Lines Matching full:enclave
18 These memory regions are called enclaves. An enclave can be only entered at a
20 at a time. While the enclave is loaded from a regular binary file by using
21 ENCLS functions, only the threads inside the enclave can access its memory. The
34 Enclave Page Cache
37 SGX utilizes an *Enclave Page Cache (EPC)* to store pages that are associated
38 with an enclave. It is contained in a BIOS-reserved region of physical memory.
40 the enclave during enclave construction with special, limited SGX instructions.
42 Only a CPU executing inside an enclave can directly access enclave memory.
43 However, a CPU executing inside an enclave may access normal memory outside the
44 enclave.
46 The kernel manages enclave memory similar to how it treats device memory.
48 Enclave Page Types
51 **SGX Enclave Control Structure (SECS)**
52 Enclave's address range, attributes and other global data are defined
56 Regular EPC pages contain the code and data of an enclave.
59 Thread Control Structure pages define the entry points to an enclave and
60 track the execution state of an enclave thread.
66 Enclave Page Cache Map
70 *Enclave Page Cache Map (EPCM)*. The EPCM contains an entry for each EPC page
71 which describes the owning enclave, access rights and page type among the other
75 kernel from, for instance, allowing writes to data which an enclave wishes to
82 power transitions when the ephemeral key that encrypts enclave memory is lost.
87 Enclave build functions
91 separate enclave “build” process. Enclaves must be built before they can be
92 executed (entered). The first step in building an enclave is opening the
93 **/dev/sgx_enclave** device. Since enclave memory is protected from direct
94 access, special privileged instructions are then used to copy data into enclave
95 pages and establish enclave page permissions.
103 Enclave runtime management
107 enclaves: modifying enclave page permissions and type, and dynamically
108 adding and removing of enclave pages. When an enclave accesses an address
110 regular page will be dynamically added to the enclave. The enclave is
118 Enclave vDSO
121 Entering an enclave can only be done through SGX-specific EENTER and ERESUME
123 transitioning to and from an enclave, enclaves typically utilize a library to
128 as part of their normal operation that need to be handled in the enclave or are
133 vDSO function wraps low-level transitions to/from the enclave like EENTER and
149 ksgxd is started when SGX initializes. Enclave memory is typically ready
151 use since the reset, enclave pages may be in an inconsistent state. This might
153 reinitializes all enclave pages so that they can be allocated and re-used.
156 EREMOVE function to each physical page. Some enclave pages like SECS pages have
164 overcommitment of enclave memory. If the system runs out of enclave memory,
165 *ksgxd* “swaps” enclave memory to normal memory.
170 SGX provides a launch control mechanism. After all enclave pages have been
171 copied, kernel executes EINIT function, which initializes the enclave. Only after
172 this the CPU can execute inside the enclave.
174 EINIT function takes an RSA-3072 signature of the enclave measurement. The function
182 the MSRs to match the enclave's signing key.
187 In order to conceal the enclave data while it is out of the CPU package, the
189 enclave memory.
204 DMA to enclave memory is blocked by range registers on both MEE and TME systems
215 into an enclave. The application can then make individual function calls into
216 the enclave through special SGX instructions. A run-time within the enclave is
217 configured to marshal function parameters into and out of the enclave and to
223 An application may be loaded into a container enclave which is specially
225 The enclave run-time and library OS work together to execute the application
226 when a thread enters the enclave.
259 EPC driver doesn't have a specific enclave associated with it. This is
279 enclave to which the page belongs. In this case the ioctl will