void start(AttestationParameters attestationParameters, byte[] sealedState, Path enclaveFileSystemFile, Consumer<List<MailCommand>> commandsCallback)
void start(AttestationParameters attestationParameters, byte[] sealedState, Path enclaveFileSystemFile, KDSConfiguration kdsConfiguration, Consumer<List<MailCommand>> commandsCallback)

Causes the enclave to be loaded and the Enclave object constructed inside. This method must be called before sending is possible. Remember to call close to free the associated enclave resources when you're done with it.



Either an AttestationParameters.EPID object initialised with the required API keys, or an AttestationParameters.DCAP object (which requires no extra parameters) when the host operating system is pre-configured for DCAP attestation, typically by a cloud provider. This parameter is ignored if the enclave is in mock or simulation mode and a mock attestation is used instead. Likewise, null can also be used for development purposes.


The last sealed state that was emitted by the enclave via MailCommand.StoreSealedState. The sealed state is an encrypted blob of the enclave's internal state and it's updated by the enclave as it processes mail (the contents of Enclave.getPersistentMap() is also part of this state). Each new sealed state that is emitted via MailCommand.StoreSealedState supercedes the previous one and must be securely persisted. Failure to do this will result in the enclave's clients detecting a "rollback" attack if the enclave is restarted. Typically the sealed state should be stored in a database, inside the same database transaction that processes thhe other mail commands, such as MailCommand.PostMail. More information can be found here.


File where the enclave's encrypted file system will be persisted to. This can be null if the enclave's configured to use one. If it is then a file path must be provided. More information can be found here.


Configuration for connecting to a key derivation service (KDS) in case the enclave needs to use one for encrypting persisted data. More information can be found here.


A callback that is automatically invoked after the end of every callEnclave and deliverMail call. The callback returns a list of actions, or MailCommands, which need to be actioned together, ideally within the scope single transaction.

The callback is invoked serially, never concurrently, and in the order that they need to be actioned. This means there's no need to do any external synchronization.


If the enclaveMode is either release or debug and no attestation parameters are provided.

If the host has been closed.