Directly attaching PCIe devices to multiple active virtual machines (VMs) is usually impossible. When attempted, all VMs will simultaneously try to control the hardware, leading to VMs or the entire system crashing.
An exception exists for hardware supporting Single Root I/O Virtualization (SR-IOV), which enables partitioning a PCIe device for simultaneous use by multiple VMs. However, SR-IOV requires both motherboard and PCIe card compatibility, making it uncommon in consumer hardware.
This guide will not address SR-IOV configuration.
In Qubes OS, users often encounters system crashes during GPU pass-through attempts. This occurs because the GPU initially attaches to dom0 during boot up. Subsequently, attempting to assign the GPU to a second VM causes the system instantly crash and reboot.
Hiding a device prevents it from attaching to dom0, making it available for allocation to any user VM.
Hiding a PCIe device from dom0
This guide demonstrates hiding your GPU, but this method applies to any PCIe device.
1. Identify the Device ID:
In dom0, use lspci to list connected PCIe devices and identify the device you want to hide:
05:00.0 VGA compatible controller: NVIDIA Corporation AD106 [GeForce RTX 4060 Ti 16GB] (rev a1)
05:00.1 Audio device: NVIDIA Corporation Device 22bd (rev a1)
In this example, 05:00.0 represents the GPU, and 05:00.1 is an audio device connected to it. If your GPU has any other connected devices, hide all of them.
2. Modify GRUB Configuration:
Append the following line to your /etc/default/grub file:
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX rd.qubes.hide_pci=05:00.0,05:00.1"
Replace 05:00.0, and 05:00.1 with the actual IDs of your targeted devices.
3. Update GRUB Configuration:
sudo grub2-mkconfig -0 /boot/grub2/grub.cnf
4. Reboot and Verify:
After rebooting, run: lspci -v
Look for your GPU entry. The Kernel driver should now indicate pciback.
Kernel driver in use: pciback
The device is now hidden from dom0 and can be safely assigned to a virtual machine.
