Should I install Proxmox Virtual Environment 8 on a Legion Pro 5i Gen 8?

I'm looking for help and advice.  Click images to see larger version.

Morgonaut — Triple Boot HackintoshI have a little experience operating Proxmox VE on servers — which belong to clients.  But, they are running older versions.  Mostly, I just interact with the Linux guest VMs (Virtual Machines) hosted on Proxmox.

In the past, I have seen YouTube videos touting, "I run Linux, macOS, and Windows — on one machine, simultaneously — with Proxmox!"  Typically, however, the YouTuber is running Proxmox on a desktop PC — with a workstation CPU (Threadripper or Xeon W) — and at least 2 graphics cards.  At least one of the graphics cards is an AMD Radeon — for PCI-passthrough to the macOS guest VM.

My goal is to build a portable virtual environment.  To work with, I only have 2 graphics devices — Intel 13th-gen integrated-graphics and NVIDIA RTX 4060 discreet-graphics.  Except on standby, the system guzzles battery.  I don't expect to run this without the power supply (available).  Power concerns aside, I suspect I can run (at most) 2 VMs to 2 displays — including (or in addition to) the built-in display.  As I don't want to rely on another device to manage Proxmox, I am aware I will need to install a (light) desktop environment.

My major concern are the IOMMU groups for PCI-passthrough.  The RTX 4060 is definitely in a discreet group — to pass through to Windows or Linux.  But, macOS will only work with Intel or AMD graphics (or very old NVIDIA cards).  In the past, I have run Mojave on a guest VM in VirtualBox — on a Lenovo 2-in-1 (Intel 8th-gen Core i7 + NVIDIA MX230).  I did not find a way to pass through the Intel integrated-graphics.  Nor did I find a way to output sound.

I hope I have better luck with KVM and qemu.

Another concern is BIOS updates.  I haven't had to download a BIOS-update and run it from boot-media in over a decade.  Nor have I checked if that is still possible.  I see that I can download a BIOS update (.exe) from Lenovo Support.  But, can I run the update without Windows?  Although I plan to have a Windows VM, I don't plan to use the OEM (bare metal) Windows system.

Legion Pro 5i under light loadI have already backed up the initial state of the SSD.  So far, I have been using the Legion Pro 5i Gen 8 — solely with Linux Live-USB.  Here are the Geekbench 6 results (links launch new tab or window):

I don't know if this can be done.  A few years ago, I was excited to try.  But, much has changed.

Once more... I am looking for help and advice.  Thanks in advance!

  • Then I'll repeat it.

    Not nearly as many replies as I usually get on the Legion Gaming Community.

    Glad I could help. :-)

  • I guess I assumed a knowledgeable reply would check the product page and the Geekbench6 links I provided.  The Geekbench6 links, alone, provide some of the information about which you inquire.

    But, you make some good points,  

    When I receive a promising reply, hopefully, the right questions will be asked.  Although I am no expert, I know enough to recognize the genuine article.

    I do not want to offend you, but I've run VMs on a laptop with far fewer resources.  Using an 8th-gen Intel Core-i7 U (ultrabook) CPU (4c/8t) and only 8 GB DDR4-2400 RAM — with a Linux host-OS and VirtualBox (or qemu).  So, I know I can run all 3 OS with a Type-2 Hypervisor — on a 4-year-old budget-laptop.  But, I've never attempted to run a Type-1 Hypervisor (like Proxmox VE) on any laptop.  Nor have I attempted to run more than 1 guest-OS, simultaneously, on a laptop.

    To answer a couple of your questions, the laptop on which I plan to do this has a 13th-gen Intel Core-i7 HX (extended TDP, +32W for greater boost-clocks) CPU (16c/24t) and 16 GB DDR5-4800 RAM.

    Very little of that is relevant.  I can allocate 2c/2t to the host, 6c/6t to the open-source guest, and 4c/8t (each) to each closed-source guest.  Initially, I will allocate 2 GB RAM to Proxmox + 2 GB RAM to guest-Linux + 6 GB RAM to guest-macOS + 6 GB RAM to guest- Windows.  Later, I will upgrade the RAM from 2×8 GB SODIMM to 2×16 GB SODIMM — doubling the memory allocation to each OS.  At that time, I may add another PCIe Gen4 m.2 SSD — which I may or may not PCI-passthough, depending on which IOMMU group it's in.

    The primary issue will be the allocation and PCI-passthrough of graphics.  I want all 3 guest-OS to display with some level of graphics acceleration — and to display simultaneously — via built-in display + HDMI-display + DP-display.

    If not for potential issues with BIOS updates, I would just proceed.  The default method to update the BIOS requires Windows.  Unless I am mistaken, even on a Type-1 Hypervisor, a guest-OS (i.e. Windows) will not have access to the UEFI partition.  Without that, a Windows VM cannot update the BIOS via the default method — a "BIOS-updater" .exe — typically run downloaded and run through the LenovoVantage app.

    But, I have already found a promising bootable-USB alternative, on Lenovo's support-site.  I just need to test it.  If it works, I don't need to keep a "bare-metal" Windows device/partition.

    For now, however, I see no reason to publish more details about my system.  I may inadvertently reveal vulnerabilities in my system, that I've yet to patch.

    btw- I wrote this reply, partly to answer some questions that others may have.  I don't expect you to understand it all.  Nor do I expect a reply. :-)

  • Which advice?  Maybe I can help.

  • Here is a video I found, which provides (some) good advice — installing Proxmox VE + installing Xfce DE¹, so you can manage Proxmox locally + add new user and add that user to sudoers (%wheel) group, so you don't login as root after reboot.

    But, then the video offers horrible advice — performing tasks as root (sudo su), to disable default repos and enable "community" repos.

    The video creator — he doesn't explain the risks of following his instructions.  Which means 1 or more of the following:

    • He doesn't know about the risks.
    • He doesn't care about the risks
    • He's hoping his audience neither knows, nor cares about the risks...
      • the ignorant and the apathetic are easy to exploit.

    If you perform actions as the root user, there are no restrictions.  The root user can do anything..

    Always be suspicious of any advice which follows, "Use 'sudo su' to switch to the root user".  Almost always, what follows (may as well be), "Then run these commands to completely compromise your base-system.  Because you are foolish enough to blindly follow a guide you found online."

    Why should we disable default repos?  Why should we trust the "community" repos?  When you hear "community repos", think AUR² for Arch-based Linux distros and PPA³ for Ubuntu-based Linux distros.  People use them.  I don't know whether they should trust them.

    I don't⁴.

    But, I have heard from sources I trust — disabling the "no subscription nag-screen" — that's common.  Proxmox VE is free for developers.  But, they still nag you to get a subscription.  You don't need to switch to the root user.  You can just run that command (and almost all other commands) with sudo.

    If I recall correctly, however, there is a free-for-developers subscription.  So, disabling the "nag-screen" — that may be a solution to a privacy-concern problem; e.g. to avoid providing personal info, like an email address or phone number.

    I don't know the process of getting a developer subscription.  Not yet, anyway.

    ¹ DE → Desktop Environment

    ² AUR → Arch User Repository

    ³ PPA → Personal Package Archive

    ⁴ I don't have time to investigate community repos, their contributors, or each package I might install.  There's an old saying, "Check your sources."  In the video, he's literally changing the sources.list file — as root.  Why?  Does Proxmox not allow sudoers to change that file with the sudo command?  Or is he just lazy?  Some users (foolishly) use "sudo su" before running privileged commands, to avoid typing "sudo [command]" each time. smh

  • I may not understand entirely what's going on here, but if I remember one thing from my Unix classes, it's about the sudo thing lol. It's like getting a magic "do everything without asking" wand which I agree can create chaos if used incorrectly.

  • The magic "do everything without asking" only occurs for the root-user; i.e. "sudo su".  After successfully completing the "sudo su" password challenge, you will not be challenged, again.  Neither for your password nor the root password.

    Using "sudo [command]", however, challenges you for the password for each command, once per session, or every N number of minutes; e.g. every 15 minutes.  If you close your terminal (or type "exit<Enter>"), the session has ended.  Opening a new terminal will open a new session and sudo will challenge you for the password, again.

    The sudo command is sufficient for almost every use-case.  It stands for "superuser do".  Most distros, however, restrict sudo permissions on some areas of the system.  To make changes to those areas, you must open a root-user session.

    The root user has no restrictions.  After "sudo su", you're no longer "superuser doing".  You've opened a root-user session.  In that session, you are the superuser (a.k.a. the root-user).

    The superuser never needs to use sudo.

    The sudo-analogy in Windows, is "Run as Administrator".  The root-analogy in Windows, however, is not an account in the Administrators group.  There is another account — called Administrator — which is the built-in Windows "superuser".

  • I omitted, "The Administrators group, in Windows, is analogous to the sudoers group, in Linux¹"

    ¹  Or any UNIX-based OS, like BSD and macOS (Apple's BSD-based OS).  Sometimes it's called the "%wheel" group.

  • Something occurred to me, the other day.  Could I possibly use PCI-passthrough for an entire block-device?  Such that, by installing Proxmox VE on a 2nd m.2 SSD, I can leave the 1st m.2 SSD — the one the system came with — as a hybrid device?

    My idea is to run (the default) Windows OS on the 1st m.2 SSD — as both a bare-metal system and as a virtual machine.

    I've heard of passing through a block-device to use as direct VM storage — instead of creating virtual disks (as a file) on a partition.  But, no mention was made about running an OS installed on that device as a hybrid bare-metal/virtual system.

    I wish I could dedicate more time to research and testing.  Each weekend, I hope it's the one I finally try to stop running off a Live-USB.  So far, however, every weekend since 08-OCT-2023 — has not been that weekend.

  • I just remembered a resource I found, nearly 2 years ago.  I watched this Learn Linux TV playlist, but I rarely gave it my full attention.  I should probably watch it, again.  It includes more recent videos, now — from 1 month ago to 1 year ago.  With 19 videos, averaging around 20 minutes each, plus 2×1-hour videos — it looks like nearly 9 hours of content.


    This is the fist video in a playlist.  Click here to open the full playlist in a new tab or window.

  • Tomorrow, hopefully, is the day I begin.

    If I can update the BIOS via the bootable-USB tool I downloaded from Lenovo's support site, then I will proceed with the installation of Proxmox VE 8.  In the worst-case scenario, I restore the full-device backup I made.

    I considered waiting until I order another SSD, so I can work on a device with greater capacity.  But, I know I'd procrastinate another week or two — waiting for it to arrive and finding the time to tear-down the laptop to install it.

    I've got butterflies in my stomach and bison in my skull. :-)