From what I see, Intel SGX SDK 1.9 (Linux) supports large enclaves of size upto several GB.
I am curious about the implementation and its guarantees.
Since the EPC is much smaller (few MB), does the driver / OS get page faulted whenever the enclave accesses a page that is not currently loaded in EPC?
In that case, the OS fetches the accessed page from disk, decrypts it, and uses ELD instruction to load the new page in the EPC?
However, for this to be secure, the OS should not be trusted for managing page tables corresponding to non-EPC memory.
Can I get details on how large enclaves are supported?
Just to expand on that, my understanding of the memory access control was that the CPU checks on each memory access that the EPC page was accessed using the expected virtual address (because the OS can tamper with page tables). However, for large enclaves, mutiple virtual pages can map to the same EPC page. What does the CPU need to check?
Here is more technical detail that you can look at:
According to SGX Developer Reference for v1.9 at
On Page 4:
Intel(R) Software Guard Extensions technology has a hard limit on the protected
memory size, typically 64 MB or 128 MB. As a result, the number of active
enclaves (in memory) is limited. Depending on the memory footprint of
each enclave, use cases suggest that 5-20 enclaves can reside in memory simultaneously.
The secure implementation of handling page cache swapping in and out memory is at
Here is the prolog in that file for allocating the available EPC page