On 2015-12-23 10:04, Dragos Ruiu wrote:
Ok let me short circuit this meta discussion by saying that AFAIK now
that
the new Intel Skylake chips fixed many virtualization bugs
Curious, where can I read about this, URL?
and it's possible
to efficiently nest VMs there might not be a way to discover if you are
running on bare metal. I too would find it useful to be able to lock a
kernel so it only runs on bare metal not a VM, but according to folks
who
know more about this than I do it is now very hard to do this given you
can
run VT inside VT, and very efficiently on Xeons.
I would be interested in any code that can knowingly break inside a VM
to
verify unvirtualized status, esp. on Skylake. Older processors can
probably
use the virtualization bugs in the hardware for this function.
Cheers,
--dr
P.s. Also interested in code that can detect emulated UEFI.
