====== Install a virtual machine manager ======

Your host may be Hyperbola GNU/Linux-libre x86_64 architecture, for example, but with enough memory and processing power you could run other on the same machine.

===== What is a virtual machine? =====

A virtual machine is software that simulates a computer system and can execute programs as if it were a real computer. This software was originally defined as "an efficient and isolated duplicate of a physical machine".

===== What programs allow me to run a virtual machine? =====

In totally free operating systems there is a program called <color #620BB9/#EEDDFF>qemu</color> that allows us to virtualize.

[[https://wiki.qemu.org/Main_Page|qemu]] works through the command line, but there are also GUIs.

In this guide we explain how to install [[https://qtemu.org/|QtEmu]] which offers a simple nevertheless quite effective graphical interface for managing virtual machines.

====== QtEmu installation ======

===== Check if your PC supports virtualization =====

<code bash>
$ LC_ALL=C lscpu | grep Virtualization
</code>

or run the command:

<code bash>
$ lsmod | grep kvm
</code>

If your computer supports virtualization, you should see the output as <color #620BB9/#EEDDFF>Virtualization: VT-x</color> or <color #620BB9/#EEDDFF>Virtualization: AMD-V</color>, otherwise your computer is not capable of virtualizing.

===== QtEmu Installing =====

<code bash>
# pacman -Sy
</code>

<code bash>
# pacman -S qtemu
</code>

<code bash>
# usermod -aG kvm <your-user>
</code>


===== Enable kernel modules for virtualization =====
kvm_intel module (Intel processors)
<code bash># modprobe kvm_intel</code>

kvm_amd module (AMD processors)
<code bash># modprobe kvm_amd</code>

===== Enable nested virtualization in KVM =====

Nested virtualization allows you to run a virtual machine (VM) within another VM while still using host hardware acceleration.

===== Checking if nested virtualization is supported =====

For Intel processors, check the <color #620BB9/#EEDDFF>/sys/module/kvm_intel/parameters/nested</color> file. For AMD processors, check the <color #620BB9/#EEDDFF>/sys/module/kvm_amd/parameters/nested</color>. If you see <color #620BB9/#EEDDFF>1</color> or <color #620BB9/#EEDDFF>Y</color>, nested virtualization is supported; if you see <color #620BB9/#EEDDFF>0</color> or <color #620BB9/#EEDDFF>N</color>, nested virtualization is not supported.

For example:

<code bash>
$ cat /sys/module/kvm_intel/parameters/nested
</code>

and return <color #620BB9/#EEDDFF>Y</color>.

===== Enable nested virtualization for Intel processors =====

1. Turn off all running virtual machines and reload <color #620BB9/#EEDDFF>kvm_intel</color> module:

<code bash>
# modprobe -r kvm_intel
</code>

2. Activate the nesting function

<code bash>
# modprobe kvm_intel nested=1
</code>

3. Nested virtualization is enabled until the host is restarted. To enable it permanently, add the following line to <color #620BB9/#EEDDFF>/etc/modprobe.d/kvm.conf</color> file:

<code bash>
# nano -w /etc/modprobe.d/kvm.conf
----------------------------------
options kvm_intel nested=1
</code>

===== Enable nested virtualization for AMD processors =====

1. Turn off all running virtual machines and reload <color #620BB9/#EEDDFF>kvm_amd</color> module:

<code bash>
# modprobe -r kvm_amd
</code>

2. Activate the nesting function

<code bash>
# modprobe kvm_amd nested=1
</code>

3. Nested virtualization is enabled until the host is restarted. To enable it permanently, add the following line to <color #620BB9/#EEDDFF>/etc/modprobe.d/kvm.conf</color> file:

<code bash>
# nano -w /etc/modprobe.d/kvm.conf
----------------------------------
options kvm_amd nested=1
</code>

===== Modules with security issues =====

The <color #620BB9/#EEDDFF>vhost_net</color> module has [[https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html|CVE-2018-3646]] security issues which is L1TF and SMT CPU error with possible data leak. It's recommended to disable it as follows:

<code bash>
# modprobe -r vhost_net
</code>

If you are in Hyperbola GNU/Linux-libre this module comes disabled.