[Whonix-devel] DRAMA countermeasures
bancfc at openmailbox.org
bancfc at openmailbox.org
Sun Aug 28 15:20:07 CEST 2016
On 2016-08-28 10:52, Daniel Gruss wrote:
> On 2016-08-27 21:05, bancfc at openmailbox.org wrote:
>> With KVM, CPU instructions can be masked out by QEMU and not be
>> available to guests. I already blacklisted clflush some time ago. The
>> different variants of the tsc instruction are not passed through by
>> default either.
>
> That sounds very interesting. How does QEMU mask out instructions when
> using KVM with hardware virtualization extensions?
On x86 CPU capabilities are exposed via the CPUID instruction as a set
of 32-bit integers with each bit given a specific meaning. AMD & Intel
agree on common names for these bits. QEMU uses a scheme which combines
a CPU model name string, with a set of named flags. On x86 the CPU model
is mapped to a baseline CPUID mask, and the flags can be used to then
toggle bits in the mask on or off. VMWare and Xen both expose the notion
of CPUID masks directly in their guest configuration format.
QEMU-KVM can optionally emulate some instructions not found in the host
model but it comes at a performance penalty. (has nothing to do with the
above though)
>
>> I was wondering how helpful all this is? and how much this remaining
>> timer can aid attacks?
>
> As long as the guest can have true multithreading, removing timers
> does not make any difference.
> See Section 3.3 of
> https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_lipp.pdf
> - Moritz and Clémentine will present this at BlackHat Europe in
> November.
> Even without any timers, multithreading allows to obtain a
> sufficiantly accurate timestamp.
>
Very cool :)
This is tricky haha. So essentially I would disable hyperthreading
host-side to make sure this isn't available?
Some example code:
https://serverfault.com/a/720471
>
> Cheers,
> Daniel
More information about the Whonix-devel
mailing list