- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I couldn't find a way of determining what would be the max creatable enclave using the SGX SDK. Is there any way of fetching these capabilities? This is especially useful in cloud environments where you can create virtual machines with EPC sections and you don't know the actual usable size of the provisioned EPC.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello apklub,
The SGX SDK does not provide a way to find the maximum EPC size but it is possible to determine the size of your EPC programmatically by checking the processor registers. Test-sgx demonstrates this.
There are a few ways to determine the maximum EPC size on your processor. Below are the easiest two methods, programmatically and in BIOS.
Method 1:
- Go to the SGX Hardware Github and download the file test_sgx.c or clone the repository
- Compile and run test_sgx.c according to these instructions:
$ git clone https://github.com/ayeks/SGX-hardware.git
$ cd SGX-hardware/
$ gcc test-sgx.c -o test-sgx
$ ./test-sgx
Look for output like:
CPUID Leaf 12H, Sub-Leaf 2 of Intel SGX Capabilities (EAX=12H,ECX=2)
eax: 70200001 ebx: 0 ecx: 5d80001 edx: 0
size of EPC section in Processor Reserved Memory, 93 M
On my system exc: 5d80000 = 93MB
The maximum enclave size is reported in MaxEnclaveSize
MaxEnclaveSize_Not64: the maximum supported enclave size is 2^(EDX[7:0]) bytes when not in 64-bit mode
MaxEnclaveSize_64: the maximum supported enclave size is 2^(EDX[15:8]) bytes when operating in 64- bit mode.
So the maximum Virtual Size of the enclave is 2^(0x1f) for 32bit and 2^(0x24) for 64bit enclaves.
Refer to the values returned by the CPUID call (Section 37.7.2, Table 37-6 of the IA Software Developer Manual Vol 3d Part 4 )
Method 2:
Find the SGX Processor Reserved Memory size in BIOS. It will be listed differently depending on your BIOS but you can usually find the SGX memory setting next to the SGX enable setting.
Windows does not support paging for SGX enclaves, so you are limited to the EPC size. Linux supports paging so the amount of memory you can allocate to an enclave is not limited by the EPC size.
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello apklub,
The SGX SDK does not provide a way to find the maximum EPC size but it is possible to determine the size of your EPC programmatically by checking the processor registers. Test-sgx demonstrates this.
There are a few ways to determine the maximum EPC size on your processor. Below are the easiest two methods, programmatically and in BIOS.
Method 1:
- Go to the SGX Hardware Github and download the file test_sgx.c or clone the repository
- Compile and run test_sgx.c according to these instructions:
$ git clone https://github.com/ayeks/SGX-hardware.git
$ cd SGX-hardware/
$ gcc test-sgx.c -o test-sgx
$ ./test-sgx
Look for output like:
CPUID Leaf 12H, Sub-Leaf 2 of Intel SGX Capabilities (EAX=12H,ECX=2)
eax: 70200001 ebx: 0 ecx: 5d80001 edx: 0
size of EPC section in Processor Reserved Memory, 93 M
On my system exc: 5d80000 = 93MB
The maximum enclave size is reported in MaxEnclaveSize
MaxEnclaveSize_Not64: the maximum supported enclave size is 2^(EDX[7:0]) bytes when not in 64-bit mode
MaxEnclaveSize_64: the maximum supported enclave size is 2^(EDX[15:8]) bytes when operating in 64- bit mode.
So the maximum Virtual Size of the enclave is 2^(0x1f) for 32bit and 2^(0x24) for 64bit enclaves.
Refer to the values returned by the CPUID call (Section 37.7.2, Table 37-6 of the IA Software Developer Manual Vol 3d Part 4 )
Method 2:
Find the SGX Processor Reserved Memory size in BIOS. It will be listed differently depending on your BIOS but you can usually find the SGX memory setting next to the SGX enable setting.
Windows does not support paging for SGX enclaves, so you are limited to the EPC size. Linux supports paging so the amount of memory you can allocate to an enclave is not limited by the EPC size.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page