Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add TDX Guest detection #132

Merged
merged 1 commit into from
Jun 2, 2023
Merged

Add TDX Guest detection #132

merged 1 commit into from
Jun 2, 2023

Commits on Jun 2, 2023

  1. Add TDX Guest detection 

    We need to be able to detect that a guest is running using Intel TDX
(Trusted Domain Extensions).

As the TDX Guests have their own cpuid leaf (0x21, 0), we can easily
detected them by checking its cpuid.

THe information provided here can be confirmed in the Intel TDX Module
v1.5 Base Architecture Specificication[0], section 11.2 "Guest TD Run
Time Environment Enumeration".

What we're exposing, in the end, is a new feature called "TDX_GUEST",
and this is the result of running cpuid with this patch applied on a TDX
guest VM, and on a "vanilla" guest VM.

TDX Guest VM:
```
Name:
Vendor String: GenuineIntel
Vendor ID: Intel
PhysicalCores: 0
Threads Per Core: 1
Logical Cores: 0
CPU Family 6 Model: 143 Stepping: 4
Features: ADX,AESNI,AMXBF16,AMXINT8,AMXTILE,AVX,AVX2,AVX512BF16,AVX512BITALG,AVXX
512BW,AVX512CD,AVX512DQ,AVX512F,AVX512FP16,AVX512IFMA,AVX512VBMI,AVX512VBMI2,AVXX
512VL,AVX512VNNI,AVX512VPOPCNTDQ,AVXVNNI,AVXVNNIINT8,BMI1,BMI2,CLDEMOTE,CLMUL,CMM
OV,CMPSB_SCADBS_SHORT,CMPXCHG8,CX16,ERMS,F16C,FLUSH_L1D,FMA3,FSRM,FXSR,FXSROPT,GG
FNI,HLE,HYPERVISOR,IA32_ARCH_CAP,IA32_CORE_CAP,IBPB,LAHF,LZCNT,MD_CLEAR,MMX,MOVBB
E,MOVDIR64B,MOVDIRI,MOVSB_ZL,NX,OSXSAVE,POPCNT,PREFETCHI,RDRAND,RDSEED,RDTSCP,RTT
M,SERIALIZE,SHA,SPEC_CTRL_SSBD,SSE,SSE2,SSE3,SSE4,SSE42,SSSE3,STIBP,STOSB_SHORT,,
SYSCALL,SYSEE,TDX_GUEST,TSXLDTRK,VAES,VPCLMULQDQ,WAITPKG,WBNOINVD,X87,XGETBV1,XSS
AVE,XSAVEC,XSAVEOPT,XSAVES
Microarchitecture level: 4
Cacheline bytes: 64
L1 Instruction Cache: 32768 bytes
L1 Data Cache: 32768 bytes
L2 Cache: 4194304 bytes
L3 Cache: 16777216 bytes
Frequency: 1000000000 Hz
```

Vanilla Guest VM:
```
Name: Genuine Intel(R) CPU 0000%@
Vendor String: GenuineIntel
Vendor ID: Intel
PhysicalCores: 1
Threads Per Core: 1
Logical Cores: 1
CPU Family 6 Model: 143 Stepping: 4
Features: ADX,AESNI,AMXBF16,AMXINT8,AMXTILE,AVX,AVX2,AVX512BF16,AVX512BITALG,AVXX
512BW,AVX512CD,AVX512DQ,AVX512F,AVX512FP16,AVX512IFMA,AVX512VBMI,AVX512VBMI2,AVXX
512VL,AVX512VNNI,AVX512VPOPCNTDQ,AVXVNNI,AVXVNNIINT8,BMI1,BMI2,CLDEMOTE,CLMUL,CMM
OV,CMPXCHG8,CX16,ERMS,F16C,FMA3,FSRM,FXSR,FXSROPT,GFNI,HLE,HYPERVISOR,IA32_ARCH__
CAP,IBPB,IBRS,LAHF,LZCNT,MD_CLEAR,MMX,MOVBE,MOVDIR64B,MOVDIRI,NX,OSXSAVE,POPCNT,,
PREFETCHI,RDRAND,RDSEED,RDTSCP,RTM,SERIALIZE,SGX,SGXLC,SHA,SPEC_CTRL_SSBD,SSE,SSS
E2,SSE3,SSE4,SSE42,SSSE3,STIBP,SYSCALL,SYSEE,TSXLDTRK,VAES,VMX,VPCLMULQDQ,WAITPKK
G,WBNOINVD,X87,XGETBV1,XSAVE,XSAVEC,XSAVEOPT,XSAVES
Microarchitecture level: 4
Cacheline bytes: 64
L1 Instruction Cache: 32768 bytes
L1 Data Cache: 32768 bytes
L2 Cache: 4194304 bytes
L3 Cache: 16777216 bytes
SGX: {Available:true LaunchControl:true SGX1Supported:true SGX2Supported:true Maa
xEnclaveSizeNot64:2147483648 MaxEnclaveSize64:72057594037927936 EPCSections:[]}
```

[0]: https://cdrdv2.intel.com/v1/dl/getContent/733575

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
    @fidencio
    fidencio committed Jun 2, 2023
    Configuration menu
    Copy the full SHA
    dac402d View commit details
    Browse the repository at this point in the history