topic TLB Flushing in Intel® Software Guard Extensions (Intel® SGX)

TLB Flushing

Kumar__Dixit — Fri, 24 Apr 2020 16:03:26 GMT

Whenever EENTER instruction gets called, It flushes TLB entries for addresses in the enclave’s ELRANGE? Can someone please explain the reasoning behind this?

Hello Dixit,

JesusG_Intel — Fri, 24 Apr 2020 23:58:31 GMT

Hello Dixit,

The answer to your question can be very complex. I will keep it short here and refer you to the paper, SGX Explained, for a more in-depth answer. The TLB gets flushed at every SGX context change, which includes EENTER, EEXIT, and ERESUME. One of the basic principles of SGX is that the host and system software are not trusted. However, under SGX, the operating system and hypervisor are still in full control of the pages tables and EPTs. Flushing the TLB between every context change, i.e. host to enclave, enclave to host, helps to mitigate address translation attacks. Please read the paper, SGX Explained, for a more in depth discussion on these attacks and how the SGX architecture and design aims to prevent them.

Regards,

Jesus

Thanks Jesus.

Kumar__Dixit — Sat, 25 Apr 2020 11:23:36 GMT

Thanks Jesus.

I will surely look into above mentioned paper to understand more about address translation attacks and the importance of TLB flushing.

Regards,

Dixit