IA32_SPEC_CTRL and other security-sensitive MSRs

[dimakuv]

The "Trust Domain Security Guidance for Developers" document says this:

Note that the Intel TDX module preserves the value of IA32_SPEC_CTRL, which is a mitigation option for several of the potential classes of attack discussed below, across transitions (for example, the value is saved after a TD guest exit, and restored before resuming that TD). The Intel TDX module also mandates that the relevant hardware mitigations are enumerated to the guest, so that a malicious hypervisor cannot prevent TDs from using these mitigations.

Must check what IA32_SPEC_CTRL MSR does exactly, how it is preserved inside the TD, and if Gramine needs to do/verify anything about this MSR. Similarly for a related MSR called IA32_ARCH_CAPABILITIES.

All information is found here: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/cpuid-enumeration-and-architectural-msrs.html

---

From the "Intel TDX Module v1.5 ABI Specification", Table 2.2 "MSR Virtualization":

• IA32_SPEC_CTRL -- native (direct read/write from/to CPU)
• IA32_ARCH_CAPABILITIES -- native

Other less important MSRs:

• IA32_PRED_CMD -- native
• IA32_FLUSH_CMD -- native
• IA32_TSX_CTRL -- #GP(0) because TSX is disabled inside TDX
• IA32_MCU_OPT_CTRL -- #VE, may be potentially dangerous to use
• IA32_UARCH_MISC_CTL -- #VE, may be potentially dangerous to use
• IA32_XAPIC_DISABLE_STATUS -- #VE, may be potentially dangerous to use

Currently, Gramine-TDX doesn't use any of these MSRs. But this list may be important for the future.