Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

How intel SGX expands EPC memory?

enclave_Research
Novice
‎11-29-2021 07:29 PM
958 Views
Solved Jump to solution

I run test-sgx  and result is:

SGX1 enabled servers

enclave_Research_0-1638242792182.png

SGX2 enabled servers

enclave_Research_1-1638242914213.png

how can I expands EPC memory?

 

0 Kudos
1 Solution
JesusG_Intel
Moderator
‎11-30-2021 10:03 AM
920 Views
Solved Jump to solution

Hello enclave_research,


You cannot increase the amount of EPC memory available on a platform. However, in an SGX 2 platform, you can dynamically allocate EPC memory to an enclave during run-time. On an SGX 1 platform, the amount of allocated heap and stack is set at enclave build-time and cannot be changed at run-time.

 

The Enclave Configuration File controls how much heap and stack is allocated to enclaves. Refer to section Enclave Configuration File in the SGX Developer Reference for more details on the fields in the Enclave Configuration File.

 

In an SGX 2 platform, the fields StackMinSize, StackMaxSize, HeapMinSize, HeapMaxSize determine how much stack and heap are available to an enclave at run-time. In a Linux system, if these values exceed the total amount of EPC, then paging will occur. In SGX 1, HeapInitSize is the only relevant field for setting the amount of heap available to an enclave and StackMaxSize is the total amount of stack memory available.

 

Refer to Intel Software Guard Extensions Software Support for Dynamic Memory Allocation inside an Enclave for a complete description of dynamic memory management with SGX 2. The paper states:

 

"For SGX2, this schema of the enclave configuration has been extended to accommodate parameters relating to reserved address space for expandable/creatable components. Newly added parameters include, but are not limited to

• Min/Max heap sizes

• Min/Max stack sizes

• Min/Max number of threads"

 

These slides provide a good a summary of SGX 2 dynamic memory management.


Sincerely,

Jesus G.

Intel Customer Support


View solution in original post

0 Kudos
Copy link

Link Copied

2 Replies
JesusG_Intel
Moderator
‎11-30-2021 10:03 AM
921 Views
Solved Jump to solution

Hello enclave_research,


You cannot increase the amount of EPC memory available on a platform. However, in an SGX 2 platform, you can dynamically allocate EPC memory to an enclave during run-time. On an SGX 1 platform, the amount of allocated heap and stack is set at enclave build-time and cannot be changed at run-time.

 

The Enclave Configuration File controls how much heap and stack is allocated to enclaves. Refer to section Enclave Configuration File in the SGX Developer Reference for more details on the fields in the Enclave Configuration File.

 

In an SGX 2 platform, the fields StackMinSize, StackMaxSize, HeapMinSize, HeapMaxSize determine how much stack and heap are available to an enclave at run-time. In a Linux system, if these values exceed the total amount of EPC, then paging will occur. In SGX 1, HeapInitSize is the only relevant field for setting the amount of heap available to an enclave and StackMaxSize is the total amount of stack memory available.

 

Refer to Intel Software Guard Extensions Software Support for Dynamic Memory Allocation inside an Enclave for a complete description of dynamic memory management with SGX 2. The paper states:

 

"For SGX2, this schema of the enclave configuration has been extended to accommodate parameters relating to reserved address space for expandable/creatable components. Newly added parameters include, but are not limited to

• Min/Max heap sizes

• Min/Max stack sizes

• Min/Max number of threads"

 

These slides provide a good a summary of SGX 2 dynamic memory management.


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
Copy link
JesusG_Intel
Moderator
‎12-01-2021 03:09 PM
894 Views
Solved Jump to solution

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.


0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.