Since we disabled that, this is no longer an issue, however the output for the clocksource implied we are using a tsc timer even though I left nothing listed in the xml file besides kvmclock as disabled.
KVM defaults (tsc vs kvmclock) can be distro specific. We should explicitly set it to tsc for better security on various systems.
Since we use tsc as a timer, it doesn't have a setting for time tracking. If you think we should use rtc instead because it has the option to specifically track guest time instead, this means that we have to put an explicit setting in the config file, probably something like this:
On my host system and in my VMs, the default (never changed this) is tsc. I guess that is a good reason to keep KVM VMs also in tsc.
I don't know how to verify that time is isolated as it is currently. Any ideas?
Deactivate Whonix specific timesync.
sudo chmod -x /etc/init.d/sdwdate
sudo chmod -x /etc/init.d/bootclockrandomization
Power off virtual machine.
Compare host time with VM time.
Open a terminal and type "date" to get the current time. (Graphical clocks may lie to you about seconds due to bugs in these.)
Then do something else (do something in another VM, read a book, get some runts, whatever so time passes). Come back in an hour. Check if anything changed. (Any new delays.)
Then slew the host clock a few seconds forward or backward. See if this has any effect on the VM. (It should not.) Then do something else. Come back in an hour. Check if anything changed. The host/VM time difference should not be changed.
Then slew the VM clock a few seconds forward or backward. See if this has any effect on the host. (It should not.) Then do something else. Come back in an hour. Check if anything changed. The host/VM time difference should not be changed.
When host and VM clock are independent, everything is fine.
Please don't forget to add the links I posted before for disabling kvmclock to the wiki, just in case we need them for future reference.
Feel free to add anything you wish to that page.