Is there any method for Enclave to authenticate its caller? For example, Enclave A is supposed to be used only by application A. If an unauthorized application B (i.e. malware) tries to use Enclave A, how can Enclave A deny application B?
Basically, this is part of the complexity on how to design the security of the application between the trusted and the untrusted part. In general, the Enclave should never disclose the secret or any sensitive data to external calls. Some simple technique such as using local file permission as authentication to pass data between the Enclave and only authorized application may work. It really depends on the application's use case and other factors such as performance.