Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Initialisation of big Enclaves

boukhari
Beginner
467 Views

Hello,

I am trying to create a enclave of 50 GB maxheapsize (on multisocket machine which has 128GB of EPC memory). The initialization of smaller enclaves in hardware mode happens without problems and I am able to run my code inside the enclave. But once I try to start an enclave with a big maxheapsize (several gigabytes) my program gets stuck on the enclave init step and I am unable to continue the execution of the program. I tried leaving it running for an hour or so but it still stuck on the enclave creation step.

Can someone help me explain/solve this problem ?

Best

0 Kudos
1 Reply
KFPW_Intel
Moderator
426 Views

Hi,

It is expected that initializing large amounts of memory for an enclave heap will take a long time. Initializing and adding memory to the EPC for an enclave is much more complex than a simple memory allocation in a regular application. Before a chunk of memory is added to the EPC it must go through several security checks, including being measured using a 256-bit SHA-2 secure hash function.

 

If the processor supports Intel® Software Guard Extensions (Intel® SGX) SGX2, in the Enclave Configuration File:

 

HeapInitSize is the amount to fully initialize (i.e. EADD the page then EEXTEND it) at enclave launch, which takes time. With a minimal initialization size, it would be quicker, and the rest of the memory would only be added utilizing the SGX2 instructions when allocated, via malloc, by the enclave during runtime.

 

Regards,

Ken


0 Kudos
Reply