VT-d VT-x Ultrabook w/ USB-C Thunderbolt 3

Hey, trying to find a new portable rig right now. It need VT-d and VT-x because I want to run Qubes hosting Whonix, and it needs USB-C+Thunderbolt 3 because I'm going to run a totally separate (also encrypted) series of partitions running Windows, and I have dreams of hooking it up to an external GPU for less serious work.

Do these even exist right now?

Closest I've found is the Razer Blade Stealth, but Razer confirmed it has VT-d disabled at hardware level.

Not sure if this is the right place to ask the question, but I figure yall would understand the virtualization aspect a lot more than general laptop folks.

Cheers!

E: Apparently this is a bad idea due to /boot being vulnerable, and also firmware being able to be compromised. Dedicated PCI GPU passthrough with a Windows VM sounds workable, but I have no idea if that's possible with an external GPU over Thunderbolt.

I guess...anyone just know a decent ultrabook with VT-d and VT-x enabled? Looking for a light <3lb machine for work.

Intel® NUC Kit NUC6i7KYK Specifications

Not an Ultrabook, but portable.

Thanks for the reply, but it does need to be a mobile rig. I have a 3770 non-K ITX rig that already supports virtualization. I called a local B&M and one of their techs poked their head into the BIOS for an ASUS UX305CA and it supports VT-d. Amusingly, ASUS finally got back to me about the same system and said "it doesn't seem to support this technology". I'm gonna trust the tech that actually went to look and see.

Hey,

I signed up to this forum because your question is specifically mine as well!

I've just recently purchased a 13-v011dx, one of the new HP Slim ones, and the Intel® Core™ i7-6500U does indeed support both VT-d and VT-x, and it has 2 Thunderbolt 3.0 ports on the back, my question now is, can I pass one of those ports directly thru to a VM?

Dylanger said:

Hey,

I signed up to this forum because your question is specifically mine as well!

I've just recently purchased a 13-v011dx, one of the new HP Slim ones, and the Intel® Core™ i7-6500U does indeed support both VT-d and VT-x, and it has 2 Thunderbolt 3.0 ports on the back, my question now is, can I pass one of those ports directly thru to a VM?

Click to expand...

Excellent question, I have no idea if it's possible to do dedicated PCI passthrough to a VM using an external GPU. I'm not even sure where to start on that problem unfortunately.

Let me know if you figure it out! This is my ideal rig I'm dreaming about, something deadly secure that can still play games.

Qubes is serious, must work in the IT Sec industry?

I'm in the same boat, I use Fedora for work and would like to play Deus Ex (I only ever play like 2 games) via this new lappy, I'm sure its possible, I think how it usually works is you blacklist the PCI ID via the kernel, then you can attach it to your VM?

We'll need someone to test, if we can get someone to plug the core into a linux setup and run `lspci` it might just display directly as a PCI device? If it does, that's our work done!

I'm just an enthusiast that needs a hyper-secure mobile rig, been on computers all my life. My understanding is that the secure way to pass a PCI device through to a VM is to assign it. You would end up with one VM (Windows in this case) having 100% usage of the external GPU, and Qubes using 100% of the CPUs IGP. Here's a write-up on how to do it using "normal" PCI devices:

Assigning Devices | Qubes OS Project

There's lots of buzz on the internet about Linux and external GPUs over Thunderbolt 3 right now, but no success stories that I can find...Also I realize Qubes isn't running a Linux kernel, but has Linux user environments. Qubes has Thunderbolt support but I see no mention of it supporting Thunderbolt 3. Basically, this is a weird multi-tiered problem. I don't have a Thunderbolt 3 rig I can test this on currently, which is part of the reason I was reaching out to find some information. So, we need the kernel to support Thunderbolt 3, the VM needs to be able to understand external GPUs over this connection, and it needs to be able to see this PCI device through the hypervisor layer...that's my understanding at least.

E: To be clear, this is *not* something I know how to do...I want to learn how to do it so I can (if/when it's possible).