Currently lots of information from inside a compromised workstation (or fancy application reading and reporting it somewhere for whatever statistic purpose) can be read:
Seems like CPU features can be reduced:
Add new 'kvm' domain feature and ability to hide KVM signature:
Maybe more can be masked such as model and clock frequency.
As I understand, these features have been added to ease CPU migration in heterogeneous CPU environments. We can reuse these features to hide more hardware identifiers.
Needs research if there would be a performance penalty or something else would speak against this.