Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

How to create an Intel sgx2 enclave?

enclave_Research
568 Views

Hi!

SGX SDK seems to be full of sgx1 enclave.How to create an Intel sgx2 enclave?

0 Kudos
1 Solution
JesusG_Intel
Moderator
548 Views

Hello enclave_Research,


SGX 2 instructions in SGX do three basic functions to allocate memory dynamically: expand heap, expand stack, create threads. These functions are implemented in the SGX driver, untrusted runtime, and trusted runtime. The only explicit action the enclave programmer must do to take advantage of these features is to set the following parameters in the Enclave Configuration File.

 

StackMinSize, StackMaxSize: Set the minimum and maximum stack size available to the enclave

HeapMinSize, HeapMaxSize: Set the minimum and maximum heap size available to the enclave.

TCSNum, TCSMaxNum, TCSMinPool: used to determine how many threads will be created after the enclave initialization, and how many threads can be created dynamically when the enclave is running.

 

The SGX Developer Reference Guide for your operating system contains more details on these parameters.

 

Beyond that, write your enclave code and allocate memory as you normally would. The SGX driver, trusted runtime, and untrusted runtime handle the dynamic memory allocations as needed under the hood.

 

Section 6 Implementation of SGX2 Dynamic Memory Management in Intel Software Guard Extensions Software Support for Dynamic Memory Allocation inside an Enclave further explains how the Intel SGX SDK implements dynamic memory management features.

 

I recommend you read that paper entirely to fully understand SGX 2.


Sincerely,

Jesus G.

Intel Customer Support


View solution in original post

3 Replies
JesusG_Intel
Moderator
549 Views

Hello enclave_Research,


SGX 2 instructions in SGX do three basic functions to allocate memory dynamically: expand heap, expand stack, create threads. These functions are implemented in the SGX driver, untrusted runtime, and trusted runtime. The only explicit action the enclave programmer must do to take advantage of these features is to set the following parameters in the Enclave Configuration File.

 

StackMinSize, StackMaxSize: Set the minimum and maximum stack size available to the enclave

HeapMinSize, HeapMaxSize: Set the minimum and maximum heap size available to the enclave.

TCSNum, TCSMaxNum, TCSMinPool: used to determine how many threads will be created after the enclave initialization, and how many threads can be created dynamically when the enclave is running.

 

The SGX Developer Reference Guide for your operating system contains more details on these parameters.

 

Beyond that, write your enclave code and allocate memory as you normally would. The SGX driver, trusted runtime, and untrusted runtime handle the dynamic memory allocations as needed under the hood.

 

Section 6 Implementation of SGX2 Dynamic Memory Management in Intel Software Guard Extensions Software Support for Dynamic Memory Allocation inside an Enclave further explains how the Intel SGX SDK implements dynamic memory management features.

 

I recommend you read that paper entirely to fully understand SGX 2.


Sincerely,

Jesus G.

Intel Customer Support


JesusG_Intel
Moderator
503 Views

Hello enclave_research,


Do you still need help with this issue?


Sincerely,

Jesus G.

Intel Customer Support


JesusG_Intel
Moderator
464 Views

Hello enclave_Research,


I hope the information I provided was helpful to you. Since we haven't heard from you, Intel will stop monitoring this thread. If you need further assistance, please open a new thread.


Sincerely,

Jesus G.

Intel Customer Support


Reply