[python,Docs] Set sgx.enclave_size to 1TB on EDMM by default

Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii@intel.com>
gramineproject · Apr 3, 2023 · b748897 · b748897
1 parent 5154a59
commit b748897
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 3 deletions.
diff --git a/Documentation/manifest-syntax.rst b/Documentation/manifest-syntax.rst
@@ -480,6 +480,11 @@ as RWX). Unfortunately it can negatively impact performance, as adding a page
 to the enclave at runtime is a more expensive operation than adding the page
 before enclave creation (because it involves more enclave exits and syscalls).
 
+When this feature is enabled, it is not necessary to specify
+``sgx.enclave_size`` (Gramine will automatically set it to 1TB which should be
+enough for any application). However if ``sgx.enclave_size`` is specified, this
+explicit value will take precedence.
+
 .. note::
    Support for EDMM first appeared in Linux 6.0.
 
@@ -489,12 +494,13 @@ Enclave size
 ::
 
     sgx.enclave_size = "[SIZE]"
-    (default: "256M")
+    (default: "256M" without EDMM, "1024G" with EDMM)
 
 This syntax specifies the size of the enclave set during enclave creation time
 if :term:`EDMM` is not enabled (``sgx.edmm_enable = false``) or the maximal
 size that the enclave can grow to if :term:`EDMM` is enabled
 (``sgx.edmm_enable = true``).
+
 The PAL and library OS code/data count towards this size value, as well as the
 application memory itself: application's code, stack, heap, loaded application
 libraries, etc. The application cannot allocate memory that exceeds this limit.

diff --git a/python/graminelibos/manifest.py b/python/graminelibos/manifest.py
@@ -17,7 +17,8 @@
 
 from . import _env
 
-DEFAULT_ENCLAVE_SIZE = '256M'
+DEFAULT_ENCLAVE_SIZE_NO_EDMM = '256M'
+DEFAULT_ENCLAVE_SIZE_WITH_EDMM = '1024G'  # 1TB; note that DebugInfo is at 1TB and ASan at 1.5TB
 DEFAULT_THREAD_NUM = 4
 
 class ManifestError(Exception):
@@ -87,7 +88,6 @@ def __init__(self, manifest_str):
 
         sgx = manifest.setdefault('sgx', {})
         sgx.setdefault('trusted_files', [])
-        sgx.setdefault('enclave_size', DEFAULT_ENCLAVE_SIZE)
 
         # TODO: sgx.thread_num is deprecated in v1.4, simplify below logic in v1.5
         if 'thread_num' not in sgx:
@@ -104,6 +104,12 @@ def __init__(self, manifest_str):
         sgx.setdefault('require_amx', False)
         sgx.setdefault('require_exinfo', False)
         sgx.setdefault('enable_stats', False)
+        sgx.setdefault('edmm_enable', False)
+
+        if sgx['edmm_enable']:
+            sgx.setdefault('enclave_size', DEFAULT_ENCLAVE_SIZE_WITH_EDMM)
+        else:
+            sgx.setdefault('enclave_size', DEFAULT_ENCLAVE_SIZE_NO_EDMM)
 
         if not isinstance(sgx['trusted_files'], list):
             raise ValueError("Unsupported trusted files syntax, more info: " +