illusion-rs icon indicating copy to clipboard operation
illusion-rs copied to clipboard

Published 20 hours ago verified publisher icon memN0ps

Implement Support for Running as a Nested Hypervisor Under Microsoft Hyper-V (Type-2) with VBS

Open memN0ps opened this issue 2 months ago • 2 comments

Issue: Support for running as a nested hypervisor under Microsoft Hyper-V with Virtualization Based Security (VBS).

Environment: UEFI Rust hypervisor, with partial support for Hyper-V nested virtualization.

Current Status:

  • Implemented: Out of Range MSRs and Hyper-V Interface CPUID Leaves.
  • Pending:
    1. Implementation of Hyper-V Hypercalls (VMCALLs).
    2. Transition to Advanced Configuration and Power Interface (ACPI) from the older Multiprocessor Specification (MP Protocol).

Required Implementation:

  1. Hyper-V Hypercalls (VMCALLs) - Essential for managing interactions between the hypervisor and the nested virtual machine (VM). This includes recognizing and correctly handling VMCALLs from both the hypervisor and nested VMs to maintain system stability and functionality.
  2. Advanced Configuration and Power Interface (ACPI) - Transition from MP Protocol to ACPI is necessary to meet Hyper-V's configuration and power management standards.

Current Behavior: Without proper VMCALL handling and ACPI support, the hypervisor cannot correctly interact with Hyper-V, leading to potential failures or incorrect operations under Hyper-V nested virtualization.

Expected Behavior:

  • The hypervisor should intercept and manage VMCALLs effectively, ensuring smooth operation and compatibility within a Hyper-V environment.
  • Transition to ACPI support to enhance compatibility with Hyper-V's power management and configuration requirements.

Steps to Reproduce:

  1. Set up the hypervisor with Hyper-V.
  2. Observe operational issues related to unhandled VMCALLs and potential issues due to MP Protocol usage instead of ACPI.

Additional Information: Implementing these functionalities is crucial for ensuring that the hypervisor can run efficiently under Hyper-V, handling all necessary hypercalls and configuration protocols as expected by the Hyper-V Hypervisor Top-Level Functional Specification (TLFS). Transitioning to ACPI will address compatibility issues with Hyper-V's advanced power management features.

memN0ps avatar Apr 20 '24 05:04 memN0ps