* [XEN PATCH 0/1] Add support for SMBIOS tables 7,8,9,26,27,28.
@ 2021-11-29 12:59 Anton Belousov
2021-11-29 12:59 ` [XEN PATCH 1/1] Add suport for SMBIOS tables 7,8,9,26,27,28 to improve virtual machine stealth from malware Anton Belousov
2021-11-29 17:30 ` [XEN PATCH 0/1] Add support for SMBIOS tables 7,8,9,26,27,28 Roger Pau Monné
0 siblings, 2 replies; 5+ messages in thread
From: Anton Belousov @ 2021-11-29 12:59 UTC (permalink / raw)
To: xen-devel
Cc: Anton Belousov, Jan Beulich, Andrew Cooper, Roger Pau Monné,
Wei Liu, Ian Jackson
This update is done to improve virtual machine stealth from malware. There are AntiVM techniques that use WMI-queries to detect presence of this SMBIOS tables. Example: "https://github.com/LordNoteworthy/al-khaser/blob/master/al-khaser/AntiVM/Generic.cpp"
Anton Belousov (1):
Add suport for SMBIOS tables 7,8,9,26,27,28 to improve virtual machine
stealth from malware.
tools/firmware/hvmloader/smbios.c | 146 ++++++++++++++++++++++++
tools/firmware/hvmloader/smbios_types.h | 76 ++++++++++++
2 files changed, 222 insertions(+)
--
2.25.1
^ permalink raw reply [flat|nested] 5+ messages in thread
* [XEN PATCH 1/1] Add suport for SMBIOS tables 7,8,9,26,27,28 to improve virtual machine stealth from malware.
2021-11-29 12:59 [XEN PATCH 0/1] Add support for SMBIOS tables 7,8,9,26,27,28 Anton Belousov
@ 2021-11-29 12:59 ` Anton Belousov
2021-11-29 17:27 ` Roger Pau Monné
2021-12-02 13:45 ` Jan Beulich
2021-11-29 17:30 ` [XEN PATCH 0/1] Add support for SMBIOS tables 7,8,9,26,27,28 Roger Pau Monné
1 sibling, 2 replies; 5+ messages in thread
From: Anton Belousov @ 2021-11-29 12:59 UTC (permalink / raw)
To: xen-devel
Cc: Anton Belousov, Jan Beulich, Andrew Cooper, Roger Pau Monné,
Wei Liu, Ian Jackson
---
tools/firmware/hvmloader/smbios.c | 146 ++++++++++++++++++++++++
tools/firmware/hvmloader/smbios_types.h | 76 ++++++++++++
2 files changed, 222 insertions(+)
diff --git a/tools/firmware/hvmloader/smbios.c b/tools/firmware/hvmloader/smbios.c
index 97a054e9e3..f5e61c1159 100644
--- a/tools/firmware/hvmloader/smbios.c
+++ b/tools/firmware/hvmloader/smbios.c
@@ -33,12 +33,18 @@
#define SMBIOS_HANDLE_TYPE2 0x0200
#define SMBIOS_HANDLE_TYPE3 0x0300
#define SMBIOS_HANDLE_TYPE4 0x0400
+#define SMBIOS_HANDLE_TYPE7 0x0700
+#define SMBIOS_HANDLE_TYPE8 0x0800
+#define SMBIOS_HANDLE_TYPE9 0x0900
#define SMBIOS_HANDLE_TYPE11 0x0B00
#define SMBIOS_HANDLE_TYPE16 0x1000
#define SMBIOS_HANDLE_TYPE17 0x1100
#define SMBIOS_HANDLE_TYPE19 0x1300
#define SMBIOS_HANDLE_TYPE20 0x1400
#define SMBIOS_HANDLE_TYPE22 0x1600
+#define SMBIOS_HANDLE_TYPE26 0x1A00
+#define SMBIOS_HANDLE_TYPE27 0x1B00
+#define SMBIOS_HANDLE_TYPE28 0x1C00
#define SMBIOS_HANDLE_TYPE32 0x2000
#define SMBIOS_HANDLE_TYPE39 0x2700
#define SMBIOS_HANDLE_TYPE127 0x7f00
@@ -77,6 +83,12 @@ static void *
smbios_type_4_init(void *start, unsigned int cpu_number,
char *cpu_manufacturer);
static void *
+smbios_type_7_init(void *start);
+static void *
+smbios_type_8_init(void *start);
+static void *
+smbios_type_9_init(void *start);
+static void *
smbios_type_11_init(void *start);
static void *
smbios_type_16_init(void *start, uint32_t memory_size_mb, int nr_mem_devs);
@@ -89,6 +101,12 @@ smbios_type_20_init(void *start, uint32_t memory_size_mb, int instance);
static void *
smbios_type_22_init(void *start);
static void *
+smbios_type_26_init(void *start);
+static void *
+smbios_type_27_init(void *start);
+static void *
+smbios_type_28_init(void *start);
+static void *
smbios_type_32_init(void *start);
static void *
smbios_type_39_init(void *start);
@@ -205,6 +223,9 @@ write_smbios_tables(void *ep, void *start,
do_struct(smbios_type_3_init(p));
for ( cpu_num = 1; cpu_num <= vcpus; cpu_num++ )
do_struct(smbios_type_4_init(p, cpu_num, cpu_manufacturer));
+ do_struct(smbios_type_7_init(p));
+ do_struct(smbios_type_8_init(p));
+ do_struct(smbios_type_9_init(p));
do_struct(smbios_type_11_init(p));
/* Each 'memory device' covers up to 16GB of address space. */
@@ -221,6 +242,9 @@ write_smbios_tables(void *ep, void *start,
}
do_struct(smbios_type_22_init(p));
+ do_struct(smbios_type_26_init(p));
+ do_struct(smbios_type_28_init(p));
+ do_struct(smbios_type_27_init(p));
do_struct(smbios_type_32_init(p));
do_struct(smbios_type_39_init(p));
do_struct(smbios_type_vendor_oem_init(p));
@@ -700,6 +724,66 @@ smbios_type_4_init(
return start+1;
}
+/* Type 7 -- Cache Information */
+static void *
+smbios_type_7_init(void *start)
+{
+ struct smbios_type_7 *p = (struct smbios_type_7 *)start;
+
+ void *pts;
+ uint32_t length;
+
+ pts = get_smbios_pt_struct(7, &length);
+ if ( (pts != NULL)&&(length > 0) )
+ {
+ memcpy(start, pts, length);
+ p->header.handle = SMBIOS_HANDLE_TYPE7;
+ return (start + length);
+ }
+
+ return start;
+}
+
+/* Type 8 -- Port Connector Information */
+static void *
+smbios_type_8_init(void *start)
+{
+ struct smbios_type_8 *p = (struct smbios_type_8 *)start;
+
+ void *pts;
+ uint32_t length;
+
+ pts = get_smbios_pt_struct(8, &length);
+ if ( (pts != NULL)&&(length > 0) )
+ {
+ memcpy(start, pts, length);
+ p->header.handle = SMBIOS_HANDLE_TYPE8;
+ return (start + length);
+ }
+
+ return start;
+}
+
+/* Type 9 -- System Slots */
+static void *
+smbios_type_9_init(void *start)
+{
+ struct smbios_type_9 *p = (struct smbios_type_9 *)start;
+
+ void *pts;
+ uint32_t length;
+
+ pts = get_smbios_pt_struct(9, &length);
+ if ( (pts != NULL)&&(length > 0) )
+ {
+ memcpy(start, pts, length);
+ p->header.handle = SMBIOS_HANDLE_TYPE9;
+ return (start + length);
+ }
+
+ return start;
+}
+
/* Type 11 -- OEM Strings */
static void *
smbios_type_11_init(void *start)
@@ -923,6 +1007,68 @@ smbios_type_22_init(void *start)
return start+1;
}
+/* Type 26 -- Voltage Probe */
+static void *
+smbios_type_26_init(void *start)
+{
+ struct smbios_type_26 *p = (struct smbios_type_26 *)start;
+
+ void *pts;
+ uint32_t length;
+
+ pts = get_smbios_pt_struct(26, &length);
+ if ( (pts != NULL)&&(length > 0) )
+ {
+ memcpy(start, pts, length);
+ p->header.handle = SMBIOS_HANDLE_TYPE26;
+ return (start + length);
+ }
+
+ return start;
+}
+
+/* Type 27 -- Cooling Device */
+static void *
+smbios_type_27_init(void *start)
+{
+ struct smbios_type_27 *p = (struct smbios_type_27 *)start;
+
+ void *pts;
+ uint32_t length;
+
+ pts = get_smbios_pt_struct(27, &length);
+ if ( (pts != NULL)&&(length > 0) )
+ {
+ memcpy(start, pts, length);
+ p->header.handle = SMBIOS_HANDLE_TYPE27;
+ p->temperature_probe_handle = SMBIOS_HANDLE_TYPE28;
+ p->cooling_unit_group = 0;
+ return (start + length);
+ }
+
+ return start;
+}
+
+/* Type 28 -- Temperature Probe */
+static void *
+smbios_type_28_init(void *start)
+{
+ struct smbios_type_28 *p = (struct smbios_type_28 *)start;
+
+ void *pts;
+ uint32_t length;
+
+ pts = get_smbios_pt_struct(28, &length);
+ if ( (pts != NULL)&&(length > 0) )
+ {
+ memcpy(start, pts, length);
+ p->header.handle = SMBIOS_HANDLE_TYPE28;
+ return (start + length);
+ }
+
+ return start;
+}
+
/* Type 32 -- System Boot Information */
static void *
smbios_type_32_init(void *start)
diff --git a/tools/firmware/hvmloader/smbios_types.h b/tools/firmware/hvmloader/smbios_types.h
index 7c648ece71..f43be12dfc 100644
--- a/tools/firmware/hvmloader/smbios_types.h
+++ b/tools/firmware/hvmloader/smbios_types.h
@@ -149,6 +149,44 @@ struct smbios_type_4 {
uint8_t part_number_str;
} __attribute__ ((packed));
+/* SMBIOS type 7 - Cache Information */
+struct smbios_type_7 {
+ struct smbios_structure_header header;
+ uint8_t socket_designation_str;
+ uint16_t cache_configuration;
+ uint16_t maximum_cache_size;
+ uint16_t installed_size;
+ uint16_t supported_SRAM_type;
+ uint16_t current_SRAM_type;
+ uint8_t cache_speed;
+ uint8_t error_connection_type;
+ uint8_t system_cache_type;
+ uint8_t associativity;
+} __attribute__ ((packed));
+
+/* SMBIOS type 8 - Port Connector Information */
+struct smbios_type_8 {
+ struct smbios_structure_header header;
+ uint8_t internal_reference_designator_str;
+ uint8_t internal_connector_type;
+ uint8_t external_reference_designator_str;
+ uint8_t external_connector_type;
+ uint8_t port_type;
+} __attribute__ ((packed));
+
+/* SMBIOS type 9 - System Slots */
+struct smbios_type_9 {
+ struct smbios_structure_header header;
+ uint8_t slot_designation_str;
+ uint8_t slot_type;
+ uint8_t slot_data_bus_width;
+ uint8_t current_usage;
+ uint8_t slot_length;
+ uint16_t slot_id;
+ uint8_t slot_characteristics_1;
+ uint8_t slot_characteristics_2;
+} __attribute__ ((packed));
+
/* SMBIOS type 11 - OEM Strings */
struct smbios_type_11 {
struct smbios_structure_header header;
@@ -232,6 +270,44 @@ struct smbios_type_22 {
uint32_t oem_specific;
} __attribute__ ((packed));
+/* SMBIOS type 26 - Voltage Probe */
+struct smbios_type_26 {
+ struct smbios_structure_header header;
+ uint8_t description_str;
+ uint8_t location_and_status;
+ uint16_t maximum_value;
+ uint16_t minimum_value;
+ uint16_t resolution;
+ uint16_t tolerance;
+ uint16_t accuracy;
+ uint32_t oem_defined;
+ uint16_t nominal_value;
+} __attribute__ ((packed));
+
+/* SMBIOS type 27 - Cooling Device */
+struct smbios_type_27 {
+ struct smbios_structure_header header;
+ uint16_t temperature_probe_handle;
+ uint8_t device_type_and_status;
+ uint8_t cooling_unit_group;
+ uint32_t oem_defined;
+ uint16_t nominal_speed;
+} __attribute__ ((packed));
+
+/* SMBIOS type 28 - Temperature Probe */
+struct smbios_type_28 {
+ struct smbios_structure_header header;
+ uint8_t description_str;
+ uint8_t location_and_status;
+ uint16_t maximum_value;
+ uint16_t minimum_value;
+ uint16_t resolution;
+ uint16_t tolerance;
+ uint16_t accuracy;
+ uint32_t oem_defined;
+ uint16_t nominal_value;
+} __attribute__ ((packed));
+
/* SMBIOS type 32 - System Boot Information */
struct smbios_type_32 {
struct smbios_structure_header header;
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [XEN PATCH 1/1] Add suport for SMBIOS tables 7,8,9,26,27,28 to improve virtual machine stealth from malware.
2021-11-29 12:59 ` [XEN PATCH 1/1] Add suport for SMBIOS tables 7,8,9,26,27,28 to improve virtual machine stealth from malware Anton Belousov
@ 2021-11-29 17:27 ` Roger Pau Monné
2021-12-02 13:45 ` Jan Beulich
1 sibling, 0 replies; 5+ messages in thread
From: Roger Pau Monné @ 2021-11-29 17:27 UTC (permalink / raw)
To: Anton Belousov
Cc: xen-devel, Jan Beulich, Andrew Cooper, Wei Liu, Ian Jackson
Hello,
On Mon, Nov 29, 2021 at 12:59:29PM +0000, Anton Belousov wrote:
Than ks for the patch, I'm afraid this requires a proper commit
message and a Signed-off-by tag. See:
https://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches#Title_and_description_of_the_patch
> ---
> tools/firmware/hvmloader/smbios.c | 146 ++++++++++++++++++++++++
> tools/firmware/hvmloader/smbios_types.h | 76 ++++++++++++
> 2 files changed, 222 insertions(+)
>
> diff --git a/tools/firmware/hvmloader/smbios.c b/tools/firmware/hvmloader/smbios.c
> index 97a054e9e3..f5e61c1159 100644
> --- a/tools/firmware/hvmloader/smbios.c
> +++ b/tools/firmware/hvmloader/smbios.c
> @@ -33,12 +33,18 @@
> #define SMBIOS_HANDLE_TYPE2 0x0200
> #define SMBIOS_HANDLE_TYPE3 0x0300
> #define SMBIOS_HANDLE_TYPE4 0x0400
> +#define SMBIOS_HANDLE_TYPE7 0x0700
> +#define SMBIOS_HANDLE_TYPE8 0x0800
> +#define SMBIOS_HANDLE_TYPE9 0x0900
> #define SMBIOS_HANDLE_TYPE11 0x0B00
> #define SMBIOS_HANDLE_TYPE16 0x1000
> #define SMBIOS_HANDLE_TYPE17 0x1100
> #define SMBIOS_HANDLE_TYPE19 0x1300
> #define SMBIOS_HANDLE_TYPE20 0x1400
> #define SMBIOS_HANDLE_TYPE22 0x1600
> +#define SMBIOS_HANDLE_TYPE26 0x1A00
> +#define SMBIOS_HANDLE_TYPE27 0x1B00
> +#define SMBIOS_HANDLE_TYPE28 0x1C00
> #define SMBIOS_HANDLE_TYPE32 0x2000
> #define SMBIOS_HANDLE_TYPE39 0x2700
> #define SMBIOS_HANDLE_TYPE127 0x7f00
> @@ -77,6 +83,12 @@ static void *
> smbios_type_4_init(void *start, unsigned int cpu_number,
> char *cpu_manufacturer);
> static void *
> +smbios_type_7_init(void *start);
> +static void *
> +smbios_type_8_init(void *start);
> +static void *
> +smbios_type_9_init(void *start);
> +static void *
> smbios_type_11_init(void *start);
> static void *
> smbios_type_16_init(void *start, uint32_t memory_size_mb, int nr_mem_devs);
> @@ -89,6 +101,12 @@ smbios_type_20_init(void *start, uint32_t memory_size_mb, int instance);
> static void *
> smbios_type_22_init(void *start);
> static void *
> +smbios_type_26_init(void *start);
> +static void *
> +smbios_type_27_init(void *start);
> +static void *
> +smbios_type_28_init(void *start);
> +static void *
> smbios_type_32_init(void *start);
> static void *
> smbios_type_39_init(void *start);
> @@ -205,6 +223,9 @@ write_smbios_tables(void *ep, void *start,
> do_struct(smbios_type_3_init(p));
> for ( cpu_num = 1; cpu_num <= vcpus; cpu_num++ )
> do_struct(smbios_type_4_init(p, cpu_num, cpu_manufacturer));
> + do_struct(smbios_type_7_init(p));
> + do_struct(smbios_type_8_init(p));
> + do_struct(smbios_type_9_init(p));
> do_struct(smbios_type_11_init(p));
>
> /* Each 'memory device' covers up to 16GB of address space. */
> @@ -221,6 +242,9 @@ write_smbios_tables(void *ep, void *start,
> }
>
> do_struct(smbios_type_22_init(p));
> + do_struct(smbios_type_26_init(p));
> + do_struct(smbios_type_28_init(p));
> + do_struct(smbios_type_27_init(p));
> do_struct(smbios_type_32_init(p));
> do_struct(smbios_type_39_init(p));
> do_struct(smbios_type_vendor_oem_init(p));
> @@ -700,6 +724,66 @@ smbios_type_4_init(
> return start+1;
> }
>
> +/* Type 7 -- Cache Information */
> +static void *
> +smbios_type_7_init(void *start)
> +{
> + struct smbios_type_7 *p = (struct smbios_type_7 *)start;
> +
> + void *pts;
> + uint32_t length;
> +
> + pts = get_smbios_pt_struct(7, &length);
> + if ( (pts != NULL)&&(length > 0) )
> + {
> + memcpy(start, pts, length);
> + p->header.handle = SMBIOS_HANDLE_TYPE7;
> + return (start + length);
> + }
Here and below for the added types: would it make sense to fill them
with some default information in the absence of any data passed in?
I'm afraid this requires some commit message in order to properly
review it.
Thanks, Roger.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [XEN PATCH 0/1] Add support for SMBIOS tables 7,8,9,26,27,28.
2021-11-29 12:59 [XEN PATCH 0/1] Add support for SMBIOS tables 7,8,9,26,27,28 Anton Belousov
2021-11-29 12:59 ` [XEN PATCH 1/1] Add suport for SMBIOS tables 7,8,9,26,27,28 to improve virtual machine stealth from malware Anton Belousov
@ 2021-11-29 17:30 ` Roger Pau Monné
1 sibling, 0 replies; 5+ messages in thread
From: Roger Pau Monné @ 2021-11-29 17:30 UTC (permalink / raw)
To: Anton Belousov
Cc: xen-devel, Jan Beulich, Andrew Cooper, Wei Liu, Ian Jackson
On Mon, Nov 29, 2021 at 12:59:28PM +0000, Anton Belousov wrote:
> This update is done to improve virtual machine stealth from malware. There are AntiVM techniques that use WMI-queries to detect presence of this SMBIOS tables. Example: "https://github.com/LordNoteworthy/al-khaser/blob/master/al-khaser/AntiVM/Generic.cpp"
Aren't there many other hints at whether an OS is running inside of a
VM? I could imagine for example the ACPI tables, the list or models of
exposed devices, or the cpuid data?
Thanks, Roger.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [XEN PATCH 1/1] Add suport for SMBIOS tables 7,8,9,26,27,28 to improve virtual machine stealth from malware.
2021-11-29 12:59 ` [XEN PATCH 1/1] Add suport for SMBIOS tables 7,8,9,26,27,28 to improve virtual machine stealth from malware Anton Belousov
2021-11-29 17:27 ` Roger Pau Monné
@ 2021-12-02 13:45 ` Jan Beulich
1 sibling, 0 replies; 5+ messages in thread
From: Jan Beulich @ 2021-12-02 13:45 UTC (permalink / raw)
To: Anton Belousov
Cc: Andrew Cooper, Roger Pau Monné, Wei Liu, Ian Jackson, xen-devel
On 29.11.2021 13:59, Anton Belousov wrote:
> ---
> tools/firmware/hvmloader/smbios.c | 146 ++++++++++++++++++++++++
> tools/firmware/hvmloader/smbios_types.h | 76 ++++++++++++
> 2 files changed, 222 insertions(+)
In addition to what Roger said: Without a commit message it's also unclear
whether it was considered that the extra information might misguide a guest
(kernel).
Also, even if I expect you simply cloned existing functions: Please try to
avoid cloning style violations; see ./CODING_STYLE. The most noticable to
me issue was missing blanks around &&.
Jan
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-12-02 13:45 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-29 12:59 [XEN PATCH 0/1] Add support for SMBIOS tables 7,8,9,26,27,28 Anton Belousov
2021-11-29 12:59 ` [XEN PATCH 1/1] Add suport for SMBIOS tables 7,8,9,26,27,28 to improve virtual machine stealth from malware Anton Belousov
2021-11-29 17:27 ` Roger Pau Monné
2021-12-02 13:45 ` Jan Beulich
2021-11-29 17:30 ` [XEN PATCH 0/1] Add support for SMBIOS tables 7,8,9,26,27,28 Roger Pau Monné
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.