Parameters and functions that manage extra reserved memory for enclaves at runtime
The explanations for the reserved memory parameters in the Enclave Configuration Default Values table in the Intel® Software Guard Extensions (Intel® SGX) Developer Reference for Linux* are vague.
|
ReservedMemMaxSize |
The maximum reserved memory size for the process. Must be 4KB aligned. |
0x0000000 | ||
|
ReservedMemMinSize |
The minimum reserved memory size for the process. Must be 4KB aligned. |
0x0000000 | ||
|
ReservedMemInitSize |
The initial reserved memory size for the process. Must be 4KB aligned. |
0x0000000 | ||
|
ReservedMemExecutable |
The reserved memory is executable.
|
0: Reserved memory is not executable. 1: Reserved memory is executable. |
The Intel SGX Developer Reference for Linux explains:
ReservedMemMinSize, ReservedMemMaxSize and ReservedMemInitSize area by specifying these fields in the enclave's configuration file. The reserved memory area will be added at the end of the enclave at the loading time and can be used at the runtime. ReservedMemExecutable can be used to configure whether the reserved memory has executable permission by setting ReservedMemExecutable to 1.
| Note |
On the Intel® SGX 2.0 platform, the reserved memory is forcefully configured to RW permission although ReservedMemExecutable is set to 1. Currently, the reserved memory is used to support Just in Time (JIT) usage in the Intel® SGX DNNL Library. |
The reserved memory can be allocated and freed during runtime using the Reserved Memory Functions.
Reserved memory functions
Intel® SGX SDK allows users to configure a reserved memory area for special usage, such as JIT support. The memory is allowed to be configured or changed to executable. See Enclave Configuration File for details. To manage the reserved memory, the sgx_tstdc library provides the following functions to query the memory information, allocate and deallocate the memory, and change the memory protection:
- sgx_get_rsrv_mem_info
- sgx_alloc_rsrv_mem
- sgx_alloc_rsrv_mem_ex
- sgx_free_rsrv_mem
- sgx_tprotect_rsrv_mem
The Intel SGX Developer Reference for Linux is in the Documentation folder of the latest release of the Intel® Software Guard Extensions SDK for Linux*.