Community
cancel
Showing results for 
Search instead for 
Did you mean: 
AAhma10
Novice
449 Views

Intel SGX Enclave Virtual Memory Limit

Hi,

I wanted to inquire whether there is a maximum limit set on the virtual memory that can be allocated to an enclave? If yes, can you please tell me what it is and the reason for it?

Thanks!

Adil

0 Kudos
6 Replies
449 Views

The 6th generation core processors that support SGX only support the v1.0 instruction set. The addition functionality in the v2 set are not yet available.(I have no statement on the intercept of the v2.0 instructions at this time).

Enclave Page Cache (EPC) is a subset of Processor Reserved Memory (PRM), BIOS reserves PRM and then the HW carves out EPC from that region, depending on the amount of metadata the MEE requires. So when the BIOS reserves 128MB PRM the EPC carve out is ~90MB.

-Surenthar

AAhma10
Novice
449 Views

Thanks for the reply! I apologize since my question wasn't clear enough. I actually want to inquire about the maximum virtual address space that an enclave can occupy? Since the complete virtual address space has to be included in the measurement, is there a limit to which we can extend the virtual address space?

Some researchers have hinted that the maximum virtual address space is 64GB. Is that correct? If yes, can you please explain why such a limit exists?

Thanks!

449 Views

On Windows you are limited to the size of the enclave page cache, which is somewhere around 90 MB. The EPC is part of the processor reserved memory that is used by SGX, and is limited in the BIOS. The reason it's limited is because this memory is not available for use by other applications (or the OS) once SGX is enabled. Because there is no support for paging in Windows, you can't allocate more memory than this. All active enclaves have to fit within the EPC.

On Linux there is support for paging so enclaves are not limited to the size of the EPC. They can theoretically consume all the memory and virtual memory available to the system (minus the needs of the OS).

-Surenthar

AAhma10
Novice
449 Views

That answers my question. Thank you!

E_-O__B_
Beginner
449 Views

Sorry for reviving this old thread, but if I run the simple code below in an enclave (with SGX_MODE=HW) malloc eventually returns 0 (at around the 70th iteration). I have installed the Linux SDK/PSW/driver module, and "small" programs run fine. Do you have an advice? It runs fine in software emulation mode.

 

for (int i=0;i<96;i++) {
  malloc(1024*1024);
}

 

 

 

Meysam_t_
Beginner
449 Views

Thanks Surenthar for your reply,

I have a question related to this topic.

Why PRM or EPC is limited in Intel CPUs/ it is some restriction posed by hardware or it is for the sake of security?

thanks

Meysam

 

Reply