This work addresses the security and availability threats posed by state rollback attacks in Trusted Execution Environments (TEEs) to confidential Byzantine Fault Tolerant (BFT) consensus systems. The authors propose a protocol-aware recovery framework that categorizes persisted consensus states into metadata and logs based on their semantic roles, and designs tailored recovery mechanisms for each category. As the first systematic classification and implementation of rollback-resilient recovery for confidential BFT consensus, this approach overcomes the traditional trade-off between performance and recovery latency. A prototype built on Intel TDX, complemented by formal verification using Maude, demonstrates significant improvements over baseline methods in both LAN and WAN settings when evaluated on Braft and ZooKeeper, achieving higher throughput, lower recovery latency, and enhanced availability.

Trusted Execution Environments (TEEs) have enabled confidential Byzantine Fault-Tolerant (BFT) consensus systems with confidentiality and improved scalability. However, TEEs do not provide state continuity: during recovery, a compromised host can roll back a crashed enclave to a stale persistent state, significantly threatening both safety and availability. Existing defenses face a fundamental tradeoff: they either impose substantial overhead on critical consensus paths, reducing throughput and increasing latency, or incur prolonged recovery delays, hurting availability. We present the first systematic taxonomy of rollback-resilient recovery for confidential BFT consensus, distilling prior approaches into four categories. We further expose their inherent limitations. Guided by this detailed analysis, we design CHIMERA, a protocol-aware recovery framework that breaks this tradeoff. Our key insight is that rollback protection in consensus systems should not be uniform. Different types of persistent states differ fundamentally in their state distribution, update behavior, and representation form. CHIMERA separates persistent state into metadata and logs according to these protocol-level properties and applies distinct recovery mechanisms to each type. We formally model CHIMERA in Maude and verify its safety and liveness properties. We implement it on Braft and ZooKeeper using Intel TDX, and evaluate it in both LAN and WAN settings. Results show that CHIMERA achieves higher throughput, lower recovery latency, and better availability than state-of-the-art rollback-resilient baselines.