Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
We need to be able to detect that a guest is running using Intel TDX (Trusted Domain Extensions). As the TDX Guests have their own cpuid leaf (0x21, 0), we can easily detected them by checking its cpuid. THe information provided here can be confirmed in the Intel TDX Module v1.5 Base Architecture Specificication[0], section 11.2 "Guest TD Run Time Environment Enumeration". What we're exposing, in the end, is a new feature called "TDX_GUEST", and this is the result of running cpuid with this patch applied on a TDX guest VM, and on a "vanilla" guest VM. TDX Guest VM: ``` Name: Vendor String: GenuineIntel Vendor ID: Intel PhysicalCores: 0 Threads Per Core: 1 Logical Cores: 0 CPU Family 6 Model: 143 Stepping: 4 Features: ADX,AESNI,AMXBF16,AMXINT8,AMXTILE,AVX,AVX2,AVX512BF16,AVX512BITALG,AVXX 512BW,AVX512CD,AVX512DQ,AVX512F,AVX512FP16,AVX512IFMA,AVX512VBMI,AVX512VBMI2,AVXX 512VL,AVX512VNNI,AVX512VPOPCNTDQ,AVXVNNI,AVXVNNIINT8,BMI1,BMI2,CLDEMOTE,CLMUL,CMM OV,CMPSB_SCADBS_SHORT,CMPXCHG8,CX16,ERMS,F16C,FLUSH_L1D,FMA3,FSRM,FXSR,FXSROPT,GG FNI,HLE,HYPERVISOR,IA32_ARCH_CAP,IA32_CORE_CAP,IBPB,LAHF,LZCNT,MD_CLEAR,MMX,MOVBB E,MOVDIR64B,MOVDIRI,MOVSB_ZL,NX,OSXSAVE,POPCNT,PREFETCHI,RDRAND,RDSEED,RDTSCP,RTT M,SERIALIZE,SHA,SPEC_CTRL_SSBD,SSE,SSE2,SSE3,SSE4,SSE42,SSSE3,STIBP,STOSB_SHORT,, SYSCALL,SYSEE,TDX_GUEST,TSXLDTRK,VAES,VPCLMULQDQ,WAITPKG,WBNOINVD,X87,XGETBV1,XSS AVE,XSAVEC,XSAVEOPT,XSAVES Microarchitecture level: 4 Cacheline bytes: 64 L1 Instruction Cache: 32768 bytes L1 Data Cache: 32768 bytes L2 Cache: 4194304 bytes L3 Cache: 16777216 bytes Frequency: 1000000000 Hz ``` Vanilla Guest VM: ``` Name: Genuine Intel(R) CPU 0000%@ Vendor String: GenuineIntel Vendor ID: Intel PhysicalCores: 1 Threads Per Core: 1 Logical Cores: 1 CPU Family 6 Model: 143 Stepping: 4 Features: ADX,AESNI,AMXBF16,AMXINT8,AMXTILE,AVX,AVX2,AVX512BF16,AVX512BITALG,AVXX 512BW,AVX512CD,AVX512DQ,AVX512F,AVX512FP16,AVX512IFMA,AVX512VBMI,AVX512VBMI2,AVXX 512VL,AVX512VNNI,AVX512VPOPCNTDQ,AVXVNNI,AVXVNNIINT8,BMI1,BMI2,CLDEMOTE,CLMUL,CMM OV,CMPXCHG8,CX16,ERMS,F16C,FMA3,FSRM,FXSR,FXSROPT,GFNI,HLE,HYPERVISOR,IA32_ARCH__ CAP,IBPB,IBRS,LAHF,LZCNT,MD_CLEAR,MMX,MOVBE,MOVDIR64B,MOVDIRI,NX,OSXSAVE,POPCNT,, PREFETCHI,RDRAND,RDSEED,RDTSCP,RTM,SERIALIZE,SGX,SGXLC,SHA,SPEC_CTRL_SSBD,SSE,SSS E2,SSE3,SSE4,SSE42,SSSE3,STIBP,SYSCALL,SYSEE,TSXLDTRK,VAES,VMX,VPCLMULQDQ,WAITPKK G,WBNOINVD,X87,XGETBV1,XSAVE,XSAVEC,XSAVEOPT,XSAVES Microarchitecture level: 4 Cacheline bytes: 64 L1 Instruction Cache: 32768 bytes L1 Data Cache: 32768 bytes L2 Cache: 4194304 bytes L3 Cache: 16777216 bytes SGX: {Available:true LaunchControl:true SGX1Supported:true SGX2Supported:true Maa xEnclaveSizeNot64:2147483648 MaxEnclaveSize64:72057594037927936 EPCSections:[]} ``` [0]: https://cdrdv2.intel.com/v1/dl/getContent/733575 Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
- Loading branch information