https://community.intel.com/t5/Intel-Software-Guard-Extensions/max-protected-data-size-enclave-can-handle/m-p/1246318#M4213 <P><SPAN>Jesus, Thank you very much for your answer.<BR />I managed to load vector more than 400mb (it was issue not SGX related). But I still wonder how EPC size (which is 16mb for me) affects processing of data in the enclave. Only performance is affected when data size is more than EPC size.. or some processing cannot be performed at all?<BR /></SPAN></P> <P>Thank /Maxim</P> Thu, 14 Jan 2021 16:40:33 GMT maxkaynov 2021-01-14T16:40:33Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/max-protected-data-size-enclave-can-handle/m-p/1241038#M4190 <P>hi everyone,</P> <P>I'm working on virtualised system managed by ubuntu and I'm trying to understand how much data I can load into the enclave (to do some ml tasks in the future). Enclave heap is 2Gb. The next actions sequentially repeated:<BR />1. ecall to pass next chunk of data (encrypted values of type double)<BR />2. decrypt data and append it to a c++vector in the enclave<BR />After vector becomes more than ~400mbyte - app got stuck.<BR />Is there any limit on paged protected memory that enclave can manage?</P> <P>CPUID&nbsp;says that MaxEnclaveSize_64: 24 in my environment (<A href="https://github.com/ayeks/SGX-hardware/blob/master/test-sgx.c" target="_blank">https://github.com/ayeks/SGX-hardware/blob/master/test-sgx.c</A>)</P> <P>Am I correct that max enclave size is 2^24 (16 mbyte) for me? Is this size limits the total amount of data in protected memory that enclave can handle? Can I anyhow increase amount of data I can load into the enclave?</P> <P>Thanks,<BR />Maxim</P> Sun, 27 Dec 2020 20:53:54 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/max-protected-data-size-enclave-can-handle/m-p/1241038#M4190 maxkaynov 2020-12-27T20:53:54Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/max-protected-data-size-enclave-can-handle/m-p/1243474#M4199 <P>Hello Maxim,</P><P><BR /></P><P>Are you using<SPAN style="font-family: &quot;Calibri&quot;, sans-serif; font-size: 11pt;"> </SPAN><A href="https://github.com/intel/kvm-sgx" rel="noopener noreferrer" target="_blank" style="font-family: &quot;Calibri&quot;, sans-serif; font-size: 11pt;">KVM-SGX</A><SPAN style="font-family: &quot;Calibri&quot;, sans-serif; font-size: 11pt;">?</SPAN></P><P><SPAN style="font-family: &quot;Calibri&quot;, sans-serif; font-size: 11pt;">&nbsp;</SPAN></P><P>To be able to use more than 400MB in your vector, try increasing the amount of heap and stack memory available to your enclave in the Enclave Config file. You are limited by the amount of memory available to your VM and the amount used by your guest OS.</P><P>&nbsp;</P><P>Yes, you have made available 16MB of your EPC to your guest VM. However, due to paging in most Linux systems, your enclave can use more than the allocated 16MB. Follow these<SPAN style="font-family: &quot;Calibri&quot;, sans-serif; font-size: 11pt;"> </SPAN><A href="https://github.com/intel/qemu-sgx#virtual-epc" rel="noopener noreferrer" target="_blank" style="font-family: &quot;Calibri&quot;, sans-serif; font-size: 11pt;">instructions</A> to change the amount of allocated EPC with<SPAN style="font-family: &quot;Calibri&quot;, sans-serif; font-size: 11pt;"> </SPAN><A href="https://github.com/intel/qemu-sgx" rel="noopener noreferrer" target="_blank" style="font-family: &quot;Calibri&quot;, sans-serif; font-size: 11pt;">Qemu</A><SPAN style="font-family: &quot;Calibri&quot;, sans-serif; font-size: 11pt;">.</SPAN></P><P><BR /></P><P>“To define an EPC range, you must allocate a custom QEMU memory object and assign it a unique ID, then provide the memory ID to the -sgx-epc option. The following QEMU options create and assign an 8-MB EPC to the VM:</P><P><BR /></P><P><SPAN style="font-family: courier; font-size: 11pt;">-object memory-backend-epc,id=mem1,size=8M,prealloc -sgx-epc id=epc1,memdev=mem1</SPAN></P><P><BR /></P><P>You can define multiple EPC segments in this manner. See the README file for the qemu-sgx repository for more information on defining EPC segments.”</P><P><BR /></P><P>Sincerely,</P><P>Jesus G.</P><P>Intel Customer Support</P><BR /> Tue, 05 Jan 2021 15:45:42 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/max-protected-data-size-enclave-can-handle/m-p/1243474#M4199 JesusG_Intel 2021-01-05T15:45:42Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/max-protected-data-size-enclave-can-handle/m-p/1245212#M4208 <P>Hello Maxim,</P><P><BR /></P><P>Were you able to resolve your issue?</P><P><BR /></P><P>Sincerely,</P><P>Jesus G.</P><P>Intel Customer Support</P><BR /> Mon, 11 Jan 2021 18:15:13 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/max-protected-data-size-enclave-can-handle/m-p/1245212#M4208 JesusG_Intel 2021-01-11T18:15:13Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/max-protected-data-size-enclave-can-handle/m-p/1245926#M4211 <P><B>Intel is no longer monitoring this thread. If you want a response from Intel in a follow-up question, please open a new thread.</B></P><BR /> Wed, 13 Jan 2021 17:39:07 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/max-protected-data-size-enclave-can-handle/m-p/1245926#M4211 JesusG_Intel 2021-01-13T17:39:07Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/max-protected-data-size-enclave-can-handle/m-p/1246318#M4213 <P><SPAN>Jesus, Thank you very much for your answer.<BR />I managed to load vector more than 400mb (it was issue not SGX related). But I still wonder how EPC size (which is 16mb for me) affects processing of data in the enclave. Only performance is affected when data size is more than EPC size.. or some processing cannot be performed at all?<BR /></SPAN></P> <P>Thank /Maxim</P> Thu, 14 Jan 2021 16:40:33 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/max-protected-data-size-enclave-can-handle/m-p/1246318#M4213 maxkaynov 2021-01-14T16:40:33Z