Host CPU Passthrough WS

HulaHoop · July 9, 2018, 1:42am

A Libvirt lead dev recommends passing thru the host CPU config to enable meltdown and spectre mitigations for guests (They are already mitigated on patched hosts). I think this is very important.

I already allow the GW full passthrough since its trusted. I would like to do the same for WS since hiding host CPU info is ineffective since it can be easily discovered by benchmarking. With this config change it should be no different than the state of Xen guests currently. I can still blacklist problematic instructions like tsc with this too.

https://www.berrange.com/posts/2018/06/29/cpu-model-configuration-for-qemu-kvm-on-x86-hosts/

HulaHoop · July 18, 2018, 11:09pm

https://github.com/Whonix/whonix-libvirt/pull/67/commits/762eec8d20da2d1b3ac0ed2bcfd0f51766116316

https://github.com/Whonix/whonix-libvirt/pull/68/commits/64a0d37c404feaa0964de802a6bf8a3d7dfd7964

https://github.com/Whonix/whonix-libvirt/pull/69/commits/4c623d2fec553fa4fb63851ca80fcf8e24bf4c83

Done. @Patrick please merge ship these changes for the next RC because they are important.

Patrick · July 19, 2018, 5:49am

Merged.

For Non-Qubes-Whonix 14 there is no more RC. The current RC release will most likely be blessed stable.

HulaHoop · July 19, 2018, 11:42am

1 pull remaining for the custom ws. Can you please also merge it?

Patrick · July 19, 2018, 1:29pm

Sure, done.