Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Defines the format of the enclave configuration for systems running 64-bit Windows.
Syntax
typedef struct _IMAGE_ENCLAVE_CONFIG64 {
DWORD Size;
DWORD MinimumRequiredConfigSize;
DWORD PolicyFlags;
DWORD NumberOfImports;
DWORD ImportList;
DWORD ImportEntrySize;
BYTE FamilyID[IMAGE_ENCLAVE_SHORT_ID_LENGTH];
BYTE ImageID[IMAGE_ENCLAVE_SHORT_ID_LENGTH];
DWORD ImageVersion;
DWORD SecurityVersion;
ULONGLONG EnclaveSize;
DWORD NumberOfThreads;
DWORD EnclaveFlags;
} IMAGE_ENCLAVE_CONFIG64, *PIMAGE_ENCLAVE_CONFIG64;
Members
Size
The size of the IMAGE_ENCLAVE_CONFIG64 structure, in bytes.
MinimumRequiredConfigSize
The minimum size of the IMAGE_ENCLAVE_CONFIG64 structure that the image loader must be able to process in order for the enclave to be usable. This member allows an enclave to inform an earlier version of the image loader that the image loader can safely load the enclave and ignore optional members added to IMAGE_ENCLAVE_CONFIG64 for later versions of the enclave. If the size of IMAGE_ENCLAVE_CONFIG64 that the image loader can process is less than MinimumRequiredConfigSize, the enclave cannot be run securely.
If MinimumRequiredConfigSize is zero, the minimum size of the IMAGE_ENCLAVE_CONFIG64 structure that the image loader must be able to process in order for the enclave to be usable is assumed to be the size of the structure through and including the MinimumRequiredConfigSize member.
PolicyFlags
Flags that indicate the policies that have been set for the enclave. These flags can be set to indicate whether the enclave permits debugging and whether the enclave is restricted to using its own memory space.
| Value | Meaning |
|---|---|
0x00000000 |
The enclave does not permit debugging. |
IMAGE_ENCLAVE_POLICY_DEBUGGABLE0x00000001 |
The enclave permits debugging. |
IMAGE_ENCLAVE_POLICY_STRICT_MEMORY0x00000002 |
This flag restricts access by an enclave to the address space of its containing process. This policy applies to all threads in the enclave. The enclave must use the EnclaveCopyIntoEnclave and EnclaveCopyOutOfEnclave APIs to access containing process memory. Note: Access to the containing process's address space can also be restricted by calling the EnclaveRestrictContainingProcessAccess API. This API can also be used to relax this policy at runtime and restore access to the containing process memory. |
NumberOfImports
The number of images in the array of images that the ImportList member points to.
ImportList
The relative virtual address of the array of images that the enclave image may import, with identity information for each image.
ImportEntrySize
The size of each image in the array of images that the ImportList member points to.
FamilyID[IMAGE_ENCLAVE_SHORT_ID_LENGTH]
The family identifier that the author of the enclave assigned to the enclave.
ImageID[IMAGE_ENCLAVE_SHORT_ID_LENGTH]
The image identifier that the author of the enclave assigned to the enclave.
ImageVersion
The version number that the author of the enclave assigned to the enclave.
SecurityVersion
The security version number that the author of the enclave assigned to the enclave.
EnclaveSize
The expected virtual size of the private address range for the enclave, in bytes.
NumberOfThreads
The maximum number of threads that can be created within the enclave.
EnclaveFlags
A flag that indicates whether the image is suitable for use as the primary image in the enclave.
| Value | Meaning |
|---|---|
0x00000000 |
The image is not suitable for use as the primary image in the enclave. |
IMAGE_ENCLAVE_FLAG_PRIMARY_IMAGE0x00000001 |
The image is suitable for use as the primary image in the enclave. |
Remarks
The IMAGE_ENCLAVE_CONFIG structure is defined as another name for the IMAGE_ENCLAVE_CONFIG64 structure on systems that run 64-bit Windows.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 10, version 1709 [desktop apps only] |
| Minimum supported server | Windows Server 2016 [desktop apps only] |
| Header | winnt.h |