Hi I was wondering if libvirt/KVM screens out a CPU's or Protected Processor Identification Number? - "PPIN" is a universal hardware serial number etched into the chip in the fab. [1] I am currently allowing full host cpu passthrough to allow guests to use spectre/meltdown mitigations. However as we are a privacy project, we are looking to prevent obvious identity linkers like serial numbers from being read by untrusted environments. Apparentlt Intel has had it for years and its accessible with the mcelog daemon. [1] https://www.phoronix.com/scan.php?page=news_item&px=AMD-PPIN-Processor-ID-Linux