background image

43-2 Vol. 3D

ENCLAVE CODE DEBUG AND PROFILING

tion control. The details of this masking/unmasking and the pending of single stepping events across 
EENTER/ERESUME/EEXIT/AEX are covered in detail in Section 43.2.3.
If the EFLAGS.TF bit is set at the beginning of EREPORT or EGETKEY leafs, and if the EFLAGS.TF is not masked by 
the preceding enclave entry, then a single-step debug exception is pending on the instruction boundary immedi-
ately after the ENCLU instruction. Additionally, if the instruction is executed in VMX non-root operation and the 
“monitor trap flag” VM-execution control is 1, and if the monitor trap flag is not masked by the preceding enclave 
entry, then an MTF VM exit is pending on the instruction boundary immediately after the instruction.
If the instruction under consideration results in a fault, then the control flow goes to the fault handler, and no 
single-step debug exception is asserted. In such a situation, if the instruction is executed in VMX non-root opera-
tion and the “monitor trap flag” VM-execution control is 1, an MTF VM exit is pending after the delivery of the fault 
(or any nested exception). No MTF VM exit occurs if another VM exit occurs before reaching that boundary on which 
an MTF VM exit would be pending.

43.2.3 

Single-Stepping Enclave Entry with Opt-out Entry

43.2.3.1   Single Stepping without AEX

Figure 43-1 shows the most common case for single-stepping after an opt-out entry.

In this scenario, if the RFLAGS.TF bit is set at the time of the enclave entry, then a single step debug exception is 
pending on the instruction boundary after EEXIT. Additionally, if the enclave is executing in VMX non-root operation 
and the “monitor trap flag” VM-execution control is 1, an MTF VM exit is pending on the instruction boundary after 
EEXIT.
The value of the RFLAGS.TF bit at the end of EEXIT is the same as the value of RFLAGS.TF at the time of the enclave 
entry.

43.2.3.2   Single Step Preempted by AEX Due to Non-SMI Event

Figure 43-2 shows the interaction of single stepping with AEX due to a non-SMI event after an opt-out entry.

Figure 43-1.  Single Stepping with Opt-out Entry - No AEX

SMI

EENTER

Inst1

RFLAGS.TF

VMCS.MTF

ERESUME

Inst2

Inst3

EEXIT

Inst4

TF/MTF

Handler

Higher Priority

Handler

INIT
#MC

Single-Step #DB Pending

MTF VM Exit Pending