diff --git a/core/shared/platform/linux-sgx/bh_platform.c b/core/shared/platform/linux-sgx/bh_platform.c
index 631cad7f..ac213227 100644
--- a/core/shared/platform/linux-sgx/bh_platform.c
+++ b/core/shared/platform/linux-sgx/bh_platform.c
@@ -7,6 +7,7 @@
 #include "bh_platform.h"
 
 #include <unistd.h>
+#include "sgx_rsrv_mem_mngr.h"
 
 #define FIXED_BUFFER_SIZE (1<<9)
 static bh_print_function_t print_function = NULL;
@@ -69,23 +70,52 @@ int bh_vprintf_sgx(const char * format, va_list arg)
     return 0;
 }
 
-void *
-bh_mmap(void *hint, unsigned int size, int prot, int flags)
+void* bh_mmap(void *hint, unsigned int size, int prot, int flags)
 {
-    /* TODO: implement bh_mmap in Linux SGX */
-    return NULL;
+    int mprot = 0;
+    unsigned alignedSize = (size+4095) & (unsigned)~4095; //Page aligned
+    void* ret = NULL;
+    sgx_status_t st = 0;
+
+    ret = sgx_alloc_rsrv_mem(alignedSize);
+    if (ret == NULL) {
+        bh_printf_sgx("bh_mmap(size=%d, alignedSize=%d, prot=0x%x) failed.",size, alignedSize, prot);
+        return NULL;
+    }
+    if (prot & MMAP_PROT_READ)
+        mprot |= SGX_PROT_READ;
+    if (prot & MMAP_PROT_WRITE)
+        mprot |= SGX_PROT_WRITE;
+    if (prot & MMAP_PROT_EXEC)
+        mprot |= SGX_PROT_EXEC;
+    st = sgx_tprotect_rsrv_mem(ret, alignedSize, mprot);
+    if (st != SGX_SUCCESS){
+	bh_printf_sgx("bh_mmap(size=%d,prot=0x%x) failed to set protect.",size, prot);
+        sgx_free_rsrv_mem(ret, alignedSize);
+        return NULL;
+    }
+
+    return ret;
 }
 
-void
-bh_munmap(void *addr, uint32 size)
+void bh_munmap(void *addr, uint32 size)
 {
-    /* TODO: implement bh_munmap in Linux SGX */
+    sgx_free_rsrv_mem(addr, size);
 }
 
-int
-bh_mprotect(void *addr, uint32 size, int prot)
+int bh_mprotect(void *addr, uint32 size, int prot)
 {
-    /* TODO: implement bh_mprotect in Linux SGX */
-    return -1;
-}
+    int mprot = 0;
+    sgx_status_t st = 0;
 
+    if (prot & MMAP_PROT_READ)
+        mprot |= SGX_PROT_READ;
+    if (prot & MMAP_PROT_WRITE)
+        mprot |= SGX_PROT_WRITE;
+    if (prot & MMAP_PROT_EXEC)
+        mprot |= SGX_PROT_EXEC;
+    st = sgx_tprotect_rsrv_mem(addr, size, mprot);
+    if (st != SGX_SUCCESS) bh_printf_sgx("bh_mprotect(addr=0x%lx,size=%d,prot=0x%x) failed.", addr, size, prot);
+
+    return (st == SGX_SUCCESS? 0:-1);
+}
diff --git a/core/shared/platform/linux-sgx/sgx_rsrv_mem_mngr.h b/core/shared/platform/linux-sgx/sgx_rsrv_mem_mngr.h
new file mode 100644
index 00000000..18f813dd
--- /dev/null
+++ b/core/shared/platform/linux-sgx/sgx_rsrv_mem_mngr.h
@@ -0,0 +1,90 @@
+/*
+ * Copyright (C) 2011-2019 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/*
+ * This file is copied from https://github.com/intel/linux-sgx/blob/master/common/inc/internal/sgx_rsrv_mem_mngr.h
+ * The reason we copied here is that the official SGX SDK release has
+ * not included this header file yet.
+ */
+
+#pragma once
+
+#ifndef _SGX_RSRV_MEM_MNGR_H_
+#define _SGX_RSRV_MEM_MNGR_H_
+
+#include "stdint.h"
+#include "sgx_error.h"
+
+#define SGX_PROT_READ	0x1		/* page can be read */
+#define SGX_PROT_WRITE	0x2		/* page can be written */
+#define SGX_PROT_EXEC	0x4		/* page can be executed */
+#define SGX_PROT_NONE	0x0		/* page can not be accessed */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    /* Allocate a range of EPC memory from the reserved memory area with RW permission
+     *
+     * Parameters:
+     * Inputs: length [in]: Size of region to be allocated in bytes. Page aligned
+     * Return: Starting address of the new allocated memory area on success; otherwise NULL
+     */
+    void * sgx_alloc_rsrv_mem(size_t length);
+
+
+    /* Free a range of EPC memory from the reserved memory area
+     *
+     * Parameters:
+     * Inputs: addr[in]: Starting address of region to be freed. Page aligned.
+     *         length[in]: The length of the memory to be freed in bytes.  Page aligned
+     * Return: 0 on success; otherwise -1
+     */
+    int sgx_free_rsrv_mem(void * addr, size_t length);
+
+
+    /* Modify the access permissions of the pages in the reserved memory area.
+     *
+     * Parameters: 
+     * Inputs: addr[in]: Starting address of region which needs to change access permission. Page aligned.
+     *         length[in]: The length of the memory to be manipulated in bytes. Page aligned.
+     *         prot[in]: The target memory protection.
+     * Return: sgx_status_t - SGX_SUCCESS or failure as defined in sgx_error.h
+     */
+    sgx_status_t sgx_tprotect_rsrv_mem(void *addr, size_t len, int prot);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/product-mini/platforms/linux-sgx/CMakeLists.txt b/product-mini/platforms/linux-sgx/CMakeLists.txt
index 9e373a7f..276d0afc 100644
--- a/product-mini/platforms/linux-sgx/CMakeLists.txt
+++ b/product-mini/platforms/linux-sgx/CMakeLists.txt
@@ -32,8 +32,8 @@ if (NOT DEFINED WAMR_BUILD_INTERP)
 endif ()
 
 if (NOT DEFINED WAMR_BUILD_AOT)
-  # Disable AOT by default.
-  set (WAMR_BUILD_AOT 0)
+  # Enable AOT by default.
+  set (WAMR_BUILD_AOT 1)
 endif ()
 
 if (NOT DEFINED WAMR_BUILD_JIT)
diff --git a/product-mini/platforms/linux-sgx/enclave-sample/Enclave/Enclave.config.xml b/product-mini/platforms/linux-sgx/enclave-sample/Enclave/Enclave.config.xml
index a94d12f0..dfdb26c1 100644
--- a/product-mini/platforms/linux-sgx/enclave-sample/Enclave/Enclave.config.xml
+++ b/product-mini/platforms/linux-sgx/enclave-sample/Enclave/Enclave.config.xml
@@ -3,7 +3,9 @@
   <ProdID>0</ProdID>
   <ISVSVN>0</ISVSVN>
   <StackMaxSize>0x40000</StackMaxSize>
-  <HeapMaxSize>0x100000</HeapMaxSize>
+  <HeapMaxSize>0x200000</HeapMaxSize>
+  <ReservedMemMaxSize>0x100000</ReservedMemMaxSize>
+  <ReservedMemExecutable>1</ReservedMemExecutable>
   <TCSNum>10</TCSNum>
   <TCSPolicy>1</TCSPolicy>
   <DisableDebug>0</DisableDebug>
diff --git a/product-mini/platforms/linux-sgx/enclave-sample/Enclave/Enclave.cpp b/product-mini/platforms/linux-sgx/enclave-sample/Enclave/Enclave.cpp
index f7578878..714360ae 100644
--- a/product-mini/platforms/linux-sgx/enclave-sample/Enclave/Enclave.cpp
+++ b/product-mini/platforms/linux-sgx/enclave-sample/Enclave/Enclave.cpp
@@ -10,7 +10,7 @@
 #include "bh_memory.h"
 #include "wasm_export.h"
 
-static char global_heap_buf[512 * 1024] = { 0 };
+static char global_heap_buf[2* 1024 * 1024] = { 0 };
 
 static int app_argc;
 static char **app_argv;