| Info |
|---|
Copyright 2016 by Assured Information Security, Inc. Created by Jean-Edouard Lejosne <lejosnej@ainfosec.com>. This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/. |
| Table of Contents |
|---|
Windows
Windows 7 guest
First steps
- Find a Windows 7 or Windows 7 SP1 CD or ISO file
- Insert the CD or copy the ISO to
/storage/isos - Create a new guest, with at least 1024MB of RAM for a 32 bits install, 2048MB for 64 bits (https://support.microsoft.com/en-us/help/10737/windows-7-system-requirements)
- Install Windows. It's usually a good idea to choose "Ask me later" when asked about Windows Update, to avoid interference when installing standalone updates below.
- Download the OpenXT tools certificate (for openxt.ainfosec.com builds, use: http://openxt.ainfosec.com/certificates/windows/developer.cer)
- Open an Administrator command prompt, cd to the directory where developer.cer was downloaded and run the 3 following commands:
bcdedit /set testsigning on
certutil -addstore -f "Root" developer.cer
certutil -addstore -f "TrustedPublisher" developer.cer
- Reboot the guest
- Insert the OpenXT Guest Tools ISO, install the tools and reboot
Installing SP1
Non-SP1 installs of Windows 7 should be upgraded to SP1 first.
Out of the box, there's a chance that the SP1 installation will never finish. The following steps should address that:
- Install KB947821
- Run the SP1 standalone installer: KB976932
Fixing Windows Update
Again, out of the box, there are Windows Update issues in WIndows 7 SP1. These are not OpenXT-specific, but they seem to have a bigger impact in Xen guests than on bare-metal.
Microsoft released many Windows Update fixes over the years, and after some testing, the following ones seem to do the trick (install them in this order, using the standalone installers, not Windows Update):
- KB3102810 (Make Windows Update a lot faster)
- KB3020369 (Dependency for 3.)
KB3161608 (Includes KB3161647, which fixes Windows Update hangs)See http://www.infoworld.com/article/3099109/microsoft-windows/microsoft-yanks-buggy-speed-up-patch-kb-3161608-replaces-it-with-kb-3172605-and-3172614.html- KB3161664 (Suggested by http://superuser.com/questions/951960/windows-7-sp1-windows-update-stuck-checking-for-updates. May not be needed, but seems pretty good to have seeing the description!)
More up to date list 10/13/2016:
- KB3102810 (https://support.microsoft.com/en-us/kb/3102810)
- KB3020369 (https://support.microsoft.com/en-us/kb/3020369)
- KB3172605 (https://support.microsoft.com/en-us/kb/3172605)
Updating
Once Windows Update is fixed, you should now be able to select "Windows Updates" in the Control Panel, check for updates and install the appropriate ones.
At this point, you can also configure Windows Update to automatically download / install updates.
Windows 10 guest
To use a Windows 10 guest without installing the tools (NOT recommended), hibernate should be disabled.
In a administrator Command Prompt (Admin), type the commande line :
powercfg.exe /hibernate off
Linux
Network connection
Linux guests may experience issues to connect to the wired network.
A workaround to this issue is to disconnect eth1
Ubuntu 16.10
First steps
- Download an installer from the ubuntu web site.
- Create a new guest (use minimal hardware requirements recommended by Ubuntu)
- Install Ubuntu and reboot at the end of installation
Turn off ACPI during installation
| Jira Legacy | ||||||||
|---|---|---|---|---|---|---|---|---|
|
It could happens that the guest hibernates or goes to sleep during installation.
To avoid that, ACPI should be turned off.
- Boot guest on the iso file
- As the CD boots, access to the advanced page and its options by pressing any key when the small logo appears at the bottom of your screen.
- Type F6 and select acpi=off
- Proceed with installation
- Follow the instruction to install.
At the end of the installation, the guest is ready to be used
Debian 8/9 (Jessie/Stretch)
First steps
- Download an installer from the debian web site.
- Create a new guest (use minimal hardware requirements recommended by Debian)
- Install Debian and reboot at the end of installation
- On reboot, the guest may be stuck on a black screen, you may then blacklist bochs_drm driver
- Note: For the first boot, bochs_drm can also be disabled on the kernel cmdline by editing the grub entry and adding "modprobe.blacklist=bochs_drm"
Blacklist bochs_drm driver
| Jira Legacy | ||||||||
|---|---|---|---|---|---|---|---|---|
|
On the black screen, open a terminal (CTRL + ALT + F1F2)
# cd /etc/modprobe.d
# nano bochsdrm-blacklist.configconf (or fbdev-blacklist.conf if exists)
add the line
blacklist bochs_drm
save the file blacklist.config
# update-initramfs -u
# reboot
The guest is ready to be used. The recommended next step is to install the OpenXT tools.
Fedora 24 - Fedora 25
First steps
- Download the netinst installer from the Fedora web site.
- Create a new guest (use minimal hardware requirements recommended by Fedora)
Blacklist bochs_drm driver on installation
| Jira Legacy | ||||||||
|---|---|---|---|---|---|---|---|---|
|
- Boot guest on the iso file
- Press tab on the CD bootloader
- Type "modprobe.blacklist=bochs_drm" at the end of the command line
- Press enter
- Once the installer starts, swith on eth0 and switch off eth1 in "NETWORK & HOST NAME"
- Follow the instruction to install.
At the end of the installation, the guest is ready to be used
Turn off ACPI during installation
| Jira Legacy | ||||||||
|---|---|---|---|---|---|---|---|---|
|
It could happens that the guest hibernates or goes to sleep during installation.
To avoid that, ACPI should be turned off.
- Boot guest on the iso file
- Press tab on the CD bootloader
- Type " modprobe.blacklist=bochs_drm acpi=off" at the end of the command line
- Press enter
- Once the installer starts, swith on eth0 and switch off eth1 in "NETWORK & HOST NAME"
- Follow the instruction to install.
At the end of the installation, the guest is ready to be used
CentOS 7
First steps
- Download an installer from the CentOS web site.
- Create a new guest (use minimal hardware requirements recommended by CentOS)
Blacklist bochs_drm driver on installation
| Jira Legacy | ||||||||
|---|---|---|---|---|---|---|---|---|
|
- Boot guest on the iso file
- Press tab on the CD bootloader
- Type " modprobe.blacklist=bochs_drm" at the end of the command line
- Press enter
- Once the installer starts, swith on eth0 and switch off eth1 in "NETWORK & HOST NAME"
- Follow the instruction to install.
At the end of the installation, the guest is ready to be used
Turn off ACPI during installation
| Jira Legacy | ||||||||
|---|---|---|---|---|---|---|---|---|
|
It could happens that the guest hibernates or goes to sleep during installation.
To avoid that, ACPI should be turned off.
- Boot guest on the iso file
- Press tab on the CD bootloader
- Type " modprobe.blacklist=bochs_drm acpi=off" at the end of the command line
- Press enter
- Once the installer starts, swith on eth0 and switch off eth1 in "NETWORK & HOST NAME"
- Follow the instruction to install.
At the end of the installation, the guest is ready to be used