Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

max protected data size enclave can handle

maxkaynov
Beginner
246 Views

hi everyone,

I'm working on virtualised system managed by ubuntu and I'm trying to understand how much data I can load into the enclave (to do some ml tasks in the future). Enclave heap is 2Gb. The next actions sequentially repeated:
1. ecall to pass next chunk of data (encrypted values of type double)
2. decrypt data and append it to a c++vector in the enclave
After vector becomes more than ~400mbyte - app got stuck.
Is there any limit on paged protected memory that enclave can manage?

CPUID says that MaxEnclaveSize_64: 24 in my environment (https://github.com/ayeks/SGX-hardware/blob/master/test-sgx.c)

Am I correct that max enclave size is 2^24 (16 mbyte) for me? Is this size limits the total amount of data in protected memory that enclave can handle? Can I anyhow increase amount of data I can load into the enclave?

Thanks,
Maxim

0 Kudos
4 Replies
JesusG_Intel
Moderator
217 Views

Hello Maxim,


Are you using KVM-SGX?

 

To be able to use more than 400MB in your vector, try increasing the amount of heap and stack memory available to your enclave in the Enclave Config file. You are limited by the amount of memory available to your VM and the amount used by your guest OS.

 

Yes, you have made available 16MB of your EPC to your guest VM. However, due to paging in most Linux systems, your enclave can use more than the allocated 16MB. Follow these instructions to change the amount of allocated EPC with Qemu.


“To define an EPC range, you must allocate a custom QEMU memory object and assign it a unique ID, then provide the memory ID to the -sgx-epc option. The following QEMU options create and assign an 8-MB EPC to the VM:


-object memory-backend-epc,id=mem1,size=8M,prealloc -sgx-epc id=epc1,memdev=mem1


You can define multiple EPC segments in this manner. See the README file for the qemu-sgx repository for more information on defining EPC segments.”


Sincerely,

Jesus G.

Intel Customer Support


maxkaynov
Beginner
188 Views

Jesus, Thank you very much for your answer.
I managed to load vector more than 400mb (it was issue not SGX related). But I still wonder how EPC size (which is 16mb for me) affects processing of data in the enclave. Only performance is affected when data size is more than EPC size.. or some processing cannot be performed at all?

Thank /Maxim

JesusG_Intel
Moderator
206 Views

Hello Maxim,


Were you able to resolve your issue?


Sincerely,

Jesus G.

Intel Customer Support


JesusG_Intel
Moderator
196 Views

Intel is no longer monitoring this thread. If you want a response from Intel in a follow-up question, please open a new thread.


Reply