Enclave Page Cache
E653457
Enclave Page Cache is a protected memory region used by Intel SGX to store and manage the code and data of secure enclaves during execution.
Statements (47)
| Predicate | Object |
|---|---|
| instanceOf |
Intel SGX component
ⓘ
protected memory region ⓘ |
| abbreviation | EPC ⓘ |
| accessControlledBy |
SGX instructions
ⓘ
hardware access checks ⓘ |
| accessRestrictedTo | enclave execution mode ⓘ |
| alsoKnownAs | EPC NERFINISHED ⓘ |
| backedBy | processor memory encryption engine ⓘ |
| belongsToCategory |
hardware security feature
ⓘ
trusted execution environment memory ⓘ |
| capacityType | platform-dependent size ⓘ |
| contains |
enclave code pages
ⓘ
enclave data pages ⓘ enclave heap pages ⓘ enclave stack pages ⓘ enclave thread control structures ⓘ |
| definedIn | Intel SGX architecture specifications NERFINISHED ⓘ |
| encryptedIn | DRAM ⓘ |
| introducedBy | Intel SGX version 1 NERFINISHED ⓘ |
| limitedResource | yes ⓘ |
| locatedIn | processor physical address space ⓘ |
| managedBy |
SGX Enclave Page Cache Map
NERFINISHED
ⓘ
SGX memory management hardware ⓘ |
| monitoredBy | Enclave Page Cache Map NERFINISHED ⓘ |
| pageSize | 4 KB ⓘ |
| partOf | Intel SGX memory architecture NERFINISHED ⓘ |
| purpose |
manage secure enclave memory during execution
ⓘ
store enclave code ⓘ store enclave data ⓘ |
| relatedTo |
Enclave Page Cache Map
NERFINISHED
ⓘ
enclave lifecycle management ⓘ secure context switching for enclaves ⓘ |
| requires |
BIOS or firmware SGX enablement
ⓘ
SGX-capable processor ⓘ |
| securityProperty |
confidentiality protection for enclave pages
ⓘ
hardware-enforced isolation from non-enclave software ⓘ integrity protection for enclave pages ⓘ protection from direct access by system management mode ⓘ protection from direct access by the operating system ⓘ protection from direct access by virtual machine monitors ⓘ |
| supports |
dynamic page allocation for enclaves
ⓘ
page eviction to regular memory ⓘ page reloading into EPC ⓘ |
| usedBy | Intel Software Guard Extensions NERFINISHED ⓘ |
| usedFor | trusted execution environments on Intel CPUs ⓘ |
| visibleAs | reserved physical memory region ⓘ |
| vulnerabilitySurface | side-channel attacks on memory access patterns ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.