Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

How Intel support 1 Terabyte enclave size?

Mingyi
Beginner
1,118 Views

Hello,

I've seen that Xeon Ice Lake CPU supports up to 1 Terabyte enclave much larger than original 256 Megabytes.

I would you like to know how Intel support that huge size? Are there any significant changes? I'd  appreciate it if you may share any documents or give me a few pointers on where I could get more information regarding this problem.

Hope you well.

Regards,

Mingyi

0 Kudos
1 Solution
JesusG_Intel
Moderator
1,100 Views

Hello Mingyi,


The main change that enabled is a larger EPC is that SGX went from using the Memory Encryption Engine (MEE), which uses on-die space for a Merkle Tree (which doesn’t expand easily), to using AES-XTS. This paper provides much more detail: https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/supporting-intel-sgx-on-mulit-socket-platforms.pdf

 

This link says a bit about it also:

 

https://www.intel.com/content/www/us/en/newsroom/news/xeon-scalable-platform-built-sensitive-workloads.html#gs.3l58dx


To clarify, that’s 1TB for a 2 socket system; max per CPU is 512GB.


Sincerely,

Jesus G.

Intel Customer Support


View solution in original post

3 Replies
JesusG_Intel
Moderator
1,101 Views

Hello Mingyi,


The main change that enabled is a larger EPC is that SGX went from using the Memory Encryption Engine (MEE), which uses on-die space for a Merkle Tree (which doesn’t expand easily), to using AES-XTS. This paper provides much more detail: https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/supporting-intel-sgx-on-mulit-socket-platforms.pdf

 

This link says a bit about it also:

 

https://www.intel.com/content/www/us/en/newsroom/news/xeon-scalable-platform-built-sensitive-workloads.html#gs.3l58dx


To clarify, that’s 1TB for a 2 socket system; max per CPU is 512GB.


Sincerely,

Jesus G.

Intel Customer Support


Mingyi
Beginner
1,089 Views
0 Kudos
JesusG_Intel
Moderator
1,077 Views

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.


0 Kudos
Reply