Guest systems sees CPU of the Host

nurmagoz · December 5, 2015, 1:28pm

aha ok cool, but should we inform qubes about this ?

Patrick · December 7, 2015, 5:18pm

Moved that information here:

I am not sure yet. The KVM vs Qubes difference does not look that bad.

I wonder if only different hardware resulted in the difference.

Whonix KVM report:
https://phabricator.whonix.org/T449

Patrick · December 11, 2015, 10:17pm

Already a known issue.

github.com/QubesOS/qubes-issues

Stop telling VMs the exact physical CPU model in the computer

opened 12:21AM - 21 Aug 15 UTC

closed 11:45PM - 17 Oct 18 UTC

qubesuser

T: enhancement C: core C: Xen privacy R: declined

Currently Qubes lets VMs execute CPUID and get the exact model and microcode rev…ision of the physical CPU installed in the system. This is bad for anonymity and unexpected. Already discussed in https://groups.google.com/forum/#!msg/qubes-devel/Q8h-RGH5YoA/fzWbi7c-kfoJ but there seems to be no open issue, and it's a critical issue at least for anonymous VMs. Possible solutions: 1. Run all VMs in Xen PVHVM mode, fix libvirt so that it allows to set the CPUID for Xen and do so 2. Run all VMs in Xen PVH mode, fix Xen so that CPUID hiding works in PVH mode and fix libvirt as well to support PVH and allow to set CPUID 3. Replace Xen with KVM and then it just works with no additional effort The CPUID chosen should be the default libvirt one for the physical CPU microarchitecture (i.e. one for Skylake, one for Haswell, one for Sandy Bridge, etc.) which allows using all CPU instruction set extensions while not giving any more information and should be changeable to a less featureful one (Core 2 or Athlon 64) for increased anonymity if desired. Ideally Qubes should wait until a few months have passed from the release of a new CPU architecture before it starts advertising it by default, to ensure that the anonymity set is big enough, and it should also wait a random amount of time before changing it on upgrades, to avoid leaking the exact time the user installed the new CPU or changed computers. It would also be nice to look at whether it's possible to prevent applications indirectly detecting the size of the cache, size of TLBs, the speed of the CPU and other characteristics, although it may not be practical to avoid those.

HulaHoop · December 12, 2015, 3:39am

Good news.

nurmagoz · June 7, 2016, 7:27am

its the same as before

user@host:~$ cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 6
model name : QEMU Virtual CPU version 2.1.2
stepping : 3
microcode : 0x1
cache size : 4096 KB
physical id : 0
siblings : 1
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fdiv_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 4
wp : yes
flags : fpu de pse msr pae mce cx8 apic sep mtrr pge mca cmov pse36 mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt aes hypervisor lahf_lm
bogomips : 1185.79
clflush size : 32
cache_alignment : 32
address sizes : 40 bits physical, 48 bits virtual
power management:

processor : 1
vendor_id : GenuineIntel
cpu family : 6
model : 6
model name : QEMU Virtual CPU version 2.1.2
stepping : 3
microcode : 0x1
cache size : 4096 KB
physical id : 1
siblings : 1
core id : 0
cpu cores : 1
apicid : 1
initial apicid : 1
fdiv_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 4
wp : yes
flags : fpu de pse msr pae mce cx8 apic sep mtrr pge mca cmov pse36 mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt aes hypervisor lahf_lm
bogomips : 1173.50
clflush size : 32
cache_alignment : 32
address sizes : 40 bits physical, 48 bits virtual
power management:

HulaHoop · June 7, 2016, 1:53pm

Great stuff. Added to wiki. Thanks @nurmagoz!

Patrick · January 17, 2017, 10:02am

https://github.com/Whonix/Whonix/commit/6db3c345c80ee9841fcae57621cafbfcdd000a0f

Patrick · January 18, 2017, 5:26am

Quote dumbmouse

After much research this is the best way to hide the CPU using VirtualBox:
[…]

See more:
https://phabricator.whonix.org/T408#11595

nurmagoz · February 15, 2024, 5:54pm

cat /proc/cpuinfo in KVM doesnt show

model name : QEMU Virtual CPU version 2.1.2

it will show the same reading as vbox.

cc @HulaHoop any idea?

Patrick · February 16, 2024, 5:14am

Probably related to spectre/meltdown alike CPU bugs.

libvirt-dist/usr/share/libvirt-dist/xml/Whonix-Workstation.xml at master · Kicksecure/libvirt-dist · GitHub

  <cpu mode='host-passthrough'/>

  <vcpu placement='static' cpuset='1'>1</vcpu>

Quote Should all kernel patches for CPU bugs be unconditionally enabled? Vs Performance vs Applicability - #7 by Patrick

HulaHoop changed Whonix KVM to host-passthrough :

KVM CPU masking got proverbially killed by specture/meltdown CPU bugs. CPU masking can no longer be recommended due the CPU bugs.

Qubes has the same issue. → Technical Challenges