Article ID: 000059198 Content Type: Product Information & Documentation Last Reviewed: 07/07/2021

What is the Effect of Setting the "ReservedMem" Parameters in the Enclave Configuration File?

Environment

linux

BUILT IN - ARTICLE INTRO SECOND COMPONENT
Summary

Parameters and functions that manage extra reserved memory for enclaves at runtime

Description

The explanations for the reserved memory parameters in the Enclave Configuration Default Values table in the Intel® Software Guard Extensions (Intel® SGX) Developer Reference for Linux* are vague.

 

ReservedMemMaxSize

The maximum reserved memory size for the process. Must be 4KB aligned.

0x0000000

ReservedMemMinSize

The minimum reserved memory size for the process. Must be 4KB aligned.

0x0000000

ReservedMemInitSize

The initial reserved memory size for the process. Must be 4KB aligned.

0x0000000

ReservedMemExecutable

The reserved memory is executable.
Note: This value is only used for the Intel® Software Guard Extensions (Intel® SGX) 1 platform.

0: Reserved memory is not executable.

1: Reserved memory is executable.

Resolution

The Intel SGX Developer Reference for Linux explains:

ReservedMemMinSize, ReservedMemMaxSize and ReservedMemInitSize area by specifying these fields in the enclave's configuration file. The reserved memory area will be added at the end of the enclave at the loading time and can be used at the runtime. ReservedMemExecutable can be used to configure whether the reserved memory has executable permission by setting ReservedMemExecutable to 1.

Note

On the Intel® SGX 2.0 platform, the reserved memory is forcefully configured to RW permission although ReservedMemExecutable is set to 1. Currently, the reserved memory is used to support Just in Time (JIT) usage in the Intel® SGX DNNL Library.

The reserved memory can be allocated and freed during runtime using the Reserved Memory Functions.  

Reserved memory functions

Intel® SGX SDK allows users to configure a reserved memory area for special usage, such as JIT support. The memory is allowed to be configured or changed to executable. See Enclave Configuration File for details. To manage the reserved memory, the sgx_tstdc library provides the following functions to query the memory information, allocate and deallocate the memory, and change the memory protection:

  • sgx_get_rsrv_mem_info
  • sgx_alloc_rsrv_mem
  • sgx_alloc_rsrv_mem_ex
  • sgx_free_rsrv_mem
  • sgx_tprotect_rsrv_mem
Additional information

The Intel SGX Developer Reference for Linux is in the Documentation folder of the latest release of the Intel® Software Guard Extensions SDK for Linux*.

Related Products

This article applies to 1 products