Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1455 Discussions

Encrypting Page Eviction VS Encrypting Cache Line Eviction

He__Yi
Beginner
‎09-11-2019 10:12 PM
296 Views

Hi!

There is such a thing that confuses me that, data need to be encrypted both at page eviction and cache line eviction.

I am aware of the fact that those two things doesn't go together.

Page eviction is done by system software using the EWB instruction. The major differences for a SGX program from a regular program page eviction are that (1) data need to be encrypted and (2) Eviction happens from EPC to un-trusted memory first (3) Version Array is used for tracking. The encryption is probably implemented by CPU logic that support the EWB instruction --> (Could you help me verify that?)

Meanwhile, when a cache line is evicted (which is controlled purely by HW micro-architecture, not by SW & some instructions), this cache line also needs to be encrypted before sending it to main memory. This is implemented by a separate HW component from CPU (though they could reside in the same die) detailed in this paper: A Memory Encryption Engine Suitable for General Purpose Processors.

Could you just help me make sure that those two encryption activities are totally unrelated? I guess they should be... I don't know why I raise this question... Since page eviction and cache line eviction belong to two different architectural layers. They are probably also implemented differently. But even in that case, the fact that data in the CPU might have the chance to be encrypted twice still makes it a little weird yet I don't know why...

 

Thanks a lot!

 

0 Kudos

Link Copied

0 Replies
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.