Undefined Behavior if Number of Application Threads Exceeds “TCS_NUM” in Intel® Software Guard Extensions (Intel® SGX) Enclave Configuration File

• Set TCS_NUM to 10 and TCS_POLICY to 1 in the enclave configuration file.
• Ran application with more than 10 threads.
• Application did not run well and exhibited strange issues.
• The application ran well after setting TCS_NUM to match the number of threads.

TCS_NUM indicates the number of Thread Control Structures (TCS) to allocate for the enclave.

From Intel SGX Explained: The SGX implementation uses a Thread Control Structure (TCS) for each logical processor that executes an enclave’s code. It follows that an enclave’s author must provision at least as many TCS instances as the maximum number of concurrent threads that the enclave is intended to support.

A TCS consists of an entry point and pointer to the State Save Area and other features. The Thread Control Structure section of Intel's Software Development Manual provides details of the contents of the TCS.

If there are more threads than the number of TCS, the threads will not know how to enter the enclave because the TCS does not exist.

Refer to Thread Binding Policy for information on the TCS_POLICY.

TCS_NUM can be set higher than the number of processor cores. The operating system will manage the thread scheduling.