Article ID: 000088228 Content Type: Product Information & Documentation Last Reviewed: 11/03/2021

How Does Intel® Software Guard Extensions (Intel® SGX) Enclave Data Get Encrypted and Decrypted During Page Swapping?

BUILT IN - ARTICLE INTRO SECOND COMPONENT

Summary

Intel® Software Guard Extensions (Intel® SGX) instructions that encrypt and decrypt enclave data during page swapping

Description

Unable to determine how enclave data is secured when page swapping between Enclave Page Cache (EPC) and main memory.

Resolution

The EWB instruction evicts an EPC page into main memory and encrypts the page before moving it. Refer to the EWB—Invalidate an EPC Page and Write out to Main Memory section of Intel® 64 and IA-32 Architectures Software Developer's Manual Volume 3D: System Programming Guide, Part 4 for more details.
The ELDU instruction copies pages from non-EPC, or main, memory to EPC memory, decrypting the page before copying it into the EPC. Refer to the ELDB/ELDU/ELDBC/ELDUC—Load an EPC Page and Mark its State section of Intel® 64 and IA-32 Architectures Software Developer's Manual Volume 3D: System Programming Guide, Part 4 for more details.

Additional information

Refer to the EPC and Management of EPC Pages section of Intel® 64 and IA-32 Architectures Software Developer's Manual Volume 3D: System Programming Guide, Part 4 for details on how paging is handled in an Intel SGX system.

Summary
Description
Resolution
Additional information

Need more help?

Contact support

Disclaimer

¹

All postings and use of the content on this site are subject to Intel.com Terms of Use.