Search code examples
intelpagingsgx

Intel SGX HeapMaxSize and EPC page swapping


The .edl files contain a HeapMaxSize entry. The SDK User Guide states that this is because

Enclave memory is a limited resource. Maximum heap size is set at enclave creation.

But doesn't the SGX specification allow EPC page swapping (EPA, EBLOCK, ETRACK, EWB)?

Or in a more practical sense: is there a disadvantage to setting HeapMaxSize=2^64 Bytes?

Maybe EPC page swapping is not yet supported by the SDK, or maybe the trusted enclave code has to manually trigger such swapping?

Edit As ab. points out, with SGXv1 all EPC pages have to be EADDed prior to enclave execution. Does the SDK at this point support only SGXv1 instructions?


Solution

  • I'm not familiar with the SGX SDK, but note that the SGXv1 paging instructions (EWB/ELDU and friends) still require you to have EADDed all the pages in the first place, and to keep their encrypted contents around somewhere in case they are used. Even if the SDK did support this, it would take your enclave a lot longer to start up, and it would consume a ton of storage space somewhere while running for all the paged-out pages.

    SGXv2 addresses this with EAUG/EACCEPT.