Two methods to determine the maximum enclave size.
In a cloud environment, it is not possible to check the Processor Reserved Memory (PRM), which includes the Enclave Page Cache (EPC), in BIOS.
Unable to use the Intel® Software Guard Extensions (Intel® SGX) SDK to find the available memory for an enclave.
The Intel® Software Guard Extensions (Intel® SGX) SDK does not provide a way to find the maximum enclave size. The Intel® Software Guard Extensions (Intel® SGX) SDK allows you to set the enclave size in an application using the Enclave Configuration File.
There are two methods to report the Intel® Software Guard Extensions (Intel® SGX) capabilities available on a processor. Both options report the MaxEnclaveSize, which is the virtual maximum enclave size. The actual maximum enclave size is determined by the operating system or memory limits.
Option 1
On a Linux* system, execute cpuid in a terminal:
$ cpuid | grep MaxEnclaveSize
Option 2
Use test_sgx.c:
- Go to the SGX Hardware Github and download the file test_sgx.c or clone the repository
- Compile and run test_sgx.c according to these instructions:
$ gcc test-sgx.c -o test-sgx
$ ./test-sgx
Explanation of MaxEnclaveSize
If MaxEnclaveSize is 0, then SGX is not enabled on the platform.
If SGX is enabled, the most common output is:
MaxEnclaveSize_Not64: 1f
MaxEnclaveSize_64: 24
- MaxEnclaveSize_Not64: the maximum supported enclave size is 2^(EDX[7:0]) bytes when not in 64-bit mode
- MaxEnclaveSize_64: the maximum supported enclave size is 2^(EDX[15:8]) bytes when operating in 64- bit mode.
The maximum virtual size of the enclave is 2^(0x1f) for 32-bit and 2^(0x24) for 64-bit enclaves.
Refer to the values returned by the CPUID call in Section 37.7.2, Table 37-6 of the IA Software Developer Manual Vol 3d Part 4.