Dear QEMU developers,
I hope this message finds you well.
My goal is to run a Windows virtual machine in such a way that software
like Safe Exam Browser (SEB) cannot detect that it’s running inside a
virtual machine.
Currently, I’m using QEMU with virt-manager on Arch Linux to run a Windows
10 guest. I want to hide **all** virtualization traces — including BIOS
strings and firmware signatures.
The only remaining field that still exposes the VM is the BIOS version
string. When running the following command inside the Windows guest:
wmic bios get BIOSVersion
I get the output:
BIOSVersion
{"BOCHS - 1", "unknown", "EDK II" - 10000"}
The presence of “BOCHS” and “EDK II” are strong indicators of
virtualization and are easily detected.
Here is what I’ve already done:
1. Modified the libvirt XML configuration.
2. Built my own `OVMF_CODE.fd` and `OVMF_VARS.fd` using the
[tianocore/edk2](https://github.com/tianocore/edk2) repository. I removed
all references to BOCHS and EDK inside the firmware.
3. Installed a clean Windows 11 system via ISO in this customized
environment.
I switched to QEMU because VMware and VirtualBox don’t offer deep enough
control over SMBIOS or firmware — e.g., `SMBIOS.reflectHost = "TRUE"`
doesn’t help.
This is my first time working this deeply with VMs, and despite days of
effort, I still haven’t succeeded. I’m reaching out to the experts here in
hopes that you might point me in the right direction or offer a better
method for achieving full VM concealment.
For your convenience, I’ve uploaded all the relevant files and details
[here](https://t.me/qemuvmwin10) for further inspection.
Thank you so much for your time and for maintaining such a powerful project.
Best regards,
Mukhammadiev Samandar
