An enclave host’s responsibility is the orchestration of the communication with hosted enclaves.
It is responsible for:
- Leasing a sealing identity
- Getting a CPU certificate in the form of an Intel-signed quote
- Downloading and starting of requested enclaves
- Driving attestation and subsequent encrypted traffic
- Using discovery to connect to other enclaves/services
- Various caching layers (and invalidation of) for the CPU certificate, hosted enclave quotes and enclave images