I've been running some agent workloads in AWS Nitro Enclaves for a proof of concept, focusing on regulated data. The isolation story is clear, but I keep circling back to a foundational question: how do we *really* know the enclave booted correctly?

We get the `PCR0` and `PCR1` values from the Nitro hypervisor via the `DescribeEnclave` API, which attests to the measured launch of the enclave kernel and application. That's the standard attestation document. But for a production SOC, I'm thinking beyond just checking a signature.

My current approach is:
* Pull the attestation doc and validate the certificate chain back to the NSM root.
* Compare the PCR values against our golden measurements stored in a secure config service.
* Validate the nonce to ensure freshness.

What I'm less clear on is the operational monitoring. If I'm ingesting these logs into our SIEM, what are the key indicators of a failed or suspect boot? I'm considering:
- **PCR Mismatch Alerts:** Obvious, but needs careful baselining for each agent build.
- **Attestation Document Frequency:** A sudden drop in attestation attempts from a host could mean something is bypassing the launch process.
- **Runtime Heartbeat Failures:** If the agent inside fails to send its own signed heartbeat, the enclave might be compromised post-boot.

Are any of you implementing continuous integrity checks *after* the initial attestation? I'm also curious about the practical aspects—how often are you re-attesting? On every agent communication, or on a scheduled basis?

Looking for concrete log patterns and alert strategies you've put into practice.

Ray