On 02/19/2015 03:58 PM, grarpamp wrote:
On Thu, Feb 19, 2015 at 2:17 AM, Mirimir <mirimir@riseup.net> wrote:
https://www.virtualbox.org/manual/ch09.html#rawdisk
Given that, I'm assuming that when using VDIs, the host OS doesn't allow VMs to directly access physical disks. And I don't see how a VM could reconfigure itself for raw hard disk access to the host disk, because doing so would such access to its own config.
The link is saying different than that. VM VDI is just a backing file on the host OS FS, opcodes likely fail here, note in link how VM supplies fake disk VPD to guest OS. Host OS often runs VM as root and even may assist by loading VM kernel module.
VirtualBox in Linux doesn't require root rights. I just checked htop on the host, and all VM processes are running as user. And visudo shows nothing about VirtualBox.
VM's can thus passthrough host OS devices to guest OS if so configured, and if so, VM probably does not filter any opcodes, particularly if passing an entire physical disk.
How would I test that? I suppose that I could setup a VM to boot from an HDD, and then see if I can flash the HDD's firmware. But I'm not the NSA, and so only success would be probative. But hey, I'll take a shot.
Also consider what VT-d is doing regarding sharing physical devices. So you'd still want opcode filtering in kernel in those cases.
I see that VirtualBox can use VT-d passthrough for PCI devices, such as NICs, and maybe displays. But don't see any mention of VT-d for disks and CD/DVD. I do see that QEMU can do more of that, however.