Removed hyperv & test-windows-uefi-hooks feature

hypervisor/Cargo.toml

@@ -9,11 +9,6 @@ edition = "2021"
 name = "hypervisor"
 path = "src/lib.rs"
 
-[features]
-default = []
-test-windows-uefi-hooks = [] # Enables testing Windows UEFI hooks at runtime.
-hyperv = [] # Enables Hyper-V hypervisor support.
-
 [dependencies]
 x86 = "0.52.0" # https://crates.io/crates/x86
 x86_64 = "0.15.0" # https://crates.io/crates/x86_64

hypervisor/src/intel/vmexit/cpuid.rs

@@ -5,11 +5,9 @@ use {
     crate::{
         error::HypervisorError,
         intel::{
-            hooks::{hook_manager::EptHookType, inline::InlineHookType},
             vm::Vm,
             vmexit::{commands::handle_guest_commands, ExitType},
         },
-        windows::nt::pe::djb2_hash,
     },
     bitfield::BitMut,
     log::*,
@@ -127,28 +125,30 @@ pub fn handle_cpuid(vm: &mut Vm) -> Result<ExitType, HypervisorError> {
             }
             leaf if leaf == CpuidLeaf::CacheInformation as u32 => {
                 trace!("CPUID leaf 0x2 detected (Cache Information).");
-                if vm.hook_manager.has_cpuid_cache_info_been_called == false && cfg!(feature = "test-windows-uefi-hooks") {
-                    trace!("Register state before handling VM exit: {:#x?}", vm.guest_registers);
+                if vm.hook_manager.has_cpuid_cache_info_been_called == false {
 
+                    /*
+                    // Test UEFI boot-time hooks
                     if let Some(mut kernel_hook) = vm.hook_manager.kernel_hook.take() {
                         info!("Hooking NtQuerySystemInformation with syscall number 0x36");
-
                         kernel_hook.enable_kernel_ept_hook(
                             vm,
-                            djb2_hash("NtQuerySystemInformation".as_bytes()),
-                            EptHookType::Function(InlineHookType::Vmcall),
+                            crate::windows::nt::pe::djb2_hash("NtQuerySystemInformation".as_bytes()),
+                            crate::intel::hooks::hook_manager::EptHookType::Function(crate::intel::hooks::inline::InlineHookType::Vmcall),
+                        )?;
+                        kernel_hook.enable_syscall_ept_hook(
+                            vm,
+                            0x32,
+                            crate::intel::hooks::hook_manager::EptHookType::Function(crate::intel::hooks::inline::InlineHookType::Vmcall),
                         )?;
-
-                        kernel_hook.enable_syscall_ept_hook(vm, 0x32, EptHookType::Function(InlineHookType::Vmcall))?;
-
                         // Place the kernel hook back in the box
                         vm.hook_manager.kernel_hook = Some(kernel_hook);
-
                         // Set the flag
                         vm.hook_manager.has_cpuid_cache_info_been_called = true;
                     } else {
                         return Err(HypervisorError::KernelHookMissing);
                     }
+                     */
                 }
             }
             leaf if leaf == CpuidLeaf::ExtendedFeatureInformation as u32 => {
@@ -163,14 +163,14 @@ pub fn handle_cpuid(vm: &mut Vm) -> Result<ExitType, HypervisorError> {
                 cpuid_result.ecx = 0x6e6f6973; // "nois", part of "Illusion" (in reverse order due to little-endian storage).
                 cpuid_result.edx = 0x00000000; // Filled with null bytes as there are no more characters to encode.
             }
-            leaf if leaf == CpuidLeaf::HypervisorInterface as u32 && cfg!(feature = "hyperv") => {
+            leaf if leaf == CpuidLeaf::HypervisorInterface as u32 => {
                 trace!("CPUID leaf 0x40000001 detected (Hypervisor Interface Identification).");
                 // Return information indicating the hypervisor's interface.
                 // Here, we specify that our hypervisor does not conform to the Microsoft hypervisor interface ("Hv#1").
-                cpuid_result.eax = 0x00000000; // Interface signature indicating non-conformance to Microsoft interface.
-                cpuid_result.ebx = 0x00000000; // Reserved field set to zero.
-                cpuid_result.ecx = 0x00000000; // Reserved field set to zero.
-                cpuid_result.edx = 0x00000000; // Reserved field set to zero.
+                // cpuid_result.eax = 0x00000000; // Interface signature indicating non-conformance to Microsoft interface.
+                // cpuid_result.ebx = 0x00000000; // Reserved field set to zero.
+                // cpuid_result.ecx = 0x00000000; // Reserved field set to zero.
+                // cpuid_result.edx = 0x00000000; // Reserved field set to zero.
             }
             _ => trace!("CPUID leaf 0x{leaf:X}."),
         }

hypervisor/src/intel/vmexit/msr.rs

@@ -50,7 +50,7 @@ pub fn handle_msr_access(vm: &mut Vm, access_type: MsrAccessType) -> Result<Exit
     // Define the range for valid MSR access and Hyper-V MSRs
     const MSR_VALID_RANGE_LOW: RangeInclusive<u32> = 0x00000000..=0x00001FFF;
     const MSR_VALID_RANGE_HIGH: RangeInclusive<u32> = 0xC0000000..=0xC0001FFF;
-    // const MSR_HYPERV_RANGE: RangeInclusive<u32> = 0x40000000..=0x400000F0;
+    const MSR_HYPERV_RANGE: RangeInclusive<u32> = 0x40000000..=0x400000F0;
 
     // Define the VMX lock bit for IA32_FEATURE_CONTROL MSR
     const VMX_LOCK_BIT: u64 = 1 << 0;
@@ -60,7 +60,7 @@ pub fn handle_msr_access(vm: &mut Vm, access_type: MsrAccessType) -> Result<Exit
 
     // Determine if the MSR address is valid, reserved, or synthetic (EasyAntiCheat and Battleye invalid MSR checks)
     // by checking if the MSR address is in the Hyper-V range or outside other valid ranges
-    if !MSR_VALID_RANGE_LOW.contains(&msr_id) && !MSR_VALID_RANGE_HIGH.contains(&msr_id) && !cfg!(feature = "hyperv") {
+    if !MSR_VALID_RANGE_LOW.contains(&msr_id) && !MSR_VALID_RANGE_HIGH.contains(&msr_id) && MSR_HYPERV_RANGE.contains(&msr_id) {
         log::trace!("Invalid MSR access attempted: {:#x}", msr_id);
         EventInjection::vmentry_inject_gp(0);
         return Ok(ExitType::Continue);

hypervisor/src/intel/vmexit/vmcall.rs

@@ -89,11 +89,6 @@ pub fn handle_vmcall(vm: &mut Vm) -> Result<ExitType, HypervisorError> {
         update_guest_interrupt_flag(vm, false)?;
 
         Ok(ExitType::Continue)
-    } else if cfg!(feature = "hyperv") {
-        // If the address is not a hook and we are running under hyper-v forward it.
-        debug!("Hyper-V VMCALL detected and handled.");
-        asm_hyperv_vmcall(vm.guest_registers.rcx, vm.guest_registers.rdx, vm.guest_registers.r8);
-        Ok(ExitType::IncrementRIP)
     } else {
         EventInjection::vmentry_inject_gp(0);
         Ok(ExitType::Continue)

uefi/Cargo.toml

@@ -9,16 +9,11 @@ edition = "2021"
 name = "illusion"
 path = "src/main.rs"
 
-[features]
-default = ["hyperv"] # Enables Hyper-V hypervisor support.
-hyperv = [] # Enables Hyper-V hypervisor support.
-
 [dependencies]
 uefi = { version = "0.28.0", features = ["global_allocator", "alloc"] } # https://crates.io/crates/uefi
 uefi-services = { version = "0.25.0", default-features = false } # https://crates.io/crates/uefi-services
 log = { version = "0.4.20", default-features = false } # https://crates.io/crates/log
 once_cell = "1.19.0" # https://crates.io/crates/once_cell
 spin = "0.9" # https://crates.io/crates/spin
 com_logger = "0.1.1" # https://crates.io/crates/com_logger
-hypervisor = { path = "../hypervisor", default-features = false, features = ["hyperv"] } # Diable hooks by default but keep Hyper-V support.
-#hypervisor = { path = "../hypervisor", default-features = false, features = ["hyperv", "test-windows-uefi-hooks"] } # Enable Hyper-V support and hooks for testing.
+hypervisor = { path = "../hypervisor" }

uefi/src/processor.rs

@@ -19,34 +19,28 @@ use {
 ///
 /// A result indicating the success or failure of starting the hypervisor.
 pub fn start_hypervisor_on_all_processors(boot_services: &BootServices) -> uefi::Result<()> {
-    if cfg!(feature = "hyperv") {
-        warn!("Hyper-V feature is enabled");
-        start_hypervisor();
-        // Multi-processor initialization is not supported in Hyper-V mode yet (ACPI).
-    } else {
-        let handle = boot_services.get_handle_for_protocol::<MpServices>()?;
-        let mp_services = boot_services.open_protocol_exclusive::<MpServices>(handle)?;
-        let processor_count = mp_services.get_number_of_processors()?;
+    let handle = boot_services.get_handle_for_protocol::<MpServices>()?;
+    let mp_services = boot_services.open_protocol_exclusive::<MpServices>(handle)?;
+    let processor_count = mp_services.get_number_of_processors()?;
 
-        info!("Total processors: {}", processor_count.total);
-        info!("Enabled processors: {}", processor_count.enabled);
+    info!("Total processors: {}", processor_count.total);
+    info!("Enabled processors: {}", processor_count.enabled);
 
-        if processor_count.enabled == 1 {
-            info!("Found only one processor, virtualizing it");
-            start_hypervisor();
-        } else {
-            info!("Found multiple processors, virtualizing all of them");
-
-            // Don't forget to virtualize this thread...
-            start_hypervisor();
+    if processor_count.enabled == 1 {
+        info!("Found only one processor, virtualizing it");
+        start_hypervisor();
+    } else {
+        info!("Found multiple processors, virtualizing all of them");
 
-            // Virtualize all other threads...
-            mp_services.startup_all_aps(true, start_hypervisor_on_ap as _, core::ptr::null_mut(), None, None)?;
-        }
+        // Don't forget to virtualize this thread...
+        start_hypervisor();
 
-        info!("The hypervisor has been installed successfully!");
+        // Virtualize all other threads...
+        mp_services.startup_all_aps(true, start_hypervisor_on_ap as _, core::ptr::null_mut(), None, None)?;
     }
 
+    info!("The hypervisor has been installed successfully!");
+
     Ok(())
 }