Qubes is already limited to certain CPUs. Does the virtual CPU look exactly the same as on the host?
Knowing the CPU model could also make some CPU bug related attacks easier.
Donât know how the vcpus work, but I think it more like threads on the real CPU, itâs not a virtual CPU emulating the actual CPU.
The guest needs to know the CPUID to know what hardware itâs running on, the ID tell the OS what optimizations etc. it can use.
Difference of cpuid command (or cat /proc/cpuinfo) output on host vs guest?
iirc at least for KVM/libvirt systems the output can be very different depending on what CPU features you pass through.
Also iirc, there once was a discussion on the Whonix forum for having the same CPU model used for each user.
Does it need to know everything?
Even if you returned random data, and it doesnât negatively impact your system, I donât think itâs going to prevent someone from probing the CPU and learn the real feature set.
If everyone uses the same features (not sure if possible) the CPU fingerprint should at least be similar.
Not sure tbh but I think it is not possible to probe host cpu features if you pass through only certain features.
Are you blocking the other forms of javascript fingerprinting?
Yes, I know about the js fingerprinting but everyone else should get fingerprinted the same way with thousands of hardware models exactly the same and thousands of browsers the same (TAILS, TBB Whonix) but there is specific targeting. So I wonder how. Identifiers in firmware? GPU specifics? Emulation should abstract some of those identifying characteristics away.
1 Like
I agree with @procShield , a hypervisor should expose as little identifying information about a cpu as possible. Where functionality may be affected, the user should decide.
1 Like