I tried to build the SampleEnclave provided by SGX SDK for linux in release mode, but the enclave didn't work.
To build it in release mode, (1) I set the option <DisableDebug> in Enclave.config.xml to 0, (2) passed 0 as the 2nd parameter of API sgx_create_enclave instead of the macro SGX_DEBUG_FLAG, and (3) finally, when the build finished, I signed the enclave with the file Enclave/Enclave_private.pem.
When I run the app, the enclave returned the error code 0x4004. As mentioned in the "Intel SGX SDK Developer Reference", 0x4004 means "Enclave has no privilege to get a launch token.". I can't understand it very well, the problem seems happened when the app trying to load the enclave, but I don't know why.
I want to know the reason why the error code 0x4004 is returned and how to fix it?
Thanks a lot!
the problem is located: (2) passed 0 as the 2nd parameter of API sgx_create_enclave instead of the macro SGX_DEBUG_FLAG
When you tried to load your enclave, your enclave's signing key should in Lanuch Enclave's white-list. Based on your description, your are using your owner signing key, So the create enclave operation would fail.
To let the APP work, please passed 1 as the 2nd parameter of API sgx_create_enclave.