Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1555 Discussions

Number of Available Memory Encryption Engine for Multi Cores Single Server

Sean_
Beginner
‎08-19-2023 02:59 AM
2,850 Views
Solved Jump to solution

Hi,

 

I wonder for single server with multi cpus and logical cores, if there are ONLY ONE memory encryption engine hardware on the server?

 

In that case, if I run multiple enclaves on the same server, the programs of the many enclaves need to wait for the recourse of the ONLY memory encryption engine hardware to do address translation, decryption, etc?

 

For a multi-cpu and multi-core server, does it have SGX hardware on each chip, or all cpus share a only one SGX hardware?

 

Thank you very much.

 

Best,

-Sean.

0 Kudos
1 Solution
Wan_Intel
Moderator
‎08-23-2023 04:54 PM
2,798 Views
Solved Jump to solution

Hello Sean_,

Thanks for your patience.

We've received feedback from relevant team.


For a multi-cpu, multi-core server, each CPU has its own set of hardware resources. i.e. each CPU would have its own SGX hardware including the memory encryption engine (MEE).


SGX is designed to provide enclave-based security for each core so that enclaves are secure even in a multi-CPU multi-core environment. So the resources are not shared among the CPUs.



Regards,

Wan


View solution in original post

0 Kudos
Copy link

Link Copied

5 Replies
Wan_Intel
Moderator
‎08-21-2023 09:46 PM
2,813 Views
Solved Jump to solution

Hello Sean_,

Thanks for reaching out to us.

Let me check with relevant team and I'll update here at the earliest.



Regards,

Wam


0 Kudos
Copy link
Wan_Intel
Moderator
‎08-23-2023 04:54 PM
2,799 Views
Solved Jump to solution

Hello Sean_,

Thanks for your patience.

We've received feedback from relevant team.


For a multi-cpu, multi-core server, each CPU has its own set of hardware resources. i.e. each CPU would have its own SGX hardware including the memory encryption engine (MEE).


SGX is designed to provide enclave-based security for each core so that enclaves are secure even in a multi-CPU multi-core environment. So the resources are not shared among the CPUs.



Regards,

Wan


0 Kudos
Copy link
Sean_
Beginner
‎08-28-2023 06:36 PM
2,742 Views
Solved Jump to solution
In response to Wan_Intel

Hello Wan,

 

Thanks for your reply!

 

One last thing to comfirm --- does your answer also applies for Azure Virtual Machine (e.g., DC8ds_v3)? I.e., Each vCPU of DC8ds_v3 has its own set of SGX Intel Hardware?

 

Best,

-Xian

In response to Wan_Intel
0 Kudos
Copy link
Sean_
Beginner
‎08-28-2023 06:45 PM
2,740 Views
Solved Jump to solution
In response to Sean_

I just find that here is Intel SGX community... I am sorry. Wan, thanks for your previous answer!

In response to Sean_
0 Kudos
Copy link
Wan_Intel
Moderator
‎08-30-2023 07:34 PM
2,274 Views
Solved Jump to solution

Hello Sean_,

Thanks for your question.


If you need additional information from Intel, please submit a new question as this thread will no longer be monitored.



Regards,

Wan


0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.