From what I see, Intel SGX SDK 1.9 (Linux) supports large enclaves of size upto several GB.
I am curious about the implementation and its guarantees.
Since the EPC is much smaller (few MB), does the driver / OS get page faulted whenever the enclave accesses a page that is not currently loaded in EPC?
In that case, the OS fetches the accessed page from disk, decrypts it, and uses ELD instruction to load the new page in the EPC?
However, for this to be secure, the OS should not be trusted for managing page tables corresponding to non-EPC memory.
Can I get details on how large enclaves are supported?