lirent/qemu-spoof
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qemu-spoof: seed-driven per-VM hardware-identity anti-detection for pve-qemu

Browse Source
This commit is contained in:
Gregory Lirent
2026-06-11 17:34:09 +03:00
commit 06463ee65c
33 changed files with 1788 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
patches/0023-cpu-microcode.patch
+19
View File
@@ -0,0 +1,19 @@
qemu-spoof: CPU microcode revision (IA32_UCODE_REV)
QEMU/KVM default ucode_rev (Intel 0x1_00000000, AMD 0x01000065) is constant and
recognisable. Route it through spoof_cpu_microcode, which returns a plausible
vendor-positioned revision (Intel in MSR bits 63:32, AMD in 31:0) anchored to the
persona CPU vendor. Inert unless a spoof-seed is set. (target/i386 spoof.h include
is added by 0013.)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index c6fd1dc..96cbedc 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -10026,6 +10026,7 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
} else {
cpu->ucode_rev = 0x100000000ULL;
}
+ cpu->ucode_rev = spoof_cpu_microcode(cpu->ucode_rev); /* qemu-spoof */
}
/*