Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1467 Discussions

Number of Available Memory Encryption Engine for Multi Cores Single Server

Sean_
Beginner
1,452 Views

Hi,

 

I wonder for single server with multi cpus and logical cores, if there are ONLY ONE memory encryption engine hardware on the server?

 

In that case, if I run multiple enclaves on the same server, the programs of the many enclaves need to wait for the recourse of the ONLY memory encryption engine hardware to do address translation, decryption, etc?

 

For a multi-cpu and multi-core server, does it have SGX hardware on each chip, or all cpus share a only one SGX hardware?

 

Thank you very much.

 

Best,

-Sean.

0 Kudos
1 Solution
Wan_Intel
Moderator
1,400 Views

Hello Sean_,

Thanks for your patience.

We've received feedback from relevant team.


For a multi-cpu, multi-core server, each CPU has its own set of hardware resources. i.e. each CPU would have its own SGX hardware including the memory encryption engine (MEE).


SGX is designed to provide enclave-based security for each core so that enclaves are secure even in a multi-CPU multi-core environment. So the resources are not shared among the CPUs.



Regards,

Wan


View solution in original post

0 Kudos
5 Replies
Wan_Intel
Moderator
1,415 Views

Hello Sean_,

Thanks for reaching out to us.

Let me check with relevant team and I'll update here at the earliest.



Regards,

Wam


0 Kudos
Wan_Intel
Moderator
1,401 Views

Hello Sean_,

Thanks for your patience.

We've received feedback from relevant team.


For a multi-cpu, multi-core server, each CPU has its own set of hardware resources. i.e. each CPU would have its own SGX hardware including the memory encryption engine (MEE).


SGX is designed to provide enclave-based security for each core so that enclaves are secure even in a multi-CPU multi-core environment. So the resources are not shared among the CPUs.



Regards,

Wan


0 Kudos
Sean_
Beginner
1,344 Views

Hello Wan,

 

Thanks for your reply!

 

One last thing to comfirm --- does your answer also applies for Azure Virtual Machine (e.g., DC8ds_v3)? I.e., Each vCPU of DC8ds_v3 has its own set of SGX Intel Hardware?

 

Best,

-Xian

0 Kudos
Sean_
Beginner
1,342 Views

I just find that here is Intel SGX community... I am sorry. Wan, thanks for your previous answer!

0 Kudos
Wan_Intel
Moderator
876 Views

Hello Sean_,

Thanks for your question.


If you need additional information from Intel, please submit a new question as this thread will no longer be monitored.



Regards,

Wan


0 Kudos
Reply