Patent attributes
There are provided mechanisms for handling instances of enclaves on an execution platform. The execution platform comprises a secure component. The secure component serves as a trusted interface between a trusted platform module of the execution platform and enclaves of an enclave environment on the execution platform. Only a single enclave, denoted base enclave, in the enclave environment is enabled to communicate with the secure component. A method comprises receiving, by the base enclave, an indication from another enclave in the enclave environment upon start-up of a new instance of the so-called another enclave. The method comprises determining, by the base enclave, to enable continued running of the new instance only when number of currently running instances of the so-called another enclave is within an interval of allowed number of running instances of the so-called another enclave.
