cpuid dummy call with sgx and fix assembly SP + SGX build

JacobBarthelmeh · JacobBarthelmeh · commit 756d396e07a3 · 2025-04-30T01:10:03.000-06:00
diff --git a/IDE/LINUX-SGX/sgx_t_static.mk b/IDE/LINUX-SGX/sgx_t_static.mk
@@ -109,21 +109,20 @@ ifeq ($(HAVE_WOLFSSL_ASSEMBLY), 1)
                $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64_asm.S\
                $(WOLFSSL_ROOT)/wolfcrypt/src/aes_xts_asm.S\
                $(WOLFSSL_ROOT)/wolfcrypt/src/sha3_asm.S\
-               $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_asm.S\
+               $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem_asm.S\
                $(WOLFSSL_ROOT)/wolfcrypt/src/chacha_asm.S\
                $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.S
 
 
 	Wolfssl_C_Extra_Flags += -DWOLFSSL_X86_64_BUILD\
                -DWOLFSSL_AESNI\
-               -maes -masm=intel
-
-#SP assembly needs investigated for use with PIE
-#ifeq ($(HAVE_WOLFSSL_SP), 1)
-#    Wolfssl_C_Extra_Flags += -DWOLFSSL_SP_X86_64_ASM\
-#			     -DWOLFSSL_SP_X86_64\
-#			     -DWOLFSSL_SP_ASM
-#endif
+               -maes -mavx -mavx2 -msse4.2
+
+ifeq ($(HAVE_WOLFSSL_SP), 1)
+    Wolfssl_C_Extra_Flags += -DWOLFSSL_SP_X86_64_ASM\
+			   -DWOLFSSL_SP_X86_64\
+			   -DWOLFSSL_SP_ASM
+endif
 endif
 
 Wolfssl_Include_Paths := -I$(WOLFSSL_ROOT)/ \
diff --git a/wolfcrypt/src/cpuid.c b/wolfcrypt/src/cpuid.c
@@ -29,7 +29,34 @@
     static word32 cpuid_flags = 0;
 #endif
 
-#ifdef HAVE_CPUID_INTEL
+#if defined(HAVE_CPUID_INTEL) && defined(WOLFSSL_SGX)
+    /* @TODO calling cpuid from a trusted enclave needs additional hardening.
+     * For initial benchmarking, the cpu support is getting hard set.
+     * Another thing of note is cpuid calls cause a SIGILL signal, see
+     * github issue #5 on intel/intel-sgx-ssl */
+
+    /* For tying in an actual external call to cpuid this header and function
+     * call would be used :
+     * #include <sgx_cpuid.h>
+     * #define cpuid(reg, leaf, sub) sgx_cpuidex((reg),(leaf),(sub))
+     */
+    void cpuid_set_flags(void)
+    {
+        if (!cpuid_check) {
+            cpuid_flags |= CPUID_AVX1;
+            cpuid_flags |= CPUID_AVX2;
+            cpuid_flags |= CPUID_BMI2;
+            cpuid_flags |= CPUID_RDSEED;
+            cpuid_flags |= CPUID_AESNI;
+            cpuid_flags |= CPUID_ADX;
+            cpuid_flags |= CPUID_MOVBE;
+            cpuid_flags |= CPUID_BMI1;
+
+            cpuid_check = 1;
+        }
+    }
+
+#elif defined(HAVE_CPUID_INTEL)
     /* Each platform needs to query info type 1 from cpuid to see if aesni is
      * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
      */
