Vol. 3D 43-3
ENCLAVE CODE DEBUG AND PROFILING
In this scenario, if the enclave is executing in VMX non-root operation and the “monitor trap flag” VM-execution
control is 1, an MTF VM exit is pending on the instruction boundary after the AEX. No MTF VM exit occurs if another
VM exit happens before reaching that instruction boundary.
The value of the RFLAGS.TF bit at the end of AEX is the same as the value of RFLAGS.TF at the time of the enclave
entry.
43.2.4
RFLAGS.TF Treatment on AEX
The value of EFLAGS.TF at the end of AEX from an opt-out enclave is same as the value of EFLAGS.TF at the time
of the enclave entry. The value of EFLAGS.TF at the end of AEX from an opt-in enclave is unmodified. The
EFLAGS.TF saved in GPR portion of the SSA on an AEX is 0. For more detail see EENTER and ERESUME in Chapter 5.
43.2.5
Restriction on Setting of TF after an Opt-Out Entry
Enclave entered through an opt-out entry is not allowed to set EFLAGS.TF. The POPF instruction forces RFLAGS.TF
to 0 if the enclave was entered through opt-out entry.
43.2.6
Trampoline Code Considerations
Any AEX from the enclave which results in the RFLAGS.TF =1 on the reporting stack will result in a single-step #DB
after the first instruction of the trampoline code if the trampoline is entered using the IRET instruction.
43.3
CODE AND DATA BREAKPOINTS
43.3.1 Breakpoint
Suppression
Following an opt-out entry:
•
Instruction breakpoints are suppressed during execution in an enclave.
•
Data breakpoints are not triggered on accesses to the address range defined by ELRANGE.
•
Data breakpoints are triggered on accesses to addresses outside the ELRANGE
Figure 43-2. Single Stepping with Opt-out Entry -AEX Due to Non-SMI Event Before Single-Step Boundary
Event Inside Enclave
EENTER
Inst1
RFLAGS.TF
VMCS.MTF
ERESUME
Inst2
Inst3
EEXIT
Inst4
TF/MTF
Handler
AEX
Handler
Single-Step #DB Pending
MTF VM Exit Pending
AEX
Higher Priority
Handler