Page MenuHomePhorge
Create Task
Maniphest T881

remove attempts to hide CPU information from VM in VirtualBox
Closed, ResolvedPublic
Actions

Description

Reasons:

  • There's been research showing that trying to hide CPU information in a virtualizer is futile.
  • There's been a Xen issue where hiding CPU information lead to a security issue.
  • spectre / meltdown defenses may depend on easy CPU detection.

Could you help with references for these please? @HulaHoop

Details

Impact
Normal

Related Objects

Event Timeline

Patrick triaged this task as Normal priority.Nov 28 2018, 6:43 AM
Patrick created this task.
Herald added a project: Whonix. · View Herald TranscriptNov 28 2018, 6:43 AM
Herald added a subscriber: entr0py. · View Herald Transcript
Patrick mentioned this in T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall?.Nov 28 2018, 6:44 AM
HulaHoop added a comment.Dec 3 2018, 6:07 PM

There's been research showing that trying to hide CPU information in a virtualizer is futile.

I can't find papers to that effect. That's based on my intuition that someone can just benchmark the CPU in a VM to figure out what model they're running on.
With full emulation it may be possible to conceal all aspects about a CPU from the guest code at expense of performance.

The opposite however is true. It's impossible to hide the fact someone is running under a hypervisor.

There's been a Xen issue where hiding CPU information lead to a security issue.

Dug through their CVE database with no success. Search results are equally useless.

spectre / meltdown defenses may depend on easy CPU detection.

https://www.berrange.com/posts/2018/06/29/cpu-model-configuration-for-qemu-kvm-on-x86-hosts/

Patrick closed this task as Resolved.Dec 7 2018, 11:09 AM
Patrick claimed this task.
Whonix OLD Issue Tracker · PLEASE DO NOT POST NEW TICKETS HERE · OLD Issue Tracker - Unread Notifications · OLD Issue Tracker - Feed · OLD Issue Tracker - Open Issues · NEW Issue Tracker · Homepage · Blog · Forum · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer