https://community.intel.com/t5/Intel-Software-Guard-Extensions/Determine-the-max-creatable-SGX-enclave-EPC/m-p/1358494#M5137 <P><B>This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.</B></P><BR /> Tue, 08 Feb 2022 15:41:53 GMT JesusG_Intel 2022-02-08T15:41:53Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Determine-the-max-creatable-SGX-enclave-EPC/m-p/1356621#M5129 <DIV> <P>I couldn't find a way of determining what would be the max creatable enclave using the&nbsp;<A href="https://github.com/intel/linux-sgx/" target="_blank" rel="nofollow noopener noreferrer">SGX SDK</A>. Is there any way of fetching these capabilities? This is especially useful in cloud environments where you can create virtual machines with EPC sections and you don't know the actual usable size of the provisioned EPC. <A href="https://apklub.com/" target="_self">&nbsp;</A></P> </DIV> <DIV> <DIV> <DIV>&nbsp;</DIV> </DIV> </DIV> Wed, 02 Feb 2022 13:22:30 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Determine-the-max-creatable-SGX-enclave-EPC/m-p/1356621#M5129 apklub 2022-02-02T13:22:30Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Determine-the-max-creatable-SGX-enclave-EPC/m-p/1356850#M5130 <P>Hello apklub,</P><P><BR /></P><P>The SGX SDK does not provide a way to find the maximum EPC size but it is possible to determine the size of your EPC programmatically by checking the processor registers. <A href="https://github.com/ayeks/SGX-hardware/blob/master/test-sgx.c" rel="noopener noreferrer" target="_blank">Test-sgx</A> demonstrates this.</P><P>&nbsp;</P><P>There are a few ways to determine the maximum EPC size on your processor. Below are the easiest two methods, programmatically and in BIOS.</P><P>&nbsp;</P><P><U>Method 1:</U></P><OL><LI><B style="font-size: 10pt;">Go to</B><SPAN style="font-size: 10pt;">&nbsp;the&nbsp;</SPAN><A href="https://github.com/ayeks/SGX-hardware" rel="noopener noreferrer" target="_blank">SGX Hardware Github</A><SPAN style="font-size: 10pt;">&nbsp;and&nbsp;</SPAN><B style="font-size: 10pt;">download&nbsp;</B><SPAN style="font-size: 10pt;">the file&nbsp;</SPAN><I style="font-size: 10pt;">test_sgx.c</I><SPAN style="font-size: 10pt;">&nbsp;or&nbsp;</SPAN><B style="font-size: 10pt;">clone&nbsp;</B><SPAN style="font-size: 10pt;">the&nbsp;</SPAN><A href="https://github.com/ayeks/SGX-hardware" rel="noopener noreferrer" target="_blank">repository</A></LI><LI><B style="font-size: 10pt;">Compile&nbsp;</B><SPAN style="font-size: 10pt;">and&nbsp;</SPAN><B style="font-size: 10pt;">run</B><SPAN style="font-size: 10pt;">&nbsp;test_sgx.c according to these&nbsp;</SPAN><A href="https://github.com/ayeks/SGX-hardware#test-sgx" rel="noopener noreferrer" target="_blank"><B>instructions</B></A><B style="font-size: 10pt;">:</B></LI></OL><P><SPAN style="font-family: courier;">$ git clone <A href="https://github.com/ayeks/SGX-hardware.git" target="_blank">https://github.com/ayeks/SGX-hardware.git</A></SPAN></P><P><SPAN style="font-family: courier;">$ cd SGX-hardware/</SPAN></P><P><SPAN style="font-family: courier;">$ gcc test-sgx.c -o test-sgx</SPAN></P><P><SPAN style="font-family: courier;">$ ./test-sgx</SPAN></P><P><BR /></P><P>Look for output like:</P><P class="ql-indent-1"><SPAN style="font-family: courier;">CPUID Leaf 12H, Sub-Leaf 2 of Intel SGX Capabilities (EAX=12H,ECX=2)</SPAN></P><P class="ql-indent-1"><SPAN style="font-family: courier;">eax: 70200001 ebx: 0 ecx: 5d80001 edx: 0</SPAN></P><P class="ql-indent-1"><SPAN style="font-family: courier;">size of EPC section in Processor Reserved Memory, 93 M</SPAN></P><P><SPAN style="font-family: &quot;Intel Clear&quot;;">On my system</SPAN><SPAN style="font-family: &quot;Courier New&quot;;"> exc: 5d80000 = 93MB</SPAN></P><P><BR /></P><P><SPAN style="font-family: &quot;Intel Clear&quot;;">The maximum enclave size is reported in </SPAN><SPAN style="font-family: &quot;Courier New&quot;;">MaxEnclaveSize</SPAN></P><P><SPAN style="font-family: &quot;Courier New&quot;;">MaxEnclaveSize_Not64</SPAN><SPAN style="font-family: intel-clear;">: the maximum supported enclave size is 2^(EDX[7:0]) bytes when not in 64-bit mode</SPAN></P><P><SPAN style="font-family: &quot;Courier New&quot;;">MaxEnclaveSize_64</SPAN><SPAN style="font-family: intel-clear;">: the maximum supported enclave size is 2^(EDX[15:8]) bytes when operating in 64- bit mode.</SPAN></P><P>So the maximum Virtual Size of the enclave is 2^(0x1f) for 32bit and 2^(0x24) for 64bit enclaves.</P><P><BR /></P><P><B>Refer</B> to the values returned by the CPUID call (Section 37.7.2, Table 37-6 of the <A href="https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-vol-3d-part-4-manual.pdf" rel="noopener noreferrer" target="_blank">IA Software Developer Manual Vol 3d Part 4</A>&nbsp;)</P><P>&nbsp;</P><P><U>Method 2:</U></P><P>Find the SGX Processor Reserved Memory size in BIOS. It will be listed differently depending on your BIOS but you can usually find the SGX memory setting next to the SGX enable setting.</P><P>&nbsp;</P><P>Windows does not support paging for SGX enclaves, so you are limited to the EPC size. Linux supports paging so the amount of memory you can allocate to an enclave is not limited by the EPC size.</P><BR /> Wed, 02 Feb 2022 21:28:13 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Determine-the-max-creatable-SGX-enclave-EPC/m-p/1356850#M5130 JesusG_Intel 2022-02-02T21:28:13Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Determine-the-max-creatable-SGX-enclave-EPC/m-p/1358494#M5137 <P><B>This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.</B></P><BR /> Tue, 08 Feb 2022 15:41:53 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Determine-the-max-creatable-SGX-enclave-EPC/m-p/1358494#M5137 JesusG_Intel 2022-02-08T15:41:53Z