Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Understanding MaxEnclaveSize



I am working with the SGX Enclave on Ubuntu 18.04 with an HP g5 Laptop with i5-6200U CPU. I have installed the linux driver and successfully built the SDK and run the sample enclave programs. However, I had a question regarding the size of the enclaves. I believe the term for the memory reserved for the Enclave is known as Processor Reserved Memory (PRM) and this is set in the BIOS. However, when I enabled SGX in the BIOS I saw only three options: Enabled, Disabled, and Software Controlled. I did see an option for changing the amount of PRM. Have the manufacturers not provided this option?

I assume that the PRM is 128 MB as this is the maximum size but how can I confirm this? Running the code found here

Gives the results:

MaxEnclaveSize_Not64: 1f
MaxEnclaveSize_64: 24

What do these numbers mean?



0 Kudos
2 Replies

Those results refer to the values returned by the CPUID call (Section 37.7.2 of )

MaxEnclaveSize_Not64: the maximum supported enclave size is 2^(EDX[7:0]) bytes when not in 64-bit mode
MaxEnclaveSize_64: the maximum supported enclave size is 2^(EDX[15:8]) bytes when operating in 64- bit mode.

So the maximum Virtual Size of the enclave is 2^(0x1f) for 32bit and 2^(0x24) for 64bit enclaves.

For how much EPC, use Table 37-6. From the test program you linked, the line you are looking for is:

CPUID Leaf 12H, Sub-Leaf 2 of Intel SGX Capabilities (EAX=12H,ECX=2)
eax: 80000001 ebx: 0 ecx: 2000001 edx: 0

On my system 
0x2000000 matches the 32 MB I set up on this particular system. On a 128 MB system, you should get 0 for edx and for ecx:
0x‭800000#  (and you can ignore the last hex value for the purposes of determining the size of EPC)

Hope this helps.


0 Kudos


Thank you for your reply. It answers my question quite clearly.


0 Kudos