Edit

Share via

ENCLAVE_SEALING_IDENTITY_POLICY enumeration (ntenclv.h)

  • Article

Defines values that specify how another enclave must be related to the enclave that calls EnclaveSealData for the enclave to unseal the data.

Syntax

typedef enum ENCLAVE_SEALING_IDENTITY_POLICY {
  ENCLAVE_IDENTITY_POLICY_SEAL_INVALID = 0,
  ENCLAVE_IDENTITY_POLICY_SEAL_EXACT_CODE,
  ENCLAVE_IDENTITY_POLICY_SEAL_SAME_PRIMARY_CODE,
  ENCLAVE_IDENTITY_POLICY_SEAL_SAME_IMAGE,
  ENCLAVE_IDENTITY_POLICY_SEAL_SAME_FAMILY,
  ENCLAVE_IDENTITY_POLICY_SEAL_SAME_AUTHOR
} ;

Constants

 
ENCLAVE_IDENTITY_POLICY_SEAL_INVALID
Value: 0
This value is not valid. Do not use.
ENCLAVE_IDENTITY_POLICY_SEAL_EXACT_CODE
All of the bytes of every image loaded into the unsealing enclave must match the bytes of every image in the sealing enclave in order for EnclaveSealData to decrypt the data.
ENCLAVE_IDENTITY_POLICY_SEAL_SAME_PRIMARY_CODE
All of the bytes of the primary image loaded into the unsealing enclave must match the bytes for the primary image in the sealing enclave in order for EnclaveSealData to decrypt the data.
ENCLAVE_IDENTITY_POLICY_SEAL_SAME_IMAGE
The author identifier, family identifier, and image identifier of the primary image of the unsealing enclave must match the author identifier, family identifier, and image identifier of the primary image of the sealing enclave in order for EnclaveSealData to decrypt the data. The enclave can be revised by its author as many times as desired, and the data can be unsealed by any enclave with a primary image retains those same identity values.
ENCLAVE_IDENTITY_POLICY_SEAL_SAME_FAMILY
The author identifier and family identifier of the primary image of the unsealing enclave must match the author identifier and family identifier of the primary image of the sealing enclave in order for EnclaveSealData to decrypt the data. This case permits an enclave to exchange information with any other enclave in the same family
ENCLAVE_IDENTITY_POLICY_SEAL_SAME_AUTHOR
The author identifier of the primary image of the unsealing enclave must match the author identifier of the primary image of the sealing enclave in order for EnclaveSealData to decrypt the data. This case permits an enclave to exchange information with any other enclave generated by the same author.

Requirements

Requirement Value
Minimum supported client Windows 10, version 1709 [desktop apps only]
Minimum supported server Windows Server 2016 [desktop apps only]
Header ntenclv.h

See also

EnclaveSealData

Enclave Enumerations