How does the enclave build procedure ensure that the content of an image cannot be altered between the conversion and a future run?

Updated on Mar 25, 2025
Published on Jun 12, 2024

1 minute(s) read

Application attestation handles this. Fortanix CCM generates the enclave hash (MRENCLAVE), signer (MRSIGNER), ISVPRODID, and ISVSVN during image conversion. These values are created by the enclave application and supplied in the attestation report. Before providing a certificate, Fortanix CCM verifies the report and the application's integrity. Deviations from these values imply tampering. Consequently, the application fails.

AWS nitro's first enclave image and measurement include the whole enclave filesystem. AWS nitro solutions are like SGX. The filesystem hash is stored in the enclave image and measurements.

Was this article helpful?

How does the enclave build procedure ensure that the content of an image cannot be altered between the conversion and a future run?

PLATFORM

Key Insight

Data Security Manager™

Confidential Computing Manager

Enclave Development Platform®

Request A demo

Contact Us

Free Trial

SOLUTIONS

AWS KMS External Key Store (XKS)

Google External Key Manager

Bring Your Own Key (BYOK)

HSM Modernization

Multicloud Key Management

Post Quantum Cryptography

Code Signing

Secrets Management

Tokenization Transparent

Database Encryption

Filesystem Encryption

Confidential Data Search

Confidential AI

Healthcare

Banking & Financial Services

Fintech

Manufacturing

Web 3.0

Federal Government

RESOURCES

Blog

Whitepapers

Datasheets

Solution Briefs

Ebooks

Reports

Case Studies

Webinars

University

Media Kit

Newsletters

COMPANY

About

Careerswe’re hiring

Customers

Partners

Awards

Events

Press

News

Services

Support

FAQ

4.6