diff --git a/rune/libenclave/internal/runtime/pal/skeleton/Makefile b/rune/libenclave/internal/runtime/pal/skeleton/Makefile
index 1e934f69c72e3e3bc6bc8ef4f67c65c76fc95ea0..712f5c9918318438984d8dc16312dcc33bbabf19 100644
--- a/rune/libenclave/internal/runtime/pal/skeleton/Makefile
+++ b/rune/libenclave/internal/runtime/pal/skeleton/Makefile
@@ -12,6 +12,8 @@ HOST_LDFLAGS := -fPIC -shared -Wl,-Bsymbolic
 IS_OOT_DRIVER := $(shell [ ! -e /dev/isgx ])
 IS_SGX_FLC := $(shell lscpu | grep -q sgx_lc)
 
+PRODUCT_ENCLAVE ?=
+
 TEST_CUSTOM_PROGS := $(OUTPUT)/encl.bin $(OUTPUT)/encl.ss $(OUTPUT)/liberpal-skeleton-v1.so $(OUTPUT)/liberpal-skeleton-v2.so $(OUTPUT)/liberpal-skeleton-v3.so $(OUTPUT)/signing_key.pem
 
 ifeq ($(IS_OOT_DRIVER),1)
@@ -56,8 +58,14 @@ $(OUTPUT)/encl.elf: encl.lds encl.c encl_bootstrap.S
 $(OUTPUT)/signing_key.pem:
 	openssl genrsa -3 -out $@ 3072
 
+ifeq ($(PRODUCT_ENCLAVE),1)
+    PRODUCT_OPT := -p
+else
+    PRODUCT_OPT :=
+endif
+
 $(OUTPUT)/encl.ss: $(OUTPUT)/encl.bin $(OUTPUT)/signing_key.pem
-	$(OUTPUT)/sgxsign signing_key.pem $(OUTPUT)/encl.bin $(OUTPUT)/encl.ss
+	$(OUTPUT)/sgxsign $(PRODUCT_OPT) signing_key.pem $(OUTPUT)/encl.bin $(OUTPUT)/encl.ss
 
 $(OUTPUT)/encl.token: $(OUTPUT)/encl.ss
 	sgx-tools gen-token --signature encl.ss --token $@
diff --git a/rune/libenclave/internal/runtime/pal/skeleton/README.md b/rune/libenclave/internal/runtime/pal/skeleton/README.md
index a5710b1a9e66d2110361435f18866433c4d3f4b2..2b045a628532c23c53f2b98b0a7dea6315ff6cc3 100644
--- a/rune/libenclave/internal/runtime/pal/skeleton/README.md
+++ b/rune/libenclave/internal/runtime/pal/skeleton/README.md
@@ -16,6 +16,7 @@ cd "${path_to_inclavare_containers}/rune/libenclave/internal/runtime/pal/skeleto
 make
 cp liberpal-skeleton-v*.so /usr/lib
 ```
+Debug enclave is generated by default. Please use `make PRODUCT_ENCLAVE=1` command to generate production enclave.
 
 ## Build skeleton container image
 ```shell