Enclave debug and production modes
The is_production flag in the manifest indicates whether the enclave should run in debug or
production mode.
When running in debug mode, a debugger can read and write from/to the enclave memory, which allows you to debug the process running in the enclave.
When running in production mode, the hardware prevents any access to the enclave memory.
To set the enclave to run in debug mode, set the value of the is_production flag in the
manifest template to “false” - which is the
default.
To set the enclave to run in production mode, set the value of the is_production flag in the
manifest template to “true”.
Make sure that the manifest and signature files that are being promoted to
production have the is_production flag set to “true”.
|