Merge pull request #36 from oasisprotocol/anzoman/attestation-tool-add-cpu-aes-instruction-check

attestation-tool: Add CPU AES instruction check

Author: anzoman

attestation-tool/Cargo.lock

@@ -34,3 +34,4 @@ serde_json = { version = "1.0.87", features = ["raw_value"] }
 tokio = { version = "1.29.1", features = ["macros"] }
 ureq = "2.8.0"
 yasna = { version = "0.5.0", features = ["num-bigint"] }
+raw-cpuid = "11.0.2"

attestation-tool/Cargo.toml

@@ -20,6 +20,7 @@ use pkix::pem::{self, PEM_CERTIFICATE};
 use sgx_isa::Targetinfo;
 use sgxs_loaders::isgx::Device as IsgxDevice;
 use std::process;
+use raw_cpuid::CpuId;
 
 mod ecdsa;
 
@@ -57,6 +58,8 @@ async fn main() {
         (@arg SPID: --("spid") +takes_value "SPID to use")
     ).get_matches();
 
+    check_bios_settings();
+
     let mut loader = IsgxDevice::new()
         .unwrap()
         .einittoken_provider(AesmClient::new())
@@ -284,6 +287,29 @@ async fn main() {
     }
 }
 
+fn check_bios_settings() {
+    let cpuid = CpuId::new();
+    if let Some(extended_features) = cpuid.get_extended_feature_info() {
+        if !extended_features.has_sgx() {
+            println!("SGX is not supported or not enabled in the BIOS.");
+            process::exit(1);
+        }
+    } else {
+        println!("Unable to get the extended CPU feature information.");
+        process::exit(1);
+    }
+
+    if let Some(features) = cpuid.get_feature_info() {
+        if !features.has_aesni() {
+            println!("AES-NI is not supported by the CPU or not enabled in the BIOS.");
+            process::exit(1);
+        }
+    } else {
+        println!("Unable to get the CPU feature information.");
+        process::exit(1);
+    }
+}
+
 fn from_hex(mut hex: &str) -> Vec<u8> {
     let mut ret = Vec::with_capacity(hex.len() / 2);
     loop {