Hi Sahira,

I'm running on ubuntu 18.04 kernel version 4.15.0-175.

Here's my enclave config file:

<EnclaveConfiguration>
    <ProdID>0</ProdID>
    <ISVSVN>0</ISVSVN>
    <StackMinSize>0x2000</StackMinSize>
    <StackMaxSize>0x4000</StackMaxSize>
    <HeapMinSize>0x8000</HeapMinSize>
    <HeapInitSize>0x8000</HeapInitSize>
    <HeapMaxSize>0x50000000</HeapMaxSize>
    <TCSNum>1</TCSNum>
    <TCSMaxNum>10</TCSMaxNum>
    <TCSMinPool>1</TCSMinPool>
    <TCSPolicy>1</TCSPolicy>
    <DisableDebug>0</DisableDebug>
    <MiscSelect>0</MiscSelect>
    <MiscMask>0xFFFFFFFF</MiscMask>
    <ReservedMemInitSize>0x800000</ReservedMemInitSize>
    <ReservedMemMinSize>0x4000</ReservedMemMinSize>
    <ReservedMemMaxSize>0x50000000</ReservedMemMaxSize>
</EnclaveConfiguration>

and here's my edl file:

enclave {

    trusted {
        public void ecall_hello_from_enclave([out, size=len] char* buf, size_t len, [in, size=8] int *allocBytes);
    };

};

 in which buf is the output buffer for messages from the enclave and allocBytes is the number of bytes to be allocated (currently not used).

In my application code, ecall_hello_from_enclave function is called inside a loop & timed along side with ecall overhead

    int cnt = 1;
    allocNum = 4096;
    while (cnt <= 200) {
        auto beginT = std::chrono::high_resolution_clock::now();
        ecall_hello_from_enclave(global_eid, buffer, max_buf_len, &allocNum);
        auto endT = std::chrono::high_resolution_clock::now();
        auto duration = std::chrono::duration_cast<std::chrono::microseconds>(endT - beginT);
        ++cnt;
        printf("\n\n\n Current Iteration: %d, Current Time: %s Enclave Output: %s\n Time Used: %.3f microseconds\n",
               cnt,
               asctime(get_time()), buffer,
               ((float) duration.count()));
        fflush(stdout);
    }

enclave code:

void ecall_hello_from_enclave(char *buf, size_t len, int *heapSize) {
    size_t size = len;
    char *tmpPtr = (char *) malloc(4096);
    char strBuf[100];
    if (tmpPtr == nullptr) {
        size = snprintf(strBuf, 100, "Malloc failed!");
    }
    else {
        size = snprintf(strBuf, 100, "Executed 4kBytes malloc operations");
    }
    memcpy(buf, strBuf, size - 1);
    buf[size - 1] = '\0';
}

Hope this clarifies my problem.

Warmest regards,

Decoy

Just changed my configuration of HeapMinSize, it comes to my attention that the initialized heap size after enclave initialization is the amount of memory set by HeapInitSize instead of HeapMinSize, which indicates that I am actually using SGX1 instead of SGX2 based on the developer's reference:

When an enclave created with the Linux* 2.0 SDK is executing on an Intel®
SGX 2.0 platform that is running the Intel® SGX 2.0 PSW, HeapMinSize is the
amount of heap available once the enclave completes initialization.

...

When an enclave created with the Linux* 2.0 SDK is executing on an older
Intel SGX platform or a platform running a previous version of PSW, the values
are interpreted differently. In this case HeapInitSize is the only relevant
field and it indicates the total amount of heap available to an enclave.

---

Am I using the wrong version of SGX? If so, how to install SGX 2.0 properly?

I'm pretty sure about the fact that my system supports SGX2 and I have double-checked with your prementioned method. Also, the enclave config file should be correct.

My concern is, is there any restriction on sgx-driver & sgx-sdk to make use of SGX2 features? Any specific branch to use when trying to build from source?

Hi,

How can I verify whether it's using dynamic management functions or not?

I've tried to compare the enclave initialize time given different HeapMinSize but it showed no difference in loading time between the enclave with only 4kb HeapMinSize and the enclave with 3GB HeapMinSize (HeapMaxSize both set to 4GB).

Hi Jesus

Thanks for being so helpful! It indeed solved the question.

But there's one thing still not clear to me:  how can I check whether the memory allocation is dynamic or static, i.e. is the enclave initialized with HeapMaxSize or HeapMinSize? As I don't know how to check the size of heap memory available right after enclave initialization (sgx_emmt only shows peak memory usage), I'm thinking about verifying it by measuring the enclave initialization time.

Based on my understanding,  in SGX2, the enclave heap should be initialized with HeapMinSize memory at first and then the memory manager will dynamically allocate pages into this enclave as heap as requested during runtime, which implies that an enclave with EDMM should spend less time on enclave initialization since only HeapMinSize is required to be allocated.

However, I tried several settings with only HeapMinSize being different, but the time cost for sgx_create_enclave is roughly the same.  To be more specific, with the HeapMaxSize setting at 3GB all the time, the enclave initialization time for HeapMinSize at 4kb is ~6.1 seconds, and the one for HeapMinSize at 2GB or 64MB or 500MB is roughly around that also. Is this a desirable behavior of an enclave with EDMM? 

Looking forward to hearing from you.

Regards,
Decoy

[root@Server ~]# ls /dev/*sgx*
/dev/sgx_enclave /dev/sgx_provision

/dev/sgx:
enclave provision

Thanks a lot!

It is working perfectly now!

Besides, the kernel headers is 5.15.0-43-generic

uname -r

5.15.0-43-generic

I noticed that there are three different drives: In-kernel Driver, DCAP driver, OOT driver.

But The platform must be configured with only one of these drivers.

From kernel 5.11, the kernel supports in-kernel SGX driver.

So, I uninstalled the OOT driver(/dev/isgx).

Do I need to reinstall the in-kernel driver and how to reinstall it?