Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

max protected data size enclave can handle

maxkaynov
Beginner
753 Views

hi everyone,

I'm working on virtualised system managed by ubuntu and I'm trying to understand how much data I can load into the enclave (to do some ml tasks in the future). Enclave heap is 2Gb. The next actions sequentially repeated:
1. ecall to pass next chunk of data (encrypted values of type double)
2. decrypt data and append it to a c++vector in the enclave
After vector becomes more than ~400mbyte - app got stuck.
Is there any limit on paged protected memory that enclave can manage?

CPUID says that MaxEnclaveSize_64: 24 in my environment (https://github.com/ayeks/SGX-hardware/blob/master/test-sgx.c)

Am I correct that max enclave size is 2^24 (16 mbyte) for me? Is this size limits the total amount of data in protected memory that enclave can handle? Can I anyhow increase amount of data I can load into the enclave?

Thanks,
Maxim

0 Kudos
4 Replies
JesusG_Intel
Moderator
724 Views

Hello Maxim,


Are you using KVM-SGX?

 

To be able to use more than 400MB in your vector, try increasing the amount of heap and stack memory available to your enclave in the Enclave Config file. You are limited by the amount of memory available to your VM and the amount used by your guest OS.

 

Yes, you have made available 16MB of your EPC to your guest VM. However, due to paging in most Linux systems, your enclave can use more than the allocated 16MB. Follow these instructions to change the amount of allocated EPC with Qemu.


“To define an EPC range, you must allocate a custom QEMU memory object and assign it a unique ID, then provide the memory ID to the -sgx-epc option. The following QEMU options create and assign an 8-MB EPC to the VM:


-object memory-backend-epc,id=mem1,size=8M,prealloc -sgx-epc id=epc1,memdev=mem1


You can define multiple EPC segments in this manner. See the README file for the qemu-sgx repository for more information on defining EPC segments.”


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
maxkaynov
Beginner
695 Views

Jesus, Thank you very much for your answer.
I managed to load vector more than 400mb (it was issue not SGX related). But I still wonder how EPC size (which is 16mb for me) affects processing of data in the enclave. Only performance is affected when data size is more than EPC size.. or some processing cannot be performed at all?

Thank /Maxim

0 Kudos
JesusG_Intel
Moderator
713 Views

Hello Maxim,


Were you able to resolve your issue?


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
JesusG_Intel
Moderator
703 Views

Intel is no longer monitoring this thread. If you want a response from Intel in a follow-up question, please open a new thread.


0 Kudos
Reply