Running VirtualBox together with Hyper-V on Windows 10

2020-10-06 19:30:00

Sometimes you just have an odd need or craving! You just have to have some spicy curry udon after midnight! You just have to get an old RAID controller to work in your homelab! Or in this case: you just really have to get VirtualBox and Hyper-V to play nice on Windows 10. 

That's something that just wouldn't fly until recently. But now it'll work!

 

I would like to extend my warmest thanks to my colleage Praveen K-P, who worked with me to figure all of this out. =)

 

Requirements

 

Caveats

These instructions are a work-in-progress and the solution is not 100% rock-solid.

Some mathematical functions, such as SHA2 or CRC, may fail depending on the OS you run in the VM. This means that outright installing an OS from DVD or ISO may fail during extraction: SHA1 or SHA2 checksums won't match up and the installer will refuse to continue. This is likely caused by the layered CPU virtualization and is under research with the VirtualBox team.

Also, please be careful when choosing base images for your VirtualBox VMs! Do not assume that you can trust every VM image on the Vagrant repositories! Only install images from trusted providers such as:

Installing untrusted base images may lead to malware infections or worse.

 

Installation

  1. Enabled the Windows optional feature "Windows Hypervisor Platform".
    1. Go to Add/Remove Programs → Turn Windows Features on/off.
    2. Make sure there are checkmarks at both "Hyper-V" and "Windows Hypervisor Platform".
  2. Install the latest VirtualBox, but at least >=6.1.10.
  3. Install Vagrant.

 

For example: running Kali Linux

Kali Linux is one of the distributions whose installation fails due to the caveat involving mathematical functions. So let's use Vagrant instead, which pulls pre-built images from an online repository. 

Open Powershell. Run the following commands:

        cd $HOME
        mkdir Vagrant; cd Vagrant;
        vagrant init kalilinux/rolling

Before continuing, edit the "vagrantfile" file (e.g. with Notepad) and replace this line:

       config.vm.box = "kalilinux/rolling"

 

With the following configuration. Edit the amount of RAM and CPUs to your liking. Me, I like 6GB and 3 cores.

    config.vm.define "kali" do |kali|
        kali.vm.box = "kalilinux/rolling"
        kali.vm.hostname = "haxor"

        kali.vm.provider "virtualbox" do |vb|
            vb.gui = true
            vb.memory = "6144"
            vb.cpus = 3
            vb.customize [ "modifyvm", :id, "--paravirtprovider", "minimal" ]
        end

        kali.vm.synced_folder '.', '/vagrant', disabled: true

        kali.vm.provision "shell", inline: <<-SHELL
            echo "Here we would install..."
            [[ ! -d /etc/gcrypt ]] && mkdir /etc/gcrypt
            [[ ! -f /etc/gcrypt/hwf.deny ]] && echo "all" >> /etc/gcrypt/hwf.deny
        SHELL
    end

 

Save the configuration file and now run the following in Powershell: 

        vagrant up kali

The init-command sets up your "Vagrant" directory and basic configuration file. By editing the "vagrantfile" we can change a lot of the behavior, including the way Kali perceives the VirtualBox hypervisor. We also tweak GCrypt, so it will refuse to try hardware accellerated cryptography. Both are required to make hashing and other maths work better.

The up-command actually starts the build of the VM, after which it is booted. The first installation will take a few minutes, after that you can just manage the VM using the VirtualBox user interface. 

The Kali Linux Vagrant build includes the full graphical user interface! But you can also ssh -P 2222 vagrant@localhost  to login to the VM. Be sure to create your own account and to change all passwords!

 

GCrypt fix

Your Linux distribution may have problems performing SHA2 calculations correctly. According to this source, it’s “Because apt use sha256 method from libgcrypto20, but optimized too much. We can deny this opt. using configuration file /etc/gcrypt/hwf.deny.” 

        $ sudo bash
        # mkdir /etc/gcrypt
        # echo all >> /etc/gcrypt/hwf.deny
 

In addition, we learned that in our nested situation (VirtualBox on top of Hyper-V) it may be a good idea to change your VM's "paravirtualization interface" from "Normal" to "Minimal". #TIL that this is not about how VBox provides better performance, but about what paravirtualization information is passed to the guest OS. In my case this change did fix hashing problems. This change can be made manually by editing the VM settings in VirtualBox (VM → Settings → System → Acceleration → Paravirtualization interface), or in the Vagrant file:

        vb.customize [ "modifyvm", :id, "--paravirtprovider", "minimal" ]

 

Example Vagrantfile with two VMs 

Vagrant.configure("2") do |config|

  config.vm.define "kali" do |kali|
    kali.vm.box = "kalilinux/rolling"
  kali.vm.hostname = "haxor"
    kali.vm.network "forwarded_port", guest: 22, host: 2222, host_ip: "127.0.0.1"
    kali.vm.network "forwarded_port", guest: 3389, host: 2389, host_ip: "127.0.0.1"

    kali.vm.provider "virtualbox" do |vb|
        vb.gui = true
        vb.memory = "6144"
        vb.cpus = 3
        vb.customize [ "modifyvm", :id, "--paravirtprovider", "minimal" ]
    end

    kali.vm.synced_folder '.', '/vagrant', disabled: true
 
    kali.vm.provision "shell", inline: <<-SHELL
        echo "Here we would install..."
        [[ ! -d /etc/gcrypt ]] && mkdir /etc/gcrypt
        [[ ! -f /etc/gcrypt/hwf.deny ]] && echo "all" >> /etc/gcrypt/hwf.deny
SHELL

  end


  config.vm.define "centos8" do |centos8|
    centos8.vm.box = "centos/8"
    centos8.vm.hostname = "centos8"
    centos8.vm.box_check_update = true

    centos8.vm.network "forwarded_port", guest: 22, host: 2200, host_ip: "127.0.0.1"

    centos8.vm.provider "virtualbox" do |vb|
        vb.gui = false
        vb.memory = "1024"
       vb.cpus = 1
        vb.customize [ "modifyvm", :id, "--paravirtprovider", "minimal" ]
   end

  centos8.vm.provision "shell", inline: <<-SHELL
        echo "Here we would install..."
        [[ ! -d /etc/gcrypt ]] && mkdir /etc/gcrypt
        [[ ! -f /etc/gcrypt/hwf.deny ]] && echo "all" >> /etc/gcrypt/hwf.deny
    SHELL

    centos8.vm.synced_folder '.', '/vagrant', disabled: true

  end

end

kilala.nl tags: , ,

View or add comments (curr. 0)