In practice, it’s essentially infeasible to make a non-detectable virtualization stack. Timing is really really hard to match (as is everything else). You can edit the binary that’s doing the detection, but this is time consuming. Every new feature they push costs you time and will poison your hardware id.
You can go further by, say, requiring fTPMs that are on the SoC (super common these days for most recent consumer CPUs). If you can’t boot into linux without the PCRs reflecting your virtualization stack being in the boot chain, you’re cheat is quite detectable.
You can go further by, say, requiring fTPMs that are on the SoC (super common these days for most recent consumer CPUs). If you can’t boot into linux without the PCRs reflecting your virtualization stack being in the boot chain, you’re cheat is quite detectable.