Vol. 3D 43-5
ENCLAVE CODE DEBUG AND PROFILING
VMMs that create the VM-entry interruption information based on the interruption vector should use event type of
3 (instead of 6) when they detect a VM exit incident to enclave mode that is due to an event with vector 3.
43.5 BRANCH
TRACING
43.5.1 BTF
Treatment
When software enables single-stepping on branches then:
•
Following an opt-in entry using EENTER the processor generates a single step debug exception.
•
Following an EEXIT the processor generates a single-step debug exception
Enclave entry using ERESUME (opt-in or opt-out) and an AEX from the enclave do not cause generation of the
single-step debug exception.
43.5.2 LBR
Treatment
43.5.2.1 LBR Stack on Opt-in Entry
Following an opt-in entry into an enclave, last branch recording facilities if enabled continued to store branch
records in the LBR stack MSRs as follows:
•
On enclave entry using EENTER/ERESUME, the processor push the address of EENTER/ERESUME instruction
into MSR_LASTBRANCH_n_FROM_IP, and the destination address of the EENTER/ERESUME into
MSR_LASTBRANCH_n_TO_IP.
•
On EEXIT, the processor pushes the address of EEXIT instruction into MSR_LASTBRANCH_n_FROM_IP, and the
address of EEXIT destination into MSR_LASTBRANCH_n_TO_IP.
•
On AEX, the processor pushes RIP saved in the SSA into MSR_LASTBRANCH_n_FROM_IP, and the address of
AEP into MSR_LASTBRANCH_n_TO_IP.
•
For every branch inside the enclave, a branch record is pushed on the LBR stack.
Figure 43-3 shows an example of LBR stack manipulation after an opt-in entry. Every arrow in this picture indicates
a branch record pushed on the LBR stack. The “From IP” of the branch record contains the linear address of the
instruction located at the start of the arrow, while the “To IP” of the branch record contains the linear address of the
instruction at the end of the arrow.