I'm a beginner of Intel SGX. I was wondering whether SGX supports running two functions in different Enclaves in parallel? E.g., Function A is in Enclaves En_A, and Function B is in Enclaves En_B. Is it possible that an application calls Functions A and B in parallel?
Thanks in advance!
Yes, it's possible.
The SGX design supports having multiple enclaves on a system at the same time, which is a necessity in multi-process environments. This is achieved by having the EPC split into 4 KB pages that can be assigned to different enclaves. The EPC uses the same page size as the architecture’s address translation feature.
Looking at the Intel SGX SDK docs (page 92) you can see that sgx_create_enclave function distinguishes enclave instances by taking unique enclave_id:
sgx_status_t sgx_create_enclave (
const char *file_name,
const int debug,
sgx_launch_token_t *launch_token,
int *launch_token_updated,
sgx_enclave_id_t *enclave_id, // here
sgx_misc_attribute_t *misc_attr
);
These enclave ids are used by the application to make ECALL calls using untrusted proxy functions:
// demo.edl
enclave {
trusted {
public void get_secret([out] secret_t* secret);
};
}
// generated function signature
sgx_status_t get_secret(sgx_enclave_id_t eid, secret_t* secret);
You can find a complete explanation on page 27