How do I access the Secure Time Stamp Counter information from userspace

[tahardi]

I am working on a library for building TEE applications. The assumption is that people will package up their apps and deploy as a container via a cloud service like GCP's SEV-enabled compute instances. One of the features I am trying to build is a trusted clock. I know that AMD SEV-SNP provides an option to enable a Secure TSC. I need my program to (1) check that TSC is enabled and (2) get the TSC frequency so it can calculate elapsed time.

Unfortunately, it appears that AMD does not provide TSC information via CPUID leafs like Intel. Instead, they put that information in Model Specific Registers (MSRs), which require special privileges to read. I tried running my container and program with root privileges, but was unable to read the MSRs. I think app containers are run on a lower VM ring level than is necessary to access MSRs.

Is there any way to check that the Secure TSC is enabled and to get the frequency as a program in userspace?