Overview of Intel® Software Guard Extension Enclaves

Published: 06/06/2016, Last Updated: 06/06/2016

This post is intended to introduce developers to know about Intel® Software Guard Extensions (Intel® SGX) Enclave. Enclave is the trusted execution environment embedded in a process. This contains protect code and data from disclosure or modification. Enclaves are protected areas of execution. Application code can be put into an enclave via special instructions and software made available to developers via the Intel® SGX SDK. SGX Enclaves are hardened by CPU-based security mechanisms. SGX Enclaves can also be remotely provisioned and attested.

SGX Enclave:

  • Enclaves are isolated memory regions of code and data.
  • One part of physical memory (RAM) is reserved for enclaves. It is called Enclave Page Cache (EPC).
  • EPC memory is encrypted in the main memory (RAM).
  • Trusted hardware consists of the CPU-Die only.
  • EPC is managed by OS/VMM.

In this blog we are going to learn below topics

  1. Enclave Basics and Security Perimeter.
  2. Enclave Measurement.
  3. Execution flow of Enclave.
  4. Develop Sample Enclave Application in SGX.

Please refer the attachment document for detailed topics of Intel SGX Enclave

Download   PDF (581.89 KB)

Product and Performance Information


Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804