EGo is a framework for building confidential apps in Go. Confidential apps run in always-encrypted and verifiable enclaves on Intel SGX-enabled hardware. EGo simplifies enclave development by providing two user-friendly tools:
ego-go
, an adapted Go compiler that builds enclave-compatible executables from a given Go project - while providing the same CLI as the original Go compiler.ego
, a CLI tool that handles all enclave-related tasks such as signing and enclave creation.
Building and running a confidential Go app is as easy as:
ego-go build hello.go
ego sign hello
ego run hello
The easiest way to install EGo is via the Snap:
sudo snap install ego-dev --classic
If you're on Ubuntu 18.04 or above, you can install the DEB package:
wget -qO- https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add
sudo add-apt-repository "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu `lsb_release -cs` main"
wget https://github.com/edgelesssys/ego/releases/download/v0.2.2/ego_0.2.2_amd64.deb
sudo apt install ./ego_0.2.2_amd64.deb build-essential
Prerequisite: Edgeless RT is installed and sourced.
mkdir build
cd build
cmake ..
make
make install
Now you're ready to build applications with EGo! To start, check out the following samples:
- helloworld is a minimal example of an enclave application.
- remote_attestation shows how to use the basic remote attestation API of EGo.
- attested_tls is similar to the above, but uses a higher level API to establish an attested TLS connection.
- vault demonstrates how to port a Go application exemplified by Hashicorp Vault.
- cgo demonstrates the experimental cgo support.
- azure_attestation shows how to use Microsoft Azure Attestation for remote attestation.
- The EGo documentation covers building, signing, running, and debugging confidential apps.
- The EGo API provides access to remote attestation and sealing to your confidential app at runtime.