Intel’s SGX architecture allows cloud clients to create enclaves, whose contents are cryptographically protected by the hardware even from the cloud provider. While this feature protects the confidentiality and integrity of the client’s enclave content, it also means that enclave content is completely opaque to the cloud provider. Thus, the cloud provider is unable to enforce policy compliance on enclaves. In this paper, we introduce EnGarde, a system that allows cloud providers to ensure SLA compliance on enclave content. In EnGarde, cloud providers and clients mutually agree upon a set of policies that the client’s enclave content must satisfy. EnGarde executes when the client provisions the enclave, ensuring that only policy-compliant content is loaded into the enclave. EnGarde is able to achieve its goals without compromising the security guarantees offered by the SGX, and imposes no runtime overhead on the execution of enclave code. We have demonstrated the utility of EnGarde by using it to enforce a variety of security policies on enclave content.