Page MenuHomePhabricator

set random clock offset for Qubes-Whonix VMs using mgmt to prevent clock correlation attacks
Open, NormalPublic

Description

Edit the VM xml and change:

<clock offset='utc'>

to

<clock offset='variable' adjustment='123456' basis='utc'>

The adjustment attribute takes any arbitrary value of seconds. Pick a random number of seconds from 0 to 900 (15 minute range). Let's see if also negative values are possible. I.e. a random number between + and - 900.

Why?
preventing Clock Correlation Attacks

Related to:
make sure Qubes-Whonix has no access to clocksource=xen (T389)

Related Qubes upstream bug:
libvirt domain validation error; virsh edit issue

Details

Impact
High

Event Timeline

Patrick created this task.Nov 25 2015, 7:10 PM
Patrick updated the task description. (Show Details)
Patrick raised the priority of this task from to Normal.
Patrick set Impact to High.
Patrick added subscribers: Patrick, marmarek, nrgaway.

Looks like unsupported by xen. Therefore cannot be implemented.

T389#8142