Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

SGX Threads behavior

Anandakumar
New Contributor I
466 Views

Hello All,

 

I am getting some undefined behavior in SGX enclave while number of threads exceeds number of TCS mentioned in sgx config file.

 

In configuration, TCS NUM is set to 10 and TCS Policy set to 1. 

 

When the untrusted code created more than 10 threads, then I am facing some strange issues from Enclave. After changing TCS NUM to higher value the application running smoothly. 

 

Here, I am aware of number of threads allowed inside the SGX is restricted by number of Physical core. But I want to know what happens in Enclave when we run more number of threads than the value specified by TCS NUM.

 

Thanks,

Anand

0 Kudos
1 Solution
JesusG_Intel
Moderator
447 Views

Hello Anand,


TCS_NUM indicates the number of Thread Control Structures to allocate for the enclave.

 

From SGX Explained: "The SGX implementation uses a Thread Control Structure (TCS) for each logical processor that executes an enclave’s code. It follows that an enclave’s author must provision at least as many TCS instances as the maximum number of concurrent threads that the enclave is intended to support."

 

A TCS consists of an entry point and pointer to the State Save Area and other features. Section 37.8 Thread Control Structure of Intel's Software Development Manual provides details of the contents of the TCS.

 

If you try to use more threads than the number of Thread Control Structures then the threads will not know how to enter the enclave because the TCS does not exist.

 

Refer to Thread Binding Policy for information on the TCS_POLICY.


Sincerely,

Jesus G.

Intel Customer Support


View solution in original post

2 Replies
JesusG_Intel
Moderator
448 Views

Hello Anand,


TCS_NUM indicates the number of Thread Control Structures to allocate for the enclave.

 

From SGX Explained: "The SGX implementation uses a Thread Control Structure (TCS) for each logical processor that executes an enclave’s code. It follows that an enclave’s author must provision at least as many TCS instances as the maximum number of concurrent threads that the enclave is intended to support."

 

A TCS consists of an entry point and pointer to the State Save Area and other features. Section 37.8 Thread Control Structure of Intel's Software Development Manual provides details of the contents of the TCS.

 

If you try to use more threads than the number of Thread Control Structures then the threads will not know how to enter the enclave because the TCS does not exist.

 

Refer to Thread Binding Policy for information on the TCS_POLICY.


Sincerely,

Jesus G.

Intel Customer Support


JesusG_Intel
Moderator
414 Views

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.


Reply