There is such a thing that confuses me that, data need to be encrypted both at page eviction and cache line eviction.
I am aware of the fact that those two things doesn't go together.
Page eviction is done by system software using the EWB instruction. The major differences for a SGX program from a regular program page eviction are that (1) data need to be encrypted and (2) Eviction happens from EPC to un-trusted memory first (3) Version Array is used for tracking. The encryption is probably implemented by CPU logic that support the EWB instruction --> (Could you help me verify that?)
Meanwhile, when a cache line is evicted (which is controlled purely by HW micro-architecture, not by SW & some instructions), this cache line also needs to be encrypted before sending it to main memory. This is implemented by a separate HW component from CPU (though they could reside in the same die) detailed in this paper: A Memory Encryption Engine Suitable for General Purpose Processors.
Could you just help me make sure that those two encryption activities are totally unrelated? I guess they should be... I don't know why I raise this question... Since page eviction and cache line eviction belong to two different architectural layers. They are probably also implemented differently. But even in that case, the fact that data in the CPU might have the chance to be encrypted twice still makes it a little weird yet I don't know why...
Thanks a lot!