Hello.

I'm developing a model which considers relatively special scenario: both server and client have secret data.

So in this scenario, both of them have to verify that the signed enclave image (enclave.signed.so or something) is built with certain code that server and client agreed with.

For example,

1. Client build an enclave image and send it to server
2. Client verify whether the server really run the appropriate enclave image by checking QUOTE in remote attestation

is NOT sufficient, because in this case server cannot know what code will be run by client on the server (There is some risk that client write malicious operation to tap server's secret).

By the way,  according to my experiment result, MRENCLAVE ("metadata->enclave_css.body.enclave_hash.m:" ; part of dump file by sgx_sign dump) will be the same one, at least both of linked object file(this of course means that source codes are also same) and platform is exactly same. And I also found that the 3078bit RSA private key to sign the enclave didn't affect anything to MRENCLAVE.

Here is my question: Is MRENCLAVE will be the same one in following condition:

1. Enclave is built with exactly same codes, librarys, etc.
2. Every modes (HW/SIM, debug/pre-release) are also same
3. The machine which built the enclave is different (but I consider the situation that only linux-sgx is used, not Windows one)

If it will be same, I can solve the problem in this scenario; because in above example, server can also verify the enclave image by building enclave image and verify whether MRSIGNER of client's enclave image and server's one are same.

If these MRSIGNERs will be different, I will establish some third party trusted server who builds enclave image with "agreed" code.

But unfortunately I don't have environment to instantly experiment this, so I'm glad if you have some advise for this question.