From 23498c293eff77f2acd8eb740f05c5da8d7a235f Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Wed, 30 Apr 2025 01:10:03 -0600
Subject: [PATCH] cpuid dummy call with sgx and fix assembly SP + SGX build

---
 IDE/LINUX-SGX/sgx_t_static.mk | 15 +++++++--------
 wolfcrypt/src/cpuid.c         | 29 ++++++++++++++++++++++++++++-
 2 files changed, 35 insertions(+), 9 deletions(-)

diff --git a/IDE/LINUX-SGX/sgx_t_static.mk b/IDE/LINUX-SGX/sgx_t_static.mk
index 352a98cd7..5af62f7e7 100644
--- a/IDE/LINUX-SGX/sgx_t_static.mk
+++ b/IDE/LINUX-SGX/sgx_t_static.mk
@@ -109,21 +109,20 @@ ifeq ($(HAVE_WOLFSSL_ASSEMBLY), 1)
                $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64_asm.S\
                $(WOLFSSL_ROOT)/wolfcrypt/src/aes_xts_asm.S\
                $(WOLFSSL_ROOT)/wolfcrypt/src/sha3_asm.S\
-               $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_asm.S\
+               $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem_asm.S\
                $(WOLFSSL_ROOT)/wolfcrypt/src/chacha_asm.S\
                $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.S
 
 
 	Wolfssl_C_Extra_Flags += -DWOLFSSL_X86_64_BUILD\
                -DWOLFSSL_AESNI\
-               -maes -masm=intel
+               -maes -mavx -mavx2 -msse4.2
 
-#SP assembly needs investigated for use with PIE
-#ifeq ($(HAVE_WOLFSSL_SP), 1)
-#    Wolfssl_C_Extra_Flags += -DWOLFSSL_SP_X86_64_ASM\
-#			     -DWOLFSSL_SP_X86_64\
-#			     -DWOLFSSL_SP_ASM
-#endif
+ifeq ($(HAVE_WOLFSSL_SP), 1)
+    Wolfssl_C_Extra_Flags += -DWOLFSSL_SP_X86_64_ASM\
+			   -DWOLFSSL_SP_X86_64\
+			   -DWOLFSSL_SP_ASM
+endif
 endif
 
 Wolfssl_Include_Paths := -I$(WOLFSSL_ROOT)/ \
diff --git a/wolfcrypt/src/cpuid.c b/wolfcrypt/src/cpuid.c
index a0ac7c66a..73b3a2925 100644
--- a/wolfcrypt/src/cpuid.c
+++ b/wolfcrypt/src/cpuid.c
@@ -28,7 +28,34 @@
     static cpuid_flags_atomic_t cpuid_flags = WC_CPUID_ATOMIC_INITIALIZER;
 #endif
 
-#ifdef HAVE_CPUID_INTEL
+#if defined(HAVE_CPUID_INTEL) && defined(WOLFSSL_SGX)
+    /* @TODO calling cpuid from a trusted enclave needs additional hardening.
+     * For initial benchmarking, the cpu support is getting hard set.
+     * Another thing of note is cpuid calls cause a SIGILL signal, see
+     * github issue #5 on intel/intel-sgx-ssl */
+
+    /* For tying in an actual external call to cpuid this header and function
+     * call would be used :
+     * #include <sgx_cpuid.h>
+     * #define cpuid(reg, leaf, sub) sgx_cpuidex((reg),(leaf),(sub))
+     */
+    void cpuid_set_flags(void)
+    {
+        if (!cpuid_check) {
+            cpuid_flags |= CPUID_AVX1;
+            cpuid_flags |= CPUID_AVX2;
+            cpuid_flags |= CPUID_BMI2;
+            cpuid_flags |= CPUID_RDSEED;
+            cpuid_flags |= CPUID_AESNI;
+            cpuid_flags |= CPUID_ADX;
+            cpuid_flags |= CPUID_MOVBE;
+            cpuid_flags |= CPUID_BMI1;
+
+            cpuid_check = 1;
+        }
+    }
+
+#elif defined(HAVE_CPUID_INTEL)
     /* Each platform needs to query info type 1 from cpuid to see if aesni is
      * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
      */