background image

40-4 Vol. 3D

ENCLAVE EXITING EVENTS

40.3.3 

Synthetic State for MISC Features

State represented by SECS.MISCSELECT might also be overridden by synthetic state after it has been saved into 
the SSA. State represented by MISCSELECT[0] is not overridden but if the exiting event is a page fault then lower 
12 bits of CR2 are cleared. 

40.4 AEX 

FLOW

On Enclave Exiting Events (interrupts, exceptions, VM exits or SMIs), the processor state is securely saved inside 
the enclave, a synthetic state is loaded and the enclave is exited. The EEE then proceeds in the usual exit-defined 
fashion. The following sections describes the details of an AEX:
1. The exact processor state saved into the current SSA frame depends on whether the enclave is a 32-bit or a 64-

bit enclave. In 32-bit mode (IA32_EFER.LMA = 0 || CS.L = 0), the low 32 bits of the legacy registers (EAX, EBX, 
ECX, EDX, ESP, EBP, ESI, EDI, EIP and EFLAGS) are stored. The upper 32 bits of the legacy registers and the 
64-bit registers (R8 … R15) are not stored.
In 64-bit mode (IA32_EFER.LMA = 1 && CS.L = 1), all 64 bits of the general processor registers (RAX, RBX,

RCX, RDX, RSP, RBP, RSI, RDI, R8 … R15, RIP and RFLAGS) are stored.
The state of those extended features specified by SECS.ATTRIBUTES.XFRM are stored into the XSAVE area of

the current SSA frame. The layout of the x87 and XMM portions (the 1st 512 bytes) depends on the current

values of IA32_EFER.LMA and CS.L:
If IA32_EFER.LMA = 0 || CS.L = 0, the same format (32-bit) that XSAVE/FXSAVE uses with these values.
If IA32_EFER.LMA = 1 && CS.L = 1, the same format (64-bit) that XSAVE/FXSAVE uses with these values

when REX.W = 1. 
The cause of the AEX is saved in the EXITINFO field. See Table 38-9 for details and values of the various

fields.
The state of those miscellaneous features (see Section 38.7.2) specified by SECS.MISCSELECT are stored into 
the MISC area of the current SSA frame.

2. Synthetic state is created for a number of processor registers to present an opaque view of the enclave state. 

Table 40-1 shows the values for GPRs, x87, SSE, FS, GS, Debug and performance monitoring on AEX. The 
synthetic state for other extended features (those controlled by XCR0[62:2]) is set to their respective INIT 
states when their corresponding bit of SECS.ATTRIBUTES.XFRM is set. The INIT state is that state as defined by 
the behavior of the XRSTOR instruction when HEADER.XSTATE_BV[n] is 0. Synthetic state of those miscella-
neous features specified by SECS.MISCSELECT depends on the miscellaneous feature. There is no synthetic 
state required for the miscellaneous state controlled by SECS.MISCSELECT[0]. 

3. Any code and data breakpoints that were suppressed at the time of enclave entry are unsuppressed when 

exiting the enclave.

4. RFLAGS.TF is set to the value that it had at the time of the most recent enclave entry (except for the situation 

that the entry was opt-in for debug; see Section 43.2). In the SSA, RFLAGS.TF is set to 0. 

5. RFLAGS.RF is set to 0 in the synthetic state. In the SSA, the value saved is the same as what would have been 

saved on stack in the non-SGX case (architectural value of RF). Thus, AEXs due to interrupts, traps, and code 
breakpoints save RF unmodified into SSA, while AEXs due to other faults save RF as 1 in the SSA. 
If the event causing AEX happened on intermediate iteration of a REP-prefixed instruction, then RF=1 is

saved on SSA, irrespective of its priority.

6. Any performance monitoring activity (including PEBS) or profiling activity (LBR, Tracing using Intel PT) on the 

exiting thread that was suppressed due to the enclave entry on that thread is unsuppressed. Any counting that 
had been demoted from AnyThread counting to MyThread counting (on one logical processor) is promoted back 
to AnyThread counting.