* [XEN PATCH 1/1] Add suport for SMBIOS tables 7,8,9,26,27,28 to improve virtual machine stealth from malware.
2021-11-29 12:59 [XEN PATCH 0/1] Add support for SMBIOS tables 7,8,9,26,27,28 Anton Belousov
@ 2021-11-29 12:59 ` Anton Belousov
2021-11-29 17:27 ` Roger Pau Monné
2021-12-02 13:45 ` Jan Beulich
2021-11-29 17:30 ` [XEN PATCH 0/1] Add support for SMBIOS tables 7,8,9,26,27,28 Roger Pau Monné
1 sibling, 2 replies; 5+ messages in thread
From: Anton Belousov @ 2021-11-29 12:59 UTC (permalink / raw)
To: xen-devel
Cc: Anton Belousov, Jan Beulich, Andrew Cooper, Roger Pau Monné,
Wei Liu, Ian Jackson
---
tools/firmware/hvmloader/smbios.c | 146 ++++++++++++++++++++++++
tools/firmware/hvmloader/smbios_types.h | 76 ++++++++++++
2 files changed, 222 insertions(+)
diff --git a/tools/firmware/hvmloader/smbios.c b/tools/firmware/hvmloader/smbios.c
index 97a054e9e3..f5e61c1159 100644
--- a/tools/firmware/hvmloader/smbios.c
+++ b/tools/firmware/hvmloader/smbios.c
@@ -33,12 +33,18 @@
#define SMBIOS_HANDLE_TYPE2 0x0200
#define SMBIOS_HANDLE_TYPE3 0x0300
#define SMBIOS_HANDLE_TYPE4 0x0400
+#define SMBIOS_HANDLE_TYPE7 0x0700
+#define SMBIOS_HANDLE_TYPE8 0x0800
+#define SMBIOS_HANDLE_TYPE9 0x0900
#define SMBIOS_HANDLE_TYPE11 0x0B00
#define SMBIOS_HANDLE_TYPE16 0x1000
#define SMBIOS_HANDLE_TYPE17 0x1100
#define SMBIOS_HANDLE_TYPE19 0x1300
#define SMBIOS_HANDLE_TYPE20 0x1400
#define SMBIOS_HANDLE_TYPE22 0x1600
+#define SMBIOS_HANDLE_TYPE26 0x1A00
+#define SMBIOS_HANDLE_TYPE27 0x1B00
+#define SMBIOS_HANDLE_TYPE28 0x1C00
#define SMBIOS_HANDLE_TYPE32 0x2000
#define SMBIOS_HANDLE_TYPE39 0x2700
#define SMBIOS_HANDLE_TYPE127 0x7f00
@@ -77,6 +83,12 @@ static void *
smbios_type_4_init(void *start, unsigned int cpu_number,
char *cpu_manufacturer);
static void *
+smbios_type_7_init(void *start);
+static void *
+smbios_type_8_init(void *start);
+static void *
+smbios_type_9_init(void *start);
+static void *
smbios_type_11_init(void *start);
static void *
smbios_type_16_init(void *start, uint32_t memory_size_mb, int nr_mem_devs);
@@ -89,6 +101,12 @@ smbios_type_20_init(void *start, uint32_t memory_size_mb, int instance);
static void *
smbios_type_22_init(void *start);
static void *
+smbios_type_26_init(void *start);
+static void *
+smbios_type_27_init(void *start);
+static void *
+smbios_type_28_init(void *start);
+static void *
smbios_type_32_init(void *start);
static void *
smbios_type_39_init(void *start);
@@ -205,6 +223,9 @@ write_smbios_tables(void *ep, void *start,
do_struct(smbios_type_3_init(p));
for ( cpu_num = 1; cpu_num <= vcpus; cpu_num++ )
do_struct(smbios_type_4_init(p, cpu_num, cpu_manufacturer));
+ do_struct(smbios_type_7_init(p));
+ do_struct(smbios_type_8_init(p));
+ do_struct(smbios_type_9_init(p));
do_struct(smbios_type_11_init(p));
/* Each 'memory device' covers up to 16GB of address space. */
@@ -221,6 +242,9 @@ write_smbios_tables(void *ep, void *start,
}
do_struct(smbios_type_22_init(p));
+ do_struct(smbios_type_26_init(p));
+ do_struct(smbios_type_28_init(p));
+ do_struct(smbios_type_27_init(p));
do_struct(smbios_type_32_init(p));
do_struct(smbios_type_39_init(p));
do_struct(smbios_type_vendor_oem_init(p));
@@ -700,6 +724,66 @@ smbios_type_4_init(
return start+1;
}
+/* Type 7 -- Cache Information */
+static void *
+smbios_type_7_init(void *start)
+{
+ struct smbios_type_7 *p = (struct smbios_type_7 *)start;
+
+ void *pts;
+ uint32_t length;
+
+ pts = get_smbios_pt_struct(7, &length);
+ if ( (pts != NULL)&&(length > 0) )
+ {
+ memcpy(start, pts, length);
+ p->header.handle = SMBIOS_HANDLE_TYPE7;
+ return (start + length);
+ }
+
+ return start;
+}
+
+/* Type 8 -- Port Connector Information */
+static void *
+smbios_type_8_init(void *start)
+{
+ struct smbios_type_8 *p = (struct smbios_type_8 *)start;
+
+ void *pts;
+ uint32_t length;
+
+ pts = get_smbios_pt_struct(8, &length);
+ if ( (pts != NULL)&&(length > 0) )
+ {
+ memcpy(start, pts, length);
+ p->header.handle = SMBIOS_HANDLE_TYPE8;
+ return (start + length);
+ }
+
+ return start;
+}
+
+/* Type 9 -- System Slots */
+static void *
+smbios_type_9_init(void *start)
+{
+ struct smbios_type_9 *p = (struct smbios_type_9 *)start;
+
+ void *pts;
+ uint32_t length;
+
+ pts = get_smbios_pt_struct(9, &length);
+ if ( (pts != NULL)&&(length > 0) )
+ {
+ memcpy(start, pts, length);
+ p->header.handle = SMBIOS_HANDLE_TYPE9;
+ return (start + length);
+ }
+
+ return start;
+}
+
/* Type 11 -- OEM Strings */
static void *
smbios_type_11_init(void *start)
@@ -923,6 +1007,68 @@ smbios_type_22_init(void *start)
return start+1;
}
+/* Type 26 -- Voltage Probe */
+static void *
+smbios_type_26_init(void *start)
+{
+ struct smbios_type_26 *p = (struct smbios_type_26 *)start;
+
+ void *pts;
+ uint32_t length;
+
+ pts = get_smbios_pt_struct(26, &length);
+ if ( (pts != NULL)&&(length > 0) )
+ {
+ memcpy(start, pts, length);
+ p->header.handle = SMBIOS_HANDLE_TYPE26;
+ return (start + length);
+ }
+
+ return start;
+}
+
+/* Type 27 -- Cooling Device */
+static void *
+smbios_type_27_init(void *start)
+{
+ struct smbios_type_27 *p = (struct smbios_type_27 *)start;
+
+ void *pts;
+ uint32_t length;
+
+ pts = get_smbios_pt_struct(27, &length);
+ if ( (pts != NULL)&&(length > 0) )
+ {
+ memcpy(start, pts, length);
+ p->header.handle = SMBIOS_HANDLE_TYPE27;
+ p->temperature_probe_handle = SMBIOS_HANDLE_TYPE28;
+ p->cooling_unit_group = 0;
+ return (start + length);
+ }
+
+ return start;
+}
+
+/* Type 28 -- Temperature Probe */
+static void *
+smbios_type_28_init(void *start)
+{
+ struct smbios_type_28 *p = (struct smbios_type_28 *)start;
+
+ void *pts;
+ uint32_t length;
+
+ pts = get_smbios_pt_struct(28, &length);
+ if ( (pts != NULL)&&(length > 0) )
+ {
+ memcpy(start, pts, length);
+ p->header.handle = SMBIOS_HANDLE_TYPE28;
+ return (start + length);
+ }
+
+ return start;
+}
+
/* Type 32 -- System Boot Information */
static void *
smbios_type_32_init(void *start)
diff --git a/tools/firmware/hvmloader/smbios_types.h b/tools/firmware/hvmloader/smbios_types.h
index 7c648ece71..f43be12dfc 100644
--- a/tools/firmware/hvmloader/smbios_types.h
+++ b/tools/firmware/hvmloader/smbios_types.h
@@ -149,6 +149,44 @@ struct smbios_type_4 {
uint8_t part_number_str;
} __attribute__ ((packed));
+/* SMBIOS type 7 - Cache Information */
+struct smbios_type_7 {
+ struct smbios_structure_header header;
+ uint8_t socket_designation_str;
+ uint16_t cache_configuration;
+ uint16_t maximum_cache_size;
+ uint16_t installed_size;
+ uint16_t supported_SRAM_type;
+ uint16_t current_SRAM_type;
+ uint8_t cache_speed;
+ uint8_t error_connection_type;
+ uint8_t system_cache_type;
+ uint8_t associativity;
+} __attribute__ ((packed));
+
+/* SMBIOS type 8 - Port Connector Information */
+struct smbios_type_8 {
+ struct smbios_structure_header header;
+ uint8_t internal_reference_designator_str;
+ uint8_t internal_connector_type;
+ uint8_t external_reference_designator_str;
+ uint8_t external_connector_type;
+ uint8_t port_type;
+} __attribute__ ((packed));
+
+/* SMBIOS type 9 - System Slots */
+struct smbios_type_9 {
+ struct smbios_structure_header header;
+ uint8_t slot_designation_str;
+ uint8_t slot_type;
+ uint8_t slot_data_bus_width;
+ uint8_t current_usage;
+ uint8_t slot_length;
+ uint16_t slot_id;
+ uint8_t slot_characteristics_1;
+ uint8_t slot_characteristics_2;
+} __attribute__ ((packed));
+
/* SMBIOS type 11 - OEM Strings */
struct smbios_type_11 {
struct smbios_structure_header header;
@@ -232,6 +270,44 @@ struct smbios_type_22 {
uint32_t oem_specific;
} __attribute__ ((packed));
+/* SMBIOS type 26 - Voltage Probe */
+struct smbios_type_26 {
+ struct smbios_structure_header header;
+ uint8_t description_str;
+ uint8_t location_and_status;
+ uint16_t maximum_value;
+ uint16_t minimum_value;
+ uint16_t resolution;
+ uint16_t tolerance;
+ uint16_t accuracy;
+ uint32_t oem_defined;
+ uint16_t nominal_value;
+} __attribute__ ((packed));
+
+/* SMBIOS type 27 - Cooling Device */
+struct smbios_type_27 {
+ struct smbios_structure_header header;
+ uint16_t temperature_probe_handle;
+ uint8_t device_type_and_status;
+ uint8_t cooling_unit_group;
+ uint32_t oem_defined;
+ uint16_t nominal_speed;
+} __attribute__ ((packed));
+
+/* SMBIOS type 28 - Temperature Probe */
+struct smbios_type_28 {
+ struct smbios_structure_header header;
+ uint8_t description_str;
+ uint8_t location_and_status;
+ uint16_t maximum_value;
+ uint16_t minimum_value;
+ uint16_t resolution;
+ uint16_t tolerance;
+ uint16_t accuracy;
+ uint32_t oem_defined;
+ uint16_t nominal_value;
+} __attribute__ ((packed));
+
/* SMBIOS type 32 - System Boot Information */
struct smbios_type_32 {
struct smbios_structure_header header;
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: [XEN PATCH 0/1] Add support for SMBIOS tables 7,8,9,26,27,28.
2021-11-29 12:59 [XEN PATCH 0/1] Add support for SMBIOS tables 7,8,9,26,27,28 Anton Belousov
2021-11-29 12:59 ` [XEN PATCH 1/1] Add suport for SMBIOS tables 7,8,9,26,27,28 to improve virtual machine stealth from malware Anton Belousov
@ 2021-11-29 17:30 ` Roger Pau Monné
1 sibling, 0 replies; 5+ messages in thread
From: Roger Pau Monné @ 2021-11-29 17:30 UTC (permalink / raw)
To: Anton Belousov
Cc: xen-devel, Jan Beulich, Andrew Cooper, Wei Liu, Ian Jackson
On Mon, Nov 29, 2021 at 12:59:28PM +0000, Anton Belousov wrote:
> This update is done to improve virtual machine stealth from malware. There are AntiVM techniques that use WMI-queries to detect presence of this SMBIOS tables. Example: "https://github.com/LordNoteworthy/al-khaser/blob/master/al-khaser/AntiVM/Generic.cpp"
Aren't there many other hints at whether an OS is running inside of a
VM? I could imagine for example the ACPI tables, the list or models of
exposed devices, or the cpuid data?
Thanks, Roger.
^ permalink raw reply [flat|nested] 5+ messages in thread