): error: GLSL ES 3.00 is not supported. Supported versions are: 1.10, 1.20, and 1.00 ES
- What if TLS enabled for remote SPICE with 3D acceleration/OpenGL?
Error starting domain: internal error: process exited while connecting to monitor: 2024-09-04T04:34:37.668627Z qemu-system-x86_64: SPICE GL support is local-only for now and incompatible with -spice port/tls-port
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 72, in cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 108, in tmpcb
callback(*args, **kwargs)
File "/usr/share/virt-manager/virtManager/object/libvirtobject.py", line 57, in newfn
ret = fn(self, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/share/virt-manager/virtManager/object/domain.py", line 1402, in startup
self._backend.create()
File "/usr/lib/python3/dist-packages/libvirt.py", line 1379, in create
raise libvirtError('virDomainCreate() failed')
libvirt.libvirtError: internal error: process exited while connecting to monitor: 2024-09-04T04:34:37.668627Z qemu-system-x86_64: SPICE GL support is local-only for now and incompatible with -spice port/tls-port
1 Like
Perfect!
Could you add all of that to the wiki please? KVM, 3D Graphics Acceleration
1 Like
Yes the libvirt error message basically said that.
Also we can set it to “none” as well not just “socket” if it makes a difference.
accel=2d is deprecated and only every worked with QXL according to a dev article I read sometime back.
1 Like
Could you please add these edits by default to the VM configs, but just disabled?
and is there a particular issue if installing these packages by default?:
mesa-utils mesa-vulkan-drivers libgl1-mesa-dri spice-vdagent
1 Like
That would be great. I’d very much like to add this to the configuration by default but out-commented to simplify this for users. Sadly, libvirt has a complicated configuration format, that doesn’t have proper support comments. Documented here: Preserve Comments in libvirt / virsh XML Files
Already installed by default.
Already installed by default.
Done.
Will be included in version 17.2.2.1 and above.
1 Like
1 Like
Its ok without comments for the user, just add the configs disabled (because at the moment by default,XML lines doesnt come the way as i have posted related to 3D acceleration if you compare the bottom of both XMLs).
Related:
Might be harder to explain than to do. Could you send a pull request please?
1 Like
cc @HulaHoop
1 Like
Very nice! Thank you! Merged. 
1 Like
This will be included in 17.2.2.8 and above.
Could you please improve also these two in the same way? @nurmagoz
1 Like
Also could you please also do the Whonix-Gateway XML file in the same way?
Why? Whonix-Gateway doesn’t need 3D, shouldn’t be enabled? Correct. Not needed.
Why add it anyhow? To make these files as similar as possible. Thereby it gets easier to maintain, compare them using File Comparison Tools.
1 Like
Done
enoD
1 Like