Gets an enclave attestation report that describes the current enclave and is signed by the authority that is responsible for the type of the enclave.
HRESULT EnclaveGetAttestationReport( const UINT8 [ENCLAVE_REPORT_DATA_LENGTH] EnclaveData, PVOID Report, UINT32 BufferSize, UINT32 *OutputSize );
A pointer to a 64-byte buffer of data that the enclave wants to insert into its signed report. For example, this buffer could include a 256-bit nonce that the relying party supplied, followed by a SHA-256 hash of additional data that the enclave wants to convey, such as a public key that corresponds to a private key that the enclave owns. If this parameter is NULL, the corresponding field of the report is filled with zeroes.
A pointer to a buffer where the report should be placed. This report may be stored either within the address range of the enclave or within the address space of the host process. Specify NULL to indicate that only the size of the buffer required for the output should be calculated, and not the report itself.
The size of the buffer to which the Report parameter points. If Report is NULL, BufferSize must be zero. If Report is not NULL, and if the size of the report is larger than this value, an error is returned.
A pointer to a variable that receives the size of the report.
If this function succeeds, it returns S_OK. Otherwise, it returns an HRESULT error code.
EnclaveGetAttestationReport must be called from within an enclave.
EnclaveGetAttestationReport is not currently supported for enclaves with a type of ENCLAVE_TYPE_SGX. For VBS enclaves, the report that EnclaveGetAttestationReport gets is signed by using a VBS-specific key.
The enclave attestation report contains the identity of all code loaded into the enclave, as well as policies that control how the enclave is running, such as whether the enclave is running with debugger access active. The report also includes a small amount of information that the enclave generated to use in a key-exchange protocol.
The report that EnclaveGetAttestationReport generates consists of the following items:
- A VBS_ENCLAVE_REPORT_PKG_HEADER structure
- A signed statement that consist of the following items:
- A signature
|Minimum supported client||Windows 10, version 1709 [desktop apps only]|
|Minimum supported server||Windows Server 2016 [desktop apps only]|