From 939f5400f0d8a53d5e01e9b58962e9416fae17e6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fabiano.fidencio@intel.com>
Date: Mon, 6 Nov 2023 15:25:10 +0100
Subject: [PATCH] Detect TDX Guest when it's virtualised using Hyper-V
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Microsoft has decided to purposefully hide the information of the guest
TEE when VMs are being created using Hyper-V.

This leads us to check for the Hyper-V cpuid features (0x4000000C), and
then for the `ebx` value set.

For Intel TDX, `ebx` is set as `0xbe3`, being 3 the part we're mostly
interested about,according to:
https://github.com/torvalds/linux/blob/d2f51b3516dade79269ff45eae2a7668ae711b25/arch/x86/include/asm/hyperv-tlfs.h#L169-L174

NOTE: On the tests side, we had to manually override the cpuid in order
to avoid the tests failing, and this was suggested by Klaus himself.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
---
 cpuid.go        | 14 ++++++++++++++
 mockcpu_test.go |  2 +-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/cpuid.go b/cpuid.go
index b5fdc6e..15b7603 100644
--- a/cpuid.go
+++ b/cpuid.go
@@ -1418,6 +1418,20 @@ func support() flagSet {
 		fs.setIf((a>>24)&1 == 1, VMSA_REGPROT)
 	}
 
+	if mfi >= 0x20 {
+		// Microsoft has decided to purposefully hide the information
+		// of the guest TEE when VMs are being created using Hyper-V.
+		//
+		// This leads us to check for the Hyper-V cpuid features
+		// (0x4000000C), and then for the `ebx` value set.
+		//
+		// For Intel TDX, `ebx` is set as `0xbe3`, being 3 the part
+		// we're mostly interested about,according to:
+		// https://github.com/torvalds/linux/blob/d2f51b3516dade79269ff45eae2a7668ae711b25/arch/x86/include/asm/hyperv-tlfs.h#L169-L174
+		_, ebx, _, _ := cpuid(0x4000000C)
+		fs.setIf(ebx == 0xbe3, TDX_GUEST)
+	}
+
 	if mfi >= 0x21 {
 		// Intel Trusted Domain Extensions Guests have their own cpuid leaf (0x21).
 		_, ebx, ecx, edx := cpuid(0x21)
diff --git a/mockcpu_test.go b/mockcpu_test.go
index 03ee1d1..b584888 100644
--- a/mockcpu_test.go
+++ b/mockcpu_test.go
@@ -98,7 +98,7 @@ func mockCPU(def []byte) func() {
 	}(idfuncs{cpuid: cpuid, cpuidex: cpuidex, xgetbv: xgetbv})
 
 	cpuid = func(op uint32) (eax, ebx, ecx, edx uint32) {
-		if op == 0x80000000 || op == 0 {
+		if op == 0x80000000 || op == 0 || op == 0x4000000c {
 			var ok bool
 			_, ok = fakeID[op]
 			if !ok {