Enclave Functions

Article
2025-04-15

The following functions are used when working with enclaves that are used to create trusted execution environments.

Note

Using these APIs for a VBS Enclave requires Windows 11 Build 26100.2314 or later or Windows Server 2025 or later.

In this section

Topic	Description
CallEnclave	Calls a function within an enclave.
CreateEnclave	Creates a new uninitialized enclave. An enclave is an isolated region of code and data within the address space for an application. Only code that runs within the enclave can access data within the same enclave.
DeleteEnclave	Deletes the specified enclave.
EnclaveCopyIntoEnclave	Copies data from an untrusted address (outside of the enclave) into the enclave.
EnclaveCopyOutOfEnclave	Copies data from the enclave to an untrusted address (outside of the enclave).
EnclaveGetAttestationReport	Gets an enclave attestation report that describes the current enclave and is signed by the authority that is responsible for the type of the enclave.
EnclaveGetEnclaveInformation	Gets information about the currently executing enclave.
EnclaveRestrictContainingProcessAccess	Restricts (or restores) access by an enclave to the address space of its containing process.
EnclaveSealData	Generates an encrypted binary large object (blob) from unencypted data.
EnclaveUnsealData	Decrypts an encrypted binary large object (blob).
EnclaveVerifyAttestationReport	Verifies an attestation report that was generated on the current system.
InitializeEnclave	Initializes an enclave that you created and loaded with data.
IsEnclaveTypeSupported	Retrieves whether the specified type of enclave is supported.
LoadEnclaveData	Loads data into an uninitialized enclave that you created by calling CreateEnclave.
LoadEnclaveImage	Loads an image and all of its imports into an enclave.
TerminateEnclave	Ends the execution of the threads that are running within an enclave.

See also