Masking out the Protected Processor Identification Number

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi I was wondering if libvirt/KVM screens out a CPU's or Protected
Processor Identification Number? - "PPIN" is a universal hardware serial
number etched into the chip in the fab. [1]

I am currently allowing full host cpu passthrough to allow guests to use
spectre/meltdown mitigations. However as we are a privacy project, we
are looking to prevent obvious identity linkers like serial numbers from
being read by untrusted environments.

Apparentlt Intel has had it for years and its accessible with the mcelog
daemon.

[1]
https://www.phoronix.com/scan.php?page=news_item&px=AMD-PPIN-Processor-ID-Linux






[Index of Archives]     [Virt Tools]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux