39-4 Vol. 3D

ENCLAVE OPERATION

1. Check that TCS is not busy and flush all cached linear-to-physical mappings. 
2. Change the mode of operation to be in enclave mode. 
3. Save the old RSP, RBP for later restore on AEX (Software is responsible for setting up the new RSP, RBP to be 

used inside enclave). 

4. Save XCR0 and replace it with the XFRM value for the enclave. 
5. Check if software wishes to debug (applicable to a debuggable enclave):

— If not debugging, then configure hardware so the enclave appears as a single instruction. 
— If debugging, then configure hardware to allow traps, breakpoints, and single steps inside the enclave.

6. Set the TCS as busy.
7. Transfer control from outside enclave to predetermined location inside the enclave specified by the TCS.
The EEXIT leaf function is the method of leaving the enclave under program control. EEXIT receives the target 
address outside of the enclave that the enclave wishes to transfer control to. It is the responsibility of enclave soft-
ware to erase any secret from the registers prior to invoking EEXIT. To allow enclave software to easily perform an 
external function call and re-enter the enclave (using EEXIT and EENTER leaf functions), EEXIT returns the value of 
the AEP that was used when the enclave was entered. 
EEXIT performs the following operations:
1. Clear enclave mode and flush all cached linear-to-physical mappings. 
2. Mark TCS as not busy. 
3. Transfer control from inside the enclave to a location on the outside specified as parameter to the EEXIT leaf 

function.

39.2.2 

Asynchronous Enclave Exit (AEX)

Asynchronous and synchronous events, such as exceptions, interrupts, traps, SMIs, and VM exits may occur while 
executing inside an enclave. These events are referred to as Enclave Exiting Events (EEE). Upon an EEE, the 
processor state is securely saved inside the enclave (in the thread’s current SSA frame) and then replaced by a 
synthetic state to prevent leakage of secrets. The process of securely saving state and establishing the synthetic 
state is called an Asynchronous Enclave Exit (AEX). Details of AEX is described in Chapter 40, “Enclave Exiting 
Events”.
As part of most EEEs, the AEP is pushed onto the stack as the location of the eventing address. This is the location 
where control will return to after executing the IRET. The ERESUME leaf function can be executed from that point 
to reenter the enclave and resume execution from the interrupted point.
After AEX has completed, the logical processor is no longer in enclave mode and the exiting event is processed 
normally. Any new events that occur after the AEX has completed are treated as having occurred outside the 
enclave (e.g. a #PF in dispatching to an interrupt handler).

39.2.3 

Resuming Execution after AEX

After system software has serviced the event that caused the logical processor to exit an enclave, the logical 
processor can continue enclave execution using ERESUME. ERESUME restores processor state and returns control 
to where execution was interrupted. 
If the cause of the exit was an exception or a fault and was not resolved, the event will be triggered again if the 
enclave is re-entered using ERESUME. For example, if an enclave performs a divide by 0 operation, executing 
ERESUME will cause the enclave to attempt to re-execute the faulting instruction and result in another divide by 0 
exception. Intel

®

 SGX provides the means for an enclave developer to handle enclave exceptions from within the 

enclave. Software can enter the enclave at a different location and invoke the exception handler within the enclave 
by executing the EENTER leaf function. The exception handler within the enclave can read the fault information 
from the SSA frame and attempt to resolve the faulting condition or simply return and indicate to software that the 
enclave should be terminated (e.g. using EEXIT).