Current processors may provide support for a trusted execution environment such as a secure enclave. Secure enclaves include segments of memory (including code and/or data) protected by the processor from unauthorized access including unauthorized reads and writes. Additionally, the processor can cryptographically prove that a particular secure enclave is authentic and unaltered.
Certain secure enclave implementations provide full cryptographic protection of enclave memory, including confidentiality, integrity, and replay protection. Full cryptographic protection may require the processor to store additional data such as counters and authentication tags, which may impose a storage overhead for enclave memory. Additionally, certain secure enclave implementations use a range register to identify physical memory reserved to be used by secure enclaves, which is typically referred to as an enclave page cache (EPC). The range register typically must be set in a pre-boot firmware environment and thus the size of the EPC may not be changed at runtime.