thr3ads.net - libvirt users - Masking out the Protected Processor Identification Number [Mar 2020]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

procmem@riseup.net

2020-Mar-28 18:37 UTC

Masking out the Protected Processor Identification Number

Hi I was wondering if libvirt/KVM screens out a CPU's or Protected
Processor Identification Number? - "PPIN" is a universal hardware
serial
number etched into the chip in the fab. [1]

I am currently allowing full host cpu passthrough to allow guests to use
spectre/meltdown mitigations. However as we are a privacy project, we
are looking to prevent obvious identity linkers like serial numbers from
being read by untrusted environments.

Apparentlt Intel has had it for years and its accessible with the mcelog
daemon.

[1]
https://www.phoronix.com/scan.php?page=news_item&px=AMD-PPIN-Processor-ID-Linux

Apparently Analagous Threads

[LLVMdev] Request for Help: Teach ARM target to auto-detect cpu / subtarget features
[LLVMdev] Request for Help: Teach ARM target to auto-detect cpu / subtarget features
is clang9 supporting asm-goto?
mcelog SELinux errors
mcelog

Search for more apparently analagous threads

libvirt users - Mar 2020 - Masking out the Protected Processor Identification Number

Masking out the Protected Processor Identification Number

Apparently Analagous Threads

Wisdom of the Ancients