Launching an enclave in pre-release mode does not protect the enclave's data at the hardware level.
When launching an enclave in pre-release mode (DisableDebug = 0), values inside the enclave are able to be accessed by the untrusted application. When the enclave is compiled in pre-release mode, is the memory isolation enforced by Intel® SGX? Is it possible to enforce memory isolation without having the enclave signed by Intel/have a commercial license?
In an enclave compiled in pre-release mode, the data is not necessarily protected by the hardware. In release mode, access to the enclave memory (by untrusted apps, debugger, etc) is disabled at a hardware level, which is why some values in pre-release mode may be leaked.
For full memory isolation and protection, the enclave needs to be signed by Intel.
Ensure that the flags are correctly set before running in pre-release mode:
sgx_prerelease =1
sgx_debug=0
sgx_mode=hw