{{Header}}
{{Title|title=
CPUID - Security and Privacy Risks
‎}}
{{#seo:
|description=CPUID is a processor function that allowing software to discover the model and capabilities of the processor. This can be a security or privacy risk.
|image=Cpuid1.png
}}
<div class="mininav">
* [[System_identity_camouflage|System Identity Camouflage and Virtual Machine Cloaking]]
* [[CPUID|CPUID - Security and Privacy Risks]]
</div>
[[File:Cpuid1.png|thumb|'''Figure:''' ''<code>cpuid</code> Screenshot 1 / 4'' ([[#CPUID Screenshots|more screenshots]]) ([[#cpuid_usage|usage]])]]
{{intro|
[https://en.wikipedia.org/wiki/CPUID CPUID] is a processor function that allowing software to discover the model and capabilities of the processor. This can be a security or privacy risk.
}}
= Introduction =
To avoid confusion, it is being mentioned that there are two different things:

* '''CPUID:''' This wiki page.
* '''PPIN:''' [https://forums.whonix.org/t/cpu-serial-numbers-protected-processor-identification-number-ppin/9224 <code>Protected Processor Identification Number</code> (<code>PPIN</code>)]

As for CPUID, there are two different cases.

* '''A)''' <u>Remote CPUID</u>: Even if the user has JavaScript enabled in their browser, websites cannot remotely detect the user's CPU model and capabilities.
* '''B)''' <u>Local CPUID</u>: Unfortunately, locally running applications can use the non-privileged CPU instruction CPUID. This cannot be prevented. This issue is [[unspecific|unspecific to {{project_name_long}}]].

[[#CPUID Technical Background|The technical background of these two cases is being elaborated below.]]

= CPUID Information =
[https://iq.opengenus.org/cpuid/ Quote]:

<blockquote>What information does CPUID give?

Any information that is related to Processor including the design of the Processor can be fetched using CPUID instructions. For example, we can get the following information using CPUID using different leaf values:
<br />
* Processor Vendor name
* Processor name, Serial number
* Number of Cores
* Features supported like AVX512
* L1, L2 and L3 Cache Size
* Cache Topology
* Thermal and Power Management</blockquote>

= CPUID Screenshots =
Author of screenshots: [https://screenshots.debian.net/package/cpuid screenshots.debian.net/package/cpuid]

'''Figure:''' ''<code>cpuid</code> Screenshot 1 / 4''

{{ContentImage|
[[File:Cpuid1.png|border]]
}}

'''Figure:''' ''<code>cpuid</code> Screenshot 2 / 4''

{{ContentImage|
[[File:Cpuid3.png|border]]
}}

'''Figure:''' ''<code>cpuid</code> Screenshot 3 / 4''

{{ContentImage|
[[File:Cpuid2.png|border]]
}}

'''Figure:''' ''<code>cpuid</code> Screenshot 4 / 4''

{{ContentImage|
[[File:Cpuid4.png|border]]
}}

= CPUID Technical Background =
{{box|text=
* <u>Importance of this wiki chapter</u>: If the reader is time-poor, the rest of the text inside this box can be skipped.
* <u>Affected operating systems:</u> All. This issue is [[unspecific|unspecific to {{project_name_short}}]].
* <u>Affected computers</u>: All Intel and AMD CPUs are affected since 1993.
* <u>Workarounds available?</u> None. There are also no virtualizers capable to hide this information. Perhaps emulators might be able to hide this information since the CPU is fully emulated (as opposed to be being virtualized) but these are too slow to be considered for production use.
* <u>CPUID technical introduction</u>: Quote [https://manpages.debian.org/{{Stable project version based on Debian codename}}/manpages/cpuid.4.en.html cpuid man page] (<u>Underline</u> added.):
** <blockquote><u>The CPUID instruction can be directly executed by a program using inline assembler.</u> However this device allows convenient access to all CPUs without changing process affinity. Most of the information in cpuid is reported by the kernel in cooked form either in /proc/cpuinfo or through subdirectories in /sys/devices/system/cpu. Direct CPUID access through this device should only be used in exceptional cases.</blockquote>
* <u>Remote websites:</u> Cannot fingerprint the user to remotely detect the the user's CPU model and capabilities. There are no test pages that claim to do it. One websites might make a first impression that it can be done, but it's not possible, see {{whonix_wiki
|wikipage=Browser_Tests#cpuid_visualiser|cpuid visualizer
|text=cpuid visualizer
}}. A different project, [https://github.com/streamich/cpuid CPUID in JavaScript] cannot do it either. While JavaScript is often viewed as synonym with the browser, JavaScript can also be used with out a browser. The CPUID in JavaScript program might work with JavaScript on a server but not with JavaScript in a browser.
** <u>Popular demand by many website owners:</u> Many people asked about this generally on stackexchange (detecting hardware information using JavaScript) but nobody had a solution for CPU model and capabilities specifically.
** <u>No live demonstration available:</u> There is no hosted web service that demonstrates this feature. At least a few of the many {{whonix_wiki
|wikipage=Browser_Tests
|text=Browser Tests
}} would implement this. Specifically likely the {{whonix_wiki
|wikipage=The_World_Wide_Web_And_Your_Privacy#Fingerprint.com
|text=popular Fingerprint.com
}} improve their service with CPUID if this was possible.
** <u>Specifically asking:</u> This question has been specifically directed at only project that does something similar to this, which is [https://github.com/streamich/cpuid CPUID in JavaScript]. The project does not claim it works in browsers. Question for this specifically has been asked anyhow, see [https://github.com/streamich/cpuid/issues/6 Can cpuid x86 in JavaScript run inside a browser?]
** {{whonix_wiki
|wikipage=Browser_Tests#AmIUnique
|text=AmIUnique
}}<u> feature request:</u> [https://github.com/DIVERSIFY-project/amiunique/issues/63 detect CPUID using JavaScript] - reply received in summary: Not possible.
** <u>Alternative browser API:</u> Since this is not possible, an alternative browser API feature [https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency) <code>navigator.hardwareConcurrency</code>] was implemented by browsers vendors.
** <u>Alternative to CPUID</u>: The closest alternative to CPU fingerprinting using CPUID that has been found is {{whonix_wiki
|wikipage=Browser_Tests#WebCPU
|text=WebCPU
}}.
* <u>Non-solutions</u>: Even security-misc's [[Security-misc#Reduce_Kernel_Information_Leaks|<code>hide-hardware-info.service</code>]] cannot hide CPUID.
* <u>Future</u>: The {{project_name_short}} project will not be able to fix the CPUID issue. At author if this wiki page is not aware of any virtualizer or kernel project which is interested in "hardware privacy". Very few related bug reports / feature requests exist. Users, researchers and developers interested in getting this issue fixed are encouraged to use the principles of [[Reporting_Bugs#Generic_Bug_Reproduction|Generic Bug Reporting]] and [[Self_Support_First_Policy|Self Support First Policy]], in short, reproduce, describe the issue without reference to {{project_name_short}} and contact upstream projects (such as virtualizers, kernel) directly.
* <u>Related</u>: {{whonix_wiki
|wikipage=VM_Fingerprinting
|text=VM Fingerprinting
}}
* <u>References</u>:
** <u>Upstream bug reports / feature requests:</u>
*** Qubes <u>unfixed, rejected</u> bug report: [https://github.com/QubesOS/qubes-issues/issues/1142 Stop telling VMs the exact physical CPU model in the computer]
** <u>Forum discussions:</u>
*** [https://forums.whonix.org/t/any-way-to-hide-cpu-info-from-whonix/11609 Any way to hide CPU info from Whonix?]
*** [https://forums.whonix.org/t/remote-detection-of-cpu-capabilities-cpuid-by-any-web-server-using-javascript-js/14261 Remote Detection of CPU Capabilities (CPUID) by any Web Server using JavaScript (JS)?]
*** See this for [https://forums.whonix.org/t/restrict-hardware-information-to-root-testers-wanted/8618/26 more discussion on CPUID].
** <u>For developers:</u>
*** The research paper [https://web.archive.org/web/20220728120012/https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.302.7877&rep=rep1&type=pdf Virtualization Detection: New Strategies and Their Effectiveness] mentions CPUID several times and shares some ideas how leaking sensitive information using CPUID could be avoided.
*** https://security.stackexchange.com/questions/220357/fake-output-of-cpuid-instruction
*** https://github.com/torvalds/linux/blob/master/arch/x86/kvm/cpuid.c
}}

= cpuid usage =
<code>cpuid</code> is a program that uses the processor's cpuid function and shows its result.

Note, that the availability or unavailability of the <code>cpuid</code> from the package repository is irrelevant. This is because the CPU's cupid function is a non-privileged instruction. Meaning, any other application could easily call the same CPU function.

Optional: Users interested to learn more or view their CPUID could use <code>cpuid</code>.

{{box|text=
'''1.'''  {{Open a product ws terminal}}

'''2.''' Software installation

{{Install Package|package=
cpuid
}}

'''3.''' Run <code>cpuid</code>.

{{CodeSelect|code=
cpuid
}}

'''4.''' Done.

The process of showing information from the processor's cpuid function has been completed.
}}

= CPUID visualizer =
{{box|text=
CPUID <u>visualizer</u>:

See also this [https://cpuid.apps.poly.nomial.co.uk/ CPUID <u>visualizer</u>]. {{whonix_wiki
|wikipage=Browser_Tests#cpuid_visualiser|cpuid visualizer
|text=The CPUID visualizer does not claim to be a detector, does not claim to be a browser test that can remotely detect the user's CPUID.
}}
}}

= /proc/cpuinfo versus cpuid =
On Linux systems, there are at least two ways to access CPU information.

* '''A)''' ''<code>/proc/cpuinfo</code>:'' Is a virtual file provided by the kernel providing information about the CPU.
** To view, run: {{CodeSelect|code=
cat /proc/cpuinfo
}}
** [[Security-misc#Reduce_Kernel_Information_Leaks|<code>hide-hardware-info.service</code>]] can prevent access to this virtual file.
* '''B)''' ''<code>cpuid</code>:'' Is a program that queries the CPU's cpuid function directly to get information about the CPU.
** To view, see above chapter [[#cpuid_usage|<code>cpuid</code> usage]].
** This cannot be prevented, see [[#CPUID Technical Background|CPUID Technical Background]].

= CPU Fingerprinting =
A related topic is CPU fingerprinting. Even if the non-privileged CPU instruction CPUID could be disabled, there would be more issues.

{{quotation
|quote=CPUs are fingerprintable in many more ways than simply checking CPUID (for example, you can try to use features not advertised on CPUID and see what happens).
|context=[https://github.com/jpouellet Jean-Philippe Ouellet], Qubes contributor is Qubes issue [https://github.com/QubesOS/qubes-issues/issues/1142#issuecomment-317281716 Stop telling VMs the exact physical CPU model in the computer]
}}

= CPUID Spoofing Testing =
This wiki chapter documents ways to check if any potential ways of CPUID spoofing are effective. It does not provide instructions on how to perform CPUID spoofing which might be impossible on the Intel / AMD64 platform.

<u>run twice and compare method:</u>

'''1.''' [[#cpuid_usage|Run <code>cpuid</code>]] (or an alternative, if any is available) before making any attempts of CPUID spoofing. Store its output in a text file <code>cpuid1.txt</code>.

'''2.''' Apply any possibly available steps to spoof the CPUID.

The user could experiment with emulators such as bochs, virtualizers such as VirtualBox and its settings <ref>
https://forums.whonix.org/t/restrict-hardware-information-to-root-testers-wanted/8618/50
</ref> or other options.

'''3.''' [[#cpuid_usage|Run <code>cpuid</code> again]]. Store its output in text file <code>cpuid2.txt</code>.

'''4.''' Compare the two text files.

Due to the lengthy output of <code>cpuid</code> with many different details, manually comparing the two files could be cumbersome and error-prone. Instead, using a [[Software#File_Comparison_Tools|file comparison tool]] of the user's choice is recommended.

= Technical Challenges =
{{quotation
|quote=[...] CPU model with various details (the CPUID instruction) that is essential for the system within the VM to function correctly (to know what instructions it can use, to know what mitigations against speculative execution should be applied etc). Masking some of of it is potentially possible (like pretending you are running on a CPU from 10 years ago), with all the disadvantages of it.
|context=Marek (Qubes OS lead developer) in Qubes issue [https://github.com/QubesOS/qubes-issues/issues/1142 Stop telling VMs the exact physical CPU model in the computer]
}}

= Superficial Hiding =
This is just a pointer. Superficial hiding in context of Xen, Qubes might be possible. See Qubes OS forums discussion [https://forum.qubes-os.org/t/spoofing-the-cpu-name/19172 Spoofing the CPU name]. [[Unsupported|Unsupported by {{project_name_short}}]].

How about non-superficial, comprehensive hiding? Not possible. Please refer to the rest of this wiki page.

= Related =
* {{whonix_wiki
|wikipage=VM_Fingerprinting
|text=VM Fingerprinting
}}

= Footnotes =
{{reflist|close=1}}

{{Footer}}

[[Category:Design]]