Enclave Functions
The following functions are used when working with enclaves that are used to create trusted execution environments.
Note
Using these APIs for a VBS Enclave requires Windows 11 Build 26100.2314 or later or Windows Server 2025 or later.
In this section
| Topic | Description |
|---|---|
| CallEnclave | Calls a function within an enclave. |
| CreateEnclave | Creates a new uninitialized enclave. An enclave is an isolated region of code and data within the address space for an application. Only code that runs within the enclave can access data within the same enclave. |
| DeleteEnclave | Deletes the specified enclave. |
| EnclaveGetAttestationReport | Gets an enclave attestation report that describes the current enclave and is signed by the authority that is responsible for the type of the enclave. |
| EnclaveGetEnclaveInformation | Gets information about the currently executing enclave. |
| EnclaveSealData | Generates an encrypted binary large object (blob) from unencypted data. |
| EnclaveUnsealData | Decrypts an encrypted binary large object (blob). |
| EnclaveVerifyAttestationReport | Verifies an attestation report that was generated on the current system. |
| InitializeEnclave | Initializes an enclave that you created and loaded with data. |
| IsEnclaveTypeSupported | Retrieves whether the specified type of enclave is supported. |
| LoadEnclaveData | Loads data into an uninitialized enclave that you created by calling CreateEnclave. |
| LoadEnclaveImage | Loads an image and all of its imports into an enclave. |
| TerminateEnclave | Ends the execution of the threads that are running within an enclave. |