3

The .edl files contain a HeapMaxSize entry. The SDK User Guide states that this is because

Enclave memory is a limited resource. Maximum heap size is set at enclave creation.

But doesn't the SGX specification allow EPC page swapping (EPA, EBLOCK, ETRACK, EWB)?

Or in a more practical sense: is there a disadvantage to setting HeapMaxSize=2^64 Bytes?

Maybe EPC page swapping is not yet supported by the SDK, or maybe the trusted enclave code has to manually trigger such swapping?

Edit As ab. points out, with SGXv1 all EPC pages have to be EADDed prior to enclave execution. Does the SDK at this point support only SGXv1 instructions?

jopasserat
  • 5,721
  • 4
  • 31
  • 50
Freddy
  • 402
  • 4
  • 8

1 Answers1

4

I'm not familiar with the SGX SDK, but note that the SGXv1 paging instructions (EWB/ELDU and friends) still require you to have EADDed all the pages in the first place, and to keep their encrypted contents around somewhere in case they are used. Even if the SDK did support this, it would take your enclave a lot longer to start up, and it would consume a ton of storage space somewhere while running for all the paged-out pages.

SGXv2 addresses this with EAUG/EACCEPT.

ab.
  • 345
  • 2
  • 9
  • 1
    Thank you, that makes perfect sense. It would seem that the SDK at this point supports only the SGXv1 spec. – Freddy Jan 20 '16 at 09:20
  • There's no SGXv2 implementation yet, so that's almost certainly true -- there would be nowhere to run your program! – ab. Jan 20 '16 at 17:08
  • I think it's totally permissible to evict a page before EADD __other__ pages, no? Performance is certainly a concern but put that aside, I didn't see a reason why not. – qweruiop Mar 23 '16 at 01:55
  • Yes, you can evict pages right after EADD. Everything I said is still true though: it's slow, and you need to keep all the evicted pages around. – ab. Mar 24 '16 at 16:02