Re: [Qemu-devel] Prohibit Windows from running in QEMU

[Paolo Bonzini <pbonzini@redhat.com>]

On 04/08/2017 12:27, Peter Lieven wrote:
> Am 04.08.2017 um 12:23 schrieb Paolo Bonzini:
>> On 04/08/2017 11:58, Peter Lieven wrote:
>>> Am 29.10.2013 um 10:59 schrieb Paolo Bonzini:
>>>> Il 29/10/2013 10:48, Peter Lieven ha scritto:
>>>>> Hi all,
>>>>>
>>>>> this question might seem a bit weird, but does anyone see a good way to
>>>>> avoid
>>>>> that Windows is able to boot inside qemu?
>>>>>
>>>>> We have defined several profiles for different operation systems and I want
>>>>> to avoid that someone chooses Linux and then installs Windows within
>>>>> a VM. Reason is licensing.
>>>> Patch QEMU to crash when Hyper-V extensions are enabled...
>>> Hi all,
>>>
>>> this is an old topic that has become important for me again recently.
>>> Now all Linux versions should be able to detect KVM even if Hyper-V is enabled.
>>>
>>> But how do I detect from Qemu userspace that Hyper-V is enabled?
>> Maybe a better one: make KVM crash the guest if CR8 is nonzero on a
>> vmexit.  Linux doesn't use it, Windows should not survive long.
> 
> You mean the kvm kernel module? Or can I access this register also
> from Qemu on any call that is handled in userspace? It would be easier
> to have a cmdline option to Qemu than an option to a kernel module.

Yes, the kernel module.  Accessing it in QEMU requires
cpu_synchronize_state so it's slow.  However, you could piggyback on
some other functionality that is never used by Linux to do the check,
for example the RTC I/O port.

That is, in the RTC I/O port code you call cpu_synchronize_state and
check CR8.

Paolo

>> Warning, I don't know if UEFI firmware uses CR8.
> 
> UEFI firmware is not important in this case.
> Do you know if FreeBSD, OpenBSD or NetBSD use it?
> 
> 
> Thank for your ideas,
> Peter
>