Debug (Opt-in) Enclave Considerations

The Intel SGX architecture includes the debug flag, as well as other enclave attributes specified by the developer in the key request structure, in the seal key derivation. Two identical enclaves launched in debug and non-debug mode respectively, will get different seal keys. This mechanism protects the data sealed by a production enclave, since it cannot be unsealed by a debug enclave.

For more complete information about compiler optimizations, see our Optimization Notice.