Fortanix Confidential Computing Manager (CCM) can whitelist EnclaveOS and ACI applications.
Enclave-related properties of the application are included for the application while whitelisting:
For Nitro application: This includes an uninterrupted assessment of the contents within the image file, excluding the section data represented as a hexadecimal string (platform configuration registers - PCR0), a seamless evaluation of the kernel and boot root filesystem (PCR1) and a sequential, in-order evaluation of the user applications, excluding the boot root filesystem (PCR2).
For ACI applications, during the whitelisting process, it is the base64-encoded output from the Azure Confidential Computing ACI Policy Generation tool.
When the enclave runs and presents its attestation to the Fortanix CCM, all of these values are included in the attestation report, which can be used by the Fortanix CCM to determine whether to accept the attestation.
For more details on how to whitelist an application using Fortanix CCM, refer to the article: User's Guide: Tasks