-
Notifications
You must be signed in to change notification settings - Fork 128
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Detect TDX Guest when it's virtualised using Hyper-V #138
Detect TDX Guest when it's virtualised using Hyper-V #138
Conversation
Here's the test that I've done on a TDX Guest using this PR:
|
Wow, it seems I need to adapt the tests, @klauspost, I'd appreciate a pointer here. |
Microsoft has decided to purposefully hide the information of the guest TEE when VMs are being created using Hyper-V. This leads us to check for the Hyper-V cpuid features (0x4000000C), and then for the `ebx` value set. For Intel TDX, `ebx` is set as `0xbe3`, being 3 the part we're mostly interested about,according to: https://github.com/torvalds/linux/blob/d2f51b3516dade79269ff45eae2a7668ae711b25/arch/x86/include/asm/hyperv-tlfs.h#L169-L174 NOTE: On the tests side, we had to manually override the cpuid in order to avoid the tests failing, and this was suggested by Klaus himself. Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
3224975
to
939f540
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Thanks @klauspost, do you think we can have a new release of the project soon enough? |
Thanks a lot, I've opened #139 as a way to say "thank you for all the work!" (unfortunately it gives your more work, but that's life). :-) |
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/klauspost/cpuid/v2](https://togithub.com/klauspost/cpuid) | indirect | patch | `v2.2.5` -> `v2.2.6` | --- ### ⚠ Dependency Lookup Warnings ⚠ Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>klauspost/cpuid (github.com/klauspost/cpuid/v2)</summary> ### [`v2.2.6`](https://togithub.com/klauspost/cpuid/releases/tag/v2.2.6) [Compare Source](https://togithub.com/klauspost/cpuid/compare/v2.2.5...v2.2.6) #### What's Changed - Add Intel apx, avx10, keylocker by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/cpuid/pull/134](https://togithub.com/klauspost/cpuid/pull/134) - Update README.md by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/cpuid/pull/136](https://togithub.com/klauspost/cpuid/pull/136) - Detect TDX Guest when it's virtualised using Hyper-V by [@​fidencio](https://togithub.com/fidencio) in [https://github.com/klauspost/cpuid/pull/138](https://togithub.com/klauspost/cpuid/pull/138) **Full Changelog**: klauspost/cpuid@v2.2.5...v2.2.6 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4xMDkuNCIsInVwZGF0ZWRJblZlciI6IjM2LjEwOS40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/klauspost/cpuid/v2](https://togithub.com/klauspost/cpuid) | indirect | patch | `v2.2.5` -> `v2.2.6` | --- ### ⚠ Dependency Lookup Warnings ⚠ Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>klauspost/cpuid (github.com/klauspost/cpuid/v2)</summary> ### [`v2.2.6`](https://togithub.com/klauspost/cpuid/releases/tag/v2.2.6) [Compare Source](https://togithub.com/klauspost/cpuid/compare/v2.2.5...v2.2.6) #### What's Changed - Add Intel apx, avx10, keylocker by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/cpuid/pull/134](https://togithub.com/klauspost/cpuid/pull/134) - Update README.md by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/cpuid/pull/136](https://togithub.com/klauspost/cpuid/pull/136) - Detect TDX Guest when it's virtualised using Hyper-V by [@​fidencio](https://togithub.com/fidencio) in [https://github.com/klauspost/cpuid/pull/138](https://togithub.com/klauspost/cpuid/pull/138) **Full Changelog**: klauspost/cpuid@v2.2.5...v2.2.6 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4xMDkuNCIsInVwZGF0ZWRJblZlciI6IjM2LjEwOS40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/klauspost/cpuid/v2](https://togithub.com/klauspost/cpuid) | indirect | patch | `v2.2.5` -> `v2.2.6` | --- ### Release Notes <details> <summary>klauspost/cpuid (github.com/klauspost/cpuid/v2)</summary> ### [`v2.2.6`](https://togithub.com/klauspost/cpuid/releases/tag/v2.2.6) [Compare Source](https://togithub.com/klauspost/cpuid/compare/v2.2.5...v2.2.6) #### What's Changed - Add Intel apx, avx10, keylocker by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/cpuid/pull/134](https://togithub.com/klauspost/cpuid/pull/134) - Update README.md by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/cpuid/pull/136](https://togithub.com/klauspost/cpuid/pull/136) - Detect TDX Guest when it's virtualised using Hyper-V by [@​fidencio](https://togithub.com/fidencio) in [https://github.com/klauspost/cpuid/pull/138](https://togithub.com/klauspost/cpuid/pull/138) **Full Changelog**: klauspost/cpuid@v2.2.5...v2.2.6 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMTUuMCIsInVwZGF0ZWRJblZlciI6IjM3LjExNS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
Microsoft has decided to purposefully hide the information of the guest TEE when VMs are being created using Hyper-V.
This leads us to check for the Hyper-V cpuid features (0x4000000C), and then for the
ebx
value set.For Intel TDX,
ebx
is set as0xbe3
, being 3 the part we're mostly interested about,according to:https://github.com/torvalds/linux/blob/d2f51b3516dade79269ff45eae2a7668ae711b25/arch/x86/include/asm/hyperv-tlfs.h#L169-L174