background image

Vol. 3D 40-1

ENCLAVE EXITING EVENTS

CHAPTER 40

ENCLAVE EXITING EVENTS

Certain events, such as exceptions and interrupts, incident to (but asynchronous with) enclave execution may 
cause control to transition outside of enclave mode. (Most of these also cause a change of privilege level.) To 
protect the integrity and security of the enclave, the processor will exit the enclave (and enclave mode) before 
invoking the handler for such an event. For that reason, such events are called an enclave-exiting events (EEE); 
EEEs include external interrupts, non-maskable interrupts, system-management interrupts, exceptions, and VM 
exits.
The process of leaving an enclave in response to an EEE is called an asynchronous enclave exit (AEX). To protect 
the secrecy of the enclave, an AEX saves the state of certain registers within enclave memory and then loads those 
registers with fixed values called synthetic state.

40.1 

COMPATIBLE SWITCH TO THE EXITING STACK OF AEX

AEXs load registers with a pre-determined synthetic state. These register may be later pushed onto the appro-
priate stack in a form as defined by the enclave-exiting event. To allow enclave execution to resume after the 
invoking handler has process the enclave exiting event, the asynchronous enclave exit loads the address of tram-
poline code outside of the enclave into RIP. This trampoline code eventually returns to the enclave by means of an 
ENCLU(ERESUME) leaf function. Prior to exiting the enclave the RSP and RBP registers are restored to their values 
prior to enclave entry.
The stack to be used is chosen using the same rules as for non-SGX mode:

If there is a privilege level change, the stack will be the one associated with the new ring. 

If there is no privilege level change, the current application stack is used. 

If the IA-32e IST mechanism is used, the exit stack is chosen using that method.

Figure 40-1.  Exit Stack Just After Interrupt with Stack Switch

ENCLU[ERESUME]

RAX

Current SSA Frame

Per-Thread

Trampoline in uRTS

RSP after pushes

CSSA

AEP

TCS

Exit Stack

SS

RSP

RFLAGS

CS

RIP

Error Code (optional)

uRSP

AEP

RSP

TCS LA

ENCLU[ERESUME]

RCX

RBX

Next SSA Frame

uRSP