Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Fredrik_T_
Beginner
127 Views

Why do release enclave DLLs export `g_peak_heap_used`?

While tinkering around with the generated enclave DLLs I noticed that release (non-simulation, non-debug) enclave DLLs seem to export the following two functions:

  • enclave_entry
  • g_peak_heap_used
<sdk-examples-dir>\LocalAttestation>dumpbin /EXPORTS Release\Enclave1.dll
...
    ordinal hint RVA      name
          1    0 00002EEE enclave_entry = _enclave_entry
          2    1 000AE304 g_peak_heap_used = _g_peak_heap_used

 

g_peak_heap_used seems to be exported into the dll by sgx_tstdc.lib
$ dlltool -z def <sgx-install-dir>/bin/win32/Release/sgx_tstdc.lib; cat def
EXPORTS
        _g_peak_heap_used @ 1 DATA

 

I have two questions:

  1. Does it make sense to export g_peak_heap_used in release enclave DLLs?
  2. Does it work? Can the peak heap usage of an actual enclave, not running in debug mode, be accessed through this function?

I understand that the enclave DLL is not the same as an actual loaded enclave, protected by the CPU. But as the loading mechanism performed by the SDK (sgx_create_enclave()) is a black box to me, I cannot judge how this exported function affects security.

0 Kudos
1 Reply
Derek_B_Intel
Employee
127 Views

The Intel(R) Software Guard Extensions SDK provides a tool called sgx_emmt, Enclave Memory Measurement Tool, which measures the real usage of protected memory (EPC - Enclave Page Cache) by the enclave at run-time.  The symbol, g_peak_heap_used, contains the maximum heap usage of the enclave.  The tool provides the actual max heap usage data to allow an optimized configuration of the EPC reserved for this enclave's heap.  EPC is a limited resource in the system.

Currently the enclave memory measurement tool provides the following two functions:
1. Obtains the stack peak usage value for the enclave.
2. Obtains the heap peak usage value for the enclave.
With the accurate runtime stack and heap usage information for your enclaves, you can rework the enclave configuration file to optimize (limit) the use of the protected memory (EPC).

The Intel(R) Software Guard Extensions Developers Reference provides additional details on the use of this tool. 

 

Reply