Enclave Measurement – A single 256-bit hash that identifies the code and initial data to be placed inside the enclave, the expected order and position in which they are to be placed, and the security properties of those pages. A change in any of these variables will result in a different measurement. When the enclave code/data pages are placed inside the EPC, the CPU calculates the enclave measurement and stores this value in the MRENCLAVE register. Then the CPU compares the content of MRENCLAVE against the enclave measurement value in SIGSTRUCT. Only if they match with each other, the CPU will allow the enclave to be initialized.
The Enclave Author’s Public Key – After an enclave is successfully initialized, the CPU records a hash of the enclave author’s public key in the MRSIGNER register. The contents of MRSIGNER will serve as the identity of the enclave author. The result is that those enclaves which have been authenticated with the same key shall have the same value placed in the MRSIGNER register.
The Security Version Number of the Enclave (ISVSVN) – The enclave author assigns a Security Version Number (SVN) to each version of an enclave. The SVN reflects the level of the security property of the enclave, and should monotonically increase with improvements of the security property. After an enclave is successfully initialized, the CPU records the SVN, which can be used during attestation. Different versions of an enclave with the same security property should be assigned with the same SVN. For example, a new version of an enclave with non-security-related bug fixes should have the same SVN as the older version.
The Product ID of the Enclave (ISVPRODID) – The enclave author also assigns a Product ID to each enclave. The Product ID allows the enclave author to segment enclaves with the same enclave author identity. After an enclave is successfully initialized, the Product ID is recorded by the CPU, which can be used during attestation.