From 106d453ee172c77161f74631fc1c47aa019712f4 Mon Sep 17 00:00:00 2001 From: Klaus Post Date: Sun, 12 Jun 2022 15:32:38 +0200 Subject: [PATCH] Add AMD SEV/SME feature detection MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reference: E.4.17 Function 8000_001Fh—Encrypted Memory Capabilities from AMD64 Architecture Programmer’s Manual, Volume 3: General-Purpose and System Instructions. --- cpuid.go | 34 ++++++++- featureid_string.go | 168 ++++++++++++++++++++++++-------------------- 2 files changed, 124 insertions(+), 78 deletions(-) diff --git a/cpuid.go b/cpuid.go index 832ba81..b54f079 100644 --- a/cpuid.go +++ b/cpuid.go @@ -126,6 +126,7 @@ const ( IBSOPSAM // Instruction Based Sampling Feature (AMD) IBSRDWROPCNT // Instruction Based Sampling Feature (AMD) IBSRIPINVALIDCHK // Instruction Based Sampling Feature (AMD) + IBS_PREVENTHOST // Disallowing IBS use by the host supported INT_WBINVD // WBINVD/WBNOINVD are interruptible. INVLPGB // NVLPGB and TLBSYNC instruction supported LAHF // LAHF/SAHF in long mode @@ -138,6 +139,7 @@ const ( MOVDIR64B // Move 64 Bytes as Direct Store MOVDIRI // Move Doubleword as Direct Store MPX // Intel MPX (Memory Protection Extensions) + MSR_PAGEFLUSH // Page Flush MSR available MSRIRC // Instruction Retired Counter MSR available NX // NX (No-Execute) bit OSXSAVE // XSAVE enabled by OS @@ -150,9 +152,18 @@ const ( RTM_ALWAYS_ABORT // Indicates that the loaded microcode is forcing RTM abort. SCE // SYSENTER and SYSEXIT instructions SERIALIZE // Serialize Instruction Execution + SEV // AMD Secure Encrypted Virtualization supported + SEV_64BIT // AMD SEV guest execution only allowed from a 64-bit host + SEV_ALTERNATIVE // AMD SEV Alternate Injection supported + SEV_DEBUGSWAP // Full debug state swap supported for SEV-ES guests + SEV_ES // AMD SEV Encrypted State supported + SEV_RESTRICTED // AMD SEV Restricted Injection supported + SEV_SNP // AMD SEV Secure Nested Paging supported SGX // Software Guard Extensions SGXLC // Software Guard Extensions Launch Control SHA // Intel SHA Extensions + SME // AMD Secure Memory Encryption supported + SME_COHERENT // AMD Hardware cache coherency across encryption domains enforced SSE // SSE functions SSE2 // P4 SSE functions SSE3 // Prescott SSE3 functions @@ -165,13 +176,16 @@ const ( TBM // AMD Trailing Bit Manipulation TSXLDTRK // Intel TSX Suspend Load Address Tracking VAES // Vector AES + VMPL // AMD VM Permission Levels supported + VMSA_REGPROT // AMD VMSA Register Protection supported VMX // Virtual Machine Extensions VPCLMULQDQ // Carry-Less Multiplication Quadword + VTE // AMD Virtual Transparent Encryption supported WAITPKG // TPAUSE, UMONITOR, UMWAIT WBNOINVD // Write Back and Do Not Invalidate Cache X87 // FPU - XOP // Bulldozer XOP functions XGETBV1 // Supports XGETBV with ECX = 1 + XOP // Bulldozer XOP functions XSAVE // XSAVE, XRESTOR, XSETBV, XGETBV XSAVEC // Supports XSAVEC and the compacted form of XRSTOR. XSAVEOPT // XSAVEOPT available @@ -1131,6 +1145,24 @@ func support() flagSet { fs.setIf((eax>>7)&1 == 1, IBSRIPINVALIDCHK) } + if maxExtendedFunction() >= 0x8000001f && vend == AMD { + a, _, _, _ := cpuid(0x8000001f) + fs.setIf((a>>0)&1 == 1, SME) + fs.setIf((a>>1)&1 == 1, SEV) + fs.setIf((a>>2)&1 == 1, MSR_PAGEFLUSH + fs.setIf((a>>3)&1 == 1, SEV_ES) + fs.setIf((a>>4)&1 == 1, SEV_SNP) + fs.setIf((a>>5)&1 == 1, VMPL) + fs.setIf((a>>10)&1 == 1, SME_COHERENT) + fs.setIf((a>>11)&1 == 1, SEV_64BIT) + fs.setIf((a>>12)&1 == 1, SEV_RESTRICTED) + fs.setIf((a>>13)&1 == 1, SEV_ALTERNATIVE) + fs.setIf((a>>14)&1 == 1, SEV_DEBUGSWAP) + fs.setIf((a>>15)&1 == 1, IBS_PREVENTHOST) + fs.setIf((a>>16)&1 == 1, VTE) + fs.setIf((a>>24)&1 == 1, VMSA_REGPROT) + } + return fs } diff --git a/featureid_string.go b/featureid_string.go index 776d631..f73a352 100644 --- a/featureid_string.go +++ b/featureid_string.go @@ -67,87 +67,101 @@ func _() { _ = x[IBSOPSAM-57] _ = x[IBSRDWROPCNT-58] _ = x[IBSRIPINVALIDCHK-59] - _ = x[INT_WBINVD-60] - _ = x[INVLPGB-61] - _ = x[LAHF-62] - _ = x[LZCNT-63] - _ = x[MCAOVERFLOW-64] - _ = x[MCOMMIT-65] - _ = x[MMX-66] - _ = x[MMXEXT-67] - _ = x[MOVBE-68] - _ = x[MOVDIR64B-69] - _ = x[MOVDIRI-70] - _ = x[MPX-71] - _ = x[MSRIRC-72] - _ = x[NX-73] - _ = x[OSXSAVE-74] - _ = x[POPCNT-75] - _ = x[RDPRU-76] - _ = x[RDRAND-77] - _ = x[RDSEED-78] - _ = x[RDTSCP-79] - _ = x[RTM-80] - _ = x[RTM_ALWAYS_ABORT-81] - _ = x[SCE-82] - _ = x[SERIALIZE-83] - _ = x[SGX-84] - _ = x[SGXLC-85] - _ = x[SHA-86] - _ = x[SSE-87] - _ = x[SSE2-88] - _ = x[SSE3-89] - _ = x[SSE4-90] - _ = x[SSE42-91] - _ = x[SSE4A-92] - _ = x[SSSE3-93] - _ = x[STIBP-94] - _ = x[SUCCOR-95] - _ = x[TBM-96] - _ = x[TSXLDTRK-97] - _ = x[VAES-98] - _ = x[VMX-99] - _ = x[VPCLMULQDQ-100] - _ = x[WAITPKG-101] - _ = x[WBNOINVD-102] - _ = x[X87-103] - _ = x[XOP-104] - _ = x[XGETBV1-105] - _ = x[XSAVE-106] - _ = x[XSAVEC-107] - _ = x[XSAVEOPT-108] - _ = x[XSAVES-109] - _ = x[AESARM-110] - _ = x[ARMCPUID-111] - _ = x[ASIMD-112] - _ = x[ASIMDDP-113] - _ = x[ASIMDHP-114] - _ = x[ASIMDRDM-115] - _ = x[ATOMICS-116] - _ = x[CRC32-117] - _ = x[DCPOP-118] - _ = x[EVTSTRM-119] - _ = x[FCMA-120] - _ = x[FP-121] - _ = x[FPHP-122] - _ = x[GPA-123] - _ = x[JSCVT-124] - _ = x[LRCPC-125] - _ = x[PMULL-126] - _ = x[SHA1-127] - _ = x[SHA2-128] - _ = x[SHA3-129] - _ = x[SHA512-130] - _ = x[SM3-131] - _ = x[SM4-132] - _ = x[SVE-133] - _ = x[lastID-134] + _ = x[IBS_PREVENTHOST-60] + _ = x[INT_WBINVD-61] + _ = x[INVLPGB-62] + _ = x[LAHF-63] + _ = x[LZCNT-64] + _ = x[MCAOVERFLOW-65] + _ = x[MCOMMIT-66] + _ = x[MMX-67] + _ = x[MMXEXT-68] + _ = x[MOVBE-69] + _ = x[MOVDIR64B-70] + _ = x[MOVDIRI-71] + _ = x[MPX-72] + _ = x[MSR_PAGEFLUSH-73] + _ = x[MSRIRC-74] + _ = x[NX-75] + _ = x[OSXSAVE-76] + _ = x[POPCNT-77] + _ = x[RDPRU-78] + _ = x[RDRAND-79] + _ = x[RDSEED-80] + _ = x[RDTSCP-81] + _ = x[RTM-82] + _ = x[RTM_ALWAYS_ABORT-83] + _ = x[SCE-84] + _ = x[SERIALIZE-85] + _ = x[SEV-86] + _ = x[SEV_64BIT-87] + _ = x[SEV_ALTERNATIVE-88] + _ = x[SEV_DEBUGSWAP-89] + _ = x[SEV_ES-90] + _ = x[SEV_RESTRICTED-91] + _ = x[SEV_SNP-92] + _ = x[SGX-93] + _ = x[SGXLC-94] + _ = x[SHA-95] + _ = x[SME-96] + _ = x[SME_COHERENT-97] + _ = x[SSE-98] + _ = x[SSE2-99] + _ = x[SSE3-100] + _ = x[SSE4-101] + _ = x[SSE42-102] + _ = x[SSE4A-103] + _ = x[SSSE3-104] + _ = x[STIBP-105] + _ = x[SUCCOR-106] + _ = x[TBM-107] + _ = x[TSXLDTRK-108] + _ = x[VAES-109] + _ = x[VMPL-110] + _ = x[VMSA_REGPROT-111] + _ = x[VMX-112] + _ = x[VPCLMULQDQ-113] + _ = x[VTE-114] + _ = x[WAITPKG-115] + _ = x[WBNOINVD-116] + _ = x[X87-117] + _ = x[XGETBV1-118] + _ = x[XOP-119] + _ = x[XSAVE-120] + _ = x[XSAVEC-121] + _ = x[XSAVEOPT-122] + _ = x[XSAVES-123] + _ = x[AESARM-124] + _ = x[ARMCPUID-125] + _ = x[ASIMD-126] + _ = x[ASIMDDP-127] + _ = x[ASIMDHP-128] + _ = x[ASIMDRDM-129] + _ = x[ATOMICS-130] + _ = x[CRC32-131] + _ = x[DCPOP-132] + _ = x[EVTSTRM-133] + _ = x[FCMA-134] + _ = x[FP-135] + _ = x[FPHP-136] + _ = x[GPA-137] + _ = x[JSCVT-138] + _ = x[LRCPC-139] + _ = x[PMULL-140] + _ = x[SHA1-141] + _ = x[SHA2-142] + _ = x[SHA3-143] + _ = x[SHA512-144] + _ = x[SM3-145] + _ = x[SM4-146] + _ = x[SVE-147] + _ = x[lastID-148] _ = x[firstID-0] } -const _FeatureID_name = "firstIDADXAESNIAMD3DNOWAMD3DNOWEXTAMXBF16AMXINT8AMXTILEAVXAVX2AVX512BF16AVX512BITALGAVX512BWAVX512CDAVX512DQAVX512ERAVX512FAVX512FP16AVX512IFMAAVX512PFAVX512VBMIAVX512VBMI2AVX512VLAVX512VNNIAVX512VP2INTERSECTAVX512VPOPCNTDQAVXSLOWBMI1BMI2CETIBTCETSSCLDEMOTECLMULCLZEROCMOVCMPXCHG8CPBOOSTCX16ENQCMDERMSF16CFMA3FMA4FXSRFXSROPTGFNIHLEHTTHWAHYPERVISORIBPBIBSIBSBRNTRGTIBSFETCHSAMIBSFFVIBSOPCNTIBSOPCNTEXTIBSOPSAMIBSRDWROPCNTIBSRIPINVALIDCHKINT_WBINVDINVLPGBLAHFLZCNTMCAOVERFLOWMCOMMITMMXMMXEXTMOVBEMOVDIR64BMOVDIRIMPXMSRIRCNXOSXSAVEPOPCNTRDPRURDRANDRDSEEDRDTSCPRTMRTM_ALWAYS_ABORTSCESERIALIZESGXSGXLCSHASSESSE2SSE3SSE4SSE42SSE4ASSSE3STIBPSUCCORTBMTSXLDTRKVAESVMXVPCLMULQDQWAITPKGWBNOINVDX87XOPXGETBV1XSAVEXSAVECXSAVEOPTXSAVESAESARMARMCPUIDASIMDASIMDDPASIMDHPASIMDRDMATOMICSCRC32DCPOPEVTSTRMFCMAFPFPHPGPAJSCVTLRCPCPMULLSHA1SHA2SHA3SHA512SM3SM4SVElastID" +const _FeatureID_name = "firstIDADXAESNIAMD3DNOWAMD3DNOWEXTAMXBF16AMXINT8AMXTILEAVXAVX2AVX512BF16AVX512BITALGAVX512BWAVX512CDAVX512DQAVX512ERAVX512FAVX512FP16AVX512IFMAAVX512PFAVX512VBMIAVX512VBMI2AVX512VLAVX512VNNIAVX512VP2INTERSECTAVX512VPOPCNTDQAVXSLOWBMI1BMI2CETIBTCETSSCLDEMOTECLMULCLZEROCMOVCMPXCHG8CPBOOSTCX16ENQCMDERMSF16CFMA3FMA4FXSRFXSROPTGFNIHLEHTTHWAHYPERVISORIBPBIBSIBSBRNTRGTIBSFETCHSAMIBSFFVIBSOPCNTIBSOPCNTEXTIBSOPSAMIBSRDWROPCNTIBSRIPINVALIDCHKIBS_PREVENTHOSTINT_WBINVDINVLPGBLAHFLZCNTMCAOVERFLOWMCOMMITMMXMMXEXTMOVBEMOVDIR64BMOVDIRIMPXMSR_PAGEFLUSHMSRIRCNXOSXSAVEPOPCNTRDPRURDRANDRDSEEDRDTSCPRTMRTM_ALWAYS_ABORTSCESERIALIZESEVSEV_64BITSEV_ALTERNATIVESEV_DEBUGSWAPSEV_ESSEV_RESTRICTEDSEV_SNPSGXSGXLCSHASMESME_COHERENTSSESSE2SSE3SSE4SSE42SSE4ASSSE3STIBPSUCCORTBMTSXLDTRKVAESVMPLVMSA_REGPROTVMXVPCLMULQDQVTEWAITPKGWBNOINVDX87XGETBV1XOPXSAVEXSAVECXSAVEOPTXSAVESAESARMARMCPUIDASIMDASIMDDPASIMDHPASIMDRDMATOMICSCRC32DCPOPEVTSTRMFCMAFPFPHPGPAJSCVTLRCPCPMULLSHA1SHA2SHA3SHA512SM3SM4SVElastID" -var _FeatureID_index = [...]uint16{0, 7, 10, 15, 23, 34, 41, 48, 55, 58, 62, 72, 84, 92, 100, 108, 116, 123, 133, 143, 151, 161, 172, 180, 190, 208, 223, 230, 234, 238, 244, 249, 257, 262, 268, 272, 280, 287, 291, 297, 301, 305, 309, 313, 317, 324, 328, 331, 334, 337, 347, 351, 354, 364, 375, 381, 389, 400, 408, 420, 436, 446, 453, 457, 462, 473, 480, 483, 489, 494, 503, 510, 513, 519, 521, 528, 534, 539, 545, 551, 557, 560, 576, 579, 588, 591, 596, 599, 602, 606, 610, 614, 619, 624, 629, 634, 640, 643, 651, 655, 658, 668, 675, 683, 686, 689, 696, 701, 707, 715, 721, 727, 735, 740, 747, 754, 762, 769, 774, 779, 786, 790, 792, 796, 799, 804, 809, 814, 818, 822, 826, 832, 835, 838, 841, 847} +var _FeatureID_index = [...]uint16{0, 7, 10, 15, 23, 34, 41, 48, 55, 58, 62, 72, 84, 92, 100, 108, 116, 123, 133, 143, 151, 161, 172, 180, 190, 208, 223, 230, 234, 238, 244, 249, 257, 262, 268, 272, 280, 287, 291, 297, 301, 305, 309, 313, 317, 324, 328, 331, 334, 337, 347, 351, 354, 364, 375, 381, 389, 400, 408, 420, 436, 451, 461, 468, 472, 477, 488, 495, 498, 504, 509, 518, 525, 528, 541, 547, 549, 556, 562, 567, 573, 579, 585, 588, 604, 607, 616, 619, 628, 643, 656, 662, 676, 683, 686, 691, 694, 697, 709, 712, 716, 720, 724, 729, 734, 739, 744, 750, 753, 761, 765, 769, 781, 784, 794, 797, 804, 812, 815, 822, 825, 830, 836, 844, 850, 856, 864, 869, 876, 883, 891, 898, 903, 908, 915, 919, 921, 925, 928, 933, 938, 943, 947, 951, 955, 961, 964, 967, 970, 976} func (i FeatureID) String() string { if i < 0 || i >= FeatureID(len(_FeatureID_index)-1) {