jknight edited a comment on issue #333: URL: https://github.com/apache/incubator-teaclave-sgx-sdk/issues/333#issuecomment-993868411
It looks like we need to be very careful about processor selection if we want SGX MEE and not TME. I'm reading these specs as saying "if it has TME then it isn't using MEE". Maybe there's a BIOS setting to set Ice Lake chips to use MEE with a smaller Enclave Page Size (ie 0.5 GB) ? Xeon E series all seem to have SGX MEE. [Intel® Xeon® E-2386G Processor](https://www.intel.com/content/www/us/en/products/sku/214806/intel-xeon-e2386g-processor-12m-cache-3-50-ghz/specifications.html) Rocket Lake - Q3'21 - Intel® Software Guard Extensions (Intel® SGX): Yes with Intel® SPS - [Doesn't mention TME so must be MEE] - Maximum Enclave Page Cache (EPC) Size for Intel® SGX: 0.5 GB [Intel® Xeon® Gold 6312U](https://www.intel.com/content/www/us/en/products/sku/215282/intel-xeon-gold-6312u-processor-36m-cache-2-40-ghz/specifications.html) Ice Lake - Q2'21 - Intel® Software Guard Extensions (Intel® SGX): Yes with Intel® SPS - **Intel® Total Memory Encryption: Yes** [so not MEE] - Maximum Enclave Page Cache (EPC) Size for Intel® SGX: 64 GB -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@teaclave.apache.org For additional commands, e-mail: notifications-h...@teaclave.apache.org
