Page MenuHomePhabricator

remove attempts to hide CPU information from VM in VirtualBox
Closed, ResolvedPublic

Description

Reasons:

  • There's been research showing that trying to hide CPU information in a virtualizer is futile.
  • There's been a Xen issue where hiding CPU information lead to a security issue.
  • spectre / meltdown defenses may depend on easy CPU detection.

Could you help with references for these please? @HulaHoop

Details

Impact
Normal

Event Timeline

Patrick created this task.Nov 28 2018, 7:43 AM
Patrick triaged this task as Normal priority.

There's been research showing that trying to hide CPU information in a virtualizer is futile.

I can't find papers to that effect. That's based on my intuition that someone can just benchmark the CPU in a VM to figure out what model they're running on.
With full emulation it may be possible to conceal all aspects about a CPU from the guest code at expense of performance.

The opposite however is true. It's impossible to hide the fact someone is running under a hypervisor.

There's been a Xen issue where hiding CPU information lead to a security issue.

Dug through their CVE database with no success. Search results are equally useless.

spectre / meltdown defenses may depend on easy CPU detection.

https://www.berrange.com/posts/2018/06/29/cpu-model-configuration-for-qemu-kvm-on-x86-hosts/

Patrick closed this task as Resolved.Dec 7 2018, 12:09 PM
Patrick claimed this task.