Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
33 Views

TLB Flushing

Whenever EENTER instruction gets called, It flushes TLB entries for addresses in the enclave’s ELRANGE? Can someone please explain the reasoning behind this?

Tags (1)
0 Kudos
2 Replies
Highlighted
Moderator
33 Views

Hello Dixit,

The answer to your question can be very complex. I will keep it short here and refer you to the paper, SGX Explained, for a more in-depth answer. The TLB gets flushed at every SGX context change, which includes EENTER, EEXIT, and ERESUME. One of the basic principles of SGX is that the host and system software are not trusted. However, under SGX, the operating system and hypervisor are still in full control of the pages tables and EPTs. Flushing the TLB between every context change, i.e. host to enclave, enclave to host, helps to mitigate address translation attacks. Please read the paper, SGX Explained, for a more in depth discussion on these attacks and how the SGX architecture and design aims to prevent them.

Regards,

Jesus

 

Jesus Garcia, Intel Customer Support
0 Kudos
Highlighted
33 Views

Thanks Jesus.

I will surely look into above mentioned paper to understand more about address translation attacks and the importance of TLB flushing.

Regards,

Dixit

0 Kudos