|Subject:||Re: [Qemu-discuss] How to enable kvm at runtime?|
|Date:||Fri, 12 Feb 2016 03:57:07 +0900|
On 11 February 2016 at 05:11, Ren Kimura <address@hidden> wrote:
> I have a question about activation of kvm.
> Is there any way to enable/disable kvm at qemu runtime?
Yes, the command line is -enable-kvm. (We default to not using KVM.)
> It should be useful for sandbox tools like DECAF or TEMU,
> because some malware use VT-x information to detect these.
Beware that you should not regard emulated QEMU as being
capable of containing malware within its sandbox -- the
emulator code has not been audited and we don't consider
it a security boundary[*]. (In contrast, there is a security
boundary for KVM and a guest should be unable to escape a
[*] In other words, if a TCG (emulated) guest can do bad
things to the host that's a bug, but it's not a security
bug. And it is very likely that at least some such bugs
exist in the emulation code.
|[Prev in Thread]||Current Thread||[Next in Thread]|