You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@teaclave.apache.org by Jeffrey Knight <no...@github.com.INVALID> on 2021/12/14 18:37:31 UTC

Re: [apache/incubator-teaclave-sgx-sdk] Implications of Upcoming Total Memory Encryption (TME) (#333)

It looks like we need to be very careful about processor selection if we want SGX MEE and not TME. 
I'm reading these specs as saying "if it has TME then it isn't using MEE". 

Could there be a BIOS setting to set Ice Lake chips to use MEE with the small Enclave Page Size ? 

[Intel® Xeon® E-2386G Processor](https://www.intel.com/content/www/us/en/products/sku/214806/intel-xeon-e2386g-processor-12m-cache-3-50-ghz/specifications.html)  Rocket Lake
  - Q3'21
  - Intel® Software Guard Extensions (Intel® SGX): Yes with Intel® SPS 
  - [Doesn't mention TME so must be MEE]
  - Maximum Enclave Page Cache (EPC) Size for Intel® SGX: 0.5 GB

[Intel® Xeon® Gold 6312U](https://www.intel.com/content/www/us/en/products/sku/215282/intel-xeon-gold-6312u-processor-36m-cache-2-40-ghz/specifications.html) Ice Lake
  - Q2'21
  - Intel® Software Guard Extensions (Intel® SGX): Yes with Intel® SPS 
  - **Intel® Total Memory Encryption: Yes** [so not MEE]
  - Maximum Enclave Page Cache (EPC) Size for Intel® SGX: 64 GB


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/333#issuecomment-993868411