background image

Vol. 3C 36-25

INTEL® PROCESSOR TRACE

During the enclave execution, Intel PT remains enabled, and periodic or timing packets such as PSB, TSC, MTC, or 
CBR can still be generated. No IPs or other architectural state will be exposed.
For packet generation examples on enclave entry or exit, see Section 36.7.

Debug Enclaves

SGX allows an enclave to be configured with relaxed protection of confidentiality for debug purposes, see Intel® 
Software Guard Extensions Programming Reference. In a debug enclave, Intel PT continues to function normally. 
Specifically, ContextEn is not impacted by enclave entry or exit. Hence the generation of ContextEn-dependent 
packets within a debug enclave is allowed.

36.2.8.4   SENTER/ENTERACCS and ACM

GETSEC[SENTER] and GETSEC[ENTERACCS] instructions clear TraceEn, and it is not restored when those instruc-
tion complete. SENTER also causes TraceEn to be cleared on other logical processors when they rendezvous and 
enter the SENTER sleep state. In these two cases, the disabling of packet generation is not guaranteed to flush 
internally buffered packets. Some packets may be dropped.
When executing an authenticated code module (ACM), packet generation is silently disabled during ACRAM setup. 
TraceEn will be cleared, but no TIP.PGD packet is generated. After completion of the module, the TraceEn value will 
be restored. There will be no TIP.PGE packet, but timing packets, like TSC and CBR, may be produced.

36.2.8.5   Intel® Memory Protection Extensions (Intel® MPX)

Bounds exceptions (#BR) caused by Intel MPX are treated like other exceptions, producing FUP and TIP packets 
that indicate the source and destination IPs.

36.3 

CONFIGURATION AND PROGRAMMING GUIDELINE

36.3.1 

Detection of Intel Processor Trace and Capability Enumeration

Processor support for Intel Processor Trace is indicated by CPUID.(EAX=07H,ECX=0H):EBX[bit 25] = 1. CPUID 
function 14H is dedicated to enumerate the resource and capability of processors that report 
CPUID.(EAX=07H,ECX=0H):EBX[bit 25] = 1. Different processor generations may have architecturally-defined 
variation in capabilities. Table 36-11 describes details of the enumerable capabilities that software must use across 
generations of processors that support Intel Processor Trace.