Xen project Mailing List

Ping: [PATCH v4 0/3] hvmloader: add new SMBIOS tables (7,8,9,26,27,28)

To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Date: Wed, 20 Aug 2025 12:47:53 +0200

Cc: Anthony PERARD <anthony.perard@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Wed, 20 Aug 2025 10:48:10 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Wed, Jul 30, 2025 at 11:56 AM Petr Beneš <w1benny@xxxxxxxxx> wrote: > > From: Petr Beneš <w1benny@xxxxxxxxx> > > Changes since v3: > - Renamed offsetofend macro to offsetof_end. > > Changes since v2: > - Added sizeof_field and offsetofend macros to common-macros.h. > - Used offsetofend macro everywhere to make semantically sense. > - Added BUILD_BUG_ON to ensure offsets are correct based on the SMBIOS > specification (with explanation in the comments). > - Fixed commit message of the second patch to mention the new smbios_pt_copy > function. > - Fixed nits (empty lines, misplaced *). > - Retained the original comment "Only present when passed in" + added it to > the new tables where applicable. > - Replaced hardcoded offset for chassis_handle in smbios_type_2_init. > > Changes since v1: > - Swapped the order of S-o-b in the last commit message. > > Resubmitting patch from Anton Belousov and addressing review comments > from Jan: > https://old-list-archives.xen.org/archives/html/xen-devel/2022-01/msg00725.html > > Original message: > > SMBIOS tables like 7,8,9,26,27,28 are neccessary to prevent sandbox > > detection > > by malware using WMI-queries. New tables can be mapped to memory from binary > > file specified in "smbios_firmware" parameter of domain configuration. > > If particular table is absent in binary file, then it will not be mapped to > > memory. This method works for Windows domains as tables 7,8,9,26,27,28 are > > not > > critical for OS boot and runtime. Also if "smbios_firmware" parameter is not > > provided, these tables will be skipped in write_smbios_tables function. > > Further explanation: > Some malware samples are known to check presence of various hardware > components > (like CPU fan, CPU temperature sensor, etc.) by WMI queries. If these > components > are not present, then malware can assume that it is running in a sandbox and > will not execute its payload. > > This patch will allow security researchers to create a custom SMBIOS > firmware binary file that contains these tables. > > Petr Beneš (3): > tools: add sizeof_field and offsetof_end macros > hvmloader: fix SMBIOS table length checks > hvmloader: add new SMBIOS tables (7, 8, 9, 26, 27, 28) > > tools/firmware/hvmloader/smbios.c | 290 ++++++++++++++++++------ > tools/firmware/hvmloader/smbios_types.h | 109 +++++++-- > tools/include/xen-tools/common-macros.h | 5 + > 3 files changed, 317 insertions(+), 87 deletions(-) > > -- > 2.34.1 >

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.