The Quoting Enclave

An Intel provided enclave known as the Quoting Enclave (QE) verifies the reports that have been created to its MRENCLAVE measurement value and then converts and signs them using a device specific asymmetric key, the Intel EPID key. The output of this process is called a quote, which may be verified outside the platform. Only the QE has access to the Intel EPID key when the enclave system is operational. Therefore the quote can be seen to be emanating from the hardware itself but the CPU key is never exposed outside the platform.

For more complete information about compiler optimizations, see our Optimization Notice.