On 02/19/2015 03:58 PM, grarpamp wrote: > On Thu, Feb 19, 2015 at 2:17 AM, Mirimir <[email protected]> wrote: >> https://www.virtualbox.org/manual/ch09.html#rawdisk >> >> Given that, I'm assuming that when using VDIs, the host OS doesn't allow >> VMs to directly access physical disks. And I don't see how a VM could >> reconfigure itself for raw hard disk access to the host disk, because >> doing so would such access to its own config. > > The link is saying different than that. > VM VDI is just a backing file on the host OS FS, opcodes likely fail here, > note in link how VM supplies fake disk VPD to guest OS. > Host OS often runs VM as root and even may assist by loading VM kernel module.
VirtualBox in Linux doesn't require root rights. I just checked htop on the host, and all VM processes are running as user. And visudo shows nothing about VirtualBox. > VM's can thus passthrough host OS devices to guest OS if so configured, > and if so, VM probably does not filter any opcodes, particularly if > passing an entire physical disk. How would I test that? I suppose that I could setup a VM to boot from an HDD, and then see if I can flash the HDD's firmware. But I'm not the NSA, and so only success would be probative. But hey, I'll take a shot. > Also consider what VT-d is doing regarding sharing physical devices. > So you'd still want opcode filtering in kernel in those cases. I see that VirtualBox can use VT-d passthrough for PCI devices, such as NICs, and maybe displays. But don't see any mention of VT-d for disks and CD/DVD. I do see that QEMU can do more of that, however.
