Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Understanding MaxEnclaveSize

WGall3
Beginner
1,806 Views

Hi,

I am working with the SGX Enclave on Ubuntu 18.04 with an HP g5 Laptop with i5-6200U CPU. I have installed the linux driver and successfully built the SDK and run the sample enclave programs. However, I had a question regarding the size of the enclaves. I believe the term for the memory reserved for the Enclave is known as Processor Reserved Memory (PRM) and this is set in the BIOS. However, when I enabled SGX in the BIOS I saw only three options: Enabled, Disabled, and Software Controlled. I did see an option for changing the amount of PRM. Have the manufacturers not provided this option?

I assume that the PRM is 128 MB as this is the maximum size but how can I confirm this? Running the code found here

https://github.com/ayeks/SGX-hardware/blob/master/test-sgx.c

Gives the results:

MaxEnclaveSize_Not64: 1f
MaxEnclaveSize_64: 24

What do these numbers mean?

Thanks,

Will

0 Kudos
2 Replies
Francisco_C_Intel
1,806 Views

Those results refer to the values returned by the CPUID call (Section 37.7.2 of https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-vol-3d-part-4-manual.pdf )

MaxEnclaveSize_Not64: the maximum supported enclave size is 2^(EDX[7:0]) bytes when not in 64-bit mode
MaxEnclaveSize_64: the maximum supported enclave size is 2^(EDX[15:8]) bytes when operating in 64- bit mode.

So the maximum Virtual Size of the enclave is 2^(0x1f) for 32bit and 2^(0x24) for 64bit enclaves.

For how much EPC, use Table 37-6. From the test program you linked, the line you are looking for is:

CPUID Leaf 12H, Sub-Leaf 2 of Intel SGX Capabilities (EAX=12H,ECX=2)
eax: 80000001 ebx: 0 ecx: 2000001 edx: 0

On my system 
0x2000000 matches the 32 MB I set up on this particular system. On a 128 MB system, you should get 0 for edx and for ecx:
0x‭800000#  (and you can ignore the last hex value for the purposes of determining the size of EPC)

Hope this helps.

Francisco

0 Kudos
WGall3
Beginner
1,806 Views

Francisco,

Thank you for your reply. It answers my question quite clearly.

-Will

0 Kudos
Reply