[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-discuss] How to enable kvm at runtime?
|
From: |
Peter Maydell |
|
Subject: |
Re: [Qemu-discuss] How to enable kvm at runtime? |
|
Date: |
Thu, 11 Feb 2016 17:07:06 +0000 |
On 11 February 2016 at 05:11, Ren Kimura <address@hidden> wrote:
> I have a question about activation of kvm.
>
> Is there any way to enable/disable kvm at qemu runtime?
Yes, the command line is -enable-kvm. (We default to not using KVM.)
> It should be useful for sandbox tools like DECAF or TEMU,
> because some malware use VT-x information to detect these.
Beware that you should not regard emulated QEMU as being
capable of containing malware within its sandbox -- the
emulator code has not been audited and we don't consider
it a security boundary[*]. (In contrast, there is a security
boundary for KVM and a guest should be unable to escape a
KVM VM.)
[*] In other words, if a TCG (emulated) guest can do bad
things to the host that's a bug, but it's not a security
bug. And it is very likely that at least some such bugs
exist in the emulation code.
thanks
-- PMM