Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

DMA vs Enclave Teardown vs Proccesor Halting


Hello Everyone,

I have a very fundamental doubt regarding the working of the Enclave Teardown phase.

Enclave Teardown Phase: When an enclave finishes its job, OS uses EREMOVE instruction to free-up space from the EPC for the corresponding enclave.
DMA: It is mentioned in the Intel SGX Explained that SGX doesn't allow DMA accesses in the PRM region.

Case Scenario: Let say an application has 1000 pages in the EPC. This application completes its trusted code execution and starts the enclave teardown phase.


  1. When we say, system software deallocate an EPC, Is it okay to assume that this EPC page gets move to the NON-EPC, which further move to the Hard-Disk?
  2. Assuming Doubt-1 statement is true, then can we assume the processor will get halted until it deallocates all 1000 pages from EPC to the NON-EPC region?

Kind regards,


0 Kudos
1 Reply

Hello Dixit, the EREMOVE instructions marks an EPC page as unused so that the system software can take over and evict it from the PRM onto DRAM then onto HDD according to whatever page swapping mechanisms the system software uses. This is explained in section 5.5, EPC Page Eviction,  of SGX Explained. As a developer, you do not need to account for this as it is taken care of for you by the system software. For more details on each SGX instructions, you can read the Intel® 64 and IA-32 Architectures Software Developer Manuals. Remember, all of this is multi-threaded and logical processors are used. The whole processor is not blocked while this is happening. OS memory management is beyond the scope of SGX.



Intel Customer Support

0 Kudos