Page MenuHomePhabricator

KVMProject
ActivePublic

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity

Oct 15 2019

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

https://redmine.tails.boum.org/code/issues/17156

Oct 15 2019, 9:26 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Oct 13 2019

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Analysis by Cyrus cited here for completion:

Oct 13 2019, 4:18 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Oct 6 2019

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.
Oct 6 2019, 10:53 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
Patrick updated subscribers of T530: CPU-induced latency Covert Channel Countermeasures.
Oct 6 2019, 9:50 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
Patrick added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Reported build failures:

Oct 6 2019, 9:47 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

When an implementation is decided, let's decide if we can include this in security-misc for use on Linux hosts and Kicksecure. We would need some way in detecting the active NIC since on wireless systems wlan0 is the interface of choice and not eth0

Oct 6 2019, 9:01 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

tc-netem is a utility that is part of the iproute2 package in Debian. It leverages functionality already built into Linux and userspace utilities to simulate networks including packet delays and loss.

Oct 6 2019, 6:04 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Jul 22 2019

HulaHoop added a comment to T893: Mouse cursor rarely works on KVM Whonix WS 14.0.1.3.8.

Whonix 15 has since come out. Has this been resolved? Not reproducible on Debian Buster either.

Jul 22 2019, 2:36 AM · KVM, Whonix
HulaHoop added a comment to T897: Unable to write to '/sys/fs/cgroup/blkio/machine.slice/machine....

This bug does not exist on Debian stable after I upgraded. I have it documented for Arch and a work around for it. Nothing more to be done on my end.

Jul 22 2019, 2:34 AM · KVM, Whonix

Apr 6 2019

Patrick triaged T893: Mouse cursor rarely works on KVM Whonix WS 14.0.1.3.8 as Normal priority.
Apr 6 2019, 8:22 PM · KVM, Whonix

Apr 4 2019

Patrick added a comment to T605: speed up libvirt tarball creation time.

Please kindly consider jointing the related discussion improving compression of Whonix image downloads:
https://forums.whonix.org/t/improving-compression-of-whonix-image-downloads/7086

Apr 4 2019, 8:17 PM · Whonix, build, KVM
Patrick assigned T897: Unable to write to '/sys/fs/cgroup/blkio/machine.slice/machine... to HulaHoop.
Apr 4 2019, 8:13 PM · KVM, Whonix
jmliz added a comment to T897: Unable to write to '/sys/fs/cgroup/blkio/machine.slice/machine....

https://www.whonix.org/wiki/KVM#Verify_the_Whonix_images

Apr 4 2019, 7:43 PM · KVM, Whonix
jmliz updated the task description for T897: Unable to write to '/sys/fs/cgroup/blkio/machine.slice/machine....
Apr 4 2019, 7:42 PM · KVM, Whonix
Herald added a project to T897: Unable to write to '/sys/fs/cgroup/blkio/machine.slice/machine...: Whonix.
Apr 4 2019, 7:41 PM · KVM, Whonix

Mar 1 2019

WhoCares added a comment to T893: Mouse cursor rarely works on KVM Whonix WS 14.0.1.3.8.

I reopened this because KVM page (https://www.whonix.org/wiki/KVM#Arch_Linux) explicitly mentions Arch as a host OS.
If someone here is using Arch as well, maybe you guys can reproduce this after all. Also see my previous comment.

Mar 1 2019, 7:28 PM · KVM, Whonix
WhoCares reopened T893: Mouse cursor rarely works on KVM Whonix WS 14.0.1.3.8 as "Open".
Mar 1 2019, 7:26 PM · KVM, Whonix

Feb 23 2019

WhoCares added a comment to T893: Mouse cursor rarely works on KVM Whonix WS 14.0.1.3.8.

I'm using Arch.
All the software versions (libvirt, QEMU, virt-viewer, kernel) are deemed stable upstream (by their respective developers, not by Debian folks).

Feb 23 2019, 2:52 PM · KVM, Whonix

Feb 21 2019

HulaHoop closed T893: Mouse cursor rarely works on KVM Whonix WS 14.0.1.3.8 as Resolved.

What distro are you using?

Feb 21 2019, 9:33 PM · KVM, Whonix

Feb 9 2019

Patrick assigned T893: Mouse cursor rarely works on KVM Whonix WS 14.0.1.3.8 to HulaHoop.
Feb 9 2019, 3:59 PM · KVM, Whonix

Dec 9 2018

Patrick lowered the priority of T605: speed up libvirt tarball creation time from High to Wishlist.
Dec 9 2018, 6:52 AM · Whonix, build, KVM

Dec 7 2018

Patrick removed a project from T530: CPU-induced latency Covert Channel Countermeasures: Whonix 15.
Dec 7 2018, 12:06 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Oct 15 2018

toxdosvyqydtexlr added a comment to T872: mouse does not work in Whonix-Workstation 14 KVM.

By running packages from your distro there is a higher chance that bugs are more visible for more people and more likely to be fixed.

Oct 15 2018, 1:41 AM · Whonix, Whonix 14, KVM

Oct 13 2018

HulaHoop closed T872: mouse does not work in Whonix-Workstation 14 KVM as Invalid.

Sorry not reproducible on my end. May be related to the fact that you are running a non-standard setup with custom compiled binaries. By running packages from your distro there is a higher chance that bugs are more visible for more people and more likely to be fixed.

Oct 13 2018, 12:37 AM · Whonix, Whonix 14, KVM

Oct 12 2018

toxdosvyqydtexlr added a comment to T872: mouse does not work in Whonix-Workstation 14 KVM.

made no difference.

Oct 12 2018, 1:17 PM · Whonix, Whonix 14, KVM
HulaHoop added a comment to T872: mouse does not work in Whonix-Workstation 14 KVM.

It could be the VM is confused because apparently there are two types of mice attached. I assumed that by adding virtio-mouse it would override and replace the emulated one. Turns out its not this way and I went ahead and reverted this config which should be effective in the next release.

Oct 12 2018, 12:11 AM · Whonix, Whonix 14, KVM

Oct 8 2018

Patrick assigned T872: mouse does not work in Whonix-Workstation 14 KVM to HulaHoop.
Oct 8 2018, 8:01 AM · Whonix, Whonix 14, KVM
toxdosvyqydtexlr triaged T872: mouse does not work in Whonix-Workstation 14 KVM as High priority.
Oct 8 2018, 1:20 AM · Whonix, Whonix 14, KVM

Aug 9 2018

Patrick added a project to T774: [Revised] Clock Drift Correction Proposal: KVM.
Aug 9 2018, 5:19 PM · KVM, Whonix, research

Jul 24 2018

Patrick renamed T388: document Spoof the Initial Virtual Hardware Clock Offset for KVM (biossystemtimeoffset) from document Spoof the Initial Virtual Hardware Clock Offset for KVM to document Spoof the Initial Virtual Hardware Clock Offset for KVM (biossystemtimeoffset).
Jul 24 2018, 11:52 AM · user documentation, enhancement, security, KVM, Whonix

Jun 30 2018

Patrick closed T790: Reducing the size of raw files as Resolved.
Jun 30 2018, 12:34 PM · build, KVM, VirtualBox, Whonix, Whonix 15

Apr 30 2018

Onion_Knight added a comment to T790: Reducing the size of raw files.

virt-sparsify solution dropped because needs booting the image with qemu-system (not clean, to much unknown consequences, see attached ouptut).

Apr 30 2018, 3:50 PM · build, KVM, VirtualBox, Whonix, Whonix 15
Onion_Knight added a comment to T790: Reducing the size of raw files.
Apr 30 2018, 11:54 AM · build, KVM, VirtualBox, Whonix, Whonix 15

Apr 26 2018

Patrick triaged T790: Reducing the size of raw files as Normal priority.
Apr 26 2018, 9:25 AM · build, KVM, VirtualBox, Whonix, Whonix 15

Mar 1 2018

HulaHoop added a comment to T550: Clock Drift Detection.

NB for the record: with qemu-ga a guest can still shut itself off via crafted input to the agent. So besides removing timer access to the guest, there was no other advantage to removing ACPI.

Mar 1 2018, 6:13 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

Actually we don't have to suspend the guest. Execution of any command on the host after resume is enough to create a uniqu event in the qemu-ga's log file.

Mar 1 2018, 4:34 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

The proper and direct way to use virsh to communicate with guest agent:

Mar 1 2018, 12:53 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

The YAJL parser used in libvirt is tiny, modern (written in2007) and has no CVEs. It is an SAX type event-driven parser unlike the vulnerable, top-down recursive descent type that was used in QEMU.

Mar 1 2018, 12:03 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 28 2018

HulaHoop added a comment to T550: Clock Drift Detection.

https://wiki.libvirt.org/page/Qemu_guest_agent

Feb 28 2018, 11:39 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

It turns out the QEMU guest agent warning was not relevant to those who use libvirt. With libvirt a safe parser is used. Breakouts can only happen if a process on the host is designed to parse guest input because there is no way to control that otherwise it should be safe for our uses. This potentially simplifies the design in many respects but a host package will still be needed. I will update the task list.

Feb 28 2018, 8:40 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

https://www.redhat.com/archives/libvirt-users/2018-February/msg00083.html
[libvirt-users] QEMU guest-agent safety in hostile VM?

Feb 28 2018, 7:40 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 23 2018

Patrick closed T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log) as Resolved.
Feb 23 2018, 2:41 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix

Feb 14 2018

HulaHoop added a comment to T550: Clock Drift Detection.

Yes there are less moving parts especially when multiple WSs share a GW. Some way to exempt timesync traffic from the WS would be needed though.

Feb 14 2018, 1:12 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 12 2018

Patrick added a comment to T550: Clock Drift Detection.

HulaHoop (HulaHoop):

HulaHoop added a comment.
With qemu-ga code the whole clock drift detection code becomes redundant. If a
suspend event is triggered the GW should assume clocks are out of sync and
trigger lockdown.

Feb 12 2018, 11:01 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

With qemu-ga code the hwclock drift detection code becomes redundant. If a suspend event is triggered the GW should assume clocks are out of sync and trigger lockdown.

Feb 12 2018, 5:23 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

Oops didn't realize ntpdate requires query of remote servers. ntpdate is obsolete anyhow but the newer clockdiff still talks to online servers instead of comparing local values. hwclock can give us that:

Feb 12 2018, 4:52 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
Patrick added a comment to T550: Clock Drift Detection.

It's a very good rehash!

Feb 12 2018, 10:43 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 11 2018

HulaHoop added a comment to T550: Clock Drift Detection.

@Patrick I wrote a rehash. If you think is too complicated, let me know. It was the simplest and most reliable way I could think of:

Feb 11 2018, 6:09 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 4 2018

Patrick added a comment to T550: Clock Drift Detection.

Didn't rehash. What's next here? Looks like we learned a lot, but then things stalled. Could you please rehash, and then create a follow-up ticket with the way forward? @HulaHoop

Feb 4 2018, 4:17 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
Patrick added a project to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log): Whonix 14.
Feb 4 2018, 4:11 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix