At the start of the execution, the secure enclave measures its code and data, generating a unique cryptographic hash that serves as a measurement or attestation identity.

The enclave generates an attestation report containing the measurement and other relevant information about the enclave's state. This report may include details such as the enclave's identity, cryptographic measurements, and security properties.

The attestation report is securely communicated to an attestation service, which acts as a trusted third-party verifier. The service evaluates the report, validates the measurements, and assesses the integrity and authenticity of the enclave.

The attestation service provides an attestation certificate or evidence of the enclave's integrity to the external entities requesting attestation. This evidence can be used by remote parties to establish trust and verify the integrity of the enclave.

The remote entities can apply policy-based verification to the attestation evidence, ensuring that the enclave meets their specific security requirements. Policies can define conditions such as specific measurements, software versions, or compliance with certain security standards.

During the attestation process, the communication between the enclave, the attestation service, and the external entities must be secured to protect the confidentiality and integrity of the attestation information. Techniques like encryption and secure channels are used to establish secure communication channels.