Size limitation for EPC in SGX

Size limitation for EPC in SGX

Hello everyone,

I have a question about EPC in SGX and why it is not possible to increase the size of EPC more than 128MB? Because if we do so, enclave does not need to suffer from bringing pages into EPC or taking pages out of EPC so frequently, which has a significant overhead?

4 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

Hi,

Since Enclave in SGX is a trusted area(backed up by hardware execution), where we can execute our code it should be as minimal as possible. And there are many other processes utilizing the RAM other than the enclave. The size has been fixed by Intel after proper analysis.

And the other reason is that only one enclave can run in the memory at a particular time and the memory allocated  can be used only by the enclave. If an enclave is not being used,the other processes cannot access this memory since it is protected and hence it is set to a minimal size of 128Mb

The physical protected memory is limited to the PRMRR size set in BIOS and the max we support at this time is 128MB.

Thanks Anusha for your reply. 

Since SGX v2 supports paging, if one page in EPC is not used for a long period of time, it can be evicted to the non-EPC part and be replaced with some other page. Am I right? then we do not need to worry about the memory being held by an enclave for entire its lifetime?

Hi,

SGX2 Extensions give software the ability to dynamically add and remove pages from an enclave and to manage the attributes of enclave pages.

Please refer the below link for more information 

http://caslab.csl.yale.edu/workshops/hasp2016/HASP16-17.pdf

http://caslab.csl.yale.edu/workshops/hasp2016/HASP16-16_slides.pdf

http://www.cs.wayne.edu/fengwei/16fa-csc6991/slides/5-SGX1.pdf

-Surenthar

- Surenthar Selvaraj

Leave a Comment

Please sign in to add a comment. Not a member? Join today