qemuface

INTRODUCTION

Virtualization on Arch Linux often feels confusing, especially for users coming from VirtualBox or VMware.
These tools are great for beginners, but they consume a lot of system resources and can slow down the overall experience.

In this guide, we will use QEMU with KVM acceleration, a faster and more efficient virtualization solution built directly into the Linux kernel.
It gives you better performance, lower resource usage, and a smoother workflow on Arch Linux.

System Requirements

  1. Virtualization Enabled in BIOS
  2. Stable Internet Connection
  3. Basic Terminal Settings

Installation guide

  1. Execute Below command
sudo pacman -S qemu-full qemu-img libvirt virt-install virt-manager virt-viewer \
edk2-ovmf dnsmasq swtpm guestfs-tools libosinfo tuned
  1. This are services required to be running to run the qemu but recommend instead of enabling them which will start them when the system boot increasing the resource usage i suggest just start them when u require them
    1. Option : Enable modular daemon
for drv in qemu interface network nodedev nwfilter secret storage; do
    sudo systemctl restart virt${drv}d.service;
    sudo systemctl restart virt${drv}d{,-ro,-admin}.socket;
done
    1. Option : Enable monolithic daemon
sudo systemctl enable libvirtd.service

  1. if you want we can enable nested nested virtualization its based on your use case (optional)

     1. Temporary session

    For Intel

  sudo modprobe -r kvm_intel
  sudo modprobe kvm_intel nested=1

for AMD

	sudo modprobe -r kvm_amd
	sudo modprobe kvm_amd nested=1
  1. Permanent Session

For Intel

	echo "options kvm_intel nested=1" | sudo tee /etc/modprobe.d/kvm-intel.conf

For AMD

	echo "options kvm_amd nested=1" | sudo tee /etc/modprobe.d/kvm-amd.conf

—————————————————————————————————————

Enabling IMMOMU (FOR INTEL )

IOMMU = Input–Output Memory Management Unit

Think of it like a traffic controller for hardware devices.

It controls how PCI devices (GPU, USB controllers, NVMe disks, etc.) access system memory. without it:

  • You cannot assign hardware directly to a virtual machine

  • GPU passthrough will not work

  • Device isolation becomes weak

  • Security decreases

  1. Open your GRUB config
sudo vim /etc/default/grub
  1. Add following kernel module entries
#/etc/default/grub 
GRUB_CMDLINE_LINUX="... intel_iommu=on iommu=pt"
  1. Regenerate the grub config
sudo grub-mkconfig -o /boot/grub/grub.cfg
  1. Set Profile to virtual-host for tuned
sudo tuned-adm profile virtual-host

————————————————————————————————————

ENABLE SEV (FOR AMD)

Option 1 : ENABLE SEV IN AMD using modproble

echo "options kvm_amd sev=1" | sudo tee /etc/modprobe.d/amd-sev.conf
sudo reboot now

Option 2 : ENABLE SEV IN AMD USING GRUB

  1. Open your grub config file
  sudo vim /etc/default/grub
  1. Add following lines to the file
  GRUB_CMDLINE_LINUX="... mem_encrypt=on kvm_amd.sev=1"

3.Regenerate the grub config

  sudo grub-mkconfig -o /boot/grub/grub.cfg
  sudo reboot now

——————————————————————————————————————-

OPTIMIZING HOST WITH TUNED

  1. Enable TuneD at startup
sudo systemctl enable --now tuned.service
  1. Check Active profile
tuned-adm active
  1. Set profile to virtual-host
sudo tuned-adm profile virtual-host