Just came back to post this but you beat me to it haha. Thank you! :) I just looked at the SGX 101 book and found the relevant piece: Client and enclave are basically doing a DH key exchange.
https://sgx101.gitbook.io/sgx101/sgx-bootstrap/attestation#s...