Existing Intel SGX applications are difficult to migrate directly to the emerging Arm Confidential Compute Architecture (CCA) due to their reliance on SGX-specific APIs and execution semantics. To address this challenge, this work proposes CCX, a framework that, for the first time, reconstructs SGX’s core abstractions within the Arm CCA firmware layer, enabling binary-compatible execution of unmodified SGX applications. CCX requires no source code changes while rigorously preserving SGX’s security guarantees and adapting them to the CCA architecture. Prototype evaluation on QEMU and the Nitrogen8M development board demonstrates that CCX correctly executes native SGX applications, provides equivalent security assurances, and even achieves performance advantages in representative workloads.

Novel confidential computing technologies such as Intel TDX, AMD SEV, and Arm CCA have recently emerged. In practice, due to its minimal trust boundaries, Intel SGX still remains widely used for enclave-based applications in cloud environments, including confidential cloud services, privacy-preserving communication, secure payment processing, and privacy-focused advertising. With the growing adoption of Arm CPUs in cloud systems, however, existing SGX applications face a significant portability challenge: they are tightly coupled to SGX-specific APIs and execution semantics. In this paper, we present the design and implementation of CCX, a framework that enables existing SGX applications to run on Arm CCA without source code modification. To this end, CCX redesigns SGX functionality within Arm CCA firmware, adapting SGX abstractions to CCA's architecture design while preserving full compatibility with existing applications originally developed for SGX. We implemented a prototype of CCX on both the QEMU emulator and a Nitrogen8M development board. Our evaluation shows that CCX is capable of executing existing SGX applications without requiring source code changes, while providing security guarantees comparable to Intel SGX and achieving performance improvements in our evaluated settings.