1. Patchew
  2. Xen
  3. View series

[PATCH 0/3] hvmloader: add new SMBIOS tables (7,8,9,26,27,28)

Petr Beneš posted 3 patches 4 months ago
Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/cover.1751412735.git.w1benny@gmail.com
There is a newer version of this series
tools/firmware/hvmloader/smbios.c       | 204 ++++++++++++++++++++----
tools/firmware/hvmloader/smbios_types.h |  83 +++++++++-
2 files changed, 254 insertions(+), 33 deletions(-)
[PATCH 0/3] hvmloader: add new SMBIOS tables (7,8,9,26,27,28)
Posted by Petr Beneš 4 months ago 
From: Petr Beneš <w1benny@gmail.com>

Resubmitting patch from Anton Belousov and addressing review comments
from Jan: https://old-list-archives.xen.org/archives/html/xen-devel/2022-01/msg00725.html

Original message:
> SMBIOS tables like 7,8,9,26,27,28 are neccessary to prevent sandbox detection
> by malware using WMI-queries. New tables can be mapped to memory from binary
> file specified in "smbios_firmware" parameter of domain configuration.
> If particular table is absent in binary file, then it will not be mapped to
> memory. This method works for Windows domains as tables 7,8,9,26,27,28 are not
> critical for OS boot and runtime. Also if "smbios_firmware" parameter is not
> provided, these tables will be skipped in write_smbios_tables function.

Further explanation:
Some malware samples are known to check presence of various hardware components
(like CPU fan, CPU temperature sensor, etc.) by WMI queries. If these components
are not present, then malware can assume that it is running in a sandbox and
will not execute its payload.

This patch will allow security researchers to create a custom SMBIOS
firmware binary file that contains these tables.

Petr Beneš (3):
  hvmloader: fix code style violations
  hvmloader: fix SMBIOS table length checks
  hvmloader: add new SMBIOS tables (7,8,9,26,27,28)

 tools/firmware/hvmloader/smbios.c       | 204 ++++++++++++++++++++----
 tools/firmware/hvmloader/smbios_types.h |  83 +++++++++-
 2 files changed, 254 insertions(+), 33 deletions(-)

-- 
2.34.1
Re: [PATCH 0/3] hvmloader: add new SMBIOS tables (7,8,9,26,27,28)
Posted by Jan Beulich 4 months ago 
On 02.07.2025 01:45, Petr Beneš wrote:
> From: Petr Beneš <w1benny@gmail.com>
> 
> Resubmitting patch from Anton Belousov and addressing review comments
> from Jan: https://old-list-archives.xen.org/archives/html/xen-devel/2022-01/msg00725.html

In which case shouldn't this submission have a version number, explicitly
larger than 1?

Jan

> Original message:
>> SMBIOS tables like 7,8,9,26,27,28 are neccessary to prevent sandbox detection
>> by malware using WMI-queries. New tables can be mapped to memory from binary
>> file specified in "smbios_firmware" parameter of domain configuration.
>> If particular table is absent in binary file, then it will not be mapped to
>> memory. This method works for Windows domains as tables 7,8,9,26,27,28 are not
>> critical for OS boot and runtime. Also if "smbios_firmware" parameter is not
>> provided, these tables will be skipped in write_smbios_tables function.
> 
> Further explanation:
> Some malware samples are known to check presence of various hardware components
> (like CPU fan, CPU temperature sensor, etc.) by WMI queries. If these components
> are not present, then malware can assume that it is running in a sandbox and
> will not execute its payload.
> 
> This patch will allow security researchers to create a custom SMBIOS
> firmware binary file that contains these tables.
> 
> Petr Beneš (3):
>   hvmloader: fix code style violations
>   hvmloader: fix SMBIOS table length checks
>   hvmloader: add new SMBIOS tables (7,8,9,26,27,28)
> 
>  tools/firmware/hvmloader/smbios.c       | 204 ++++++++++++++++++++----
>  tools/firmware/hvmloader/smbios_types.h |  83 +++++++++-
>  2 files changed, 254 insertions(+), 33 deletions(-)
>
Re: [PATCH 0/3] hvmloader: add new SMBIOS tables (7,8,9,26,27,28)
Posted by Petr Beneš 3 months, 4 weeks ago 
On Wed, Jul 2, 2025 at 8:47 AM Jan Beulich <jbeulich@suse.com> wrote:
>
> On 02.07.2025 01:45, Petr Beneš wrote:
> > From: Petr Beneš <w1benny@gmail.com>
> >
> > Resubmitting patch from Anton Belousov and addressing review comments
> > from Jan: https://old-list-archives.xen.org/archives/html/xen-devel/2022-01/msg00725.html
>
> In which case shouldn't this submission have a version number, explicitly
> larger than 1?

Fair. I wasn't sure, since I'm the one who's posting the patch now.
What version number should I use next? Should I go with 2 or use
something else?

P.
Re: [PATCH 0/3] hvmloader: add new SMBIOS tables (7,8,9,26,27,28)
Posted by Jan Beulich 3 months, 3 weeks ago 
On 04.07.2025 23:15, Petr Beneš wrote:
> On Wed, Jul 2, 2025 at 8:47 AM Jan Beulich <jbeulich@suse.com> wrote:
>>
>> On 02.07.2025 01:45, Petr Beneš wrote:
>>> From: Petr Beneš <w1benny@gmail.com>
>>>
>>> Resubmitting patch from Anton Belousov and addressing review comments
>>> from Jan: https://old-list-archives.xen.org/archives/html/xen-devel/2022-01/msg00725.html
>>
>> In which case shouldn't this submission have a version number, explicitly
>> larger than 1?
> 
> Fair. I wasn't sure, since I'm the one who's posting the patch now.
> What version number should I use next? Should I go with 2 or use
> something else?

Aiui this is effectively v2, so the next submission imo would want to be v3.

Jan

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.