[Qemu-devel] Prohibit Windows from running in QEMU

[Qemu-devel] Prohibit Windows from running in QEMU

[Peter Lieven]

Hi all,

this question might seem a bit weird, but does anyone see a good way to avoid
that Windows is able to boot inside qemu?

We have defined several profiles for different operation systems and I want
to avoid that someone chooses Linux and then installs Windows within
a VM. Reason is licensing.

Thanks,
Peter

Re: [Qemu-devel] Prohibit Windows from running in QEMU

[Paolo Bonzini]

Il 29/10/2013 10:48, Peter Lieven ha scritto:
> Hi all,
> 
> this question might seem a bit weird, but does anyone see a good way to
> avoid
> that Windows is able to boot inside qemu?
> 
> We have defined several profiles for different operation systems and I want
> to avoid that someone chooses Linux and then installs Windows within
> a VM. Reason is licensing.

Patch QEMU to crash when Hyper-V extensions are enabled...

Paolo

Re: [Qemu-devel] Prohibit Windows from running in QEMU

[Peter Lieven]

On 29.10.2013 10:59, Paolo Bonzini wrote:
> Il 29/10/2013 10:48, Peter Lieven ha scritto:
>> Hi all,
>>
>> this question might seem a bit weird, but does anyone see a good way to
>> avoid
>> that Windows is able to boot inside qemu?
>>
>> We have defined several profiles for different operation systems and I want
>> to avoid that someone chooses Linux and then installs Windows within
>> a VM. Reason is licensing.
> Patch QEMU to crash when Hyper-V extensions are enabled...

I was thinking about this, but wouldn't this mean the cpu signature would always be "Microsoft Hv"
and not "KVMKVMKVM\0\0\0"?

Peter

Re: [Qemu-devel] Prohibit Windows from running in QEMU

[Paolo Bonzini]

Il 29/10/2013 11:11, Peter Lieven ha scritto:
> On 29.10.2013 10:59, Paolo Bonzini wrote:
>> Il 29/10/2013 10:48, Peter Lieven ha scritto:
>>> Hi all,
>>>
>>> this question might seem a bit weird, but does anyone see a good way to
>>> avoid
>>> that Windows is able to boot inside qemu?
>>>
>>> We have defined several profiles for different operation systems and
>>> I want
>>> to avoid that someone chooses Linux and then installs Windows within
>>> a VM. Reason is licensing.
>> Patch QEMU to crash when Hyper-V extensions are enabled...
> 
> I was thinking about this, but wouldn't this mean the cpu signature
> would always be "Microsoft Hv"
> and not "KVMKVMKVM\0\0\0"?

The KVM signature should be at CPUID leaf 0x40000100.

Paolo

Re: [Qemu-devel] Prohibit Windows from running in QEMU

[Gleb Natapov]

On Tue, Oct 29, 2013 at 11:19:54AM +0100, Paolo Bonzini wrote:
> Il 29/10/2013 11:11, Peter Lieven ha scritto:
> > On 29.10.2013 10:59, Paolo Bonzini wrote:
> >> Il 29/10/2013 10:48, Peter Lieven ha scritto:
> >>> Hi all,
> >>>
> >>> this question might seem a bit weird, but does anyone see a good way to
> >>> avoid
> >>> that Windows is able to boot inside qemu?
> >>>
> >>> We have defined several profiles for different operation systems and
> >>> I want
> >>> to avoid that someone chooses Linux and then installs Windows within
> >>> a VM. Reason is licensing.
> >> Patch QEMU to crash when Hyper-V extensions are enabled...
> > 
> > I was thinking about this, but wouldn't this mean the cpu signature
> > would always be "Microsoft Hv"
> > and not "KVMKVMKVM\0\0\0"?
> 
> The KVM signature should be at CPUID leaf 0x40000100.
> 
But only recently Linux started to search for it there.

--
			Gleb.

Re: [Qemu-devel] Prohibit Windows from running in QEMU

[Peter Lieven]

On 29.10.2013 11:19, Paolo Bonzini wrote:
> Il 29/10/2013 11:11, Peter Lieven ha scritto:
>> On 29.10.2013 10:59, Paolo Bonzini wrote:
>>> Il 29/10/2013 10:48, Peter Lieven ha scritto:
>>>> Hi all,
>>>>
>>>> this question might seem a bit weird, but does anyone see a good way to
>>>> avoid
>>>> that Windows is able to boot inside qemu?
>>>>
>>>> We have defined several profiles for different operation systems and
>>>> I want
>>>> to avoid that someone chooses Linux and then installs Windows within
>>>> a VM. Reason is licensing.
>>> Patch QEMU to crash when Hyper-V extensions are enabled...
>> I was thinking about this, but wouldn't this mean the cpu signature
>> would always be "Microsoft Hv"
>> and not "KVMKVMKVM\0\0\0"?
> The KVM signature should be at CPUID leaf 0x40000100.
If I enable hyperv for all vServers the signature is at KVM_CPUID_SIGNATURE_NEXT (0x40000100) otherwise
at KVM_CPUID_SIGNATURE (0x0). Does this matter to Linux?

Peter

Re: [Qemu-devel] Prohibit Windows from running in QEMU

[Paolo Bonzini]

Il 29/10/2013 11:40, Peter Lieven ha scritto:
>>>
>> The KVM signature should be at CPUID leaf 0x40000100.
> If I enable hyperv for all vServers the signature is at
> KVM_CPUID_SIGNATURE_NEXT (0x40000100) otherwise
> at KVM_CPUID_SIGNATURE (0x0).

KVM_CPU_ID_SIGNATURE is 0x40000000.

> Does this matter to Linux?

For recent versions it doesn't.  Older versions will not be able to use
kvmclock (and other PV enhancements for KVM such as steal time or PV EOI).

Paolo

Re: [Qemu-devel] Prohibit Windows from running in QEMU

[Peter Lieven]

On 29.10.2013 11:48, Paolo Bonzini wrote:
> Il 29/10/2013 11:40, Peter Lieven ha scritto:
>>> The KVM signature should be at CPUID leaf 0x40000100.
>> If I enable hyperv for all vServers the signature is at
>> KVM_CPUID_SIGNATURE_NEXT (0x40000100) otherwise
>> at KVM_CPUID_SIGNATURE (0x0).
> KVM_CPU_ID_SIGNATURE is 0x40000000.
>
>> Does this matter to Linux?
> For recent versions it doesn't.  Older versions will not be able to use
> kvmclock (and other PV enhancements for KVM such as steal time or PV EOI).
Ok, so this is not an option today - maybe later...

Any other idea to detect Windows is running or trying to start?

Thanks,
Peter

Re: [Qemu-devel] Prohibit Windows from running in QEMU

[Michael S. Tsirkin]

On Tue, Oct 29, 2013 at 10:48:07AM +0100, Peter Lieven wrote:
> Hi all,
> 
> this question might seem a bit weird, but does anyone see a good way to avoid
> that Windows is able to boot inside qemu?
> 
> We have defined several profiles for different operation systems and I want
> to avoid that someone chooses Linux and then installs Windows within
> a VM. Reason is licensing.
> 
> Thanks,
> Peter

- create a device
- write a linux driver
- if driver is not enabled crash guest

-- 
MST

Re: [Qemu-devel] Prohibit Windows from running in QEMU

[Gleb Natapov]

On Tue, Oct 29, 2013 at 01:13:24PM +0200, Michael S. Tsirkin wrote:
> On Tue, Oct 29, 2013 at 10:48:07AM +0100, Peter Lieven wrote:
> > Hi all,
> > 
> > this question might seem a bit weird, but does anyone see a good way to avoid
> > that Windows is able to boot inside qemu?
> > 
> > We have defined several profiles for different operation systems and I want
> > to avoid that someone chooses Linux and then installs Windows within
> > a VM. Reason is licensing.
> > 
> > Thanks,
> > Peter
> 
> - create a device
> - write a linux driver
> - if driver is not enabled crash guest
> 
For how long to wait before a crash?

--
			Gleb.

Re: [Qemu-devel] Prohibit Windows from running in QEMU

[Peter Lieven]

On 29.10.2013 12:26, Gleb Natapov wrote:
> On Tue, Oct 29, 2013 at 01:13:24PM +0200, Michael S. Tsirkin wrote:
>> On Tue, Oct 29, 2013 at 10:48:07AM +0100, Peter Lieven wrote:
>>> Hi all,
>>>
>>> this question might seem a bit weird, but does anyone see a good way to avoid
>>> that Windows is able to boot inside qemu?
>>>
>>> We have defined several profiles for different operation systems and I want
>>> to avoid that someone chooses Linux and then installs Windows within
>>> a VM. Reason is licensing.
>>>
>>> Thanks,
>>> Peter
>> - create a device
>> - write a linux driver
>> - if driver is not enabled crash guest
>>
> For how long to wait before a crash?
I would not like to alter the software in the guest anyway. If this would be required
I could force a Linux version that would search for the alternate KVM signature
in the cpuid leaf.

Peter

Re: [Qemu-devel] Prohibit Windows from running in QEMU

[Gleb Natapov]

On Tue, Oct 29, 2013 at 12:31:18PM +0100, Peter Lieven wrote:
> On 29.10.2013 12:26, Gleb Natapov wrote:
> >On Tue, Oct 29, 2013 at 01:13:24PM +0200, Michael S. Tsirkin wrote:
> >>On Tue, Oct 29, 2013 at 10:48:07AM +0100, Peter Lieven wrote:
> >>>Hi all,
> >>>
> >>>this question might seem a bit weird, but does anyone see a good way to avoid
> >>>that Windows is able to boot inside qemu?
> >>>
> >>>We have defined several profiles for different operation systems and I want
> >>>to avoid that someone chooses Linux and then installs Windows within
> >>>a VM. Reason is licensing.
> >>>
> >>>Thanks,
> >>>Peter
> >>- create a device
> >>- write a linux driver
> >>- if driver is not enabled crash guest
> >>
> >For how long to wait before a crash?
> I would not like to alter the software in the guest anyway. If this would be required
> I could force a Linux version that would search for the alternate KVM signature
> in the cpuid leaf.
> 
You can detect certain patterns of RTC usage (Linux does not use it
usually), but it is fragile since Linux allows userspace to access RTC
and it may create the same usage pattern.

--
			Gleb.

Re: [Qemu-devel] Prohibit Windows from running in QEMU

[Daniel P. Berrange]

On Tue, Oct 29, 2013 at 10:48:07AM +0100, Peter Lieven wrote:
> Hi all,
> 
> this question might seem a bit weird, but does anyone see a good way to avoid
> that Windows is able to boot inside qemu?
> 
> We have defined several profiles for different operation systems and I want
> to avoid that someone chooses Linux and then installs Windows within
> a VM. Reason is licensing.

Do you have todo the check in QEMU itself, or is it possible to add
a hook into your installation method ?  If so, then you could use the
virt-inspector tool that comes with libguestfs to probe the install
media and/or disk image to detect the operating system type, and then
avoid starting QEMU at all if not what was expected

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

Re: [Qemu-devel] Prohibit Windows from running in QEMU

[Michael S. Tsirkin]

On Tue, Oct 29, 2013 at 01:26:59PM +0200, Gleb Natapov wrote:
> On Tue, Oct 29, 2013 at 01:13:24PM +0200, Michael S. Tsirkin wrote:
> > On Tue, Oct 29, 2013 at 10:48:07AM +0100, Peter Lieven wrote:
> > > Hi all,
> > > 
> > > this question might seem a bit weird, but does anyone see a good way to avoid
> > > that Windows is able to boot inside qemu?
> > > 
> > > We have defined several profiles for different operation systems and I want
> > > to avoid that someone chooses Linux and then installs Windows within
> > > a VM. Reason is licensing.
> > > 
> > > Thanks,
> > > Peter
> > 
> > - create a device
> > - write a linux driver
> > - if driver is not enabled crash guest
> > 
> For how long to wait before a crash?

Or don't crash, disable some other functionality, for example, you can
keep all network links down until your driver is loaded.

> --
> 			Gleb.

Re: [Qemu-devel] Prohibit Windows from running in QEMU

[Gleb Natapov]

On Tue, Oct 29, 2013 at 02:17:10PM +0200, Michael S. Tsirkin wrote:
> On Tue, Oct 29, 2013 at 01:26:59PM +0200, Gleb Natapov wrote:
> > On Tue, Oct 29, 2013 at 01:13:24PM +0200, Michael S. Tsirkin wrote:
> > > On Tue, Oct 29, 2013 at 10:48:07AM +0100, Peter Lieven wrote:
> > > > Hi all,
> > > > 
> > > > this question might seem a bit weird, but does anyone see a good way to avoid
> > > > that Windows is able to boot inside qemu?
> > > > 
> > > > We have defined several profiles for different operation systems and I want
> > > > to avoid that someone chooses Linux and then installs Windows within
> > > > a VM. Reason is licensing.
> > > > 
> > > > Thanks,
> > > > Peter
> > > 
> > > - create a device
> > > - write a linux driver
> > > - if driver is not enabled crash guest
> > > 
> > For how long to wait before a crash?
> 
> Or don't crash, disable some other functionality, for example, you can
> keep all network links down until your driver is loaded.
> 
Unless your root is on nfs and driver is in a module :). Anyway if you
need to write guest code there are easier ways to do it than writing new
device/driver. In ideal world you could have used ACPI _OS(?) function,
but since most bioses are broken for anything but Windows Linux reports
that it is Windows too.
 
--
			Gleb.

Re: [Qemu-devel] Prohibit Windows from running in QEMU

[Laszlo Ersek]

On 10/29/13 11:50, Peter Lieven wrote:
> On 29.10.2013 11:48, Paolo Bonzini wrote:
>> Il 29/10/2013 11:40, Peter Lieven ha scritto:
>>>> The KVM signature should be at CPUID leaf 0x40000100.
>>> If I enable hyperv for all vServers the signature is at
>>> KVM_CPUID_SIGNATURE_NEXT (0x40000100) otherwise
>>> at KVM_CPUID_SIGNATURE (0x0).
>> KVM_CPU_ID_SIGNATURE is 0x40000000.
>>
>>> Does this matter to Linux?
>> For recent versions it doesn't.  Older versions will not be able to use
>> kvmclock (and other PV enhancements for KVM such as steal time or PV
>> EOI).
> Ok, so this is not an option today - maybe later...
> 
> Any other idea to detect Windows is running or trying to start?

I don't know what I'm talking about. But:

- Maybe tracing MSR accesses could give you a "profile".

- Windows' ACPI parser is super cranky. You could pass in a custom (but
standardized) ACPI table on the command line (-acpitable) that only
triggers some warnings in Linux's port of ACPICA, but crashes Windows
(BSOD). Like, write & compile a simple table to AML, then mess it up
(eg. Package encoding or some such) with a hex editor. This would take
some experimentation as well, but searching existing bug reports could help.

Laszlo

Re: [Qemu-devel] Prohibit Windows from running in QEMU

[BALATON Zoltan]

On Tue, 29 Oct 2013, Laszlo Ersek wrote:
> I don't know what I'm talking about. But:

Neither do I but...

> - Windows' ACPI parser is super cranky. You could pass in a custom (but
> standardized) ACPI table on the command line (-acpitable) that only
> triggers some warnings in Linux's port of ACPICA, but crashes Windows
> (BSOD). Like, write & compile a simple table to AML, then mess it up
> (eg. Package encoding or some such) with a hex editor. This would take
> some experimentation as well, but searching existing bug reports could help.

This seems evil and fragile (although this can be done without patches 
with a command line option only). But instead why not remove/disable some 
BIOS functions that Linux doesn't need but Windows relies on? This seems 
to be less fragile (although requiring a patch) if it's possible at all.

Regards,
BALATON Zoltan

Re: [Qemu-devel] Prohibit Windows from running in QEMU

[Paolo Bonzini]

Il 29/10/2013 16:55, BALATON Zoltan ha scritto:
> On Tue, 29 Oct 2013, Laszlo Ersek wrote:
>> I don't know what I'm talking about. But:
> 
> Neither do I but...
> 
>> - Windows' ACPI parser is super cranky. You could pass in a custom (but
>> standardized) ACPI table on the command line (-acpitable) that only
>> triggers some warnings in Linux's port of ACPICA, but crashes Windows
>> (BSOD). Like, write & compile a simple table to AML, then mess it up
>> (eg. Package encoding or some such) with a hex editor. This would take
>> some experimentation as well, but searching existing bug reports could
>> help.
> 
> This seems evil and fragile (although this can be done without patches
> with a command line option only). But instead why not remove/disable
> some BIOS functions that Linux doesn't need but Windows relies on? This
> seems to be less fragile (although requiring a patch) if it's possible
> at all.

Subtly crippling the HPET might work, since Linux will prefer kvmclock.
 Good luck when users come screaming for support though.

Paolo

Re: [Qemu-devel] Prohibit Windows from running in QEMU

[Peter Lieven]

> Am 29.10.2013 um 17:00 schrieb Paolo Bonzini <pbonzini@redhat.com>:
> 
> Il 29/10/2013 16:55, BALATON Zoltan ha scritto:
>>> On Tue, 29 Oct 2013, Laszlo Ersek wrote:
>>> I don't know what I'm talking about. But:
>> 
>> Neither do I but...
>> 
>>> - Windows' ACPI parser is super cranky. You could pass in a custom (but
>>> standardized) ACPI table on the command line (-acpitable) that only
>>> triggers some warnings in Linux's port of ACPICA, but crashes Windows
>>> (BSOD). Like, write & compile a simple table to AML, then mess it up
>>> (eg. Package encoding or some such) with a hex editor. This would take
>>> some experimentation as well, but searching existing bug reports could
>>> help.
>> 
>> This seems evil and fragile (although this can be done without patches
>> with a command line option only). But instead why not remove/disable
>> some BIOS functions that Linux doesn't need but Windows relies on? This
>> seems to be less fragile (although requiring a patch) if it's possible
>> at all.
> 
> Subtly crippling the HPET might work, since Linux will prefer kvmclock.
> Good luck when users come screaming for support though.
> 

I think without hyper-v Windows will prefer the pmtimer. I will look at this it might work.

Thanks for your ideas.

Peter

> Paolo

Re: [Qemu-devel] Prohibit Windows from running in QEMU

[Li Guang]

Michael S. Tsirkin wrote:
> On Tue, Oct 29, 2013 at 10:48:07AM +0100, Peter Lieven wrote:
>    
>> Hi all,
>>
>> this question might seem a bit weird, but does anyone see a good way to avoid
>> that Windows is able to boot inside qemu?
>>
>> We have defined several profiles for different operation systems and I want
>> to avoid that someone chooses Linux and then installs Windows within
>> a VM. Reason is licensing.
>>
>> Thanks,
>> Peter
>>      
> - create a device
> - write a linux driver
> - if driver is not enabled crash guest
>
>    
another option:
_OSI() in ACPI, for ACPI compatible cases.

Re: [Qemu-devel] Prohibit Windows from running in QEMU

[Peter Lieven]

Am 29.10.2013 um 10:59 schrieb Paolo Bonzini:
> Il 29/10/2013 10:48, Peter Lieven ha scritto:
>> Hi all,
>>
>> this question might seem a bit weird, but does anyone see a good way to
>> avoid
>> that Windows is able to boot inside qemu?
>>
>> We have defined several profiles for different operation systems and I want
>> to avoid that someone chooses Linux and then installs Windows within
>> a VM. Reason is licensing.
> Patch QEMU to crash when Hyper-V extensions are enabled...

Hi all,

this is an old topic that has become important for me again recently.
Now all Linux versions should be able to detect KVM even if Hyper-V is enabled.

But how do I detect from Qemu userspace that Hyper-V is enabled?

Thanks,
Peter

Re: [Qemu-devel] Prohibit Windows from running in QEMU

[Paolo Bonzini]

On 04/08/2017 11:58, Peter Lieven wrote:
> Am 29.10.2013 um 10:59 schrieb Paolo Bonzini:
>> Il 29/10/2013 10:48, Peter Lieven ha scritto:
>>> Hi all,
>>>
>>> this question might seem a bit weird, but does anyone see a good way to
>>> avoid
>>> that Windows is able to boot inside qemu?
>>>
>>> We have defined several profiles for different operation systems and I want
>>> to avoid that someone chooses Linux and then installs Windows within
>>> a VM. Reason is licensing.
>> Patch QEMU to crash when Hyper-V extensions are enabled...
> 
> Hi all,
> 
> this is an old topic that has become important for me again recently.
> Now all Linux versions should be able to detect KVM even if Hyper-V is enabled.
> 
> But how do I detect from Qemu userspace that Hyper-V is enabled?

Maybe a better one: make KVM crash the guest if CR8 is nonzero on a
vmexit.  Linux doesn't use it, Windows should not survive long.
Warning, I don't know if UEFI firmware uses CR8.

Paolo

Re: [Qemu-devel] Prohibit Windows from running in QEMU

[Peter Lieven]

Am 04.08.2017 um 12:23 schrieb Paolo Bonzini:
> On 04/08/2017 11:58, Peter Lieven wrote:
>> Am 29.10.2013 um 10:59 schrieb Paolo Bonzini:
>>> Il 29/10/2013 10:48, Peter Lieven ha scritto:
>>>> Hi all,
>>>>
>>>> this question might seem a bit weird, but does anyone see a good way to
>>>> avoid
>>>> that Windows is able to boot inside qemu?
>>>>
>>>> We have defined several profiles for different operation systems and I want
>>>> to avoid that someone chooses Linux and then installs Windows within
>>>> a VM. Reason is licensing.
>>> Patch QEMU to crash when Hyper-V extensions are enabled...
>> Hi all,
>>
>> this is an old topic that has become important for me again recently.
>> Now all Linux versions should be able to detect KVM even if Hyper-V is enabled.
>>
>> But how do I detect from Qemu userspace that Hyper-V is enabled?
> Maybe a better one: make KVM crash the guest if CR8 is nonzero on a
> vmexit.  Linux doesn't use it, Windows should not survive long.

You mean the kvm kernel module? Or can I access this register also
from Qemu on any call that is handled in userspace? It would be easier
to have a cmdline option to Qemu than an option to a kernel module.

> Warning, I don't know if UEFI firmware uses CR8.

UEFI firmware is not important in this case.
Do you know if FreeBSD, OpenBSD or NetBSD use it?


Thank for your ideas,
Peter

Re: [Qemu-devel] Prohibit Windows from running in QEMU

[Paolo Bonzini]

On 04/08/2017 12:27, Peter Lieven wrote:
> Am 04.08.2017 um 12:23 schrieb Paolo Bonzini:
>> On 04/08/2017 11:58, Peter Lieven wrote:
>>> Am 29.10.2013 um 10:59 schrieb Paolo Bonzini:
>>>> Il 29/10/2013 10:48, Peter Lieven ha scritto:
>>>>> Hi all,
>>>>>
>>>>> this question might seem a bit weird, but does anyone see a good way to
>>>>> avoid
>>>>> that Windows is able to boot inside qemu?
>>>>>
>>>>> We have defined several profiles for different operation systems and I want
>>>>> to avoid that someone chooses Linux and then installs Windows within
>>>>> a VM. Reason is licensing.
>>>> Patch QEMU to crash when Hyper-V extensions are enabled...
>>> Hi all,
>>>
>>> this is an old topic that has become important for me again recently.
>>> Now all Linux versions should be able to detect KVM even if Hyper-V is enabled.
>>>
>>> But how do I detect from Qemu userspace that Hyper-V is enabled?
>> Maybe a better one: make KVM crash the guest if CR8 is nonzero on a
>> vmexit.  Linux doesn't use it, Windows should not survive long.
> 
> You mean the kvm kernel module? Or can I access this register also
> from Qemu on any call that is handled in userspace? It would be easier
> to have a cmdline option to Qemu than an option to a kernel module.

Yes, the kernel module.  Accessing it in QEMU requires
cpu_synchronize_state so it's slow.  However, you could piggyback on
some other functionality that is never used by Linux to do the check,
for example the RTC I/O port.

That is, in the RTC I/O port code you call cpu_synchronize_state and
check CR8.

Paolo

>> Warning, I don't know if UEFI firmware uses CR8.
> 
> UEFI firmware is not important in this case.
> Do you know if FreeBSD, OpenBSD or NetBSD use it?
> 
> 
> Thank for your ideas,
> Peter
> 

Re: [Qemu-devel] Prohibit Windows from running in QEMU

[Peter Lieven]

Am 04.08.2017 um 12:43 schrieb Paolo Bonzini:
> On 04/08/2017 12:27, Peter Lieven wrote:
>> Am 04.08.2017 um 12:23 schrieb Paolo Bonzini:
>>> On 04/08/2017 11:58, Peter Lieven wrote:
>>>> Am 29.10.2013 um 10:59 schrieb Paolo Bonzini:
>>>>> Il 29/10/2013 10:48, Peter Lieven ha scritto:
>>>>>> Hi all,
>>>>>>
>>>>>> this question might seem a bit weird, but does anyone see a good way to
>>>>>> avoid
>>>>>> that Windows is able to boot inside qemu?
>>>>>>
>>>>>> We have defined several profiles for different operation systems and I want
>>>>>> to avoid that someone chooses Linux and then installs Windows within
>>>>>> a VM. Reason is licensing.
>>>>> Patch QEMU to crash when Hyper-V extensions are enabled...
>>>> Hi all,
>>>>
>>>> this is an old topic that has become important for me again recently.
>>>> Now all Linux versions should be able to detect KVM even if Hyper-V is enabled.
>>>>
>>>> But how do I detect from Qemu userspace that Hyper-V is enabled?
>>> Maybe a better one: make KVM crash the guest if CR8 is nonzero on a
>>> vmexit.  Linux doesn't use it, Windows should not survive long.
>> You mean the kvm kernel module? Or can I access this register also
>> from Qemu on any call that is handled in userspace? It would be easier
>> to have a cmdline option to Qemu than an option to a kernel module.
> Yes, the kernel module.  Accessing it in QEMU requires
> cpu_synchronize_state so it's slow.  However, you could piggyback on
> some other functionality that is never used by Linux to do the check,
> for example the RTC I/O port.
>
> That is, in the RTC I/O port code you call cpu_synchronize_state and
> check CR8.

Thanks, I will try that out and let you know.

Peter