Changes to the Enclave Configuration File that allow enclaves to use (Intel® SGX) SGX2 features
Unable to determine how to write an enclave that uses dynamic memory management features from Intel® Software Guard Extensions (Intel® SGX) SGX2.
Intel® Software Guard Extensions (Intel® SGX) SGX2 instructions in Intel® SGX do three basic functions to allocate memory dynamically: expand heap, expand stack, create threads. These functions are implemented in the Intel SGX driver, trusted runtime, and untrusted runtime. The only explicit action the enclave programmer must do to take advantage of these features is to set the following parameters in the Enclave Configuration File:
- StackMinSize, StackMaxSize: Set the minimum and maximum stack size available to the enclave.
- HeapMinSize, HeapMaxSize: Set the minimum and maximum heap size available to the enclave.
- TCSNum, TCSMaxNum, TCSMinPool: Used to determine how many threads will be created after the enclave initialization, and how many threads can be created dynamically when the enclave is running.
The Intel® SGX Developer Reference Guide for your operating system contains more details on these parameters.
Beyond that, write the enclave code and allocate memory as you normally would. The Intel® SGX driver, trusted runtime, and untrusted runtime handle the dynamic memory allocations as needed under the hood.
The Implementation of (Intel® SGX) SGX2 Dynamic Memory Management section in Intel® Software Guard Extensions Software Support for Dynamic Memory Allocation inside an Enclave further explains how the Intel® SGX SDK implements dynamic memory management features.
Intel® Software Guard Extensions Software Support for Dynamic Memory Allocation inside an Enclave
The Intel® SGX Developer Reference for Linux* is in the Documentation folder of the latest release of the Intel® Software Guard Extensions SDK for Linux*.
The Intel® SGX Developer Reference for Windows* is distributed with the Intel® SGX SDK for Windows* installation package.