Vol. 3D 43-5

ENCLAVE CODE DEBUG AND PROFILING

VMMs that create the VM-entry interruption information based on the interruption vector should use event type of 
3 (instead of 6) when they detect a VM exit incident to enclave mode that is due to an event with vector 3.

43.5 BRANCH 

TRACING

43.5.1 BTF 

Treatment

When software enables single-stepping on branches then:

•

Following an opt-in entry using EENTER the processor generates a single step debug exception. 

•

Following an EEXIT the processor generates a single-step debug exception

Enclave entry using ERESUME (opt-in or opt-out) and an AEX from the enclave do not cause generation of the 
single-step debug exception.

43.5.2 LBR 

Treatment

43.5.2.1   LBR Stack on Opt-in Entry

Following an opt-in entry into an enclave, last branch recording facilities if enabled continued to store branch 
records in the LBR stack MSRs as follows:

•

On enclave entry using EENTER/ERESUME, the processor push the address of EENTER/ERESUME instruction 
into MSR_LASTBRANCH_n_FROM_IP, and the destination address of the EENTER/ERESUME into 
MSR_LASTBRANCH_n_TO_IP. 

•

On EEXIT, the processor pushes the address of EEXIT instruction into MSR_LASTBRANCH_n_FROM_IP, and the 
address of EEXIT destination into MSR_LASTBRANCH_n_TO_IP. 

•

On AEX, the processor pushes RIP saved in the SSA into MSR_LASTBRANCH_n_FROM_IP, and the address of 
AEP into MSR_LASTBRANCH_n_TO_IP. 

•

For every branch inside the enclave, a branch record is pushed on the LBR stack.

Figure 43-3 shows an example of LBR stack manipulation after an opt-in entry. Every arrow in this picture indicates 
a branch record pushed on the LBR stack. The “From IP” of the branch record contains the linear address of the 
instruction located at the start of the arrow, while the “To IP” of the branch record contains the linear address of the 
instruction at the end of the arrow.