background image

43-4 Vol. 3D

ENCLAVE CODE DEBUG AND PROFILING

Following an opt-in entry instruction and data breakpoints are not suppressed.
The processor does not report any matches on debug breakpoints that are suppressed on enclave entry. However, 
the processor does not clear any bits in DR6 that were already set at the time of the enclave entry.

43.3.2 

Reporting of Instruction Breakpoint on Next Instruction on a Debug Trap

A debug exception caused by the single-step execution mode or when a data breakpoint condition was met causes 
the processor to perform an AEX. Following such an AEX, the processor reports in the debug status register (DR6) 
matches of the new instruction pointer (the AEP address) in a breakpoint address register setup to detect instruc-
tion execution.

43.3.3 

RF Treatment on AEX

RF flag value saved in SSA is the same as what would have been pushed on stack if the exception or event causing 
the AEX occurred when executing outside an enclave (see Section 17.3.1.1). Following an AEX, the RF flag is 0 in 
the synthetic state. 

43.3.4 

Breakpoint Matching in Intel® SGX Instruction Flows

Implicit accesses made by Intel SGX instructions to EPC regions do not trigger data breakpoints. Explicit accesses 
made by ENCLS[ECREATE], ENCLS[EADD], ENCLS[EEXTEND], ENCLS[EINIT], ENCLS[EREMOVE], 
ENCLS[ETRACK], ENCLS[EBLOCK], ENCLS[EPA], ENCLS[EWB], ENCLS[ELD], ENCLS[EDBGRD], ENCLS[EDBGWR], 
ENCLU[EENTER], and ENCLU[ERESUME] to the EPC operands do not trigger data breakpoints.
Explicit accesses made by the Intel SGX instructions (ENCLU[EGETKEY] and ENCLU[EREPORT]) executed by an 
enclave following an opt-in entry, trigger data breakpoints on accesses to their EPC operands. All Intel SGX instruc-
tions trigger data breakpoints on accesses to their non-EPC operands. 

43.4 INT3 

CONSIDERATION

43.4.1 

Behavior of INT3 Inside an Enclave

Inside an enclave, INT3 delivers a fault-class exception and thus does not require the CPL to be less than DPL in the 
IDT gate 3. Following opt-out entry, the instruction delivers #UD. Following opt-in entry, INT3 delivers #BP.
The RIP saved in the SSA on AEX is that of the INT3 instruction. The RIP saved on the stack ( or in the TSS or VMCS) 
is that of the AEP.
If execution of INT3 in an enclave causes a VM exit, the event type in the VM-exit interruption information field indi-
cates a hardware exception (type 3; not a software exception with type 6) and the VM-exit instruction length field 
is saved as zero.

43.4.2 Debugger 

Considerations

The INT3 is fault-like inside an enclave and the RIP saved in the SSA on AEX is that of the INT3 instruction. Conse-
quently, the debugger must not decrement SSA.RIP for #BP coming from an enclave to re-execute the instruction 
at the RIP of the INT3 instruction on a subsequent enclave entry. 

43.4.3 VMM 

Considerations

As described above, INT3 executed by enclave delivers #BP with “interruption type” of 3. A VMM that re-injects 
#BP into the guest can obtain the VM entry interruption information from appropriate VMCS fields (as recom-
mended in Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 3C).