Laptops and hardware virtualization
Richard Pieri
richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Sun Feb 14 00:04:44 EST 2010
On Feb 13, 2010, at 11:06 PM, Shankar Viswanathan wrote:
>
> There are security reasons why certain OEMs disable VT-x/AMD-V in the
> BIOS -- search for "Blue Pill" to see the gory details. While this
> hole has been demonstrated, I am not aware of any public exploits
> (perhaps because it is quite hard to create the necessary conditions).
> Still, disabling the extensions if you do not plan to use them is
> probably a good idea (my personal opinion, not my employer's).
I'm aware of Blue Pill. I'm also aware that the claim of 100% undetectability is impossible on the x86 architecture. Short version: there are privileged x86 instructions that aren't handled by VT-x/AMD-v. Those instructions can be used to determine if the OS is running in a virtualized environment or not.
--Rich P.
More information about the Discuss
mailing list