Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Size limitation for EPC in SGX

Meysam_t_
Beginner
3,553 Views

Hello everyone,

I have a question about EPC in SGX and why it is not possible to increase the size of EPC more than 128MB? Because if we do so, enclave does not need to suffer from bringing pages into EPC or taking pages out of EPC so frequently, which has a significant overhead?

0 Kudos
3 Replies
Anusha_K_Intel
Employee
3,553 Views

Hi,

Since Enclave in SGX is a trusted area(backed up by hardware execution), where we can execute our code it should be as minimal as possible. And there are many other processes utilizing the RAM other than the enclave. The size has been fixed by Intel after proper analysis.

And the other reason is that only one enclave can run in the memory at a particular time and the memory allocated  can be used only by the enclave. If an enclave is not being used,the other processes cannot access this memory since it is protected and hence it is set to a minimal size of 128Mb

The physical protected memory is limited to the PRMRR size set in BIOS and the max we support at this time is 128MB.

0 Kudos
Meysam_t_
Beginner
3,553 Views

Thanks Anusha for your reply. 

Since SGX v2 supports paging, if one page in EPC is not used for a long period of time, it can be evicted to the non-EPC part and be replaced with some other page. Am I right? then we do not need to worry about the memory being held by an enclave for entire its lifetime?

0 Kudos
Surenthar_S_Intel
3,553 Views

Hi,

SGX2 Extensions give software the ability to dynamically add and remove pages from an enclave and to manage the attributes of enclave pages.

Please refer the below link for more information 

http://caslab.csl.yale.edu/workshops/hasp2016/HASP16-17.pdf

http://caslab.csl.yale.edu/workshops/hasp2016/HASP16-16_slides.pdf

http://www.cs.wayne.edu/fengwei/16fa-csc6991/slides/5-SGX1.pdf

-Surenthar

0 Kudos
Reply