Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Exception handling in enclave

gu_j_1
Beginner
1,457 Views

1. SGX2 enables enclave code to handle more exceptions inside enclave. However, the control flow is still first transferred to OS when exceptions happen and OS can obtain some information such as page fault address. Is my understanding correct?

2. Enclave should rely on OS to mange page table. In which scenarios, does developer need to handle page fault inside encalve?

Thanks!

0 Kudos
1 Solution
Surenthar_S_Intel
1,457 Views

Hi Gu,

#1.Enclave Exception Handler Mechanism:

Handling Exception:

  • Asynchronous Exit (AEX) is used to handle the exception in SGX
  • Faults, exceptions and interrupts initiate the Asynchronous Exit flow.
  • During AEX, enclave register state is stored in the enclave’s active SSA frame and initialized to a known value prior to leaving the enclave.
  • The RIP is initialized to an area referred to as the trampoline code

Resuming From Exceptions:

  • On an AEX the RIP is modified to point to the Trampoline area in the untrusted section of the app. This RIP is pushed onto the stack when jumping to the OS handler.
  • IRET will return the flow control to the app at the Trampoline Area.
  • The Trampoline will execute the ERESUME instruction. Register state will be restored from the SSA and Execution will resume from the interrupted location.

TCS can define multiple SSA frames on the SSA stack. AEX pushes content onto the SSA frame and increments the SSA frame
pointer. Last SSA frame state store in TCS will execute, once the ERESUME called.

In addition to the flow explained above, the sgx_urts.dll installs an exception handler before ECALLing into the enclave. If an exception happens while running within the enclave, the OS will search for registered exception handlers and will find what sgx_urts.dll has registered. When the sgx_urts.dll's handler gets control, ECALLs into the enclave again to execute the trusted exception handler. The enclave's handler access the information stored in the SSA and gives control to any exception handler the enclave might have registered. If the enclave handles the exception (EXCEPTION_CONTINUE_EXECUTION), sgx_urts.dll returns the same code to the OS, which then ERESUMEs and execution continues inside the enclave at the point where the exception (AEX) occurred. If the enclave doesn't handle the exception (EXCEPTION_EXECUTE_HANDLER) the OS will continue searching up the stack for a handler and eventually will abort the application if no other is found.

Please find the attachment for your reference for more info on Handling Exceptionflow in SGX

#2. Windows does not support paging support inside enclave.

Thanks and Reagrds,
Surenthar Selvaraj

View solution in original post

0 Kudos
2 Replies
Surenthar_S_Intel
1,458 Views

Hi Gu,

#1.Enclave Exception Handler Mechanism:

Handling Exception:

  • Asynchronous Exit (AEX) is used to handle the exception in SGX
  • Faults, exceptions and interrupts initiate the Asynchronous Exit flow.
  • During AEX, enclave register state is stored in the enclave’s active SSA frame and initialized to a known value prior to leaving the enclave.
  • The RIP is initialized to an area referred to as the trampoline code

Resuming From Exceptions:

  • On an AEX the RIP is modified to point to the Trampoline area in the untrusted section of the app. This RIP is pushed onto the stack when jumping to the OS handler.
  • IRET will return the flow control to the app at the Trampoline Area.
  • The Trampoline will execute the ERESUME instruction. Register state will be restored from the SSA and Execution will resume from the interrupted location.

TCS can define multiple SSA frames on the SSA stack. AEX pushes content onto the SSA frame and increments the SSA frame
pointer. Last SSA frame state store in TCS will execute, once the ERESUME called.

In addition to the flow explained above, the sgx_urts.dll installs an exception handler before ECALLing into the enclave. If an exception happens while running within the enclave, the OS will search for registered exception handlers and will find what sgx_urts.dll has registered. When the sgx_urts.dll's handler gets control, ECALLs into the enclave again to execute the trusted exception handler. The enclave's handler access the information stored in the SSA and gives control to any exception handler the enclave might have registered. If the enclave handles the exception (EXCEPTION_CONTINUE_EXECUTION), sgx_urts.dll returns the same code to the OS, which then ERESUMEs and execution continues inside the enclave at the point where the exception (AEX) occurred. If the enclave doesn't handle the exception (EXCEPTION_EXECUTE_HANDLER) the OS will continue searching up the stack for a handler and eventually will abort the application if no other is found.

Please find the attachment for your reference for more info on Handling Exceptionflow in SGX

#2. Windows does not support paging support inside enclave.

Thanks and Reagrds,
Surenthar Selvaraj

0 Kudos
gu_j_1
Beginner
1,457 Views

Hi, Surenthar 

Thank you for your detailed reply!

Still I am not clear about that whether the OS will know the page fault address(without the lowest 12 bits) when a page fault occurs in enclave.

Best regards,

Jinyu Gu

0 Kudos
Reply