EPC Page management is the key point of the SGX driver. It includes the following features: Add an EPC page Block an EPC page Load an EPC page as blocked/unblocked Remove a page from EPC Write back/invalidate an EPC page These functions depend on suitable data structures.

The previous post briefly describes the concepts behind TEE, Intel SGX, and the ongoing work that implements Intel SGX support in Unikraft. In this post, we will take an in-depth investigation of how SGX supported is implemented in Linux, and what we need to implement in Unikraft to achieve the same object.

Trusted execution environment (TEE), especially Intel SGX, is a popular and powerful tool to provide hardware-based isolation for highly sensitive code and data. Today’s commercial clouds (Microsoft Azure DCsv2, DCsv3/DCdsv3 series, IBM Cloud Bare Metal z15 series, and Alibaba Cloud Bare Metal Instance) more or less have provided their support to Intel SGX.