Seal to the Enclave Author

Sealing to the enclave author uses the identity of the enclave author, which the CPU stores in the MRSIGNER register at enclave initialization time, and binds this value to the key used by the seal data function. This binding is performed by the hardware through the EGETKEY instruction. The key used by the seal data function is also bound to the Product ID of the enclave. The Product ID is stored in the CPU when the enclave is instantiated.

Only an enclave with the same value in the MRSIGNER measurement register and the same Product ID will be able to unseal data that was sealed in this manner.

The benefit of offering this mechanism over sealing to the enclave identity is two-fold. First, it allows for an enclave to be upgraded by the enclave author, but does not require a complex upgrade process to unlock data sealed to the previous version of the enclave (which will have a different MRENCLAVE measurement) and reseal it to the new version. Second, it allows enclaves from the same author to share sealed data.

Enclave authors have the opportunity to set a Security Version Number (SVN) when they produce the enclave. This security version number is also stored in the CPU when the enclave is instantiated. An enclave has to supply an SVN in its request to obtain the seal key from the CPU. The enclave cannot specify a version beyond the SVN used when the enclave was created (ISVSVN). This would give the enclave access to a seal key to which it is not entitled. However, the enclave may specify an SVN previous to the enclave’s ISVSVN. This option gives an enclave the ability to unseal data sealed by a previous version of the enclave, which would facilitate enclave software updates, for instance.

For more complete information about compiler optimizations, see our Optimization Notice.