Page MenuHomePhabricator

--synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall?
Closed, ResolvedPublic


--synthcpu was removed in VirtualBox 5?

Let's try some likely newly available options.

  • --cpuid-portability-level 3
  • --cpuid-portability-level 999
  • --cpuidremoveall



  • Set the new option for exiting VMs.
    • See if it works.
    • See if there are any negative implications performance or stability wise (some applications no longer working).
  • Set the new option during build.
  • Test.



Event Timeline

Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick added a project: VirtualBox.
Patrick set Impact to Normal.
Patrick added a subscriber: Patrick.
Patrick renamed this task from use cpuid-portability-level to --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall?.Nov 29 2015, 4:58 PM
Patrick updated the task description. (Show Details)
Patrick removed a subscriber: WhonixQubes.
Patrick claimed this task.

TNT_BOM_BOM tested out in the forums, that --cpuidremoveall fails to result in the desired effect. Hence nothing can be done about this.

dumbmouse added a subscriber: dumbmouse.

After much research this is the best way to hide the CPU using VirtualBox:

Set vendor_id to "GenuineIntel"

--cpuidset 00000000 0x00000005 0x756e6547 0x49656e69 0x6c65746e
--cpuidset 80000000 0x80000008 0x756e6547 0x49656e69 0x6c65746e

Set family/model/stepping (15/4/3), and feature flags (most are overridden by cpuid-portability-level any way)

--cpuidset 00000001 0x00000f43 0x00020800 0x0000649d 0xbfebfbff
--cpuidset 80000001 0x00000f43 0x00020800 0x0000649d 0xbfebfbff

Set model name to "Intel(R) Pentium(R) 4 CPU 3.00GHz"

--cpuidset 80000002 0x20202020 0x20202020 0x20202020 0x6e492020
--cpuidset 80000003 0x286c6574 0x50202952 0x69746e65 0x52286d75
--cpuidset 80000004 0x20342029 0x20555043 0x30302e33 0x007a4847

Remove most feature flags

--cpuid-portability-level 3

This should work on all host x86 CPUs. I have tested on only Intel. Performance impact should be the same as --synthcpu (no different to now).

Reference notes for anyone investigates this later:

--cpuid-portability-level is the successor of --synthcpu and does all/most of the same things

--cpuidremoveleaf and --cpuidremoveall modify the .vbox config file only. They remove CPUID overrides added by --cpuidset. Beside that they have no effect.

A better solution if it worked would be to set VBoxInternal/CPUM/GuestCpuName to "Intel(R) Pentium(R) 4 CPU 3.00GHz". GuestCpuName makes VirtualBox load all CPUID leaves and MSRs from its internal database of CPUs and their data, overriding all host CPU data. Unfortunately in testing only about 25% of CPUs actually work and whether they work or not probably depends on the host CPU so it is not suitable for general distribution. Maybe GuestCpuName will improve some time.

To change the vendor_id or model name hex use the scripts here:

Setting VBoxInternal/CPUM/HostCPUID/... has the same affect as --cpuidset but --cpuidset is documented and better to use.

Related source files:

Primary file. Reads host CPU info and configuration overrides and passes it through or masks it


Related to GuestCpuName


Pretty obvious


Thanks! Without your research, this almost certainly would not have had a chance to make it into Whonix 14. Can you commit your changes to git please? (And/or create a github pull request?)

Then I can try out your suggested changes in the next build.

Actually I need to test this more. I will fine tune it and add another comment here in couple of days.

Here is a more limited version, but better for general distribution:

# Clear existing (not necessary for initial install)
vboxmanage modifyvm <uuid> --cpuidremoveall

# GenuineIntel
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/00000000/ebx 0x756e6547
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/00000000/ecx 0x6c65746e
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/00000000/edx 0x49656e69
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000000/ebx 0x756e6547
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000000/ecx 0x6c65746e
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000000/edx 0x49656e69

# Model/Family/Stepping
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/00000001/eax 0x00000f43
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000001/eax 0x00000f43

# Pentium model name
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000002/eax 0x20202020
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000002/ebx 0x20202020
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000002/ecx 0x20202020
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000002/edx 0x6e492020
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000003/eax 0x286c6574
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000003/ebx 0x50202952
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000003/ecx 0x69746e65
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000003/edx 0x52286d75
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000004/eax 0x20342029
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000004/ebx 0x20555043
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000004/ecx 0x30302e33
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000004/edx 0x007a4847

This version only changes registers controlling vendor, family/model/stepping and model name. The last version used --cpuidset which requires all registers be passed (eax...edx) which means overriding some flags and that makes problems.

Also --cpuid-portability-level even at 1 (the lowest level) removes too many flags and gives compatibility and performance problems.

With this version only text strings and family/model/stepping are changed. Flags are passed from host CPU but the likelyhood of profiling a user by looking at flags is low. VirtualBox sanitizes the flags and only passes those it supports. The host and guest CPU flags will be different and most guests will have the same or almost the same flags.

Most other CPU leaves are sanitized, removed or zero'd by VirtualBox. There will be differences in cache sizes, TLB and maybe a few others. I have not researched every single thing but I believe the most an attacker could determine would be a CPU series (i-3, Broadwell, Athlon, ..). I don't see anything indicating a specific model.

I mentioned in my last comment but for anyone researching later, test GuestCpuName and check if it has improved and is usable. If it works and is reliable that is a better choice than setting these registers.

Note: /proc/cpuinfo does not show all of the information. A tool like cpuid is needed.

Unfortunately I do not have a Whonix build set up and don't know anything about that. The build could either run the commands above or include the extra data in the configuration file like this:

<Machine ...>
      <ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/00000000/ebx" value="0x756e6547"/>
      <ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/00000000/ecx" value="0x6c65746e"/>
      <ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/00000000/edx" value="0x49656e69"/>
      <ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/00000001/eax" value="0x00000f43"/>
      <ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000000/ebx" value="0x756e6547"/>
      <ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000000/ecx" value="0x6c65746e"/>
      <ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000000/edx" value="0x49656e69"/>
      <ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000001/eax" value="0x00000f43"/>
      <ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000002/eax" value="0x20202020"/>
      <ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000002/ebx" value="0x20202020"/>
      <ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000002/ecx" value="0x20202020"/>
      <ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000002/edx" value="0x6e492020"/>
      <ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000003/eax" value="0x286c6574"/>
      <ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000003/ebx" value="0x50202952"/>
      <ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000003/ecx" value="0x69746e65"/>
      <ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000003/edx" value="0x52286d75"/>
      <ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000004/eax" value="0x20342029"/>
      <ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000004/ebx" value="0x20555043"/>
      <ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000004/ecx" value="0x30302e33"/>
      <ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000004/edx" value="0x007a4847"/>
Patrick changed the task status from Open to Review.Mar 10 2017, 1:01 AM
Patrick reassigned this task from Patrick to dumbmouse.

Added. Not yet tested by me but will test in the next build.

"Hiding CPU model is futile." Any reference for that? @HulaHoop

This will be undone. Ticket:

remove attempts to hide CPU information from VM in VirtualBox