cpuid dummy call with sgx and fix assembly SP + SGX build

2026-01-26 15:02:24 +01:00 · 2025-04-30 01:10:03 -06:00
parent 44784729c0
commit 23498c293e
2 changed files with 35 additions and 9 deletions
--- a/IDE/LINUX-SGX/sgx_t_static.mk
+++ b/IDE/LINUX-SGX/sgx_t_static.mk
@@ -109,21 +109,20 @@ ifeq ($(HAVE_WOLFSSL_ASSEMBLY), 1)
               $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64_asm.S\
               $(WOLFSSL_ROOT)/wolfcrypt/src/aes_xts_asm.S\
               $(WOLFSSL_ROOT)/wolfcrypt/src/sha3_asm.S\
-               $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_asm.S\
+               $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem_asm.S\
               $(WOLFSSL_ROOT)/wolfcrypt/src/chacha_asm.S\
               $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.S


 	Wolfssl_C_Extra_Flags += -DWOLFSSL_X86_64_BUILD\
               -DWOLFSSL_AESNI\
-               -maes -masm=intel
+               -maes -mavx -mavx2 -msse4.2

-#SP assembly needs investigated for use with PIE
-#ifeq ($(HAVE_WOLFSSL_SP), 1)
-#    Wolfssl_C_Extra_Flags += -DWOLFSSL_SP_X86_64_ASM\
-#			     -DWOLFSSL_SP_X86_64\
-#			     -DWOLFSSL_SP_ASM
-#endif
+ifeq ($(HAVE_WOLFSSL_SP), 1)
+    Wolfssl_C_Extra_Flags += -DWOLFSSL_SP_X86_64_ASM\
+			   -DWOLFSSL_SP_X86_64\
+			   -DWOLFSSL_SP_ASM
+endif
 endif

 Wolfssl_Include_Paths := -I$(WOLFSSL_ROOT)/ \
--- a/wolfcrypt/src/cpuid.c
+++ b/wolfcrypt/src/cpuid.c
@@ -28,7 +28,34 @@
    static cpuid_flags_atomic_t cpuid_flags = WC_CPUID_ATOMIC_INITIALIZER;
 #endif

-#ifdef HAVE_CPUID_INTEL
+#if defined(HAVE_CPUID_INTEL) && defined(WOLFSSL_SGX)
+    /* @TODO calling cpuid from a trusted enclave needs additional hardening.
+     * For initial benchmarking, the cpu support is getting hard set.
+     * Another thing of note is cpuid calls cause a SIGILL signal, see
+     * github issue #5 on intel/intel-sgx-ssl */
+
+    /* For tying in an actual external call to cpuid this header and function
+     * call would be used :
+     * #include <sgx_cpuid.h>
+     * #define cpuid(reg, leaf, sub) sgx_cpuidex((reg),(leaf),(sub))
+     */
+    void cpuid_set_flags(void)
+    {
+        if (!cpuid_check) {
+            cpuid_flags |= CPUID_AVX1;
+            cpuid_flags |= CPUID_AVX2;
+            cpuid_flags |= CPUID_BMI2;
+            cpuid_flags |= CPUID_RDSEED;
+            cpuid_flags |= CPUID_AESNI;
+            cpuid_flags |= CPUID_ADX;
+            cpuid_flags |= CPUID_MOVBE;
+            cpuid_flags |= CPUID_BMI1;
+
+            cpuid_check = 1;
+        }
+    }
+
+#elif defined(HAVE_CPUID_INTEL)
    /* Each platform needs to query info type 1 from cpuid to see if aesni is
     * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
     */