aws-nitro-enclaves-sdk-c VS aws-nitro-enclaves-cli

Enclaves are really useful, but I wish AWS would support an SDK in Go or another language. The current one is written in C: https://github.com/aws/aws-nitro-enclaves-sdk-c

There are some third party implementations available, but we'd worry too much about maintenance of those to use them. Something officially supported would really be helpful.

Ok, I'll bite. I'm happy to be wrong if I am wrong...

This document [1] defines a Nitro Enclave as an application image that runs in a secure runtime with no external networking.

This document [2] shows how you build a secure image. You basically take an image (like [3]) and run `nitro-cli build-enclave ...`.

Ok... so explain to me:

- Given that the image you build has to contain 1) private data (mine) and 2) private models (yours).

If I build the model, how do you protect your models? (because I did, to access the base image)

If you build the model, how do I know you didn't access my data? (because you did, to build the image)

What am I not getting?

[1] - https://docs.aws.amazon.com/enclaves/latest/user/nitro-encla...

[2] - https://docs.aws.amazon.com/enclaves/latest/user/getting-sta...

[3] - https://github.com/aws/aws-nitro-enclaves-cli/blob/main/exam...