Seal to the Current Enclave (Enclave Measurement)

Sealing to the current enclave uses the current version of the enclave measurement (MRENCLAVE), taken when the enclave was created, and binds this value to the key used by the sealing operation. This binding is performed by the hardware through the EGETKEY instruction.

Only an enclave with the same MRENCLAVE measurement will be able to unseal the data that was sealed in this manner. If the enclave DLL, Dynamic Library, or Shared Object file is tampered with, the measurement of the enclave will change. As a result, the sealing key will change as well, and the data cannot be recovered.

For more complete information about compiler optimizations, see our Optimization Notice.