EEXIT — Exits an Enclave

Instruction Operand Encoding ¶

Description ¶

The ENCLU[EEXIT] instruction exits the currently executing enclave and branches to the location specified in RBX. RCX receives the current AEP. If RBX is not within the CS (32-bit mode) or is not canonical (64-bit mode) a #GP(0) results.

EEXIT Memory Parameter Semantics ¶

If RBX specifies an address that is inside the enclave, the instruction will complete normally. The fetch of the next instruction will occur in non-enclave mode, but will attempt to fetch from inside the enclave. This fetch returns a fixed data pattern.

If secrets are contained in any registers, it is responsibility of enclave software to clear those registers.

If XCR0 was modified on enclave entry, it is restored to the value it had at the time of the most recent EENTER or ERESUME.

If the enclave is opt-out, RFLAGS.TF is loaded from the value previously saved on EENTER.

Code and data breakpoints are unsuppressed.

Performance monitoring counters are unsuppressed.

Concurrency Restrictions ¶

Operation ¶

Temp Variables in EEXIT Operational Flow ¶

TMP_MODE64 := ((IA32_EFER.LMA = 1) && (CS.L = 1));

IF (TMP_MODE64 = 1)

THEN

IF (RBX is not canonical) THEN #GP(0); FI;

ELSE

IF (RBX > CS limit) THEN #GP(0); FI;

FI;

TMP_RIP := CRIP;

RIP := RBX;

(* Return current AEP in RCX *)

RCX := CR_TCS_PA.AEP;

(* Do the FS/GS swap *)

FS.selector := CR_SAVE_FS.selector;

FS.base := CR_SAVE_FS.base;

FS.limit := CR_SAVE_FS.limit;

FS.access_rights := CR_SAVE_FS.access_rights;

GS.selector := CR_SAVE_GS.selector;

GS.base := CR_SAVE_GS.base;

GS.limit := CR_SAVE_GS.limit;

GS.access_rights := CR_SAVE_GS.access_rights;

(* Restore XCR0 if needed *)

IF (CR4.OSXSAVE = 1)

XCR0 := CR_SAVE__XCR0;

FI;

Unsuppress_all_code_breakpoints_that_are_outside_ELRANGE;

IF (CR_DBGOPTIN = 0)

THEN

UnSuppress_all_code_breakpoints_that_overlap_with_ELRANGE;

Restore suppressed breakpoint matches;

RFLAGS.TF := CR_SAVE_TF;

UnSuppress_montior_trap_flag;

UnSuppress_LBR_Generation;

UnSuppress_performance monitoring_activity;

Restore performance monitoring counter AnyThread demotion to MyThread in enclave back to AnyThread

FI;

IF RFLAGS.TF = 1

THEN Pend Single-Step #DB at the end of EEXIT;

FI;

IF the “monitor trap flag” VM-execution control is set

THEN pend a MTF VM exit at the end of EEXIT;

FI;

IF (CPUID.(EAX=12H, ECX=1):EAX[6] = 1)

THEN

(* Record PREVSSP *)

IF (IA32_U_CET.SH_STK_EN == 1)

THEN CR_TCS_PA.PREVSSP = SSP; FI;

FI;

IF ((CPUID.(EAX=7H, ECX=0):EDX[CET_IBT] = 1) OR (CPUID.(EAX=7, ECX=0):ECX[CET_SS] = 1)

THEN

(* Restore enclosing app’s CET state from the save registers *)

IA32_U_CET := CR_SAVE_IA32_U_CET;

IF CPUID.(EAX=07H, ECX=00h):ECX[CET_SS] = 1

THEN SSP := CR_SAVE_SSP; FI;

(* Update enclosing app’s TRACKER if enclosing app has indirect branch tracking enabled *)

IF (CR4.CET = 1 AND IA32_U_CET.ENDBR_EN = 1)

THEN

IA32_U_CET.TRACKER := WAIT_FOR_ENDBRANCH;

IA32_U_CET.SUPPRESS := 0

FI;

FI;

CR_ENCLAVE_MODE := 0;

CR_TCS_PA.STATE := INACTIVE;

(* Assure consistent translations *)

Flush_linear_context;

Flags Affected ¶

RFLAGS.TF is restored from the value previously saved in EENTER or ERESUME.

Protected Mode Exceptions ¶

64-Bit Mode Exceptions ¶