Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

How Intel support 1 Terabyte enclave size?

Mingyi
Beginner
422 Views

Hello,

I've seen that Xeon Ice Lake CPU supports up to 1 Terabyte enclave much larger than original 256 Megabytes.

I would you like to know how Intel support that huge size? Are there any significant changes? I'd  appreciate it if you may share any documents or give me a few pointers on where I could get more information regarding this problem.

Hope you well.

Regards,

Mingyi

0 Kudos
1 Solution
JesusG_Intel
Moderator
404 Views

Hello Mingyi,


The main change that enabled is a larger EPC is that SGX went from using the Memory Encryption Engine (MEE), which uses on-die space for a Merkle Tree (which doesn’t expand easily), to using AES-XTS. This paper provides much more detail: https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/supporting-intel-sgx-on-mu...

 

This link says a bit about it also:

 

https://www.intel.com/content/www/us/en/newsroom/news/xeon-scalable-platform-built-sensitive-workloa...


To clarify, that’s 1TB for a 2 socket system; max per CPU is 512GB.


Sincerely,

Jesus G.

Intel Customer Support


View solution in original post

3 Replies
JesusG_Intel
Moderator
405 Views

Hello Mingyi,


The main change that enabled is a larger EPC is that SGX went from using the Memory Encryption Engine (MEE), which uses on-die space for a Merkle Tree (which doesn’t expand easily), to using AES-XTS. This paper provides much more detail: https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/supporting-intel-sgx-on-mu...

 

This link says a bit about it also:

 

https://www.intel.com/content/www/us/en/newsroom/news/xeon-scalable-platform-built-sensitive-workloa...


To clarify, that’s 1TB for a 2 socket system; max per CPU is 512GB.


Sincerely,

Jesus G.

Intel Customer Support


Mingyi
Beginner
393 Views
JesusG_Intel
Moderator
381 Views

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.


Reply