Potential improvements for Virtual Machine Cloaking - KVM

KVM
1

By default, the CPU model information is leaked, which significantly reduces anonymity when running untrusted software. This issue can be addressed (with a slight performance impact) by using KVM and changing the CPU model to ‘qemu64’ instead of ‘host-passthrough’. Additionally, ensure that necessary features to protect against Spectre, Meltdown, and other attacks are enabled.

<cpu mode="custom" match="exact" check="none">
  <model fallback="forbid">qemu64</model>
  <feature policy="require" name="ibpb"/>
  <feature policy="require" name="md-clear"/>
  <feature policy="require" name="spec-ctrl"/>
  <feature policy="require" name="ssbd"/>
</cpu>

Other CPU models are vendor-specific (AMD or Intel), so ‘qemu64’ appears to be the best available option. You can verify the security of your system by running the following command: sudo spectre-meltdown-checker

Any persistent changes made to the operating system also make the virtual machine unique. This includes updating the OS or even booting into it in persistent mode. To ensure that each VM remains similar, you can run the VM in live mode with a read-only hard disk directly from the download. If a user needs to edit files within the VM, a shared folder can be used, perhaps with additional features similar to bind-dirs in Qubes OS.

Other factors that can differentiate VMs include the number of vCPUs, the amount of RAM, and the display size. To minimize these differences and enhance consistency, users can be suggested to use preconfigured options based on performance, such as
Low: 1 vCPUs, 2GB of RAM, and a display resolution of 1280x720.
Medium: 2 vCPUs, 4GB of RAM, and a display resolution of 1920x1080.
High: 4 vCPUs, 1GB of RAM, and a display resolution of 1920x1080.

2

Cannot be prevented:

Note:

duplicate of:

Please review the existing documentation and previous discussions carefully before suggesting changes. This helps avoid repeating past points and saves valuable development time.

Quote Adding vCPUs:

CPU pinning is done to safeguard processes in other VMs that run cryptographic operations from side-channel attacks in case of a vulnerability in a cryptographic library.

(See footnotes.)

3

Unfortunately, locally running applications can use the non-privileged CPU instruction CPUID. This cannot be prevented.

Choosing qemu64 as the CPU model in KVM hides the user’s real model in my experience. In what way does CPUID manage to find the real model?

OK, then you can do
<vcpu placement="static" cpuset="1-4">4</vcpu>

How about the idea of every user running the same image similar to how Tails does?

4

QEMU:

Why not Use a Live CD/DVD as the Whonix-Workstation Operating System?

5

qemu64 is the CPU model, not really QEMU.

Why not Use a Live CD/DVD as the Whonix-Workstation Operating System?

I mean live image as in read-only disk always in live mode using grub-live for the Workstation. The file size could be 1.6GB like Tails with monthly upgrades, and security updates can be installed without persistence on boot if needed. Shared folders could make the experience usable similar to Persistent Storage feature in Tails OS.

6

What’s the output of cpuid? Reference: cpuid usage

Is it different for host versus inside VM?

Some security updates unfortunately require reboot.
(related: Add package needrestart)

I don’t think this is fixable. See:

See:

Even if possible, it’s a balance.

  • A) development effort: how often new images are created; versus
  • B) security updates: how fast/complete security updates are installed; versus
  • C) reset VM fingerprint at each boot.

Most users prefer persistence.

Hence, not planned.

7

Do most security updates require a reboot? The alternative I propose, which involves downloading releases as they become available and checking for upgrades on each boot, seems to be as effective as, if not better than, Tails.

Running the image in read-only mode with the same configuration file as others appears to result in the VM having a non-unique fingerprint already.

The only remaining issue is the lack of user sudo rights, which are necessary for using shared folders with virtiofs and upgrading system packages. Modifying the image is unfortunately required to obtain these rights. Prior to the user-sysmaint-split, my proposal was already feasible.

I believe all users who use qemu64 will have the same CPUID output. Here is mine:

CPU 0:
   vendor_id = "GenuineIntel"
   version information (1/eax):
      processor type  = primary processor (0)
      family          = 0xf (15)
      model           = 0xb (11)
      stepping id     = 0x1 (1)
      extended family = 0x0 (0)
      extended model  = 0x6 (6)
      (family synth)  = 0xf (15)
      (model synth)   = 0x6b (107)
      (simple synth)  = Intel Pentium 4 / Pentium D / Xeon / Xeon MP / Celeron / Celeron D (unknown model) {Netburst}
   miscellaneous (1/ebx):
      process local APIC physical ID = 0x0 (0)
      maximum IDs for CPUs in pkg    = 0x0 (0)
      CLFLUSH line size              = 0x8 (8)
      brand index                    = 0x0 (0)
   brand id = 0x00 (0): unknown
   feature information (1/edx):
      x87 FPU on chip                        = true
      VME: virtual-8086 mode enhancement     = false
      DE: debugging extensions               = true
      PSE: page size extensions              = true
      TSC: time stamp counter                = true
      RDMSR and WRMSR support                = true
      PAE: physical address extensions       = true
      MCE: machine check exception           = true
      CMPXCHG8B inst.                        = true
      APIC on chip                           = true
      SYSENTER and SYSEXIT                   = true
      MTRR: memory type range registers      = true
      PTE global bit                         = true
      MCA: machine check architecture        = true
      CMOV: conditional move/compare instr   = true
      PAT: page attribute table              = true
      PSE-36: page size extension            = true
      PSN: processor serial number           = false
      CLFLUSH instruction                    = true
      DS: debug store                        = false
      ACPI: thermal monitor and clock ctrl   = false
      MMX Technology                         = true
      FXSAVE/FXRSTOR                         = true
      SSE extensions                         = true
      SSE2 extensions                        = true
      SS: self snoop                         = false
      hyper-threading / multi-core supported = false
      TM: therm. monitor                     = false
      IA64                                   = false
      PBE: pending break event               = false
   feature information (1/ecx):
      PNI/SSE3: Prescott New Instructions     = true
      PCLMULDQ instruction                    = false
      DTES64: 64-bit debug store              = false
      MONITOR/MWAIT                           = false
      CPL-qualified debug store               = false
      VMX: virtual machine extensions         = false
      SMX: safer mode extensions              = false
      Enhanced Intel SpeedStep Technology     = false
      TM2: thermal monitor 2                  = false
      SSSE3 extensions                        = false
      context ID: adaptive or shared L1 data  = false
      SDBG: IA32_DEBUG_INTERFACE              = false
      FMA instruction                         = false
      CMPXCHG16B instruction                  = true
      xTPR disable                            = false
      PDCM: perfmon and debug                 = false
      PCID: process context identifiers       = false
      DCA: direct cache access                = false
      SSE4.1 extensions                       = false
      SSE4.2 extensions                       = false
      x2APIC: extended xAPIC support          = true
      MOVBE instruction                       = false
      POPCNT instruction                      = false
      time stamp counter deadline             = false
      AES instruction                         = false
      XSAVE/XSTOR states                      = false
      OS-enabled XSAVE/XSTOR                  = false
      AVX: advanced vector extensions         = false
      F16C half-precision convert instruction = false
      RDRAND instruction                      = false
      hypervisor guest status                 = true
   cache and TLB information (2):
      0x4d: L3 cache: 16M, 16-way, 64 byte lines
      0x7d: L2 cache: 2M, 8-way, 64 byte lines
      0x30: L1 cache: 32K, 8-way, 64 byte lines
      0x2c: L1 data cache: 32K, 8-way, 64 byte lines
   processor serial number = 0006-0FB1-0000-0000-0000-0000
   deterministic cache parameters (4):
      --- cache 0 ---
      cache type                         = data cache (1)
      cache level                        = 0x1 (1)
      self-initializing cache level      = true
      fully associative cache            = false
      maximum IDs for CPUs sharing cache = 0x0 (0)
      maximum IDs for cores in pkg       = 0x0 (0)
      system coherency line size         = 0x40 (64)
      physical line partitions           = 0x1 (1)
      ways of associativity              = 0x8 (8)
      number of sets                     = 0x40 (64)
      WBINVD/INVD acts on lower caches   = true
      inclusive to lower caches          = false
      complex cache indexing             = false
      number of sets (s)                 = 64
      (size synth)                       = 32768 (32 KB)
      --- cache 1 ---
      cache type                         = instruction cache (2)
      cache level                        = 0x1 (1)
      self-initializing cache level      = true
      fully associative cache            = false
      maximum IDs for CPUs sharing cache = 0x0 (0)
      maximum IDs for cores in pkg       = 0x0 (0)
      system coherency line size         = 0x40 (64)
      physical line partitions           = 0x1 (1)
      ways of associativity              = 0x8 (8)
      number of sets                     = 0x40 (64)
      WBINVD/INVD acts on lower caches   = true
      inclusive to lower caches          = false
      complex cache indexing             = false
      number of sets (s)                 = 64
      (size synth)                       = 32768 (32 KB)
      --- cache 2 ---
      cache type                         = unified cache (3)
      cache level                        = 0x2 (2)
      self-initializing cache level      = true
      fully associative cache            = false
      maximum IDs for CPUs sharing cache = 0x0 (0)
      maximum IDs for cores in pkg       = 0x0 (0)
      system coherency line size         = 0x40 (64)
      physical line partitions           = 0x1 (1)
      ways of associativity              = 0x10 (16)
      number of sets                     = 0x1000 (4096)
      WBINVD/INVD acts on lower caches   = true
      inclusive to lower caches          = false
      complex cache indexing             = false
      number of sets (s)                 = 4096
      (size synth)                       = 4194304 (4 MB)
      --- cache 3 ---
      cache type                         = unified cache (3)
      cache level                        = 0x3 (3)
      self-initializing cache level      = true
      fully associative cache            = false
      maximum IDs for CPUs sharing cache = 0x0 (0)
      maximum IDs for cores in pkg       = 0x0 (0)
      system coherency line size         = 0x40 (64)
      physical line partitions           = 0x1 (1)
      ways of associativity              = 0x10 (16)
      number of sets                     = 0x4000 (16384)
      WBINVD/INVD acts on lower caches   = false
      inclusive to lower caches          = true
      complex cache indexing             = true
      number of sets (s)                 = 16384
      (size synth)                       = 16777216 (16 MB)
      --- cache 4 ---
      cache type                         = no more caches (0)
   MONITOR/MWAIT (5):
      smallest monitor-line size (bytes)       = 0x0 (0)
      largest monitor-line size (bytes)        = 0x0 (0)
      enum of Monitor-MWAIT exts supported     = true
      supports intrs as break-event for MWAIT  = true
      number of C0 sub C-states using MWAIT    = 0x0 (0)
      number of C1 sub C-states using MWAIT    = 0x0 (0)
      number of C2 sub C-states using MWAIT    = 0x0 (0)
      number of C3 sub C-states using MWAIT    = 0x0 (0)
      number of C4 sub C-states using MWAIT    = 0x0 (0)
      number of C5 sub C-states using MWAIT    = 0x0 (0)
      number of C6 sub C-states using MWAIT    = 0x0 (0)
      number of C7 sub C-states using MWAIT    = 0x0 (0)
   Thermal and Power Management Features (6):
      digital thermometer                     = false
      Intel Turbo Boost Technology            = false
      ARAT always running APIC timer          = false
      PLN power limit notification            = false
      ECMD extended clock modulation duty     = false
      PTM package thermal management          = false
      HWP base registers                      = false
      HWP notification                        = false
      HWP activity window                     = false
      HWP energy performance preference       = false
      HWP package level request               = false
      HDC base registers                      = false
      Intel Turbo Boost Max Technology 3.0    = false
      HWP capabilities                        = false
      HWP PECI override                       = false
      flexible HWP                            = false
      IA32_HWP_REQUEST MSR fast access mode   = false
      HW_FEEDBACK MSRs supported              = false
      ignoring idle logical processor HWP req = false
      Thread Director                         = false
      IA32_HW_FEEDBACK_THREAD_CONFIG bit 25   = false
      digital thermometer thresholds          = 0x0 (0)
      hardware coordination feedback          = false
      ACNT2 available                         = false
      performance-energy bias capability      = false
      number of enh hardware feedback classes = 0x0 (0)
      performance capability reporting        = false
      energy efficiency capability reporting  = false
      size of feedback struct (4KB pages)     = 0x1 (1)
      index of CPU's row in feedback struct   = 0x0 (0)
   extended feature flags (7):
      FSGSBASE instructions                    = false
      IA32_TSC_ADJUST MSR supported            = false
      SGX: Software Guard Extensions supported = false
      BMI1 instructions                        = false
      HLE hardware lock elision                = false
      AVX2: advanced vector extensions 2       = false
      FDP_EXCPTN_ONLY                          = false
      SMEP supervisor mode exec protection     = false
      BMI2 instructions                        = false
      enhanced REP MOVSB/STOSB                 = false
      INVPCID instruction                      = false
      RTM: restricted transactional memory     = false
      RDT-CMT/PQoS cache monitoring            = false
      deprecated FPU CS/DS                     = false
      MPX: intel memory protection extensions  = false
      RDT-CAT/PQE cache allocation             = false
      AVX512F: AVX-512 foundation instructions = false
      AVX512DQ: double & quadword instructions = false
      RDSEED instruction                       = false
      ADX instructions                         = false
      SMAP: supervisor mode access prevention  = false
      AVX512IFMA: integer fused multiply add   = false
      PCOMMIT instruction                      = false
      CLFLUSHOPT instruction                   = false
      CLWB instruction                         = false
      Intel processor trace                    = false
      AVX512PF: prefetch instructions          = false
      AVX512ER: exponent & reciprocal instrs   = false
      AVX512CD: conflict detection instrs      = false
      SHA instructions                         = false
      AVX512BW: byte & word instructions       = false
      AVX512VL: vector length                  = false
      PREFETCHWT1                              = false
      AVX512VBMI: vector byte manipulation     = false
      UMIP: user-mode instruction prevention   = false
      PKU protection keys for user-mode        = false
      OSPKE CR4.PKE and RDPKRU/WRPKRU          = false
      WAITPKG instructions                     = false
      AVX512_VBMI2: byte VPCOMPRESS, VPEXPAND  = false
      CET_SS: CET shadow stack                 = false
      GFNI: Galois Field New Instructions      = false
      VAES instructions                        = false
      VPCLMULQDQ instruction                   = false
      AVX512_VNNI: neural network instructions = false
      AVX512_BITALG: bit count/shiffle         = false
      TME: Total Memory Encryption             = false
      AVX512: VPOPCNTDQ instruction            = false
      LA57: 57-bit addrs & 5-level paging      = false
      BNDLDX/BNDSTX MAWAU value in 64-bit mode = 0x0 (0)
      RDPID: read processor ID supported       = false
      KL: key locker                           = false
      bus lock detection                       = false
      CLDEMOTE supports cache line demote      = false
      MOVDIRI instruction                      = false
      MOVDIR64B instruction                    = false
      ENQCMD instruction                       = false
      SGX_LC: SGX launch config supported      = false
      PKS: supervisor protection keys          = false
      SGX-KEYS: SGX attestation services       = false
      AVX512_4VNNIW: neural network instrs     = false
      AVX512_4FMAPS: multiply acc single prec  = false
      fast short REP MOV                       = false
      UINTR: user interrupts                   = false
      AVX512_VP2INTERSECT: intersect mask regs = false
      IA32_MCU_OPT_CTRL SRBDS mitigation MSR   = false
      VERW MD_CLEAR microcode support          = true
      RTM transaction always aborts            = false
      IA32_TSX_FORCE_ABORT MSR                 = false
      SERIALIZE instruction                    = false
      hybrid part                              = false
      TSXLDTRK: TSX suspend load addr tracking = false
      PCONFIG instruction                      = false
      LBR: architectural last branch records   = false
      CET_IBT: CET indirect branch tracking    = false
      AMX-BF16: tile bfloat16 support          = false
      AVX512_FP16: fp16 support                = false
      AMX-TILE: tile architecture support      = false
      AMX-INT8: tile 8-bit integer support     = false
      IBRS/IBPB: indirect branch restrictions  = true
      STIBP: 1 thr indirect branch predictor   = false
      L1D_FLUSH: IA32_FLUSH_CMD MSR            = false
      IA32_ARCH_CAPABILITIES MSR               = false
      IA32_CORE_CAPABILITIES MSR               = false
      SSBD: speculative store bypass disable   = true
   Direct Cache Access Parameters (9):
      PLATFORM_DCA_CAP MSR bits = 0
   Architecture Performance Monitoring Features (0xa):
      version ID                               = 0x0 (0)
      number of counters per logical processor = 0x0 (0)
      bit width of counter                     = 0x0 (0)
      length of EBX bit vector                 = 0x0 (0)
      core cycle event                         = not available
      instruction retired event                = not available
      reference cycles event                   = not available
      last-level cache ref event               = not available
      last-level cache miss event              = not available
      branch inst retired event                = not available
      branch mispred retired event             = not available
      top-down slots event                     = not available
      fixed counter  0 supported               = false
      fixed counter  1 supported               = false
      fixed counter  2 supported               = false
      fixed counter  3 supported               = false
      fixed counter  4 supported               = false
      fixed counter  5 supported               = false
      fixed counter  6 supported               = false
      fixed counter  7 supported               = false
      fixed counter  8 supported               = false
      fixed counter  9 supported               = false
      fixed counter 10 supported               = false
      fixed counter 11 supported               = false
      fixed counter 12 supported               = false
      fixed counter 13 supported               = false
      fixed counter 14 supported               = false
      fixed counter 15 supported               = false
      fixed counter 16 supported               = false
      fixed counter 17 supported               = false
      fixed counter 18 supported               = false
      fixed counter 19 supported               = false
      fixed counter 20 supported               = false
      fixed counter 21 supported               = false
      fixed counter 22 supported               = false
      fixed counter 23 supported               = false
      fixed counter 24 supported               = false
      fixed counter 25 supported               = false
      fixed counter 26 supported               = false
      fixed counter 27 supported               = false
      fixed counter 28 supported               = false
      fixed counter 29 supported               = false
      fixed counter 30 supported               = false
      fixed counter 31 supported               = false
      number of contiguous fixed counters      = 0x0 (0)
      bit width of fixed counters              = 0x0 (0)
      anythread deprecation                    = false
   x2APIC features / processor topology (0xb):
      extended APIC ID                      = 0
      --- level 0 ---
      level number                          = 0x0 (0)
      level type                            = thread (1)
      bit width of level                    = 0x0 (0)
      number of logical processors at level = 0x1 (1)
      --- level 1 ---
      level number                          = 0x1 (1)
      level type                            = core (2)
      bit width of level                    = 0x0 (0)
      number of logical processors at level = 0x1 (1)
      --- level 2 ---
      level number                          = 0x2 (2)
      level type                            = invalid (0)
      bit width of level                    = 0x0 (0)
      number of logical processors at level = 0x0 (0)
   XSAVE features (0xd/0):
      XCR0 valid bit field mask               = 0x0000000000000000
         x87 state                            = false
         SSE state                            = false
         AVX state                            = false
         MPX BNDREGS                          = false
         MPX BNDCSR                           = false
         AVX-512 opmask                       = false
         AVX-512 ZMM_Hi256                    = false
         AVX-512 Hi16_ZMM                     = false
         PKRU state                           = false
         XTILECFG state                       = false
         XTILEDATA state                      = false
      bytes required by fields in XCR0        = 0x00000000 (0)
      bytes required by XSAVE/XRSTOR area     = 0x00000000 (0)
      XSAVEOPT instruction                    = false
      XSAVEC instruction                      = false
      XGETBV instruction                      = false
      XSAVES/XRSTORS instructions             = false
      XFD: extended feature disable supported = false
      SAVE area size in bytes                 = 0x00000000 (0)
      IA32_XSS valid bit field mask           = 0x0000000000000000
         PT state                             = false
         PASID state                          = false
         CET_U user state                     = false
         CET_S supervisor state               = false
         HDC state                            = false
         UINTR state                          = false
         LBR state                            = false
         HWP state                            = false
   hypervisor_id (0x40000000) = "KVMKVMKVM\0\0\0"
   hypervisor features (0x40000001/eax):
      kvmclock available at MSR 0x11           = false
      delays unnecessary for PIO ops           = true
      mmu_op                                   = false
      kvmclock available at MSR 0x4b564d00     = false
      async pf enable available by MSR         = true
      steal clock supported                    = true
      guest EOI optimization enabled           = true
      guest spinlock optimization enabled      = true
      guest TLB flush optimization enabled     = false
      async PF VM exit enable available by MSR = false
      guest send IPI optimization enabled      = false
      host HLT poll disable at MSR 0x4b564d05  = false
      guest sched yield optimization enabled   = false
      guest uses intrs for page ready APF evs  = false
      extended destination ID                  = false
      map gpa range hypercall supported        = false
      MSR_KVM_MIGRATION_CONTROL supported      = false
      stable: no guest per-cpu warps expected  = true
   hypervisor features (0x40000001/edx):
      realtime hint: no unbound preemption = false
   hypervisor_id (0x40000100) = "\0\0\0\0\0\0\0\0\0\0\0\0"
   extended feature flags (0x80000001/edx):
      SYSCALL and SYSRET instructions        = true
      execution disable                      = true
      1-GB large page support                = false
      RDTSCP                                 = false
      64-bit extensions technology available = true
   Intel feature flags (0x80000001/ecx):
      LAHF/SAHF supported in 64-bit mode     = true
      LZCNT advanced bit manipulation        = false
      3DNow! PREFETCH/PREFETCHW instructions = false
   brand = "QEMU Virtual CPU version 2.5+"
   L1 TLB/cache information: 2M/4M pages & L1 TLB (0x80000005/eax):
      instruction # entries     = 0xff (255)
      instruction associativity = 0x1 (1)
      data # entries            = 0xff (255)
      data associativity        = 0x1 (1)
   L1 TLB/cache information: 4K pages & L1 TLB (0x80000005/ebx):
      instruction # entries     = 0xff (255)
      instruction associativity = 0x1 (1)
      data # entries            = 0xff (255)
      data associativity        = 0x1 (1)
   L1 data cache information (0x80000005/ecx):
      line size (bytes) = 0x40 (64)
      lines per tag     = 0x1 (1)
      associativity     = 0x2 (2)
      size (KB)         = 0x40 (64)
   L1 instruction cache information (0x80000005/edx):
      line size (bytes) = 0x40 (64)
      lines per tag     = 0x1 (1)
      associativity     = 0x2 (2)
      size (KB)         = 0x40 (64)
   L2 TLB/cache information: 2M/4M pages & L2 TLB (0x80000006/eax):
      instruction # entries     = 0x0 (0)
      instruction associativity = L2 off (0)
      data # entries            = 0x0 (0)
      data associativity        = L2 off (0)
   L2 TLB/cache information: 4K pages & L2 TLB (0x80000006/ebx):
      instruction # entries     = 0x200 (512)
      instruction associativity = 4 to 5-way (4)
      data # entries            = 0x200 (512)
      data associativity        = 4 to 5-way (4)
   L2 unified cache information (0x80000006/ecx):
      line size (bytes) = 0x40 (64)
      lines per tag     = 0x1 (1)
      associativity     = 16 to 31-way (8)
      size (KB)         = 0x200 (512)
   L3 cache information (0x80000006/edx):
      line size (bytes)     = 0x40 (64)
      lines per tag         = 0x1 (1)
      associativity         = 16 to 31-way (8)
      size (in 512KB units) = 0x20 (32)
   RAS Capability (0x80000007/ebx):
      MCA overflow recovery support = false
      SUCCOR support                = false
      HWA: hardware assert support  = false
      scalable MCA support          = false
   Advanced Power Management Features (0x80000007/ecx):
      CmpUnitPwrSampleTimeRatio = 0x0 (0)
   Advanced Power Management Features (0x80000007/edx):
      TS: temperature sensing diode           = false
      FID: frequency ID control               = false
      VID: voltage ID control                 = false
      TTP: thermal trip                       = false
      TM: thermal monitor                     = false
      STC: software thermal control           = false
      100 MHz multiplier control              = false
      hardware P-State control                = false
      TscInvariant                            = false
      CPB: core performance boost             = false
      read-only effective frequency interface = false
      processor feedback interface            = false
      APM power reporting                     = false
      connected standby                       = false
      RAPL: running average power limit       = false
   Physical Address and Linear Address Size (0x80000008/eax):
      maximum physical address bits         = 0x28 (40)
      maximum linear (virtual) address bits = 0x30 (48)
      maximum guest physical address bits   = 0x0 (0)
   Extended Feature Extensions ID (0x80000008/ebx):
      CLZERO instruction                       = false
      instructions retired count support       = false
      always save/restore error pointers       = false
      INVLPGB instruction                      = false
      RDPRU instruction                        = false
      memory bandwidth enforcement             = false
      MCOMMIT instruction                      = false
      WBNOINVD instruction                     = false
      IBPB: indirect branch prediction barrier = true
      interruptible WBINVD, WBNOINVD           = false
      IBRS: indirect branch restr speculation  = false
      STIBP: 1 thr indirect branch predictor   = false
      CPU prefers: IBRS always on              = false
      CPU prefers: STIBP always on             = false
      IBRS preferred over software solution    = false
      IBRS provides same mode protection       = false
      EFER[LMSLE] not supported                = false
      INVLPGB supports TLB flush guest nested  = false
      ppin processor id number supported       = false
      SSBD: speculative store bypass disable   = false
      virtualized SSBD                         = false
      SSBD fixed in hardware                   = false
      CPPC: collaborative processor perf ctrl  = false
      PSFD: predictive store forward disable   = false
      not vulnerable to branch type confusion  = false
      branch sampling feature support          = false
      (vuln to branch type confusion synth)    = true
   Size Identifiers (0x80000008/ecx):
      number of CPU cores                 = 0x1 (1)
      ApicIdCoreIdSize                    = 0x0 (0)
      performance time-stamp counter size = 40 bits (0)
   Feature Extended Size (0x80000008/edx):
      max page count for INVLPGB instruction = 0x0 (0)
      RDPRU instruction max input support    = 0x0 (0)
   SVM Secure Virtual Machine (0x8000000a/eax):
      SvmRev: SVM revision = 0x0 (0)
   SVM Secure Virtual Machine (0x8000000a/edx):
      nested paging                           = false
      LBR virtualization                      = false
      SVM lock                                = false
      NRIP save                               = false
      MSR based TSC rate control              = false
      VMCB clean bits support                 = false
      flush by ASID                           = false
      decode assists                          = false
      SSSE3/SSE5 opcode set disable           = false
      pause intercept filter                  = false
      pause filter threshold                  = false
      AVIC: AMD virtual interrupt controller  = false
      virtualized VMLOAD/VMSAVE               = false
      virtualized global interrupt flag (GIF) = false
      GMET: guest mode execute trap           = false
      X2AVIC: virtualized X2APIC              = false
      supervisor shadow stack                 = false
      guest Spec_ctl support                  = false
      ROGPT: read-only guest page table       = false
      host MCE override                       = false
      INVLPGB/TLBSYNC hyperv interc enable    = false
      VNMI: NMI virtualization                = false
      IBS virtualization                      = false
      guest SVME addr check                   = false
   NASID: number of address space identifiers = 0x0 (0):
   (multi-processing synth) = none
   (multi-processing method) = Intel leaf 0xb
   (APIC widths synth): CORE_width=0 SMT_width=0
   (APIC synth): PKG_ID=0 CORE_ID=0 SMT_ID=0
   (uarch synth) = Intel {Netburst}
   (synth) = Intel Pentium 4 / Pentium D / Xeon / Xeon MP / Celeron / Celeron D (unknown model) {Netburst}
CPU 1:
   vendor_id = "GenuineIntel"
   version information (1/eax):
      processor type  = primary processor (0)
      family          = 0xf (15)
      model           = 0xb (11)
      stepping id     = 0x1 (1)
      extended family = 0x0 (0)
      extended model  = 0x6 (6)
      (family synth)  = 0xf (15)
      (model synth)   = 0x6b (107)
      (simple synth)  = Intel Pentium 4 / Pentium D / Xeon / Xeon MP / Celeron / Celeron D (unknown model) {Netburst}
   miscellaneous (1/ebx):
      process local APIC physical ID = 0x1 (1)
      maximum IDs for CPUs in pkg    = 0x0 (0)
      CLFLUSH line size              = 0x8 (8)
      brand index                    = 0x0 (0)
   brand id = 0x00 (0): unknown
   feature information (1/edx):
      x87 FPU on chip                        = true
      VME: virtual-8086 mode enhancement     = false
      DE: debugging extensions               = true
      PSE: page size extensions              = true
      TSC: time stamp counter                = true
      RDMSR and WRMSR support                = true
      PAE: physical address extensions       = true
      MCE: machine check exception           = true
      CMPXCHG8B inst.                        = true
      APIC on chip                           = true
      SYSENTER and SYSEXIT                   = true
      MTRR: memory type range registers      = true
      PTE global bit                         = true
      MCA: machine check architecture        = true
      CMOV: conditional move/compare instr   = true
      PAT: page attribute table              = true
      PSE-36: page size extension            = true
      PSN: processor serial number           = false
      CLFLUSH instruction                    = true
      DS: debug store                        = false
      ACPI: thermal monitor and clock ctrl   = false
      MMX Technology                         = true
      FXSAVE/FXRSTOR                         = true
      SSE extensions                         = true
      SSE2 extensions                        = true
      SS: self snoop                         = false
      hyper-threading / multi-core supported = false
      TM: therm. monitor                     = false
      IA64                                   = false
      PBE: pending break event               = false
   feature information (1/ecx):
      PNI/SSE3: Prescott New Instructions     = true
      PCLMULDQ instruction                    = false
      DTES64: 64-bit debug store              = false
      MONITOR/MWAIT                           = false
      CPL-qualified debug store               = false
      VMX: virtual machine extensions         = false
      SMX: safer mode extensions              = false
      Enhanced Intel SpeedStep Technology     = false
      TM2: thermal monitor 2                  = false
      SSSE3 extensions                        = false
      context ID: adaptive or shared L1 data  = false
      SDBG: IA32_DEBUG_INTERFACE              = false
      FMA instruction                         = false
      CMPXCHG16B instruction                  = true
      xTPR disable                            = false
      PDCM: perfmon and debug                 = false
      PCID: process context identifiers       = false
      DCA: direct cache access                = false
      SSE4.1 extensions                       = false
      SSE4.2 extensions                       = false
      x2APIC: extended xAPIC support          = true
      MOVBE instruction                       = false
      POPCNT instruction                      = false
      time stamp counter deadline             = false
      AES instruction                         = false
      XSAVE/XSTOR states                      = false
      OS-enabled XSAVE/XSTOR                  = false
      AVX: advanced vector extensions         = false
      F16C half-precision convert instruction = false
      RDRAND instruction                      = false
      hypervisor guest status                 = true
   cache and TLB information (2):
      0x4d: L3 cache: 16M, 16-way, 64 byte lines
      0x7d: L2 cache: 2M, 8-way, 64 byte lines
      0x30: L1 cache: 32K, 8-way, 64 byte lines
      0x2c: L1 data cache: 32K, 8-way, 64 byte lines
   processor serial number = 0006-0FB1-0000-0000-0000-0000
   deterministic cache parameters (4):
      --- cache 0 ---
      cache type                         = data cache (1)
      cache level                        = 0x1 (1)
      self-initializing cache level      = true
      fully associative cache            = false
      maximum IDs for CPUs sharing cache = 0x0 (0)
      maximum IDs for cores in pkg       = 0x0 (0)
      system coherency line size         = 0x40 (64)
      physical line partitions           = 0x1 (1)
      ways of associativity              = 0x8 (8)
      number of sets                     = 0x40 (64)
      WBINVD/INVD acts on lower caches   = true
      inclusive to lower caches          = false
      complex cache indexing             = false
      number of sets (s)                 = 64
      (size synth)                       = 32768 (32 KB)
      --- cache 1 ---
      cache type                         = instruction cache (2)
      cache level                        = 0x1 (1)
      self-initializing cache level      = true
      fully associative cache            = false
      maximum IDs for CPUs sharing cache = 0x0 (0)
      maximum IDs for cores in pkg       = 0x0 (0)
      system coherency line size         = 0x40 (64)
      physical line partitions           = 0x1 (1)
      ways of associativity              = 0x8 (8)
      number of sets                     = 0x40 (64)
      WBINVD/INVD acts on lower caches   = true
      inclusive to lower caches          = false
      complex cache indexing             = false
      number of sets (s)                 = 64
      (size synth)                       = 32768 (32 KB)
      --- cache 2 ---
      cache type                         = unified cache (3)
      cache level                        = 0x2 (2)
      self-initializing cache level      = true
      fully associative cache            = false
      maximum IDs for CPUs sharing cache = 0x0 (0)
      maximum IDs for cores in pkg       = 0x0 (0)
      system coherency line size         = 0x40 (64)
      physical line partitions           = 0x1 (1)
      ways of associativity              = 0x10 (16)
      number of sets                     = 0x1000 (4096)
      WBINVD/INVD acts on lower caches   = true
      inclusive to lower caches          = false
      complex cache indexing             = false
      number of sets (s)                 = 4096
      (size synth)                       = 4194304 (4 MB)
      --- cache 3 ---
      cache type                         = unified cache (3)
      cache level                        = 0x3 (3)
      self-initializing cache level      = true
      fully associative cache            = false
      maximum IDs for CPUs sharing cache = 0x0 (0)
      maximum IDs for cores in pkg       = 0x0 (0)
      system coherency line size         = 0x40 (64)
      physical line partitions           = 0x1 (1)
      ways of associativity              = 0x10 (16)
      number of sets                     = 0x4000 (16384)
      WBINVD/INVD acts on lower caches   = false
      inclusive to lower caches          = true
      complex cache indexing             = true
      number of sets (s)                 = 16384
      (size synth)                       = 16777216 (16 MB)
      --- cache 4 ---
      cache type                         = no more caches (0)
   MONITOR/MWAIT (5):
      smallest monitor-line size (bytes)       = 0x0 (0)
      largest monitor-line size (bytes)        = 0x0 (0)
      enum of Monitor-MWAIT exts supported     = true
      supports intrs as break-event for MWAIT  = true
      number of C0 sub C-states using MWAIT    = 0x0 (0)
      number of C1 sub C-states using MWAIT    = 0x0 (0)
      number of C2 sub C-states using MWAIT    = 0x0 (0)
      number of C3 sub C-states using MWAIT    = 0x0 (0)
      number of C4 sub C-states using MWAIT    = 0x0 (0)
      number of C5 sub C-states using MWAIT    = 0x0 (0)
      number of C6 sub C-states using MWAIT    = 0x0 (0)
      number of C7 sub C-states using MWAIT    = 0x0 (0)
   Thermal and Power Management Features (6):
      digital thermometer                     = false
      Intel Turbo Boost Technology            = false
      ARAT always running APIC timer          = false
      PLN power limit notification            = false
      ECMD extended clock modulation duty     = false
      PTM package thermal management          = false
      HWP base registers                      = false
      HWP notification                        = false
      HWP activity window                     = false
      HWP energy performance preference       = false
      HWP package level request               = false
      HDC base registers                      = false
      Intel Turbo Boost Max Technology 3.0    = false
      HWP capabilities                        = false
      HWP PECI override                       = false
      flexible HWP                            = false
      IA32_HWP_REQUEST MSR fast access mode   = false
      HW_FEEDBACK MSRs supported              = false
      ignoring idle logical processor HWP req = false
      Thread Director                         = false
      IA32_HW_FEEDBACK_THREAD_CONFIG bit 25   = false
      digital thermometer thresholds          = 0x0 (0)
      hardware coordination feedback          = false
      ACNT2 available                         = false
      performance-energy bias capability      = false
      number of enh hardware feedback classes = 0x0 (0)
      performance capability reporting        = false
      energy efficiency capability reporting  = false
      size of feedback struct (4KB pages)     = 0x1 (1)
      index of CPU's row in feedback struct   = 0x0 (0)
   extended feature flags (7):
      FSGSBASE instructions                    = false
      IA32_TSC_ADJUST MSR supported            = false
      SGX: Software Guard Extensions supported = false
      BMI1 instructions                        = false
      HLE hardware lock elision                = false
      AVX2: advanced vector extensions 2       = false
      FDP_EXCPTN_ONLY                          = false
      SMEP supervisor mode exec protection     = false
      BMI2 instructions                        = false
      enhanced REP MOVSB/STOSB                 = false
      INVPCID instruction                      = false
      RTM: restricted transactional memory     = false
      RDT-CMT/PQoS cache monitoring            = false
      deprecated FPU CS/DS                     = false
      MPX: intel memory protection extensions  = false
      RDT-CAT/PQE cache allocation             = false
      AVX512F: AVX-512 foundation instructions = false
      AVX512DQ: double & quadword instructions = false
      RDSEED instruction                       = false
      ADX instructions                         = false
      SMAP: supervisor mode access prevention  = false
      AVX512IFMA: integer fused multiply add   = false
      PCOMMIT instruction                      = false
      CLFLUSHOPT instruction                   = false
      CLWB instruction                         = false
      Intel processor trace                    = false
      AVX512PF: prefetch instructions          = false
      AVX512ER: exponent & reciprocal instrs   = false
      AVX512CD: conflict detection instrs      = false
      SHA instructions                         = false
      AVX512BW: byte & word instructions       = false
      AVX512VL: vector length                  = false
      PREFETCHWT1                              = false
      AVX512VBMI: vector byte manipulation     = false
      UMIP: user-mode instruction prevention   = false
      PKU protection keys for user-mode        = false
      OSPKE CR4.PKE and RDPKRU/WRPKRU          = false
      WAITPKG instructions                     = false
      AVX512_VBMI2: byte VPCOMPRESS, VPEXPAND  = false
      CET_SS: CET shadow stack                 = false
      GFNI: Galois Field New Instructions      = false
      VAES instructions                        = false
      VPCLMULQDQ instruction                   = false
      AVX512_VNNI: neural network instructions = false
      AVX512_BITALG: bit count/shiffle         = false
      TME: Total Memory Encryption             = false
      AVX512: VPOPCNTDQ instruction            = false
      LA57: 57-bit addrs & 5-level paging      = false
      BNDLDX/BNDSTX MAWAU value in 64-bit mode = 0x0 (0)
      RDPID: read processor ID supported       = false
      KL: key locker                           = false
      bus lock detection                       = false
      CLDEMOTE supports cache line demote      = false
      MOVDIRI instruction                      = false
      MOVDIR64B instruction                    = false
      ENQCMD instruction                       = false
      SGX_LC: SGX launch config supported      = false
      PKS: supervisor protection keys          = false
      SGX-KEYS: SGX attestation services       = false
      AVX512_4VNNIW: neural network instrs     = false
      AVX512_4FMAPS: multiply acc single prec  = false
      fast short REP MOV                       = false
      UINTR: user interrupts                   = false
      AVX512_VP2INTERSECT: intersect mask regs = false
      IA32_MCU_OPT_CTRL SRBDS mitigation MSR   = false
      VERW MD_CLEAR microcode support          = true
      RTM transaction always aborts            = false
      IA32_TSX_FORCE_ABORT MSR                 = false
      SERIALIZE instruction                    = false
      hybrid part                              = false
      TSXLDTRK: TSX suspend load addr tracking = false
      PCONFIG instruction                      = false
      LBR: architectural last branch records   = false
      CET_IBT: CET indirect branch tracking    = false
      AMX-BF16: tile bfloat16 support          = false
      AVX512_FP16: fp16 support                = false
      AMX-TILE: tile architecture support      = false
      AMX-INT8: tile 8-bit integer support     = false
      IBRS/IBPB: indirect branch restrictions  = true
      STIBP: 1 thr indirect branch predictor   = false
      L1D_FLUSH: IA32_FLUSH_CMD MSR            = false
      IA32_ARCH_CAPABILITIES MSR               = false
      IA32_CORE_CAPABILITIES MSR               = false
      SSBD: speculative store bypass disable   = true
   Direct Cache Access Parameters (9):
      PLATFORM_DCA_CAP MSR bits = 0
   Architecture Performance Monitoring Features (0xa):
      version ID                               = 0x0 (0)
      number of counters per logical processor = 0x0 (0)
      bit width of counter                     = 0x0 (0)
      length of EBX bit vector                 = 0x0 (0)
      core cycle event                         = not available
      instruction retired event                = not available
      reference cycles event                   = not available
      last-level cache ref event               = not available
      last-level cache miss event              = not available
      branch inst retired event                = not available
      branch mispred retired event             = not available
      top-down slots event                     = not available
      fixed counter  0 supported               = false
      fixed counter  1 supported               = false
      fixed counter  2 supported               = false
      fixed counter  3 supported               = false
      fixed counter  4 supported               = false
      fixed counter  5 supported               = false
      fixed counter  6 supported               = false
      fixed counter  7 supported               = false
      fixed counter  8 supported               = false
      fixed counter  9 supported               = false
      fixed counter 10 supported               = false
      fixed counter 11 supported               = false
      fixed counter 12 supported               = false
      fixed counter 13 supported               = false
      fixed counter 14 supported               = false
      fixed counter 15 supported               = false
      fixed counter 16 supported               = false
      fixed counter 17 supported               = false
      fixed counter 18 supported               = false
      fixed counter 19 supported               = false
      fixed counter 20 supported               = false
      fixed counter 21 supported               = false
      fixed counter 22 supported               = false
      fixed counter 23 supported               = false
      fixed counter 24 supported               = false
      fixed counter 25 supported               = false
      fixed counter 26 supported               = false
      fixed counter 27 supported               = false
      fixed counter 28 supported               = false
      fixed counter 29 supported               = false
      fixed counter 30 supported               = false
      fixed counter 31 supported               = false
      number of contiguous fixed counters      = 0x0 (0)
      bit width of fixed counters              = 0x0 (0)
      anythread deprecation                    = false
   x2APIC features / processor topology (0xb):
      extended APIC ID                      = 1
      --- level 0 ---
      level number                          = 0x0 (0)
      level type                            = thread (1)
      bit width of level                    = 0x0 (0)
      number of logical processors at level = 0x1 (1)
      --- level 1 ---
      level number                          = 0x1 (1)
      level type                            = core (2)
      bit width of level                    = 0x0 (0)
      number of logical processors at level = 0x1 (1)
      --- level 2 ---
      level number                          = 0x2 (2)
      level type                            = invalid (0)
      bit width of level                    = 0x0 (0)
      number of logical processors at level = 0x0 (0)
   XSAVE features (0xd/0):
      XCR0 valid bit field mask               = 0x0000000000000000
         x87 state                            = false
         SSE state                            = false
         AVX state                            = false
         MPX BNDREGS                          = false
         MPX BNDCSR                           = false
         AVX-512 opmask                       = false
         AVX-512 ZMM_Hi256                    = false
         AVX-512 Hi16_ZMM                     = false
         PKRU state                           = false
         XTILECFG state                       = false
         XTILEDATA state                      = false
      bytes required by fields in XCR0        = 0x00000000 (0)
      bytes required by XSAVE/XRSTOR area     = 0x00000000 (0)
      XSAVEOPT instruction                    = false
      XSAVEC instruction                      = false
      XGETBV instruction                      = false
      XSAVES/XRSTORS instructions             = false
      XFD: extended feature disable supported = false
      SAVE area size in bytes                 = 0x00000000 (0)
      IA32_XSS valid bit field mask           = 0x0000000000000000
         PT state                             = false
         PASID state                          = false
         CET_U user state                     = false
         CET_S supervisor state               = false
         HDC state                            = false
         UINTR state                          = false
         LBR state                            = false
         HWP state                            = false
   hypervisor_id (0x40000000) = "KVMKVMKVM\0\0\0"
   hypervisor features (0x40000001/eax):
      kvmclock available at MSR 0x11           = false
      delays unnecessary for PIO ops           = true
      mmu_op                                   = false
      kvmclock available at MSR 0x4b564d00     = false
      async pf enable available by MSR         = true
      steal clock supported                    = true
      guest EOI optimization enabled           = true
      guest spinlock optimization enabled      = true
      guest TLB flush optimization enabled     = false
      async PF VM exit enable available by MSR = false
      guest send IPI optimization enabled      = false
      host HLT poll disable at MSR 0x4b564d05  = false
      guest sched yield optimization enabled   = false
      guest uses intrs for page ready APF evs  = false
      extended destination ID                  = false
      map gpa range hypercall supported        = false
      MSR_KVM_MIGRATION_CONTROL supported      = false
      stable: no guest per-cpu warps expected  = true
   hypervisor features (0x40000001/edx):
      realtime hint: no unbound preemption = false
   hypervisor_id (0x40000100) = "\0\0\0\0\0\0\0\0\0\0\0\0"
   extended feature flags (0x80000001/edx):
      SYSCALL and SYSRET instructions        = true
      execution disable                      = true
      1-GB large page support                = false
      RDTSCP                                 = false
      64-bit extensions technology available = true
   Intel feature flags (0x80000001/ecx):
      LAHF/SAHF supported in 64-bit mode     = true
      LZCNT advanced bit manipulation        = false
      3DNow! PREFETCH/PREFETCHW instructions = false
   brand = "QEMU Virtual CPU version 2.5+"
   L1 TLB/cache information: 2M/4M pages & L1 TLB (0x80000005/eax):
      instruction # entries     = 0xff (255)
      instruction associativity = 0x1 (1)
      data # entries            = 0xff (255)
      data associativity        = 0x1 (1)
   L1 TLB/cache information: 4K pages & L1 TLB (0x80000005/ebx):
      instruction # entries     = 0xff (255)
      instruction associativity = 0x1 (1)
      data # entries            = 0xff (255)
      data associativity        = 0x1 (1)
   L1 data cache information (0x80000005/ecx):
      line size (bytes) = 0x40 (64)
      lines per tag     = 0x1 (1)
      associativity     = 0x2 (2)
      size (KB)         = 0x40 (64)
   L1 instruction cache information (0x80000005/edx):
      line size (bytes) = 0x40 (64)
      lines per tag     = 0x1 (1)
      associativity     = 0x2 (2)
      size (KB)         = 0x40 (64)
   L2 TLB/cache information: 2M/4M pages & L2 TLB (0x80000006/eax):
      instruction # entries     = 0x0 (0)
      instruction associativity = L2 off (0)
      data # entries            = 0x0 (0)
      data associativity        = L2 off (0)
   L2 TLB/cache information: 4K pages & L2 TLB (0x80000006/ebx):
      instruction # entries     = 0x200 (512)
      instruction associativity = 4 to 5-way (4)
      data # entries            = 0x200 (512)
      data associativity        = 4 to 5-way (4)
   L2 unified cache information (0x80000006/ecx):
      line size (bytes) = 0x40 (64)
      lines per tag     = 0x1 (1)
      associativity     = 16 to 31-way (8)
      size (KB)         = 0x200 (512)
   L3 cache information (0x80000006/edx):
      line size (bytes)     = 0x40 (64)
      lines per tag         = 0x1 (1)
      associativity         = 16 to 31-way (8)
      size (in 512KB units) = 0x20 (32)
   RAS Capability (0x80000007/ebx):
      MCA overflow recovery support = false
      SUCCOR support                = false
      HWA: hardware assert support  = false
      scalable MCA support          = false
   Advanced Power Management Features (0x80000007/ecx):
      CmpUnitPwrSampleTimeRatio = 0x0 (0)
   Advanced Power Management Features (0x80000007/edx):
      TS: temperature sensing diode           = false
      FID: frequency ID control               = false
      VID: voltage ID control                 = false
      TTP: thermal trip                       = false
      TM: thermal monitor                     = false
      STC: software thermal control           = false
      100 MHz multiplier control              = false
      hardware P-State control                = false
      TscInvariant                            = false
      CPB: core performance boost             = false
      read-only effective frequency interface = false
      processor feedback interface            = false
      APM power reporting                     = false
      connected standby                       = false
      RAPL: running average power limit       = false
   Physical Address and Linear Address Size (0x80000008/eax):
      maximum physical address bits         = 0x28 (40)
      maximum linear (virtual) address bits = 0x30 (48)
      maximum guest physical address bits   = 0x0 (0)
   Extended Feature Extensions ID (0x80000008/ebx):
      CLZERO instruction                       = false
      instructions retired count support       = false
      always save/restore error pointers       = false
      INVLPGB instruction                      = false
      RDPRU instruction                        = false
      memory bandwidth enforcement             = false
      MCOMMIT instruction                      = false
      WBNOINVD instruction                     = false
      IBPB: indirect branch prediction barrier = true
      interruptible WBINVD, WBNOINVD           = false
      IBRS: indirect branch restr speculation  = false
      STIBP: 1 thr indirect branch predictor   = false
      CPU prefers: IBRS always on              = false
      CPU prefers: STIBP always on             = false
      IBRS preferred over software solution    = false
      IBRS provides same mode protection       = false
      EFER[LMSLE] not supported                = false
      INVLPGB supports TLB flush guest nested  = false
      ppin processor id number supported       = false
      SSBD: speculative store bypass disable   = false
      virtualized SSBD                         = false
      SSBD fixed in hardware                   = false
      CPPC: collaborative processor perf ctrl  = false
      PSFD: predictive store forward disable   = false
      not vulnerable to branch type confusion  = false
      branch sampling feature support          = false
      (vuln to branch type confusion synth)    = true
   Size Identifiers (0x80000008/ecx):
      number of CPU cores                 = 0x1 (1)
      ApicIdCoreIdSize                    = 0x0 (0)
      performance time-stamp counter size = 40 bits (0)
   Feature Extended Size (0x80000008/edx):
      max page count for INVLPGB instruction = 0x0 (0)
      RDPRU instruction max input support    = 0x0 (0)
   SVM Secure Virtual Machine (0x8000000a/eax):
      SvmRev: SVM revision = 0x0 (0)
   SVM Secure Virtual Machine (0x8000000a/edx):
      nested paging                           = false
      LBR virtualization                      = false
      SVM lock                                = false
      NRIP save                               = false
      MSR based TSC rate control              = false
      VMCB clean bits support                 = false
      flush by ASID                           = false
      decode assists                          = false
      SSSE3/SSE5 opcode set disable           = false
      pause intercept filter                  = false
      pause filter threshold                  = false
      AVIC: AMD virtual interrupt controller  = false
      virtualized VMLOAD/VMSAVE               = false
      virtualized global interrupt flag (GIF) = false
      GMET: guest mode execute trap           = false
      X2AVIC: virtualized X2APIC              = false
      supervisor shadow stack                 = false
      guest Spec_ctl support                  = false
      ROGPT: read-only guest page table       = false
      host MCE override                       = false
      INVLPGB/TLBSYNC hyperv interc enable    = false
      VNMI: NMI virtualization                = false
      IBS virtualization                      = false
      guest SVME addr check                   = false
   NASID: number of address space identifiers = 0x0 (0):
   (multi-processing synth) = none
   (multi-processing method) = Intel leaf 0xb
   (APIC widths synth): CORE_width=0 SMT_width=0
   (APIC synth): PKG_ID=1 CORE_ID=0 SMT_ID=0
   (uarch synth) = Intel {Netburst}
   (synth) = Intel Pentium 4 / Pentium D / Xeon / Xeon MP / Celeron / Celeron D (unknown model) {Netburst}

Here is a summary of my ideas:

  • Use the CPU model qemu64 instead of host-passthrough, with all CPU security flaw mitigations enabled.
  • Increase the default RAM to 4 GB and add an additional vCPU.
  • Add the <readonly/> tag to the disk in Whonix-Workstation.xml
  • Enable the user to boot into live mode with sudo rights.

This features could be offered in two KVM configurations: amnesiac and persistent. The persistent configuration could retain host-passthrough, as any changes would make the VM unique anyway.

8

I don’t have a statistic but it’s not uncomon.

Once you boot a VM it’s unique due different speed of boot and log timestamps. Also Benchmarking.

Non-issue. The Whonix KVM, Shared Folders documentation does not require administrative (root/sudo) rights.

(As soon as new image with updated vm-config-dist package has been installed.)

Could you please also provide:

cat /proc/cpuinfo

We need 1 actionable item per ticket / forum thread. This alone is 2 different suggestions.

Already available:

  • LIVE Mode | SYSMAINT Session | maintenance testing

This might be useful in context of Read-Only: Setting Hard Drives to Read-Only. Is this the same that Read-only - KVM wik chapter is doing?

9 
processor	: 0
vendor_id	: GenuineIntel
cpu family	: 15
model		: 107
model name	: QEMU Virtual CPU version 2.5+
stepping	: 1
microcode	: 0x1
cpu MHz		: 2688.042
cache size	: 16384 KB
physical id	: 0
siblings	: 1
core id		: 0
cpu cores	: 1
apicid		: 0
initial apicid	: 0
fpu		: yes
fpu_exception	: yes
cpuid level	: 13
wp		: yes
flags		: fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx lm constant_tsc nopl xtopology cpuid pni cx16 x2apic hypervisor lahf_lm cpuid_fault pti ssbd ibrs ibpb md_clear
bugs		: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit mmio_unknown bhi ibpb_no_ret
bogomips	: 5376.08
clflush size	: 64
cache_alignment	: 128
address sizes	: 40 bits physical, 48 bits virtual
power management:

processor	: 1
vendor_id	: GenuineIntel
cpu family	: 15
model		: 107
model name	: QEMU Virtual CPU version 2.5+
stepping	: 1
microcode	: 0x1
cpu MHz		: 2688.042
cache size	: 16384 KB
physical id	: 1
siblings	: 1
core id		: 0
cpu cores	: 1
apicid		: 1
initial apicid	: 1
fpu		: yes
fpu_exception	: yes
cpuid level	: 13
wp		: yes
flags		: fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx lm constant_tsc nopl xtopology cpuid pni cx16 x2apic hypervisor lahf_lm cpuid_fault pti ssbd ibrs ibpb md_clear
bugs		: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit mmio_unknown bhi ibpb_no_ret
bogomips	: 21471.23
clflush size	: 64
cache_alignment	: 128
address sizes	: 40 bits physical, 48 bits virtual
power management:

My suggestion is to add a new optional KVM configuration and accompanying documentation on best practices for Whonix Workstations. This is for users who want to reduce the number of unique identifiers present. I think it’s only one item.

OK, you’re correct. Only virtiofs requires sudo, while virtio-9p does not.

Yes, well, the security model already surpasses that of Tails, which is the only amnesiac alternative.?

The display size in sysmaint is non-standard (1280x800) compared to user mode (1920x1080). Running torbrowser in sysmaint also results in:

[ERROR] [torbrowser] Failed to start Tor Browser!

Failed to run:
systemctl --no-pager --no-block status tb-updater-first-boot.service.

systemctl output:

○ tb-updater-first-boot.service - Helper Service for /usr/bin/torbrowser to determine when it is save to Copy Tor Browser from /var/cache/tb-binary to user home by Whonix developers
     Loaded: loaded (/lib/systemd/system/tb-updater-first-boot.service; enabled; preset: enabled)
     Active: inactive (dead)
       Docs: https://github.com/Whonix/tb-updater

To see this for yourself, you could try: Start Menu -> System -> Xfce Terminal
Then run:
systemctl --no-pager --no-block status tb-updater-first-boot.service

Users must know to run a command like xrandr --output Virtual-1 --mode "1920x1080", and systemctl start tb-updater-first-boot before launching torbrowser.

What I’m saying is that it’s not an exact comparison. Sysmaint does not appear to be designed for regular desktop use.

The possible solutions, in my view, are to either:

  • Make sysmaint more similar to an unrestricted user mode.
  • Allow upgrade-nonroot to be run by the user again, possibly by using something like apt-get-noninteractive.
  • Introduce a third boot option that grants sudo rights without removing the sysmaint split (though this may encourage bad user habits).
  • Make the sysmaint split opt-in or offer an image with an opt-in option (though this may be more difficult for releases).

Yes, should be. I suggest creating a new configuration that includes all the necessary features, including increased RAM and qemu64 CPU, so users don’t accidentally forget to add it themselves.

I mean non-unique like when using Tor Browser to visit a website, cookies from the website persist until a restart. This means that each boot cannot be traced to a specific user, ensuring non-uniqueness.
I am not aware of any practical de anonymization methods using benchmarking, but there are factors making it more challenging:

  • The image can be stored on various storage devices, such as a portable HDD, internal SSD, USB flash drive or even RAM, affecting boot times
  • HDD benchmarking doesn’t seem possible if exclusively in live mode?
  • KVM does not come with 3D acceleration by default, making GPU benchmarking more challenging.
  • CPU benchmarking is also more difficult with qemu64 due to performance limitations.

With these considerations, the results may only be accurate for single-core CPU performance and memory type (DDR3 vs. DDR4). Maybe it’s even harder because it’s in a VM. More research needs to be done.

10

There’s 1 big issue. We didn’t really test yet. The program cpuid or file /proc/cpuinfo might be fooled. But it did not use the unprivileged CPUID opcode directly as explained on wikipedia: CPUID - Wikipedia

Not easy to use directly. I haven’t easily found an application to use it.

If you want any chance of anything done at all, it needs to be simple. Changes such as increasing default RAM and CPU settings are potentially contagious and need to be discussed separately.

Documentation is simplified and does not require root because we have a usability helper script, which runs as root, that simplifies this for users:

Therefore root/non-root is not an issue.

I don’t think what Tails does or not is related.

Running torbrowser is sysmaint mode is unsupported.

You’re mixing user support issues into a feature request.

It’s not. That’s the whole point. That’s what’s documented.

11

Your explanation made it seem like the current solution is sufficient. Users are unable to upgrade their packages if the VM image has never been modified because a reboot is required to switch between the modes. Fixing upgrade-nonroot would solve this.

The suggestion is to create a separate configuration file for Whonix-Workstation in KVM. Not affecting the general release. This file would include changes to make each user less unique. It could be a wiki page with a download link and documentation on best practices and its limitations.

I believe this is only valid for virtio-9p, not virtiofs. So yes, I agree, shared folders are possible without root but only with virtio-9p.

  case "${virt_type}" in
    kvm)
      ## QEMU 9pfs does not respect uid, gid, or umask parameters.
      mount -t 9p -o trans=virtio shared /mnt/shared -oversion=9p2000.L || true
      ;;

Why not? The wiki already makes comparisons to Tails and other operating systems. When creating something, isn’t it beneficial to look at how others have done it already? For example, to consider how Tails handles its releases when security patches are published.

This one? I get Family=15, Model=107, Stepping=1, which matches the Pentium 4/Athlon 64. This is completely different from my actual CPU model.

After conducting more tests on AMD and Intel machines, I found that qemu64 can hide most details except for the basics, such as ‘GenuineIntel’ or ‘AuthenticAMD,’ and vendor-specific Spectre/Meltdown mitigations. I haven’t looked into whether these can be hidden.

Running sysbench memory run and sysbench cpu run shows that users can likely be grouped together based on memory and CPU speed, as well as network speed. However, the results are not conclusive; they only indicate general categories such as low to high-tier CPU, DDR3 vs. DDR4, or mobile to gigabit network speeds. I think that without specific CPU models, there will be an overlap among users now.

...
  <forward mode='nat' dev='eth0'/>
  <bandwidth>
    <inbound average='1000' peak='5000' burst='5120'/>
    <outbound average='128' peak='256' burst='256'/>
  </bandwidth>
...

bandwidth can be used to limit network bandwidth, allowing users to blend in together more effectively.

quota can likely be used to limit CPU speed, and memorytune can be used to limit memory bandwidth speeds.

With these changes, users may eventually be differentiated only based on whether or not they use AMD/Intel, an outdated PC or slow connection (which does not hit the limits) or their desktop habits, such as mouse movements, sentence phrasing, and browsing habits.

12

cpumodel qemu64 blocker, security issue:
OpenStack Open Source Cloud Computing Software » Message: CentOS-9 guests & 'qemu64' CPU model are incompatible; and reasons to avoid 'qemu64' in general

The same thing is being repeated here:
https://events19.linuxfoundation.org/wp-content/uploads/2017/12/Kashyap-Chamarthy_Effective-Virtual-CPU-Configuration-OSS-EU2018.pdf

Also refer to, Quote Recommendations for KVM CPU model configuration on x86 hosts — QEMU documentation

Important CPU features for Intel x86 hosts

The following are important CPU features that should be used on Intel x86 hosts, when available in the host CPU. Some of them require explicit configuration to enable, as they are not included by default in some, or all, of the named CPU models listed above. In general all of these features are included if using “Host passthrough” or “Host model”.

How documented here: Dev/KVM wiki chapter cpumodel qemu64

For other configuration change requests that should be applied to the default configuration files, if still relevant, please open separate forum threads.

user-sysmaint-split - Role-Based Boot Modes - Persistent User / Live user / Persistent sysmaint (system maintenance) - #59 by Patrick

13

I mean exclusively for upgrades, not for installing any specific packages. The upgrade-nonroot command doesn’t work without root privileges, even though the name implies it should.

I don’t want to change any of the default configuration files. This is a suggestion for a separate config with extra changes that improve anonymity at the expense of usability. Do you not understand what I’m suggesting?

This should be sufficient on Intel processors to protect against Spectre and Meltdown attacks.

Anyway. Given that it may be impossible to hide the AMD/Intel split, Intel processors can emulate Skylake-Client and AMD processors can emulate EPYC, depending on compatibility with older CPU models, of course.

14

We might be able to change the default configuration files but maintaining a different set of configuration files is unfortunately unrealistic due to lack of KVM contributor activity.

Since nobody else on the internet claims to do that, and this being highly complex question with security impact…

TODO: Contact Qemu-discuss Info Page and ask if this is secure or vulnerable to any CPU hardware security bugs.

Unfortunately, this tool is not reliable (at least not inside VMs) due to false-positives, false-negatives and the complexity of CPU hardware security bugs. Hence, the only way to find that out is to contact upstream, the QEMU developers.

15

CPUID:

/usr/bin/zsh
[workstation sysmaint ~]% cpuid        
CPU 0:
   vendor_id = "GenuineIntel"
   version information (1/eax):
      processor type  = primary processor (0)
      family          = 0xf (15)
      model           = 0xb (11)
      stepping id     = 0x1 (1)
      extended family = 0x0 (0)
      extended model  = 0x6 (6)
      (family synth)  = 0xf (15)
      (model synth)   = 0x6b (107)
      (simple synth)  = Intel Pentium 4 / Pentium D / Xeon / Xeon MP / Celeron / Celeron D (unknown model) {Netburst}
   miscellaneous (1/ebx):
      process local APIC physical ID = 0x0 (0)
      maximum IDs for CPUs in pkg    = 0x0 (0)
      CLFLUSH line size              = 0x8 (8)
      brand index                    = 0x0 (0)
   brand id = 0x00 (0): unknown
   feature information (1/edx):
      x87 FPU on chip                        = true
      VME: virtual-8086 mode enhancement     = false
      DE: debugging extensions               = true
      PSE: page size extensions              = true
      TSC: time stamp counter                = true
      RDMSR and WRMSR support                = true
      PAE: physical address extensions       = true
      MCE: machine check exception           = true
      CMPXCHG8B inst.                        = true
      APIC on chip                           = true
      SYSENTER and SYSEXIT                   = true
      MTRR: memory type range registers      = true
      PTE global bit                         = true
      MCA: machine check architecture        = true
      CMOV: conditional move/compare instr   = true
      PAT: page attribute table              = true
      PSE-36: page size extension            = true
      PSN: processor serial number           = false
      CLFLUSH instruction                    = true
      DS: debug store                        = false
      ACPI: thermal monitor and clock ctrl   = false
      MMX Technology                         = true
      FXSAVE/FXRSTOR                         = true
      SSE extensions                         = true
      SSE2 extensions                        = true
      SS: self snoop                         = false
      hyper-threading / multi-core supported = false
      TM: therm. monitor                     = false
      IA64                                   = false
      PBE: pending break event               = false
   feature information (1/ecx):
      PNI/SSE3: Prescott New Instructions     = true
      PCLMULDQ instruction                    = false
      DTES64: 64-bit debug store              = false
      MONITOR/MWAIT                           = false
      CPL-qualified debug store               = false
      VMX: virtual machine extensions         = false
      SMX: safer mode extensions              = false
      Enhanced Intel SpeedStep Technology     = false
      TM2: thermal monitor 2                  = false
      SSSE3 extensions                        = false
      context ID: adaptive or shared L1 data  = false
      SDBG: IA32_DEBUG_INTERFACE              = false
      FMA instruction                         = false
      CMPXCHG16B instruction                  = true
      xTPR disable                            = false
      PDCM: perfmon and debug                 = false
      PCID: process context identifiers       = false
      DCA: direct cache access                = false
      SSE4.1 extensions                       = false
      SSE4.2 extensions                       = false
      x2APIC: extended xAPIC support          = true
      MOVBE instruction                       = false
      POPCNT instruction                      = false
      time stamp counter deadline             = false
      AES instruction                         = false
      XSAVE/XSTOR states                      = false
      OS-enabled XSAVE/XSTOR                  = false
      AVX: advanced vector extensions         = false
      F16C half-precision convert instruction = false
      RDRAND instruction                      = false
      hypervisor guest status                 = true
   cache and TLB information (2):
      0x4d: L3 cache: 16M, 16-way, 64 byte lines
      0x7d: L2 cache: 2M, 8-way, 64 byte lines
      0x30: L1 cache: 32K, 8-way, 64 byte lines
      0x2c: L1 data cache: 32K, 8-way, 64 byte lines
   processor serial number = 0006-0FB1-0000-0000-0000-0000
   deterministic cache parameters (4):
      --- cache 0 ---
      cache type                         = data cache (1)
      cache level                        = 0x1 (1)
      self-initializing cache level      = true
      fully associative cache            = false
      maximum IDs for CPUs sharing cache = 0x0 (0)
      maximum IDs for cores in pkg       = 0x0 (0)
      system coherency line size         = 0x40 (64)
      physical line partitions           = 0x1 (1)
      ways of associativity              = 0x8 (8)
      number of sets                     = 0x40 (64)
      WBINVD/INVD acts on lower caches   = true
      inclusive to lower caches          = false
      complex cache indexing             = false
      number of sets (s)                 = 64
      (size synth)                       = 32768 (32 KB)
      --- cache 1 ---
      cache type                         = instruction cache (2)
      cache level                        = 0x1 (1)
      self-initializing cache level      = true
      fully associative cache            = false
      maximum IDs for CPUs sharing cache = 0x0 (0)
      maximum IDs for cores in pkg       = 0x0 (0)
      system coherency line size         = 0x40 (64)
      physical line partitions           = 0x1 (1)
      ways of associativity              = 0x8 (8)
      number of sets                     = 0x40 (64)
      WBINVD/INVD acts on lower caches   = true
      inclusive to lower caches          = false
      complex cache indexing             = false
      number of sets (s)                 = 64
      (size synth)                       = 32768 (32 KB)
      --- cache 2 ---
      cache type                         = unified cache (3)
      cache level                        = 0x2 (2)
      self-initializing cache level      = true
      fully associative cache            = false
      maximum IDs for CPUs sharing cache = 0x0 (0)
      maximum IDs for cores in pkg       = 0x0 (0)
      system coherency line size         = 0x40 (64)
      physical line partitions           = 0x1 (1)
      ways of associativity              = 0x10 (16)
      number of sets                     = 0x1000 (4096)
      WBINVD/INVD acts on lower caches   = true
      inclusive to lower caches          = false
      complex cache indexing             = false
      number of sets (s)                 = 4096
      (size synth)                       = 4194304 (4 MB)
      --- cache 3 ---
      cache type                         = unified cache (3)
      cache level                        = 0x3 (3)
      self-initializing cache level      = true
      fully associative cache            = false
      maximum IDs for CPUs sharing cache = 0x0 (0)
      maximum IDs for cores in pkg       = 0x0 (0)
      system coherency line size         = 0x40 (64)
      physical line partitions           = 0x1 (1)
      ways of associativity              = 0x10 (16)
      number of sets                     = 0x4000 (16384)
      WBINVD/INVD acts on lower caches   = false
      inclusive to lower caches          = true
      complex cache indexing             = true
      number of sets (s)                 = 16384
      (size synth)                       = 16777216 (16 MB)
      --- cache 4 ---
      cache type                         = no more caches (0)
   MONITOR/MWAIT (5):
      smallest monitor-line size (bytes)       = 0x0 (0)
      largest monitor-line size (bytes)        = 0x0 (0)
      enum of Monitor-MWAIT exts supported     = true
      supports intrs as break-event for MWAIT  = true
      number of C0 sub C-states using MWAIT    = 0x0 (0)
      number of C1 sub C-states using MWAIT    = 0x0 (0)
      number of C2 sub C-states using MWAIT    = 0x0 (0)
      number of C3 sub C-states using MWAIT    = 0x0 (0)
      number of C4 sub C-states using MWAIT    = 0x0 (0)
      number of C5 sub C-states using MWAIT    = 0x0 (0)
      number of C6 sub C-states using MWAIT    = 0x0 (0)
      number of C7 sub C-states using MWAIT    = 0x0 (0)
   Thermal and Power Management Features (6):
      digital thermometer                     = false
      Intel Turbo Boost Technology            = false
      ARAT always running APIC timer          = false
      PLN power limit notification            = false
      ECMD extended clock modulation duty     = false
      PTM package thermal management          = false
      HWP base registers                      = false
      HWP notification                        = false
      HWP activity window                     = false
      HWP energy performance preference       = false
      HWP package level request               = false
      HDC base registers                      = false
      Intel Turbo Boost Max Technology 3.0    = false
      HWP capabilities                        = false
      HWP PECI override                       = false
      flexible HWP                            = false
      IA32_HWP_REQUEST MSR fast access mode   = false
      HW_FEEDBACK MSRs supported              = false
      ignoring idle logical processor HWP req = false
      Thread Director                         = false
      IA32_HW_FEEDBACK_THREAD_CONFIG bit 25   = false
      digital thermometer thresholds          = 0x0 (0)
      hardware coordination feedback          = false
      ACNT2 available                         = false
      performance-energy bias capability      = false
      number of enh hardware feedback classes = 0x0 (0)
      performance capability reporting        = false
      energy efficiency capability reporting  = false
      size of feedback struct (4KB pages)     = 0x1 (1)
      index of CPU's row in feedback struct   = 0x0 (0)
   extended feature flags (7):
      FSGSBASE instructions                    = false
      IA32_TSC_ADJUST MSR supported            = false
      SGX: Software Guard Extensions supported = false
      BMI1 instructions                        = false
      HLE hardware lock elision                = false
      AVX2: advanced vector extensions 2       = false
      FDP_EXCPTN_ONLY                          = false
      SMEP supervisor mode exec protection     = false
      BMI2 instructions                        = false
      enhanced REP MOVSB/STOSB                 = false
      INVPCID instruction                      = false
      RTM: restricted transactional memory     = false
      RDT-CMT/PQoS cache monitoring            = false
      deprecated FPU CS/DS                     = false
      MPX: intel memory protection extensions  = false
      RDT-CAT/PQE cache allocation             = false
      AVX512F: AVX-512 foundation instructions = false
      AVX512DQ: double & quadword instructions = false
      RDSEED instruction                       = false
      ADX instructions                         = false
      SMAP: supervisor mode access prevention  = false
      AVX512IFMA: integer fused multiply add   = false
      PCOMMIT instruction                      = false
      CLFLUSHOPT instruction                   = false
      CLWB instruction                         = false
      Intel processor trace                    = false
      AVX512PF: prefetch instructions          = false
      AVX512ER: exponent & reciprocal instrs   = false
      AVX512CD: conflict detection instrs      = false
      SHA instructions                         = false
      AVX512BW: byte & word instructions       = false
      AVX512VL: vector length                  = false
      PREFETCHWT1                              = false
      AVX512VBMI: vector byte manipulation     = false
      UMIP: user-mode instruction prevention   = false
      PKU protection keys for user-mode        = false
      OSPKE CR4.PKE and RDPKRU/WRPKRU          = false
      WAITPKG instructions                     = false
      AVX512_VBMI2: byte VPCOMPRESS, VPEXPAND  = false
      CET_SS: CET shadow stack                 = false
      GFNI: Galois Field New Instructions      = false
      VAES instructions                        = false
      VPCLMULQDQ instruction                   = false
      AVX512_VNNI: neural network instructions = false
      AVX512_BITALG: bit count/shiffle         = false
      TME: Total Memory Encryption             = false
      AVX512: VPOPCNTDQ instruction            = false
      LA57: 57-bit addrs & 5-level paging      = false
      BNDLDX/BNDSTX MAWAU value in 64-bit mode = 0x0 (0)
      RDPID: read processor ID supported       = false
      KL: key locker                           = false
      bus lock detection                       = false
      CLDEMOTE supports cache line demote      = false
      MOVDIRI instruction                      = false
      MOVDIR64B instruction                    = false
      ENQCMD instruction                       = false
      SGX_LC: SGX launch config supported      = false
      PKS: supervisor protection keys          = false
      SGX-KEYS: SGX attestation services       = false
      AVX512_4VNNIW: neural network instrs     = false
      AVX512_4FMAPS: multiply acc single prec  = false
      fast short REP MOV                       = false
      UINTR: user interrupts                   = false
      AVX512_VP2INTERSECT: intersect mask regs = false
      IA32_MCU_OPT_CTRL SRBDS mitigation MSR   = false
      VERW MD_CLEAR microcode support          = false
      RTM transaction always aborts            = false
      IA32_TSX_FORCE_ABORT MSR                 = false
      SERIALIZE instruction                    = false
      hybrid part                              = false
      TSXLDTRK: TSX suspend load addr tracking = false
      PCONFIG instruction                      = false
      LBR: architectural last branch records   = false
      CET_IBT: CET indirect branch tracking    = false
      AMX-BF16: tile bfloat16 support          = false
      AVX512_FP16: fp16 support                = false
      AMX-TILE: tile architecture support      = false
      AMX-INT8: tile 8-bit integer support     = false
      IBRS/IBPB: indirect branch restrictions  = true
      STIBP: 1 thr indirect branch predictor   = false
      L1D_FLUSH: IA32_FLUSH_CMD MSR            = false
      IA32_ARCH_CAPABILITIES MSR               = false
      IA32_CORE_CAPABILITIES MSR               = false
      SSBD: speculative store bypass disable   = true
   Direct Cache Access Parameters (9):
      PLATFORM_DCA_CAP MSR bits = 0
   Architecture Performance Monitoring Features (0xa):
      version ID                               = 0x0 (0)
      number of counters per logical processor = 0x0 (0)
      bit width of counter                     = 0x0 (0)
      length of EBX bit vector                 = 0x0 (0)
      core cycle event                         = not available
      instruction retired event                = not available
      reference cycles event                   = not available
      last-level cache ref event               = not available
      last-level cache miss event              = not available
      branch inst retired event                = not available
      branch mispred retired event             = not available
      top-down slots event                     = not available
      fixed counter  0 supported               = false
      fixed counter  1 supported               = false
      fixed counter  2 supported               = false
      fixed counter  3 supported               = false
      fixed counter  4 supported               = false
      fixed counter  5 supported               = false
      fixed counter  6 supported               = false
      fixed counter  7 supported               = false
      fixed counter  8 supported               = false
      fixed counter  9 supported               = false
      fixed counter 10 supported               = false
      fixed counter 11 supported               = false
      fixed counter 12 supported               = false
      fixed counter 13 supported               = false
      fixed counter 14 supported               = false
      fixed counter 15 supported               = false
      fixed counter 16 supported               = false
      fixed counter 17 supported               = false
      fixed counter 18 supported               = false
      fixed counter 19 supported               = false
      fixed counter 20 supported               = false
      fixed counter 21 supported               = false
      fixed counter 22 supported               = false
      fixed counter 23 supported               = false
      fixed counter 24 supported               = false
      fixed counter 25 supported               = false
      fixed counter 26 supported               = false
      fixed counter 27 supported               = false
      fixed counter 28 supported               = false
      fixed counter 29 supported               = false
      fixed counter 30 supported               = false
      fixed counter 31 supported               = false
      number of contiguous fixed counters      = 0x0 (0)
      bit width of fixed counters              = 0x0 (0)
      anythread deprecation                    = false
   x2APIC features / processor topology (0xb):
      extended APIC ID                      = 0
      --- level 0 ---
      level number                          = 0x0 (0)
      level type                            = thread (1)
      bit width of level                    = 0x0 (0)
      number of logical processors at level = 0x1 (1)
      --- level 1 ---
      level number                          = 0x1 (1)
      level type                            = core (2)
      bit width of level                    = 0x0 (0)
      number of logical processors at level = 0x1 (1)
      --- level 2 ---
      level number                          = 0x2 (2)
      level type                            = invalid (0)
      bit width of level                    = 0x0 (0)
      number of logical processors at level = 0x0 (0)
   XSAVE features (0xd/0):
      XCR0 valid bit field mask               = 0x0000000000000000
         x87 state                            = false
         SSE state                            = false
         AVX state                            = false
         MPX BNDREGS                          = false
         MPX BNDCSR                           = false
         AVX-512 opmask                       = false
         AVX-512 ZMM_Hi256                    = false
         AVX-512 Hi16_ZMM                     = false
         PKRU state                           = false
         XTILECFG state                       = false
         XTILEDATA state                      = false
      bytes required by fields in XCR0        = 0x00000000 (0)
      bytes required by XSAVE/XRSTOR area     = 0x00000000 (0)
      XSAVEOPT instruction                    = false
      XSAVEC instruction                      = false
      XGETBV instruction                      = false
      XSAVES/XRSTORS instructions             = false
      XFD: extended feature disable supported = false
      SAVE area size in bytes                 = 0x00000000 (0)
      IA32_XSS valid bit field mask           = 0x0000000000000000
         PT state                             = false
         PASID state                          = false
         CET_U user state                     = false
         CET_S supervisor state               = false
         HDC state                            = false
         UINTR state                          = false
         LBR state                            = false
         HWP state                            = false
   hypervisor_id (0x40000000) = "KVMKVMKVM\0\0\0"
   hypervisor features (0x40000001/eax):
      kvmclock available at MSR 0x11           = false
      delays unnecessary for PIO ops           = true
      mmu_op                                   = false
      kvmclock available at MSR 0x4b564d00     = false
      async pf enable available by MSR         = true
      steal clock supported                    = true
      guest EOI optimization enabled           = true
      guest spinlock optimization enabled      = true
      guest TLB flush optimization enabled     = false
      async PF VM exit enable available by MSR = false
      guest send IPI optimization enabled      = false
      host HLT poll disable at MSR 0x4b564d05  = false
      guest sched yield optimization enabled   = false
      guest uses intrs for page ready APF evs  = false
      extended destination ID                  = false
      map gpa range hypercall supported        = false
      MSR_KVM_MIGRATION_CONTROL supported      = false
      stable: no guest per-cpu warps expected  = true
   hypervisor features (0x40000001/edx):
      realtime hint: no unbound preemption = false
   hypervisor_id (0x40000100) = "\0\0\0\0\0\0\0\0\0\0\0\0"
   extended feature flags (0x80000001/edx):
      SYSCALL and SYSRET instructions        = true
      execution disable                      = true
      1-GB large page support                = false
      RDTSCP                                 = false
      64-bit extensions technology available = true
   Intel feature flags (0x80000001/ecx):
      LAHF/SAHF supported in 64-bit mode     = true
      LZCNT advanced bit manipulation        = false
      3DNow! PREFETCH/PREFETCHW instructions = false
   brand = "QEMU Virtual CPU version 2.5+"
   L1 TLB/cache information: 2M/4M pages & L1 TLB (0x80000005/eax):
      instruction # entries     = 0xff (255)
      instruction associativity = 0x1 (1)
      data # entries            = 0xff (255)
      data associativity        = 0x1 (1)
   L1 TLB/cache information: 4K pages & L1 TLB (0x80000005/ebx):
      instruction # entries     = 0xff (255)
      instruction associativity = 0x1 (1)
      data # entries            = 0xff (255)
      data associativity        = 0x1 (1)
   L1 data cache information (0x80000005/ecx):
      line size (bytes) = 0x40 (64)
      lines per tag     = 0x1 (1)
      associativity     = 0x2 (2)
      size (KB)         = 0x40 (64)
   L1 instruction cache information (0x80000005/edx):
      line size (bytes) = 0x40 (64)
      lines per tag     = 0x1 (1)
      associativity     = 0x2 (2)
      size (KB)         = 0x40 (64)
   L2 TLB/cache information: 2M/4M pages & L2 TLB (0x80000006/eax):
      instruction # entries     = 0x0 (0)
      instruction associativity = L2 off (0)
      data # entries            = 0x0 (0)
      data associativity        = L2 off (0)
   L2 TLB/cache information: 4K pages & L2 TLB (0x80000006/ebx):
      instruction # entries     = 0x200 (512)
      instruction associativity = 4 to 5-way (4)
      data # entries            = 0x200 (512)
      data associativity        = 4 to 5-way (4)
   L2 unified cache information (0x80000006/ecx):
      line size (bytes) = 0x40 (64)
      lines per tag     = 0x1 (1)
      associativity     = 16 to 31-way (8)
      size (KB)         = 0x200 (512)
   L3 cache information (0x80000006/edx):
      line size (bytes)     = 0x40 (64)
      lines per tag         = 0x1 (1)
      associativity         = 16 to 31-way (8)
      size (in 512KB units) = 0x20 (32)
   RAS Capability (0x80000007/ebx):
      MCA overflow recovery support = false
      SUCCOR support                = false
      HWA: hardware assert support  = false
      scalable MCA support          = false
   Advanced Power Management Features (0x80000007/ecx):
      CmpUnitPwrSampleTimeRatio = 0x0 (0)
   Advanced Power Management Features (0x80000007/edx):
      TS: temperature sensing diode           = false
      FID: frequency ID control               = false
      VID: voltage ID control                 = false
      TTP: thermal trip                       = false
      TM: thermal monitor                     = false
      STC: software thermal control           = false
      100 MHz multiplier control              = false
      hardware P-State control                = false
      TscInvariant                            = false
      CPB: core performance boost             = false
      read-only effective frequency interface = false
      processor feedback interface            = false
      APM power reporting                     = false
      connected standby                       = false
      RAPL: running average power limit       = false
   Physical Address and Linear Address Size (0x80000008/eax):
      maximum physical address bits         = 0x28 (40)
      maximum linear (virtual) address bits = 0x30 (48)
      maximum guest physical address bits   = 0x0 (0)
   Extended Feature Extensions ID (0x80000008/ebx):
      CLZERO instruction                       = false
      instructions retired count support       = false
      always save/restore error pointers       = false
      INVLPGB instruction                      = false
      RDPRU instruction                        = false
      memory bandwidth enforcement             = false
      MCOMMIT instruction                      = false
      WBNOINVD instruction                     = false
      IBPB: indirect branch prediction barrier = true
      interruptible WBINVD, WBNOINVD           = false
      IBRS: indirect branch restr speculation  = false
      STIBP: 1 thr indirect branch predictor   = false
      CPU prefers: IBRS always on              = false
      CPU prefers: STIBP always on             = false
      IBRS preferred over software solution    = false
      IBRS provides same mode protection       = false
      EFER[LMSLE] not supported                = false
      INVLPGB supports TLB flush guest nested  = false
      ppin processor id number supported       = false
      SSBD: speculative store bypass disable   = false
      virtualized SSBD                         = false
      SSBD fixed in hardware                   = false
      CPPC: collaborative processor perf ctrl  = false
      PSFD: predictive store forward disable   = false
      not vulnerable to branch type confusion  = false
      branch sampling feature support          = false
      (vuln to branch type confusion synth)    = true
   Size Identifiers (0x80000008/ecx):
      number of CPU cores                 = 0x1 (1)
      ApicIdCoreIdSize                    = 0x0 (0)
      performance time-stamp counter size = 40 bits (0)
   Feature Extended Size (0x80000008/edx):
      max page count for INVLPGB instruction = 0x0 (0)
      RDPRU instruction max input support    = 0x0 (0)
   SVM Secure Virtual Machine (0x8000000a/eax):
      SvmRev: SVM revision = 0x0 (0)
   SVM Secure Virtual Machine (0x8000000a/edx):
      nested paging                           = false
      LBR virtualization                      = false
      SVM lock                                = false
      NRIP save                               = false
      MSR based TSC rate control              = false
      VMCB clean bits support                 = false
      flush by ASID                           = false
      decode assists                          = false
      SSSE3/SSE5 opcode set disable           = false
      pause intercept filter                  = false
      pause filter threshold                  = false
      AVIC: AMD virtual interrupt controller  = false
      virtualized VMLOAD/VMSAVE               = false
      virtualized global interrupt flag (GIF) = false
      GMET: guest mode execute trap           = false
      X2AVIC: virtualized X2APIC              = false
      supervisor shadow stack                 = false
      guest Spec_ctl support                  = false
      ROGPT: read-only guest page table       = false
      host MCE override                       = false
      INVLPGB/TLBSYNC hyperv interc enable    = false
      VNMI: NMI virtualization                = false
      IBS virtualization                      = false
      guest SVME addr check                   = false
   NASID: number of address space identifiers = 0x0 (0):
   (multi-processing synth) = none
   (multi-processing method) = Intel leaf 0xb
   (APIC widths synth): CORE_width=0 SMT_width=0
   (APIC synth): PKG_ID=0 CORE_ID=0 SMT_ID=0
   (uarch synth) = Intel {Netburst}
   (synth) = Intel Pentium 4 / Pentium D / Xeon / Xeon MP / Celeron / Celeron D (unknown model) {Netburst}
[workstation sysmaint ~]%

cat /proc/cpuinfo:

workstation sysmaint ~]% cat /proc/cpuinfo 
processor	: 0
vendor_id	: GenuineIntel
cpu family	: 15
model		: 107
model name	: QEMU Virtual CPU version 2.5+
stepping	: 1
microcode	: 0x1
cpu MHz		: 2659.786
cache size	: 16384 KB
physical id	: 0
siblings	: 1
core id		: 0
cpu cores	: 1
apicid		: 0
initial apicid	: 0
fpu		: yes
fpu_exception	: yes
cpuid level	: 13
wp		: yes
flags		: fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx lm constant_tsc nopl xtopology cpuid pni cx16 x2apic hypervisor lahf_lm cpuid_fault pti ssbd ibrs ibpb
bugs		: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit mmio_unknown bhi ibpb_no_ret its
bogomips	: 5319.57
clflush size	: 64
cache_alignment	: 128
address sizes	: 40 bits physical, 48 bits virtual
power management:

[workstation sysmaint ~]% 

Error starting domain: Unable to write to '/sys/fs/cgroup/machine.slice/machine-qemu\x2d8\x2dWhonix\x2dWorkstation.scope/libvirt/emulator/cpuset.cpus': Numerical result out of range

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 71, in cb_wrapper
    callback(asyncjob, *args, **kwargs)
    ~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 107, in tmpcb
    callback(*args, **kwargs)
    ~~~~^^^^^^^^^^^^^^^^^
  File "/usr/share/virt-manager/virtManager/object/libvirtobject.py", line 57, in newfn
    ret = fn(self, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/object/domain.py", line 1384, in startup
    self._backend.create()
    ~~~~~~~~~~~~~~~~~~^^
  File "/usr/lib/python3/dist-packages/libvirt.py", line 1390, in create
    raise libvirtError('virDomainCreate() failed')
libvirt.libvirtError: Unable to write to '/sys/fs/cgroup/machine.slice/machine-qemu\x2d8\x2dWhonix\x2dWorkstation.scope/libvirt/emulator/cpuset.cpus': Numerical result out of range

It will fail to operate many services, no gui bootup only cli going to be:

Failed
Failed1280×438 93.1 KB

16

That’s probably not 1-4. It’s either:
1
2
3
4

This is to be expected. You still need to boot into live mode.

1 Like
17

Some info about QEMU CPU model configuration

Default x86 CPU models

The default QEMU CPU models are designed such that they can run on all hosts. If an application does not wish to do perform any host compatibility checks before launching guests, the default is guaranteed to work.

The default CPU models will, however, leave the guest OS vulnerable to various CPU hardware flaws, so their use is strongly discouraged. Applications should follow the earlier guidance to setup a better CPU configuration, with host passthrough recommended if live migration is not needed.

qemu32, qemu64

QEMU Virtual CPU version 2.5+ (32 & 64 bit variants)

qemu64 is used for x86_64 guests and qemu32 is used for i686 guests, when no -cpu argument is given to QEMU, or no <cpu> is provided in libvirt XML.

2 Likes