How Intel® Xeon® Processors Enable Up to 1 TB Enclave Page Cache (EPC)?

Content Type: Product Information & Documentation | Article ID: 000059614 | Last Reviewed: 06/01/2026

Description Resolution Additional information

Environment

Intel® Xeon® Processors

Description

Information

Intel® Xeon® processors support Intel® Software Guard Extensions (Intel® SGX), which use the Enclave Page Cache (EPC) to store enclave code and data in protected memory. Over multiple processor generations, Intel has introduced architectural changes that significantly increased the maximum supported EPC size—reaching up to 1 terabyte (TB) on modern platforms.

This article explains:

How EPC size evolved across Intel® Xeon® processor generations
The key technology change that enabled terabyte‑scale EPC
How this applies to Intel® Xeon® 6 and Intel® Xeon® 6+ platforms

Resolution

What Is Enclave Page Cache (EPC)?

The Enclave Page Cache (EPC) is a protected memory region used by Intel® SGX. EPC memory is:

Encrypted
Integrity‑protected
Isolated from the operating system, hypervisor, and other software

Applications running inside SGX enclaves rely on EPC to securely store sensitive code and data.

Historical EPC Size Limits

Before recent architectural changes, EPC size was limited by how memory protection was implemented in hardware:

Pre–3rd Generation Intel® Xeon® Scalable Processors
- Maximum EPC size: 256 MB

These limits made it difficult to run large confidential workloads without EPC paging overhead.

EPC Size by Intel® Xeon® Processor Generation

EPC size varies by processor generation and SKU:

3rd Generation Intel® Xeon® Scalable Processors
- Up to 512 GB EPC per socket
- Up to 1 TB EPC on a two‑socket platform
4th Generation Intel® Xeon® Scalable Processors
- Some SKUs support 512 GB EPC
- Other SKUs support 128 GB EPC
5th Generation Intel® Xeon® Scalable Processors
- SKU‑dependent support for 512 GB, 128 GB, or 64 GB EPC
Intel® Xeon® 6 Processors
- Support 512 GB EPC per socket
- Up to 1 TB EPC on a two‑socket platform
Intel® Xeon® 6+ Processors
- Continue support for terabyte‑scale EPC, depending on SKU and platform configuration

Key Technology Change That Enabled 1 TB EPC

The primary technology change that enabled terabyte‑scale EPC is how Intel® SGX protects memory.

Transition from MEE to AES‑XTS

Earlier SGX implementations used the Memory Encryption Engine (MEE).
MEE relied on on‑die structures, including a Merkle Tree, which limited how large EPC could scale.
Intel® SGX transitioned to using
Advanced Encryption Standard – XEX Tweakable Block Cipher with Ciphertext Stealing (AES‑XTS).

Why this matters:

AES‑XTS removes reliance on fixed on‑die Merkle Tree structures.
EPC can now scale using system memory while remaining encrypted and integrity‑protected.
This change enables much larger EPC sizes, including up to 1 TB on supported platforms.

What This Means for Customers

With Intel® Xeon® 6 and Intel® Xeon® 6+ processors, customers can:

Run larger SGX enclaves without severe EPC size constraints
Support confidential databases, analytics, and AI workloads
Scale EPC capacity based on platform design and SKU selection

Important Notes

EPC size is not fixed and depends on:

Processor generation
Processor SKU
BIOS and firmware configuration
Platform socket count

For the exact EPC limits for a specific processor, refer to the Intel® Product Specifications for the corresponding SKU.

Summary

Intel® Xeon® processors enable up to 1 TB EPC through a critical architectural change in Intel® SGX: the transition from Memory Encryption Engine (MEE)–based protection to AES‑XTS–based memory encryption. This change allows EPC to scale beyond earlier hardware limits while maintaining strong security guarantees.

For a detailed specification, visit Intel® Product Specifications - Intel® Xeon® Processors.

Additional information

For more information, please visit: