Debug (Opt-in) Enclave Considerations

Data provisioned to a debug enclave is not secret. A debug enclave’s memory is not protected by the hardware so it may be inspected and modified using the Intel SGX debugging instructions. The enclave attributes, which include the debug flag, are contained in the report and quote that provide the enclave credentials. To protect all secrets provisioned to production enclaves, local and remote entities must check the enclave attributes and exchange special debug secrets during the development process but refrain from provisioning any secret to a debug enclave.

For more complete information about compiler optimizations, see our Optimization Notice.