Article ID: 000088648 Content Type: Product Information & Documentation Last Reviewed: 07/31/2024

How Do I Create an Enclave with Intel® Software Guard Extensions (Intel® SGX) SGX2 Features to Allocate Memory Dynamically?

BUILT IN - ARTICLE INTRO SECOND COMPONENT
Summary

Changes to the Enclave Configuration File that allow enclaves to use (Intel® SGX) SGX2 features

Description

Unable to determine how to write an enclave that uses dynamic memory management features from Intel® Software Guard Extensions (Intel® SGX) SGX2.

Resolution

Intel® Software Guard Extensions (Intel® SGX) SGX2 instructions in Intel® SGX do three basic functions to allocate memory dynamically: expand heap, expand stack, create threads. These functions are implemented in the Intel SGX driver, trusted runtime, and untrusted runtime. The only explicit action the enclave programmer must do to take advantage of these features is to set the following parameters in the Enclave Configuration File:

  • StackMinSize, StackMaxSize: Set the minimum and maximum stack size available to the enclave.
  • HeapMinSize, HeapMaxSize: Set the minimum and maximum heap size available to the enclave.
  • TCSNum, TCSMaxNum, TCSMinPool: Used to determine how many threads will be created after the enclave initialization, and how many threads can be created dynamically when the enclave is running.

The Intel® SGX Developer Reference Guide for your operating system contains more details on these parameters.

Beyond that, write the enclave code and allocate memory as you normally would. The Intel® SGX driver, trusted runtime, and untrusted runtime handle the dynamic memory allocations as needed under the hood.

The Implementation of  (Intel® SGX) SGX2 Dynamic Memory Management section in Intel® Software Guard Extensions Software Support for Dynamic Memory Allocation inside an Enclave further explains how the Intel® SGX SDK implements dynamic memory management features.

Additional information

Intel® Software Guard Extensions Software Support for Dynamic Memory Allocation inside an Enclave

The Intel® SGX Developer Reference for Linux* is in the Documentation folder of the latest release of the Intel® Software Guard Extensions SDK for Linux*.

The Intel® SGX Developer Reference for Windows* is distributed with the Intel® SGX SDK for Windows* installation package.