VMware Communities
jharris1993
Contributor
Contributor
‎02-11-2022 07:27 AM

Why/how can, (or should), a guest O/S know it's inside a virtual environment?

I am sorry if this is a silly/stupid question, and if this is in the wrong place, please move it.

Greetings!

There has been one nagging question that has bothered me since I started using virtual machines/VMware Player decades ago:

  1. When you install a guest O/S on VMware Player, (and I am assuming that this is true for VMware Pro), I am invited to install things like VMware Tools, (etc.) on the guest operating system.
  2. I have been lead to believe that there are mechanisms that the guest O/S can use to know if it is being virtualized, (I vaguely remember something about that when installing Linux Mint where the installer that I was running knew it was on VMware and/or the base O/S knew it was running on VMware.)

In my mind, the idea of a "virtual" environment is that the guest operating system has no idea that it's running on a virtual system and, as far as it knows, it's on real, live, bare-metal hardware.  Not only does it have no idea, it is absolutely incapable of knowing that it's not on real hardware.  For all intent and purposes, it should be like the guest O/S is running inside a Cat-5 Biohazard bunker with reinforced concrete/titanium alloy walls and a battalion of armed Marines guarding it to keep whatever is inside from getting out.

However, this does not appear to be true, insofar as I remember installing systems before.

Why should it be possible for a system to know that it's not on bare metal?  What's the advantage?  To me, (AFAIK), that defeats the entire purpose of a virtual system if the guest O/S can "break the forth wall" and know it's on a synthetic system.

If the O/S can know, and/or the O/S installer can know that it's on a virtual system than, theoretically, a bad actor can also know that it's on a virtual system and then develop ways to punch through to the real system beneath it, compromising everything.  Likewise, a bad actor can, (in theory), know that virtual systems exist on the real system and "punch through" to infect them too.

To me, this does not make sense - at the very least the guest O/S should have no idea that it's being virtualized, and even have no way to know it's being virtualized.

I am sorry if this is a really stupid question, but this has been bugging me for a while. . .

Thanks!

0 Kudos
1 Reply
ender_
Expert
Expert
‎02-18-2022 02:27 PM

If you want to run a guest OS at (nearly) native speed, it has to be aware it's running in a hypervisor. While VMWare helps the guest find out it's running inside a hypervisor by exposing devices with its vendor ID, the guest could also figure this out by looking at the "hardware" it's running on – eg. the chipset VMWare emulates is Intel 440BX, which dates to the late 90's, and wouldn't be able to support any modern CPU and OS (this is even more obvious if you're running an AMD CPU); VMWare also emulates some devices that don't exist in real world at all (VMWare SVGA graphic card, pvscsi storage controller and vmxnet3 network adapter), since doing this has far less overhead (and is thus much faster) than emulating real devices. Even without these, it's possible to figure out that the system is running in a hypervisor, since some CPU instructions behave slightly differently than on bare metal (if in no other way, at least by taking longer to execute).

It is possible to do full system emulation in such way that makes it nearly impossible to detect that the system is not real, but such emulation is much slower – eg. 86box only manages to emulate a 486 CPU in real-time on modern machines.

0 Kudos