At a high-level, the Intel® SGX supporting software offers a programming model similar to what ISVs are used to from developing regular Android, Linux, OS X, and Windows applications, which is exposed through a DLL on Windows OS, a Dynamic Library on OS X, and a Shared Object on Linux OS and Android OS.
A regular DLL, Dynamic Library, or Shared Object file typically contains code and data sections corresponding to the functions and/or methods as well as the variables and/or objects implemented in the shared library. The operating system allocates a heap when the process that uses the shared library is loaded and a stack for each thread spawned within the process. Similarly, an enclave library file contains trusted code and data sections that will be loaded into protected memory (EPC) when the enclave is created. In an enclave file, there is also an Intel SGX specific data structure, the enclave metadata. The metadata is not loaded into EPC. Instead, it is used by the untrusted loader to determine how to properly load the enclave in EPC. The metadata defines a number of trusted thread contexts, which includes the trusted stack, and a trusted heap initialized by the trusted runtime system at enclave initialization. Trusted thread contexts and trusted heap are required to support a trusted execution environment. The metadata also contains the enclave signature, which is a vital certificate of authenticity and origin of an enclave.
Even though an enclave can be delivered as a shared library file, defining what code and data is placed inside the enclave and what remains outside in the untrusted application is a key aspect of enclave development.
Enclaves, regardless on the number of trusted threads defined, must not be designed with the assumption that the untrusted application will invoke the ISV interface functions following a specific order. Once the enclave is initialized, an attacker may invoke any ISV interface function, arrange the calls in any order and provide any input parameters. Keep these ploys in mind to prevent opening an enclave up to attacks.