Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1427 Discussions

TLB Flushing

Kumar__Dixit
Novice
‎04-24-2020 09:03 AM
625 Views

Whenever EENTER instruction gets called, It flushes TLB entries for addresses in the enclave’s ELRANGE? Can someone please explain the reasoning behind this?

0 Kudos

Link Copied

2 Replies
JesusG_Intel
Moderator
‎04-24-2020 04:58 PM
625 Views

Hello Dixit,

The answer to your question can be very complex. I will keep it short here and refer you to the paper, SGX Explained, for a more in-depth answer. The TLB gets flushed at every SGX context change, which includes EENTER, EEXIT, and ERESUME. One of the basic principles of SGX is that the host and system software are not trusted. However, under SGX, the operating system and hypervisor are still in full control of the pages tables and EPTs. Flushing the TLB between every context change, i.e. host to enclave, enclave to host, helps to mitigate address translation attacks. Please read the paper, SGX Explained, for a more in depth discussion on these attacks and how the SGX architecture and design aims to prevent them.

Regards,

Jesus

 

0 Kudos
Copy link
Kumar__Dixit
Novice
‎04-25-2020 04:23 AM
625 Views

Thanks Jesus.

I will surely look into above mentioned paper to understand more about address translation attacks and the importance of TLB flushing.

Regards,

Dixit

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.