Skip to content

Instantly share code, notes, and snippets.

@ngoc-minh-do

ngoc-minh-do/Proxmox-passthrough-PCI.md

Last active October 7, 2025 02:16
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save ngoc-minh-do/13e6736f75383c6cb84fbd45d13f36a4 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save ngoc-minh-do/13e6736f75383c6cb84fbd45d13f36a4 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Proxmox-passthrough-PCI.md

Proxmox PCI Passthrough (IOMMU)

0. BIOS Setup (Required)

Before configuring Proxmox, enable the following in your system BIOS/UEFI:

  • Intel CPUs:

    • Intel Virtualization Technology (VT-x)
    • Intel VT-d (Directed I/O)

  • AMD CPUs:

    • SVM (Secure Virtual Machine)
    • IOMMU / AMD-Vi

1. Enable PCI Passthrough (IOMMU)

1.1 Determine Your Bootloader

Proxmox can use GRUB or systemd-boot depending on how it was installed:

efibootmgr -v
proxmox-boot-tool status
  • If proxmox-boot-tool status shows entries → managed by systemd-boot/GRUB.
  • Otherwise, plain GRUB.

1.2 Set IOMMU Kernel Parameters

Recommended for ZFS + UEFI systems

Edit /etc/default/grub and modify:

GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on iommu=pt"

(Use amd_iommu=on iommu=pt for AMD CPUs)

Then refresh bootloader and reboot:

proxmox-boot-tool refresh
reboot

✅ This ensures the parameters are applied even on ZFS root, where /etc/kernel/cmdline may be ignored.

1.3 Load VFIO Modules

cat > /etc/modules-load.d/vfio.conf <<EOF
vfio
vfio_iommu_type1
vfio_pci
EOF

Module descriptions:

  • vfio: Core VFIO framework (Virtual Function I/O).
  • vfio_pci: Driver to bind PCI devices for passthrough.
  • vfio_iommu_type1: Provides IOMMU mapping for DMA isolation (guest memory protection).

Rebuild initramfs so modules are included:

update-initramfs -u -k all
  1. Reboot the Proxmox host.

2. Verify IOMMU Setup

Check kernel cmdline:

cat /proc/cmdline

You should see intel_iommu=on iommu=pt (or AMD equivalent).

Check IOMMU enabled:

dmesg | grep -E "DMAR|IOMMU"

Expected: a line like DMAR: IOMMU enabled.

Check interrupt remapping:

dmesg | grep 'remapping'

Expected output examples:

  • AMD-Vi: Interrupt remapping enabled
  • DMAR-IR: Enabled IRQ remapping in x2apic mode

Check VFIO modules are loaded:

lsmod | grep -i vfio

3. Verify IOMMU Isolation

Check device groupings:

pvesh get /nodes/{nodename}/hardware/pci --pci-class-blacklist ""

Replace {nodename} with your Proxmox node name.

  • Each controller in its own group → passthrough individually (best).
  • ⚠️ Multiple controllers in same group → passthrough them together (acceptable).
  • Grouped with unrelated devices → enable ACS override.

Alternative way:

find /sys/kernel/iommu_groups/ -type l | grep 19:00.0

Enable ACS override:
The Proxmox kernel includes the ACS patch. Add this option to the kernel command line:

pcie_acs_override=downstream

(Use GRUB or systemd-boot method depending on your bootloader.)

References:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment