Dear QEMU developers,

I hope this message finds you well.

My goal is to run a Windows virtual machine in such a way that software
like Safe Exam Browser (SEB) cannot detect that it’s running inside a
virtual machine.

Currently, I’m using QEMU with virt-manager on Arch Linux to run a Windows
10 guest. I want to hide **all** virtualization traces — including BIOS
strings and firmware signatures.

The only remaining field that still exposes the VM is the BIOS version
string. When running the following command inside the Windows guest:

    wmic bios get BIOSVersion

I get the output:

    BIOSVersion
    {"BOCHS  - 1", "unknown", "EDK II" - 10000"}

The presence of “BOCHS” and “EDK II” are strong indicators of
virtualization and are easily detected.

Here is what I’ve already done:

1. Modified the libvirt XML configuration.
2. Built my own `OVMF_CODE.fd` and `OVMF_VARS.fd` using the
[tianocore/edk2](https://github.com/tianocore/edk2) repository. I removed
all references to BOCHS and EDK inside the firmware.
3. Installed a clean Windows 11 system via ISO in this customized
environment.

I switched to QEMU because VMware and VirtualBox don’t offer deep enough
control over SMBIOS or firmware — e.g., `SMBIOS.reflectHost = "TRUE"`
doesn’t help.

This is my first time working this deeply with VMs, and despite days of
effort, I still haven’t succeeded. I’m reaching out to the experts here in
hopes that you might point me in the right direction or offer a better
method for achieving full VM concealment.

For your convenience, I’ve uploaded all the relevant files and details
[here](https://t.me/qemuvmwin10) for further inspection.

Thank you so much for your time and for maintaining such a powerful project.

Best regards,
Mukhammadiev Samandar

Reply via email to