On Tue, Feb 11, 2025, Borislav Petkov wrote: > On Fri, Jan 31, 2025 at 06:17:02PM -0800, Sean Christopherson wrote: > > And if the host provides the core crystal frequency in CPUID.0x15, then KVM > > guests can use that for the APIC timer period instead of manually > > calibrating the frequency. > > Hmm, so that part: what's stopping the host from faking the CPUID leaf? I.e., > I would think that actually doing the work to calibrate the frequency would be > more reliable/harder to fake to a guest than the guest simply reading some > untrusted values from CPUID... Not really. Crafting an attack based on timing would be far more difficult than tricking the guest into thinking the APIC runs at the "wrong" frequency. The APIC timer itself is controlled by the hypervisor, e.g. the host can emulate the timer at the "wrong" freuquency on-demand. Detecting that the guest is post-boot and thus done calibrating is trivial. > Or are we saying here: oh well, there are so many ways for a normal guest to > be lied to so that we simply do the completely different approach and trust > the HV to be benevolent when we're not dealing with confidential guests which > have all those other things to keep the HV honest? This. Outside of CoCo, the hypervisor is 100% trusted. And there's zero reason for the hypervisor to lie, it can simply read/write all guest state.
