From 8a394346598e2be3fc769ed29f38547784a212f1 Mon Sep 17 00:00:00 2001
From: Mikko Ylinen <mikko.ylinen@intel.com>
Date: Fri, 12 Nov 2021 13:25:19 +0200
Subject: [PATCH] source/cpu: detect Intel SGX

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
---
 docs/get-started/features.md |  1 +
 source/cpu/cpu.go            |  9 +++++++
 source/cpu/sgx_amd64.go      | 46 ++++++++++++++++++++++++++++++++++++
 source/cpu/sgx_stub.go       | 24 +++++++++++++++++++
 4 files changed, 80 insertions(+)
 create mode 100644 source/cpu/sgx_amd64.go
 create mode 100644 source/cpu/sgx_stub.go

diff --git a/docs/get-started/features.md b/docs/get-started/features.md
index b74c759949..f1a3999e47 100644
--- a/docs/get-started/features.md
+++ b/docs/get-started/features.md
@@ -78,6 +78,7 @@ The **cpu** feature source supports the following labels:
 |                         | RDTL3CA            | Intel L3 Cache Allocation Technology
 |                         | RDTL2CA            | Intel L2 Cache Allocation Technology
 |                         | RDTMBA             | Intel Memory Bandwidth Allocation (MBA) Technology
+| sgx                     | enabled            | Set to 'true' if Intel SGX is enabled in BIOS (based a non-zero sum value of SGX EPC section sizes).
 
 The (sub-)set of CPUID attributes to publish is configurable via the
 `attributeBlacklist` and `attributeWhitelist` cpuid options of the cpu source.
diff --git a/source/cpu/cpu.go b/source/cpu/cpu.go
index ebd2322e8c..6a7ec2b021 100644
--- a/source/cpu/cpu.go
+++ b/source/cpu/cpu.go
@@ -34,6 +34,7 @@ const (
 	CstateFeature   = "cstate"
 	PstateFeature   = "pstate"
 	RdtFeature      = "rdt"
+	SgxFeature      = "sgx"
 	SstFeature      = "sst"
 	TopologyFeature = "topology"
 )
@@ -153,6 +154,11 @@ func (s *cpuSource) GetLabels() (source.FeatureLabels, error) {
 		labels["rdt."+k] = true
 	}
 
+	// SGX
+	for k, v := range features.Values[SgxFeature].Elements {
+		labels["sgx."+k] = v
+	}
+
 	// SST
 	for k, v := range features.Values[SstFeature].Elements {
 		labels["power.sst_"+k] = v
@@ -191,6 +197,9 @@ func (s *cpuSource) Discover() error {
 	// Detect RDT features
 	s.features.Keys[RdtFeature] = feature.NewKeyFeatures(discoverRDT()...)
 
+	// Detect SGX features
+	s.features.Values[SgxFeature] = feature.NewValueFeatures(discoverSGX())
+
 	// Detect SST features
 	s.features.Values[SstFeature] = feature.NewValueFeatures(discoverSST())
 
diff --git a/source/cpu/sgx_amd64.go b/source/cpu/sgx_amd64.go
new file mode 100644
index 0000000000..a94d5bdb53
--- /dev/null
+++ b/source/cpu/sgx_amd64.go
@@ -0,0 +1,46 @@
+//go:build amd64
+// +build amd64
+
+/*
+Copyright 2021 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package cpu
+
+import (
+	"github.com/klauspost/cpuid/v2"
+)
+
+func discoverSGX() map[string]string {
+	var epcSize uint64
+	sgx := make(map[string]string)
+
+	if cpuid.CPU.SGX.Available {
+		for _, s := range cpuid.CPU.SGX.EPCSections {
+			epcSize += s.EPCSize
+		}
+	}
+
+	// Set to 'true' based a non-zero sum value of SGX EPC section sizes. The
+	// kernel checks for IA32_FEATURE_CONTROL.SGX_ENABLE MSR bit but we can't
+	// do that as a normal user. Typically the BIOS, when enabling SGX,
+	// allocates "Processor Reserved Memory" for SGX EPC so we rely on > 0
+	// size here to set "SGX = enabled".
+	if epcSize > 0 {
+		sgx["enabled"] = "true"
+	}
+
+	return sgx
+}
diff --git a/source/cpu/sgx_stub.go b/source/cpu/sgx_stub.go
new file mode 100644
index 0000000000..99e4c046bf
--- /dev/null
+++ b/source/cpu/sgx_stub.go
@@ -0,0 +1,24 @@
+//go:build !amd64
+// +build !amd64
+
+/*
+Copyright 2021 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package cpu
+
+func discoverSGX() map[string]string {
+	return nil
+}