background image

40-2 Vol. 3D

ENCLAVE EXITING EVENTS

In all cases, the choice of exit stack and the information pushed onto it is consistent with non-SGX operation. 
Figure 40-1 shows the Application and Exiting Stacks after an exit with a stack switch. An exit without a stack 
switch uses the Application Stack. The ERESUME leaf index value is placed into RAX, the TCS pointer is placed in 
RBX and the AEP (see below) is placed into RCX to facilitate resuming the enclave after the exit.
Upon an AEX, the AEP (Asynchronous Exit Pointer) is loaded into the RIP. The AEP points to a trampoline code 
sequence which includes the ERESUME instruction that is later used to reenter the enclave. 
The following bits of RFLAGS are cleared before RFLAGS is pushed onto the exit stack: CF, PF, AF, ZF, SF, OF, RF. The 
remaining bits are left unchanged.

40.2 

STATE SAVING BY AEX

The State Save Area holds the processor state at the time of an AEX. To allow handling events within the enclave 
and re-entering it after an AEX, the SSA can be a stack of multiple SSA frames as illustrated in Figure 40-2.

The location of the SSA frames to be used is controlled by the following variables in the TCS and the SECS:

Size of a frame in the State Save Area (SECS.SSAFRAMESIZE): This defines the number of 4K Byte pages in a 
single frame in the State Save Area. The SSA frame size must be large enough to hold the GPR state, the XSAVE 
state, and the MISC state. 

Base address of the enclave (SECS.BASEADDR): This defines the enclave's base linear address from which the 
offset to the base of the SSA stack is calculated. 

Number of State Save Area Slots (TCS.NSSA): This defines the total number of slots (frames) in the State Save 
Area stack. 

Current State Save Area Slot (TCS.CSSA): This defines the slot to use on the next exit. 

State Save Area (TCS.OSSA): This defines the offset of the base address of a set of State Save Area slots from 
the enclave’s base address.

When an AEX occurs, hardware selects the SSA frame to use by examining TCS.CSSA. Processor state is saved into 
the SSA frame (see Section 40.4) and loaded with a synthetic state (as described in Section 40.3.1)to avoid leaking 
secrets, RSP and RP are restored to their values prior to enclave entry, and TCS.CSSA is incremented. As will be 
described later, if an exception takes the last slot, it will not be possible to reenter the enclave to handle the excep-

Figure 40-2.  The SSA Stack 

Current 

SECS.SSAFRAMESIZE

 

TCS

NSSA

CSSA

OSSA

(in pages)

MISC_N-1

GRP_N-1

GPR_1

XSAVE_N-1

XSAVE_1

MISC_1

XAVE_0

MISC_0

GRP_0

SSA Stack

SSA Fram