Maybe not hardened but specialized kernels for VM did and do exist.
-
Debian -- Details of package linux-image-cloud-amd64 in buster as mentioned here: Kernel versions and security / Debian backports - #5 by Patrick
-
Ubuntu had something. Search term:
“linux-kernel-virtual” “ubuntu”
But Ubuntu thing was a thing of 2013 or earlier. Might have been a whole distribution flavor only for virtual machines.
But System wide MAC policy or verified boot would also prevent modprobe anyway? Hence no extra advantage by disabling module loading during compile time?
audio: workstation yes, gateway no.
RTC: Not sure.
https://github.com/Whonix/Whonix/blob/master/build-steps.d/2600_create-vbox-vm#L103-L107
We need a hardware clock for sure? Otherwise when VM would start it would not have any clock except perhaps some hardcoded time/date information at all? But not necessarily an RTC? Dunno if VirtualBox provides an RTC and a hardware clock or only an hardware clock which is also an RTC. Search term:
site:virtualbox.org real time clock
site:virtualbox.org RTC
Haven’t found something relevant yet.
I haven’t found any “relevant” disadvantages of not having an RTC yet. Only of not having no hardware clock at all.
Could just try if anything breaks without RTC?
Best tested in non-Whonix / non-Kicksecure, plain Debian VM. At boot, time without help of any network synchronization daemons need to be somewhat correct. Shouldn’t rely on internet to fetch. Without any initial time, it’s hard/impossible to securely fetch time from remote. Opens up for many attacks as per: