S
shad0
Guest
Hi everyone.
I'm trying to build a POC application to validate the Hyper-v Platform API which available since Windows 10 RS5 (17134), particularly the Memory Isolation capability.
as we know, there exists a type-1 hypervisor since windows 10 to provide the ability to isolate some key parts of the Windows kernel, "VSM" is the name called by Microsoft.
so once the Hyper-v platform API was published, I'm very curious about whether our common developers can build some security applications just like VSM do.
the conclusion is, I think I failed due to the lack of documents about the new API set.
API doc refer: Windows Hypervisor Platform API Definitions
------------------------------------------------------------------------------------------------------
here is the problem:
the WHvPartitionPropertyCodeSeparateSecurityDomain which is a property code of VM partition, and can be used with
WHvGetPartitionProperty and WHvSetPartitionProperty APIs.
so according to its name (I mean Separate & Domain), I think once I assign this property with TRUE for a specified guest VM partition, and then map a memory region to guest VM partition (with WHvMapGpaRange), the bare metal hyper-v hypervisor (TYPE-1 hypervisor) should ensure the memory region cannot be accessed by the host OS (current windows 10 system) and other VMs.
but it doesn't, I can still access the mapped memory region in host OS.
so is there anyone who can help me please, I will thanks that for a lot.
or can I get help from microsoft staffs? espcially who code for the Hyper-V platform. @mstfguys please
Continue reading...
I'm trying to build a POC application to validate the Hyper-v Platform API which available since Windows 10 RS5 (17134), particularly the Memory Isolation capability.
as we know, there exists a type-1 hypervisor since windows 10 to provide the ability to isolate some key parts of the Windows kernel, "VSM" is the name called by Microsoft.
so once the Hyper-v platform API was published, I'm very curious about whether our common developers can build some security applications just like VSM do.
the conclusion is, I think I failed due to the lack of documents about the new API set.
API doc refer: Windows Hypervisor Platform API Definitions
------------------------------------------------------------------------------------------------------
here is the problem:
the WHvPartitionPropertyCodeSeparateSecurityDomain which is a property code of VM partition, and can be used with
WHvGetPartitionProperty and WHvSetPartitionProperty APIs.
so according to its name (I mean Separate & Domain), I think once I assign this property with TRUE for a specified guest VM partition, and then map a memory region to guest VM partition (with WHvMapGpaRange), the bare metal hyper-v hypervisor (TYPE-1 hypervisor) should ensure the memory region cannot be accessed by the host OS (current windows 10 system) and other VMs.
but it doesn't, I can still access the mapped memory region in host OS.
so is there anyone who can help me please, I will thanks that for a lot.
or can I get help from microsoft staffs? espcially who code for the Hyper-V platform. @mstfguys please
Continue reading...