Next‑Generation Intel SGX on Ice Lake: Performance Evaluation and Optimization with Occlum

On April 7, 2021 Intel announced the Ice Lake Xeon processor, the first data‑center chip built on a 10 nm process, offering higher single‑core performance, up to 80 physical cores, 8‑channel DDR4, and new AI and cryptography instructions.

Alongside these gains, Intel introduced a next‑generation SGX (referred to as “new SGX”) that expands trusted memory from 256 MiB to 1 TiB and increases the maximum core count to 80 (160 logical), while relaxing protection against certain physical attacks.

Key differences between the legacy SGX (Xeon E3) and the new SGX on Ice Lake are summarized in a comparison table (image omitted). The new SGX dramatically reduces trusted‑memory‑access overhead and provides a much larger enclave memory space, at the cost of weaker physical‑attack resistance.

Performance testing was conducted on three Intel CPUs, measuring three main SGX overheads: trusted‑memory access, Enclave Dynamic Memory Management (EDMM), and enclave switching. Results show that trusted‑memory‑access overhead is almost eliminated in the new SGX, while EDMM and switching still incur noticeable costs, though both are improved over the legacy design.

To mitigate the remaining overheads, Ant Group’s confidential‑computing team leveraged the open‑source Occlum runtime (https://github.com/occlum/occlum), which enables unmodified Linux applications to run inside SGX enclaves.

They launched the Next‑Gen Occlum (NGO) project, redesigning Occlum around an “asynchronous‑first” architecture that exploits Ice Lake’s large memory and many cores. The design introduces coroutine‑based scheduling, Linux io_uring for efficient async I/O, and other async techniques.

Benchmarking of NGO shows that the applied optimizations substantially close the performance gap between SGX enclaves and native Linux, with several metrics surpassing native performance.

The article concludes that Ice Lake’s next‑generation SGX offers a significant scalability boost for real‑world workloads, and that software‑level optimizations such as those demonstrated in Next‑Gen Occlum can make enclave performance comparable to non‑enclave applications.

Future releases of the optimized Occlum will be open‑sourced and merged into the main Occlum repository (https://github.com/occlum/occlum).