Giters

edgelesssys / edgelessrt

Edgeless RT is an SDK and a runtime for Intel SGX. It combines top-notch Go support with simplicity, robustness and a small TCB. Developing confidential microservices has never been easier! C++17 and Rust (experimental) are also supported.

Home Page:https://edgeless.systems

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

trusted-execution-environmentenclavesgxconfidential-computinggolangrustintel-sgxconfidential-microservices

Edgeless RT

ERT logo

Unit Tests GitHub license Discord Chat

Edgeless RT is an SDK for Trusted Execution Environments (TEE) built on top of Open Enclave. It adds support for modern programming languages (in particular Go) and facilitates the porting of existing applications. Currently, hardware-wise, Edgeless RT focuses on Intel SGX. Support for other TEEs will follow as it becomes available in Open Enclave.

Key features of Edgeless RT are:

  • Comprehensive support for Go, most existing code runs without changes
    • Preferably use EGo to build confidential Go apps.
    • Use Edgeless RT if you need more control, e.g., you may want to link some Go code to your C++ app.
  • Extended C/C++ support
    • More libc and POSIX functions
    • More C++17 STL
    • pthread and std::thread
    • libstdc++ for better compatibility with existing code
  • Seamless integration with MarbleRun to create distributed confidential applications
  • Experimental support for Rust

Quick Start

If you're on Ubuntu 20.04 or 22.04 and don't want to build the SDK yourself, you can install the binary release:

sudo mkdir -p /etc/apt/keyrings
wget -qO- https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo tee /etc/apt/keyrings/intel-sgx-keyring.asc > /dev/null
echo "deb [signed-by=/etc/apt/keyrings/intel-sgx-keyring.asc arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/intel-sgx.list
sudo apt update
ERT_DEB=edgelessrt_0.4.3_amd64_ubuntu-$(lsb_release -rs).deb
wget https://github.com/edgelesssys/edgelessrt/releases/download/v0.4.3/$ERT_DEB
sudo apt install ./$ERT_DEB build-essential cmake libssl-dev

Then proceed with Use.

Build

On Ubuntu 20.04 or 22.04, build with:

sudo apt install build-essential clang-11 cmake gdb libssl-dev ninja-build
mkdir build
cd build
cmake -GNinja ..
ninja

To set a custom installation path (default: /opt/edgelessrt), add, e.g., -DCMAKE_INSTALL_PREFIX=~/edgelessrt-install.

SGX packages

To run your applications in SGX mode, install these packages:

sudo mkdir -p /etc/apt/keyrings
wget -qO- https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo tee /etc/apt/keyrings/intel-sgx-keyring.asc > /dev/null
echo "deb [signed-by=/etc/apt/keyrings/intel-sgx-keyring.asc arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/intel-sgx.list
sudo apt update
sudo apt install libsgx-dcap-ql libsgx-enclave-common libsgx-launch

Test

After building, run the following command in the build directory to confirm everything works as expected:

ctest

In simulation mode run this command instead:

OE_SIMULATION=1 ctest

Install

From the build directory run:

ninja install

Or if you do not have write permissions for the installation path:

sudo ninja install

Use

To use the SDK you need to source the openenclaverc file to setup environment variables:

. /opt/edgelessrt/share/openenclave/openenclaverc

Now you are ready to build applications with Edgeless RT! To start, check out the samples.

Also see the C API documentation and/or the Go API documentation.

Debug

Logging

Set the environment variable OE_LOG_LEVEL to NONE, FATAL, ERROR (default), WARNING, INFO, or VERBOSE to increase or decrease the log level. Set OE_LOG_DETAILED=1 to enrich the log output with timestamps, thread ids, and stacktrace-like error propagations.

gdb

debugging with vscode

You can use Open Enclave's oegdb to debug enclave code built with Edgeless RT. oegdb is automatically installed with Edgeless RT. It also supports Go enclaves.

oegdb works great with Visual Studio Code (vscode). For example, use the following configuration to debug the in-enclave Go code from our HashiCorp Vault sample in vscode:

{
  "version": "0.2.0",
  "configurations": [
    {
      "name": "(oegdb) Launch",
      "miDebuggerPath": "/opt/edgelessrt/bin/oegdb",
      "type": "cppdbg",
      "request": "launch",
      "program": "/opt/edgelessrt/bin/erthost",
      "args": ["enclave.signed","server","-dev"],
      "stopAtEntry": false,
      "cwd": "${workspaceFolder}/samples/vault/build/",
      "environment": [],
      "externalConsole": false,
      "MIMode": "gdb",
      "setupCommands": [
          {
              "description": "Enable pretty-printing for gdb",
              "text": "-enable-pretty-printing",
              "ignoreFailures": true
          },
          {
              "text": "handle SIGILL nostop"
          }
      ]
    }
  ]
}

Contribute

Read CONTRIBUTING.md for information on issue reporting, code guidelines, and our PR process.

About

Edgeless RT is an SDK and a runtime for Intel SGX. It combines top-notch Go support with simplicity, robustness and a small TCB. Developing confidential microservices has never been easier! C++17 and Rust (experimental) are also supported.

https://edgeless.systems

trusted-execution-environmentenclavesgxconfidential-computinggolangrustintel-sgxconfidential-microservices

License:MIT License

Languages

Language:C++ 43.2%Language:C 26.9%Language:CMake 22.9%Language:Shell 4.2%Language:Go 1.6%Language:Dockerfile 0.6%Language:Python 0.5%