Community
cancel
Showing results for 
Search instead for 
Did you mean: 
bitflipper101
Beginner
366 Views

Enclave signing printout required memory

Jump to solution

Hello,

The sign executable in the SDK (at .../linux/installer/bin/sgxsdk/sign) gives me the following printout:

<EnclaveConfiguration>
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<StackMaxSize>0x9000000</StackMaxSize>
<HeapMaxSize>0x9000000</HeapMaxSize>
<TCSNum>10</TCSNum>
<TCSPolicy>1</TCSPolicy>
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
<DisableDebug>0</DisableDebug>
<MiscSelect>0</MiscSelect>
<MiscMask>0xFFFFFFFF</MiscMask>
</EnclaveConfiguration>
tcs_num 10, tcs_max_num 10, tcs_min_pool 1
The required memory is 1671802880B.
The required memory is 0x63a5b000, 1632620 KB.
Succeed.
SIGN => build/enclave.signed.so
The project has been built in debug hardware mode.

 

I am interested in the "required memory" line (~=1.6GB). I am unsure how this is being calculated? Does this mean running this program inside an enclave will use all of the available 128MB (~90MB after overhead) and swap in and out to main untrusted RAM?

 

The program should not be using that much memory by design, so wondering about how this is calculated?

 

Thanks

 

 

Labels (1)
0 Kudos
1 Solution
JesusG_Intel
Moderator
343 Views

Hello bitflipper,


Yes, your enclave requires 1.6GB and reducing TCSNum will reduce your required memory. Please see this document for more info on Enclave memory footprint: https://caslab.csl.yale.edu/workshops/hasp2016/HASP16-17.pdf. See Page 2-Figure 1 and page 4, section 5.1, Figure 4.


The Enclave's memory footprint includes the Thread Context, Enclave Heap, and Enclave Code.


In other words, enclaves require more than just your code and data. There are also several other data structures that are used to secure and manage your enclave.


View solution in original post

6 Replies
JesusG_Intel
Moderator
355 Views

Hello bitflipper101,


Your question is answered in this thread: https://community.intel.com/t5/Intel-Software-Guard-Extensions/The-number-of-allocated-pages-to-the-..., specifically here https://community.intel.com/t5/Intel-Software-Guard-Extensions/The-number-of-allocated-pages-to-the-... and https://community.intel.com/t5/Intel-Software-Guard-Extensions/The-number-of-allocated-pages-to-the-....


In Linux, it is possible to allocate memory for an enclave that is larger than the EPC size because Linux supports page swapping of EPC pages. However, Windows does not support swapping of EPC pages so your enclave must fit within the EPC limit in Windows.





bitflipper101
Beginner
351 Views

Thanks JesusG. 

So changing the TCSNum in the config should reduce this memory requirement?

My assertion is correct that my program requires ~1.6GB of memory? Do you have any more info on how this is calculated? 

Thanks

JesusG_Intel
Moderator
344 Views

Hello bitflipper,


Yes, your enclave requires 1.6GB and reducing TCSNum will reduce your required memory. Please see this document for more info on Enclave memory footprint: https://caslab.csl.yale.edu/workshops/hasp2016/HASP16-17.pdf. See Page 2-Figure 1 and page 4, section 5.1, Figure 4.


The Enclave's memory footprint includes the Thread Context, Enclave Heap, and Enclave Code.


In other words, enclaves require more than just your code and data. There are also several other data structures that are used to secure and manage your enclave.


View solution in original post

bitflipper101
Beginner
334 Views

Thanks JesusG. 

I reduced my TCSNum and the memory requirement came down to ~300MB. 

I'm confused about how my enclave is functioning - this stems from the fact that my machine is SGX1 enabled, but the paper seems to mainly discuss SGX2 instruction capabilities - dynamic heap management, stack expansion, and thread context creation.

Are some of the functionalities in the linux driver but not neccesarily targeting SGX2 instructions?

JesusG_Intel
Moderator
325 Views

Hello bitflipper101,


I didn't mean to confuse you with that paper on SGX 2. I just wanted you to see the graphical representations of the SGX memory layout so you can see all the different components. Since your system is SGX 1, then only Figure 1, is relevant to you.


JesusG_Intel
Moderator
312 Views

Intel is no longer monitoring this thread. If you want a response from Intel in a follow-up question, please open a new thread.


Reply