search

klauspost / cpuid

CPU feature identification for Go
MIT License
1.01k stars 125 forks source link

Add TDX Guest detection #132

Closed fidencio closed 1 year ago

fidencio commented 1 year ago

We need to be able to detect that a guest is running using Intel TDX (Trusted Domain Extensions).

As the TDX Guests have their own cpuid leaf (0x21, 0), we can easily detected them by checking its cpuid.

THe information provided here can be confirmed in the Intel TDX Module v1.5 Base Architecture Specificication0, section 11.2 "Guest TD Run Time Environment Enumeration".

What we're exposing, in the end, is a new feature called "TDX_GUEST", and this is the result of running cpuid with this patch applied on a TDX guest VM, and on a "vanilla" guest VM.

TDX Guest VM:

Name:
Vendor String: GenuineIntel
Vendor ID: Intel
PhysicalCores: 0
Threads Per Core: 1
Logical Cores: 0
CPU Family 6 Model: 143 Stepping: 4
Features: ADX,AESNI,AMXBF16,AMXINT8,AMXTILE,AVX,AVX2,AVX512BF16,AVX512BITALG,AVXX
512BW,AVX512CD,AVX512DQ,AVX512F,AVX512FP16,AVX512IFMA,AVX512VBMI,AVX512VBMI2,AVXX
512VL,AVX512VNNI,AVX512VPOPCNTDQ,AVXVNNI,AVXVNNIINT8,BMI1,BMI2,CLDEMOTE,CLMUL,CMM
OV,CMPSB_SCADBS_SHORT,CMPXCHG8,CX16,ERMS,F16C,FLUSH_L1D,FMA3,FSRM,FXSR,FXSROPT,GG
FNI,HLE,HYPERVISOR,IA32_ARCH_CAP,IA32_CORE_CAP,IBPB,LAHF,LZCNT,MD_CLEAR,MMX,MOVBB
E,MOVDIR64B,MOVDIRI,MOVSB_ZL,NX,OSXSAVE,POPCNT,PREFETCHI,RDRAND,RDSEED,RDTSCP,RTT
M,SERIALIZE,SHA,SPEC_CTRL_SSBD,SSE,SSE2,SSE3,SSE4,SSE42,SSSE3,STIBP,STOSB_SHORT,,
SYSCALL,SYSEE,TDX_GUEST,TSXLDTRK,VAES,VPCLMULQDQ,WAITPKG,WBNOINVD,X87,XGETBV1,XSS
AVE,XSAVEC,XSAVEOPT,XSAVES
Microarchitecture level: 4
Cacheline bytes: 64
L1 Instruction Cache: 32768 bytes
L1 Data Cache: 32768 bytes
L2 Cache: 4194304 bytes
L3 Cache: 16777216 bytes
Frequency: 1000000000 Hz

Vanilla Guest VM:

Name: Genuine Intel(R) CPU 0000%@
Vendor String: GenuineIntel
Vendor ID: Intel
PhysicalCores: 1
Threads Per Core: 1
Logical Cores: 1
CPU Family 6 Model: 143 Stepping: 4
Features: ADX,AESNI,AMXBF16,AMXINT8,AMXTILE,AVX,AVX2,AVX512BF16,AVX512BITALG,AVXX
512BW,AVX512CD,AVX512DQ,AVX512F,AVX512FP16,AVX512IFMA,AVX512VBMI,AVX512VBMI2,AVXX
512VL,AVX512VNNI,AVX512VPOPCNTDQ,AVXVNNI,AVXVNNIINT8,BMI1,BMI2,CLDEMOTE,CLMUL,CMM
OV,CMPXCHG8,CX16,ERMS,F16C,FMA3,FSRM,FXSR,FXSROPT,GFNI,HLE,HYPERVISOR,IA32_ARCH__
CAP,IBPB,IBRS,LAHF,LZCNT,MD_CLEAR,MMX,MOVBE,MOVDIR64B,MOVDIRI,NX,OSXSAVE,POPCNT,,
PREFETCHI,RDRAND,RDSEED,RDTSCP,RTM,SERIALIZE,SGX,SGXLC,SHA,SPEC_CTRL_SSBD,SSE,SSS
E2,SSE3,SSE4,SSE42,SSSE3,STIBP,SYSCALL,SYSEE,TSXLDTRK,VAES,VMX,VPCLMULQDQ,WAITPKK
G,WBNOINVD,X87,XGETBV1,XSAVE,XSAVEC,XSAVEOPT,XSAVES
Microarchitecture level: 4
Cacheline bytes: 64
L1 Instruction Cache: 32768 bytes
L1 Data Cache: 32768 bytes
L2 Cache: 4194304 bytes
L3 Cache: 16777216 bytes
SGX: {Available:true LaunchControl:true SGX1Supported:true SGX2Supported:true Maa
xEnclaveSizeNot64:2147483648 MaxEnclaveSize64:72057594037927936 EPCSections:[]}
fidencio commented 1 year ago

Updated as I forgot to add the newly added feature to README.md.

fidencio commented 1 year ago

@klauspost, I'm not exactly sure why the tests are failing and what kind of action is needed from my side. It seems I'd have to submit the cpuid data that I provided as part of my PR, but I'm not sure where I should submit it to. :-)

Any help is super appreciated.

klauspost commented 1 year ago

Do you have any link for references? I googled a bit but couldn't find anything in intel-tdx-cpu-architectural-specification.pdf on this leaf.

I prefer to not have vendor specifics in there, and checking for the function should be correct anyway:

    if mfi >= 0x21 {

I am looking for a feature bit, instead of a string to compare. If you want to positively know it is Intel TDX, we can add TDX_GUEST_INTEL as an additional flag.

fidencio commented 1 year ago

Do you have any link for references?

I'm sorry, it seems that GitHub "ate" the link I provided as part of the commit message in the PR description. https://cdrdv2.intel.com/v1/dl/getContent/733575 -- if you go the Section 11.2 "Guest TD Run Time Environment Enumeration", you'll see the following table: Screenshot from 2023-06-02 16-10-59

You can also check this kernel link for reference: https://elixir.bootlin.com/linux/latest/source/arch/x86/include/asm/shared/tdx.h#L12

I'll update the PR following your suggestions.

fidencio commented 1 year ago

@klauspost, regarding the tests failures, is there something I'm clearly missing that I should do to make them happy?

klauspost commented 1 year ago

@fidencio It will blow up if the maxfunction number is exceeded. The "mfi" should be checked. Does the VM update that appropriately, so we can see leaf 21 is available?

klauspost commented 1 year ago

If you add the check, I'll accept it without more changes.

fidencio commented 1 year ago

@fidencio It will blow up if the maxfunction number is exceeded. The "mfi" should be checked. Does the VM update that appropriately, so we can see leaf 21 is available?

It does, I just retested the cases here.

If you add the check, I'll accept it without more changes.

Cool, so can I leave this with the string compare? To be honest, I didn't fully understand the changes needed for adding a new flag, but I'd be up to doing that if you prefer.

fidencio commented 1 year ago

Updated removing the vendor specific test and using mfi >= 0x21 instead, also ran the tests succesfully (on a local machine).