background image

Vol. 3D 43-1

ENCLAVE CODE DEBUG AND PROFILING

CHAPTER 43

ENCLAVE CODE DEBUG AND PROFILING

Intel

®

 SGX is architected to provide protection for production enclaves and permit enclave code developers to use 

an SGX-aware debugger to effectively debug a non-production enclave (debug enclave). Intel SGX also allows a 
non-SGX-aware debugger to debug non-enclave portions of the application without getting confused by enclave 
instructions.

43.1 

CONFIGURATION AND CONTROLS

43.1.1 

Debug Enclave vs. Production Enclave

The SECS of each enclave provides a bit, SECS.ATTRIBUTES.DEBUG, indicating whether the enclave is a debug 
enclave (if set) or a production enclave (if 0). If this bit is set, software outside the enclave can use 
EDBGRD/EDBGWR to access the EPC memory of the enclave. The value of DEBUG is not included in the measure-
ment of the enclave and therefore doesn't require an alternate SIGSTRUCT to be generated to debug the enclave.
The ATTRIBUTES field in the SECS is reported in the enclave's attestation, and is included in the key derivation. 
Enclave secrets that were protected by the enclave using Intel SGX keys when it ran as a production enclave will 
not be accessible by the debug enclave. A debugger needs to be aware that special debug content might be 
required for a debug enclave to run in a meaningful way. 
EPC memory belonging to a debug enclave can be accessed via the EDBGRD/EDBGWR leaf functions (see Section 
41.4), while that belonging to a non-debug enclave cannot be accessed by these leaf functions.

43.1.2 Tool-Chain 

Opt-in

The TCS.FLAGS.DBGOPTIN bit controls interactions of certain debug and profiling features with enclaves, including 
code/data breakpoints, TF, RF, monitor trap flag, BTF, LBRs, BTM, BTS, Intel Processor Trace, and performance 
monitoring. This bit is forced to zero when EPC pages are added via EADD. A debugger can set this bit via EDBGWR 
to the TCS of a debug enclave.
An enclave entry through a TCS with the TCS.FLAGS.DBGOPTIN set to 0 is called an opt-out entry. Conversely, an 
enclave entry through a TCS with TCS.FLAGS.DBGOPTIN set to 1 is called an opt-in entry.

43.2 SINGLE 

STEP 

DEBUG

43.2.1 

Single Stepping ENCLS Instruction Leafs

If the RFLAGS.TF bit is set at the beginning of ENCLS, then a single-step debug exception is pending as a trap-class 
exception on the instruction boundary immediately after the ENCLS instruction. Additionally, if the instruction is 
executed in VMX non-root operation and the “monitor trap flag” VM-execution control is 1, an MTF VM exit is 
pending on the instruction boundary immediately after the instruction if the instruction does not fault.

43.2.2 

Single Stepping ENCLU Instruction Leafs

The interactions of the unprivileged Intel SGX instruction ENCLU are leaf dependent.
An enclave entry via EENTER/ERESUME leaf functions of the ENCLU, in certain cases, may mask the RFLAGS.TF bit, 
and mask the setting of the “monitor trap flag” VM-execution control. In such situations, an exit from the enclave, 
either via the EEXIT leaf function or via an AEX unmasks the RFLAGS.TF bit and the “monitor trap flag” VM-execu-