[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [DISCUSSION] Allow ACPI default OEM ID and OEM table ID fields to be

From: Antoine Damhet
Subject: Re: [DISCUSSION] Allow ACPI default OEM ID and OEM table ID fields to be set.
Date: Thu, 26 Nov 2020 13:50:12 +0100

On Thu, Nov 26, 2020 at 06:09:11AM -0500, Michael S. Tsirkin wrote:
> On Wed, Nov 25, 2020 at 09:13:22PM +0100, Antoine Damhet wrote:
> > On Wed, Nov 25, 2020 at 11:04:55AM -0500, Michael S. Tsirkin wrote:
> > > On Wed, Nov 25, 2020 at 01:32:51PM +0000, Richard W.M. Jones wrote:
> > > > On Wed, Nov 25, 2020 at 02:27:11PM +0100, Antoine Damhet wrote:


> > 
> > I'm sorry I cannot give you the name of the crashing software due to a
> > company policy. But I can tell you that if either `BOCHS ` or `BXPC` is
> > present in any of the tables it will crash. Any (or at least the few
> > that I threw at it) other string will work so it seems it's some kind
> > of DRM-related hypervisor detection.
> Hmm I'm not sure how far we want to go with this. If software vendors
> want to detect a hypervisor there will always be a way.
> How are we sure we are not starting an arms race here?

We can't but IMHO, as long as we stay within the specs we should be OK.
There are far more obvious checks like the `CPUID[0x1].ECX[31]` which
would destroy most of the PV features in a proprietary OS like Windows
if disabled.

Worst case scenario they would do timing-based detection and that would
be insane to defeat. As for the `Shadow` virtual machines we try to
"play" fair by exposing deterministic values (for example `Shadow` and
`Blade` are clearly exposed in SMBIOS) and don't hide the fact that we
are a virtual machine, so we are easy to ban if the vendor really wishes

> Also which of the IDs matter?  OEMID? OEM Table ID? Creator ID?

I just checked for the Creator ID and it also crash, my guess is that
they dump the tables and look for `BOSH` and `BXPC` patterns anywhere.

PS: we reached-out to the software-vendor which did not acknowledge
    banning VMs but added an entry to their FAQ saying that VMs were not

> > As for the uniqueness of the table IDs, I guess it would be sane to keep
> > the same pattern (id+table sig) but allowing the first 4 bytes to be
> > overridden.
> > 
> > [...]
> It's certainly possible, it's just very specific to just this DRM scheme.
> Not sure what's a better way to do it:
>   qemu -acpidefault oem_id=ABCD,oem_table_id=EFGHIJKL
> is probably going too far since then table IDs are not unique.
> Also I'd probably use machine properties for this, the need here
> is baroque enough that we don't want a dedicated option.
> > 
> > -- 
> > Antoine 'xdbob' Damhet

Antoine 'xdbob' Damhet

reply via email to

[Prev in Thread] Current Thread [Next in Thread]