VMware Cloud Community
socbizkaia
Contributor
Contributor
Jump to solution

PowerCLI check to verify VM is not affected by Spectre2

Hello,

I would like to check via PowerCLI if one VM is ready against Spectre Variant 2 from the point of view of virtual hardware (hypervisor). Then the virtual machine should also include patches for the guest OS.

According to Hypervisor-Assisted Guest Mitigation for Branch Target injection (52085):

 

Confirmation of Correct Operation

To confirm a host has both VMware hypervisor and updated microcode, use the following steps:
  1. Power on a Virtual Machine which is configured to use Virtual Hardware Version 9 or later.
  2. Examine the vmware.log file for that VM and look for one of the following entries:
       
    • “Capability Found: cpuid.IBRS”
    •  
    • “Capability Found: cpuid.IBPB”
    •  
    • “Capabliity Found: cpuid.STIBP”
  3. Any of the above log entires indicate that both the CPU microcode and hypervisor are properly updated.

To confirm end to end operation including guest OS enablement of hardware support for branch target mitigation, check with your OS vendor.

 

I can check the hardware profile of a Virtual Machine thanks to PowerCLI. But, How Can I check that one VM has the new capabilities??

- Is there any PowerCLI command to check the capabilities of virtual CPUs of a given VM?

- Is there any PowerCLI command to parse the vmware.log of a given VM?

Thanks!

 

Christian

Reply
0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
Jump to solution

Reply
0 Kudos
2 Replies
LucD
Leadership
Leadership
Jump to solution

Reply
0 Kudos
socbizkaia
Contributor
Contributor
Jump to solution

This is exactly what I was looking for! Thank you LucD!

Reply
0 Kudos