lirent
9b17bdfa33
Force a real, platform-anchored OEM BIOS identity into SMBIOS type0 (patch 0024 + spoof_bios_version/spoof_bios_date getters) so the guest does not read an empty or firmware-default BIOS vendor via WMI/dmidecode. Vendor coheres with the board; version uses the vendor real format. Inert without a seed. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
55 lines
3.3 KiB
Markdown
55 lines
3.3 KiB
Markdown
# Anti-detect patch series
|
|
|
|
Quilt patches injected (by `make prepare`) into `pve-qemu/debian/patches/series`,
|
|
applied in order during the `.deb` build. Each wires a stock QEMU literal to a
|
|
`spoof_*()` getter from the in-tree module (`hw/misc/spoof.{c,h}`, dropped in by
|
|
the Makefile). The getter returns the seed-derived value, or the **stock default**
|
|
when no `spoof-seed` is set — so the whole series is inert until a VM opts in.
|
|
|
|
Authored against the pinned `pve-qemu/qemu` tree (QEMU 11.0) so the context lines
|
|
match exactly. Naming: `0002` = infra, `0010+` = one aspect each.
|
|
|
|
| patch | covers |
|
|
|---|---|
|
|
| 0002-x86-machine-spoof-properties | register `spoof-seed` / `spoof-hv` / `spoof-waet` / `spoof-vmgenid` / `spoof-pvpanic` machine props |
|
|
| 0010-acpi-table-header | ACPI OEM id / table id / creator + FADT hypervisor-vendor |
|
|
| 0011-acpi-policy-waet-vmgenid | drop the WAET table; skip the vmgenid SSDT when policy = hide |
|
|
| 0012-acpi-device-hids | vmgenid `_HID` (mask), pvpanic `_HID` (hide), fw_cfg `_HID` |
|
|
| 0013-cpuid-kvm-sig-freq | CPUID KVM signature + leaf 0x16 frequency |
|
|
| 0014-fwcfg-signatures | fw_cfg selector + DMA signatures |
|
|
| 0015-smbios-vm-bit | clear the SMBIOS type0 "VM" characteristic bit |
|
|
| 0016-edid-monitor | EDID vendor / name / model / serial / manufacture-date |
|
|
| 0017-storage-identity | IDE model / serial / fw / cdrom + NVMe model / serial / fw |
|
|
| 0018-pci-subsystem-id | realize-time OEM-brand of emulated PCI subsystem ids (SVID/SSID) |
|
|
| 0019-machine-desc | machine `desc` string → platform board model |
|
|
| 0021-smbios-identity | SMBIOS type3 chassis / type4 socket + cpu-mfr / type11 OEM / type17 memory |
|
|
| 0022-storage-extra | IDE WWN + rotation rate; NVMe EUI-64 + NGUID |
|
|
| 0023-cpu-microcode | CPU microcode revision (IA32_UCODE_REV), vendor-positioned |
|
|
| 0024-smbios-bios-type0 | SMBIOS type0 BIOS vendor / version / date (platform-anchored OEM firmware) |
|
|
|
|
## Why 0018 is subsystem-only (the PCI-id problem)
|
|
|
|
The PCI **vendor:device** id IS the guest driver-binding contract: NetKVM binds
|
|
`1af4:1000`, the ivshmem driver binds `1af4:1110`, the GPU driver binds its id.
|
|
Spoofing those breaks the device (no driver matches). So `0018` only rewrites the
|
|
**subsystem** id (not used for binding) — and even that skips `0x1af4`, because
|
|
*legacy*-virtio encodes the device type in the subsystem id. Class-bound devices
|
|
(NVMe / xHCI / AHCI bind by class code, not id) *could* take a real vendor:device,
|
|
but that needs a per-role allowlist. virtio / ivshmem / GPU ids are instead
|
|
de-fingerprinted by **device choice** (`e1000e` / SATA) and vfio `x-pci-*`, not by
|
|
id spoofing.
|
|
|
|
## Out of scope (handled by config or upstream, not these patches)
|
|
|
|
- **PCI vendor:device id** for class-bound devices (qemu-nvme `1b36:0010` → a real
|
|
NVMe vendor; `nec-usb-xhci`): safe in principle, would need a per-role allowlist in
|
|
the `0018` realize hook.
|
|
- **HDA codec id** (`QEMU_HDA_ID_VENDOR 0x1af4`): a compile-time constant baked into a
|
|
`static const` codec descriptor; spoofing needs a runtime override of the
|
|
GET_PARAMETER verb response.
|
|
- **vmport/vmmouse** (VMware backdoor port 0x5658): disable via `-machine vmport=off`
|
|
(a machine option).
|
|
- **hv-mode / hypervisor bit**: via the CPU model flags (`cpu: host,hidden=1` + hv
|
|
enlightenments). The module's `spoof_hv_mode` policy is the intent; enforcement is
|
|
configuration.
|