Enclave Functions

The following functions are used when working with enclaves that are used to create trusted execution environments.

Note

Using these APIs for a VBS Enclave requires Windows 11 Build 26100.2314 or later or Windows Server 2025 or later.

In this section

Topic Description
CallEnclave Calls a function within an enclave.
CreateEnclave Creates a new uninitialized enclave. An enclave is an isolated region of code and data within the address space for an application. Only code that runs within the enclave can access data within the same enclave.
DeleteEnclave Deletes the specified enclave.
EnclaveGetAttestationReport Gets an enclave attestation report that describes the current enclave and is signed by the authority that is responsible for the type of the enclave.
EnclaveGetEnclaveInformation Gets information about the currently executing enclave.
EnclaveSealData Generates an encrypted binary large object (blob) from unencypted data.
EnclaveUnsealData Decrypts an encrypted binary large object (blob).
EnclaveVerifyAttestationReport Verifies an attestation report that was generated on the current system.
InitializeEnclave Initializes an enclave that you created and loaded with data.
IsEnclaveTypeSupported Retrieves whether the specified type of enclave is supported.
LoadEnclaveData Loads data into an uninitialized enclave that you created by calling CreateEnclave.
LoadEnclaveImage Loads an image and all of its imports into an enclave.
TerminateEnclave Ends the execution of the threads that are running within an enclave.

See also