Passthrough Jetson Orin WiFi card and Intel NUC Wifi Card to NetVM

microvmConfigurations/netvm/default.nix

@@ -20,49 +20,16 @@ nixpkgs.lib.nixosSystem {
       # TODO: Maybe inherit state version
       system.stateVersion = "22.11";
 
-      # For WLAN firmwares
-      hardware.enableRedistributableFirmware = true;
+      # TODO: crosvm PCI passthrough does not currently work
+      microvm.hypervisor = "qemu";
 
-      microvm.hypervisor = "crosvm";
-
-      networking.enableIPv6 = false;
-      networking.interfaces.eth0.useDHCP = true;
-      networking.firewall.allowedTCPPorts = [22];
-
-      # TODO: Idea. Maybe use udev rules for connecting
-      # USB-devices to crosvm
-
-      # TODO: Move these to target-specific modules
-      # microvm.devices = [
-      #   {
-      #     bus = "usb";
-      #     path = "vendorid=0x050d,productid=0x2103";
-      #   }
-      # ];
-      # microvm.devices = [
-      #   {
-      #     bus = "pci";
-      #     path = "0001:00:00.0";
-      #   }
-      #   {
-      #     bus = "pci";
-      #     path = "0001:01:00.0";
-      #   }
-      # ];
+      networking = {
+        enableIPv6 = false;
+        interfaces.ethint0.useDHCP = false;
+        firewall.allowedTCPPorts = [22];
+        useNetworkd = true;
+      };
 
-      # TODO: Move to user specified module - depending on the use x86_64
-      #       laptop pci path
-      # x86_64 Laptop
-      # microvm.devices = [
-      #   {
-      #     bus = "pci";
-      #     path = "0000:03:00.0";
-      #   }
-      #   {
-      #     bus = "pci";
-      #     path = "0000:05:00.0";
-      #   }
-      # ];
       microvm.interfaces = [
         {
           type = "tap";
@@ -71,11 +38,31 @@ nixpkgs.lib.nixosSystem {
         }
       ];
 
-      networking.wireless = {
+      networking.nat = {
         enable = true;
+        internalInterfaces = ["enp0s4"];
+      };
+
+      # TODO: Set the interface name to something pre-defined.
+      # Setting the name manually with ip link set <iface> name <newname>
+      # works. The following breaks things for some reason:
+      #
+      # Set internal network's interface name to ethint0
+      # systemd.network.links."10-ethint0" = {
+      #   matchConfig.PermanentMACAddress = "02:00:00:01:01:01";
+      #   linkConfig.Name = "ethint0";
+      # };
 
-        # networks."SSID_OF_NETWORK".psk = "WPA_PASSWORD";
+      systemd.network = {
+        enable = true;
+        networks."10-ethint0" = {
+          matchConfig.MACAddress = "02:00:00:01:01:01";
+          address = ["192.168.100.2/24"];
+          linkConfig.ActivationPolicy = "always-up";
+        };
       };
+
+      microvm.qemu.bios.enable = false;
     })
   ];
 }

modules/development/packages.nix

@@ -7,5 +7,16 @@
 
     # For lsusb:
     usbutils
+
+    # Useful in NetVM
+    ethtool
+
+    # Basic monitors
+    htop
+    iftop
+    iotop
+
+    traceroute
+    dig
   ];
 }

modules/hardware/nvidia-jetson-orin.nix

@@ -21,14 +21,24 @@
       name = "fixed-regulators";
       patch = ./nvidia-enable-pcie-power.patch;
     }
+    {
+      name = "passthrough-patch";
+      patch = ./pci-passthrough-test.patch;
+    }
   ];
 
   hardware.deviceTree = {
     enable = true;
-    name = "tegra234-p3701-0000-p3737-0000.dtb";
+    name = "tegra234-p3701-host-passthrough.dtb";
   };
 
   imports = [
     ../boot/systemd-boot-dtb.nix
   ];
+
+  # Passthrough Jetson Orin WiFi card
+  boot.kernelParams = [
+    "vfio-pci.ids=10ec:c82f"
+    "vfio_iommu_type1.allow_unsafe_interrupts=1"
+  ];
 }

modules/hardware/pci-passthrough-test.patch

@@ -0,0 +1,32 @@
+diff --git a/nvidia/platform/t23x/concord/kernel-dts/Makefile b/nvidia/platform/t23x/concord/kernel-dts/Makefile
+index 1be5b3f76bf8..01d3dea90cb5 100644
+--- a/nvidia/platform/t23x/concord/kernel-dts/Makefile
++++ b/nvidia/platform/t23x/concord/kernel-dts/Makefile
+@@ -23,6 +23,9 @@ dtb-$(BUILD_ENABLE) += tegra234-p3701-0000-as-p3767-0001-p3737-0000.dtb
+ dtb-$(BUILD_ENABLE) += tegra234-p3701-0000-as-pxxxx-p3737-0000.dtb
+ dtb-$(BUILD_ENABLE) += tegra234-p3701-0000-p3737-0000-kexec.dtb
+ dtb-$(BUILD_ENABLE) += tegra234-p3701-0004-p3737-0000.dtb
++
++dtb-$(BUILD_ENABLE) += tegra234-p3701-host-passthrough.dtb
++
+ dtbo-$(BUILD_ENABLE) += tegra234-p3737-a03-overlay.dtbo
+ dtbo-$(BUILD_ENABLE) += tegra234-p3737-a04-overlay.dtbo
+ dtbo-$(BUILD_ENABLE) += tegra234-p3737-overlay-pcie.dtbo
+diff --git a/nvidia/platform/t23x/concord/kernel-dts/tegra234-p3701-host-passthrough.dts b/nvidia/platform/t23x/concord/kernel-dts/tegra234-p3701-host-passthrough.dts
+new file mode 100644
+index 000000000000..e4656287da82
+--- /dev/null
++++ b/nvidia/platform/t23x/concord/kernel-dts/tegra234-p3701-host-passthrough.dts
+@@ -0,0 +1,12 @@
++/dts-v1/;
++#include "tegra234-p3701-0000-p3737-0000.dts"
++
++/*
++ * Update the pci-e wifi to be accessible from vfio/guest
++ */
++&pcie_c1_rp {
++    interconnect-names = "dma-mem", "write";
++    /delete-property/ iommus;
++    /delete-property/ msi-parent;
++    /delete-property/ msi-map;
++};

modules/host/networking.nix

@@ -6,6 +6,7 @@
     firewall.allowedUDPPorts = [67]; # DHCP
     useNetworkd = true;
   };
+
   systemd.network = {
     netdevs."virbr0".netdevConfig = {
       Kind = "bridge";
@@ -14,6 +15,10 @@
     networks."virbr0" = {
       matchConfig.Name = "virbr0";
       networkConfig.DHCPServer = true;
+      dhcpServerConfig = {
+        EmitRouter = true;
+        Router = "192.168.100.2";
+      };
       addresses = [
         {
           addressConfig.Address = "192.168.100.1/24";

targets/intel-nuc.nix

@@ -27,16 +27,48 @@
           ../modules/graphics/weston.nix
 
           formatModule
+
+          {
+            boot.kernelParams = [
+              "intel_iommu=on,igx_off,sm_on"
+              "iommu=pt"
+
+              # Passthrough Intel WiFi card
+              "vfio-pci.ids=8086:a0f0"
+            ];
+          }
         ]
         ++ extraModules;
     };
     netvm = "netvm-${name}-${variant}";
   in {
     inherit hostConfiguration netvm;
     name = "${name}-${variant}";
-    netvmConfiguration = import ../microvmConfigurations/netvm {
-      inherit nixpkgs microvm system;
-    };
+    netvmConfiguration =
+      (import ../microvmConfigurations/netvm {
+        inherit nixpkgs microvm system;
+      })
+      .extendModules {
+        modules = [
+          {
+            microvm.devices = [
+              {
+                bus = "pci";
+                path = "0000:00:14.3";
+              }
+            ];
+
+            # For WLAN firmwares
+            hardware.enableRedistributableFirmware = true;
+
+            networking.wireless = {
+              enable = true;
+
+              # networks."SSID_OF_NETWORK".psk = "WPA_PASSWORD";
+            };
+          }
+        ];
+      };
     package = hostConfiguration.config.system.build.${hostConfiguration.config.formatAttr};
   };
   debugModules = [../modules/development/intel-nuc-getty.nix];

targets/nvidia-jetson-orin.nix

@@ -34,9 +34,31 @@
   in {
     inherit hostConfiguration netvm;
     name = "${name}-${variant}";
-    netvmConfiguration = import ../microvmConfigurations/netvm {
-      inherit nixpkgs microvm system;
-    };
+    netvmConfiguration =
+      (import ../microvmConfigurations/netvm {
+        inherit nixpkgs microvm system;
+      })
+      .extendModules {
+        modules = [
+          {
+            microvm.devices = [
+              {
+                bus = "pci";
+                path = "0001:01:00.0";
+              }
+            ];
+
+            # For WLAN firmwares
+            hardware.enableRedistributableFirmware = true;
+
+            networking.wireless = {
+              enable = true;
+
+              # networks."SSID_OF_NETWORK".psk = "WPA_PASSWORD";
+            };
+          }
+        ];
+      };
     package = hostConfiguration.config.system.build.${hostConfiguration.config.formatAttr};
   };
   nvidia-jetson-orin-debug = nvidia-jetson-orin "debug" [];