Detect TDX Guest when it's virtualised using Hyper-V (#138)
Microsoft has decided to purposefully hide the information of the guest
TEE when VMs are being created using Hyper-V.
This leads us to check for the Hyper-V cpuid features (0x4000000C), and
then for the `ebx` value set.
For Intel TDX, `ebx` is set as `0xbe3`, being 3 the part we're mostly
interested about,according to:
https://github.com/torvalds/linux/blob/d2f51b3516dade79269ff45eae2a7668ae711b25/arch/x86/include/asm/hyperv-tlfs.h#L169-L174
NOTE: On the tests side, we had to manually override the cpuid in order
to avoid the tests failing, and this was suggested by Klaus himself.
Signed-off-by: Fabiano FidĂȘncio <fabiano.fidencio@intel.com>
diff --git a/cpuid.go b/cpuid.go
index b5fdc6e..15b7603 100644
--- a/cpuid.go
+++ b/cpuid.go
@@ -1418,6 +1418,20 @@
fs.setIf((a>>24)&1 == 1, VMSA_REGPROT)
}
+ if mfi >= 0x20 {
+ // Microsoft has decided to purposefully hide the information
+ // of the guest TEE when VMs are being created using Hyper-V.
+ //
+ // This leads us to check for the Hyper-V cpuid features
+ // (0x4000000C), and then for the `ebx` value set.
+ //
+ // For Intel TDX, `ebx` is set as `0xbe3`, being 3 the part
+ // we're mostly interested about,according to:
+ // https://github.com/torvalds/linux/blob/d2f51b3516dade79269ff45eae2a7668ae711b25/arch/x86/include/asm/hyperv-tlfs.h#L169-L174
+ _, ebx, _, _ := cpuid(0x4000000C)
+ fs.setIf(ebx == 0xbe3, TDX_GUEST)
+ }
+
if mfi >= 0x21 {
// Intel Trusted Domain Extensions Guests have their own cpuid leaf (0x21).
_, ebx, ecx, edx := cpuid(0x21)
diff --git a/mockcpu_test.go b/mockcpu_test.go
index 03ee1d1..b584888 100644
--- a/mockcpu_test.go
+++ b/mockcpu_test.go
@@ -98,7 +98,7 @@
}(idfuncs{cpuid: cpuid, cpuidex: cpuidex, xgetbv: xgetbv})
cpuid = func(op uint32) (eax, ebx, ecx, edx uint32) {
- if op == 0x80000000 || op == 0 {
+ if op == 0x80000000 || op == 0 || op == 0x4000000c {
var ok bool
_, ok = fakeID[op]
if !ok {
