The term, “secure enclave,” refers to a secure computing environment in which an executable software application and data can be stored and executed. A secure enclave can be implemented using a special instruction set (e.g., microcode) and an enclave page cache (EPC). The enclave page cache is secured using cryptographic techniques. A software application implemented as an enclave has a “measurement,” which can be defined by a hash value that is generated based on the amount of memory (EPC pages) allocated to the application enclave and the contents, attributes, type and relative location of each page added to the enclave. The measurement can be used to verify the identity of the application and detect tampering.
Once an application enclave's measurement has been established, additional memory cannot be added to the enclave without affecting the measurement. If an application enclave's measurement changes, the identity or integrity of the application may be suspect. Therefore, application enclaves are typically created with a memory allocation that is large enough for any possible uses of the application.