{"id":13641426,"url":"https://github.com/capeprivacy/tf-trusted","last_synced_at":"2025-04-20T07:33:33.237Z","repository":{"id":116032761,"uuid":"163998513","full_name":"capeprivacy/tf-trusted","owner":"capeprivacy","description":"tf-trusted allows you to run TensorFlow models in secure enclaves","archived":true,"fork":false,"pushed_at":"2020-07-23T14:12:49.000Z","size":4816,"stargazers_count":87,"open_issues_count":11,"forks_count":11,"subscribers_count":21,"default_branch":"master","last_synced_at":"2024-11-09T11:38:38.352Z","etag":null,"topics":["confidential-computing","machine-learning","secure-enclaves","security","sgx"],"latest_commit_sha":null,"homepage":"https://capeprivacy.com/","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/capeprivacy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-01-03T16:41:58.000Z","updated_at":"2024-08-25T10:58:38.000Z","dependencies_parsed_at":"2024-01-14T11:14:00.477Z","dependency_job_id":"f9a8f2d6-3304-47da-bf45-67cb2c311d05","html_url":"https://github.com/capeprivacy/tf-trusted","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/capeprivacy%2Ftf-trusted","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/capeprivacy%2Ftf-trusted/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/capeprivacy%2Ftf-trusted/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/capeprivacy%2Ftf-trusted/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/capeprivacy","download_url":"https://codeload.github.com/capeprivacy/tf-trusted/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249864360,"owners_count":21336727,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["confidential-computing","machine-learning","secure-enclaves","security","sgx"],"created_at":"2024-08-02T01:01:20.637Z","updated_at":"2025-04-20T07:33:32.833Z","avatar_url":"https://github.com/capeprivacy.png","language":"C++","funding_links":[],"categories":["Machine Learning"],"sub_categories":["Library OSes and SDKs"],"readme":"## TF Trusted\n\nTF Trusted allows you to run most Tensorflow models inside of an [Intel SGX](https://software.intel.com/en-us/sgx) device. It leverages a Tensorflow custom operation to send gRPC messages into the Intel SGX device via [Asylo](https://asylo.dev/) where the model is then run by Tensorflow Lite.\n\nThis project's goal is to make it easy to experiment with running TensorFlow models inside secure enclaves. This library is not production-ready and is provided for research and experimentation only.\n\nWe're always looking for contributors, if you're learning about how you can help improve the project, please check out our [contributing guidelines](CONTRIBUTING.md).\n\n## Getting Started\n\nTo get started, clone this repository and then install the following dependencies.\n\n#### Install Bazel\n\nBazel is required to build this custom operation. It can be downloaded from [here](https://docs.bazel.build/versions/master/install.html).\n\n#### Python and Tensorflow\n\nTF Trusted also requires python 3.5, 3.6 be installed along with tensorflow 1.13.1. You can install these using your favourite python version manager. We recommend using conda.\n\n#### Install Docker\n\nOn Linux we need to build the custom operation using a docker container provided by TensorFlow.\n\nRun one of the following commands to install docker for Ubuntu. Or use your desired package manager.\n\n```\n$ sudo snap install docker\n\n$ sudo apt install docker.io\n```\n\n#### Build TF Trusted Custom Op\n\nFollow the instructions for building the TensorFlow custom operation located [here](tf_trusted_custom_op/README.md).\n\n### Build and Run TF Trusted\n\nFirst, we will run TF Trusted in simulation mode. This makes it easy for testing new programs on with Asylo because you don't actually need the enclaves devices on the host machine.\n\nWe use a docker container to build TF Trusted and then run it.\n\n```\n$ docker run -it --rm \\\n  -v bazel-cache:/root/.cache/bazel \\\n  -v `pwd`:/opt/my-project \\\n  -w /opt/my-project \\\n  -p 50051:50051/tcp -p 50051:50051/udp \\\n  gcr.io/asylo-framework/asylo:buildenv-v0.3.4 \\\n  bazel run --config=enc-sim //tf_trusted \\\n  --incompatible_disallow_filetype=false --incompatible_disallow_data_transition=false\n```\n\n#### Run a Model\n\nIn another shell run the following with the correct options for the model you're using:\n\n```\ncd tf_trusted_custom_op\npython model_run.py --model_file \u003clocation of protobuf model\u003e \\\n                    --input_file \u003clocation of input file, npy format\u003e \\\n                    --input_name \u003cinput placeholder node name\u003e \\\n                    --output_name \u003coutput node name\u003e\n```\n\nThe input and output names are needed by the Tensorflow Lite converter to convert the model in the proper format. These can be retrieved the examining the model using a graph visualizer such at [Netron](https://github.com/lutzroeder/netron).\n\nYou should now see output!\n\n### Running on an Intel SGX Device.\n\nNext, we will run TF Trusted on an Intel SGX Device. This runs the program with encryption so that no one can learn about what the device is computing. It also allows a third party to remotely attest to the identity of the enclave.\n\nWhen building enclave programs it's important to run them on an actual enclave or you might not detect performance issues or other bugs.\n\nWhen running on a machine with an Intel SGX device there are some extra dependencies that need to be installed.\n\n#### Install Intel SGX driver, SDK and PSW.\n\nDriver can be installed with the following instructions:\n\nhttps://github.com/01org/linux-sgx-driver\n\nSDK/PSW can be installed with the following instructions:\n\nhttps://github.com/intel/linux-sgx\n\n#### Run AESM Service\n\nThe Architecture Enclave Service Manager (AESM) allows the Intel SGX device to be used by the host operating system. We can start the AESM service with:\n\n```\nservice aesmd start\n```\n\n#### Build and Run TF Trusted\n\nNow we can run a similar command as before. We just need to point the docker container to the SGX device, the aesmd socket and tell bazel inside the asylo docker container to use the SGX device.\n\n```\n$ docker run -it --rm --device=/dev/isgx \\\n  -v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket \\\n  -v bazel-cache:/root/.cache/bazel \\\n  -v `pwd`:/opt/my-project \\\n  -w /opt/my-project  -p 50051:50051/tcp -p 50051:50051/udp \\\n  gcr.io/asylo-framework/asylo \\\n  bazel run --config=sgx --define=SGX_SIM=0 //tf_trusted \\\n  --incompatible_disallow_filetype=false --incompatible_disallow_data_transition=false\n```\n\n#### Run a Model\n\nIn another shell run the following with the correct options for the model you're using:\n\n```\ncd tf_trusted_custom_op\npython model_run.py --model_file \u003clocation of protobuf model\u003e \\\n                    --input_file \u003clocation of input file, npy format\u003e \\\n                    --input_name \u003cinput placeholder node name\u003e \\\n                    --output_name \u003coutput node name\u003e\n```\n\n\n#### Install TF Trusted custom op\n\nTo be able to run the `model_run.py` script from anywhere on your machine you can install it with pip:\n\n```\npip install -e .\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcapeprivacy%2Ftf-trusted","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcapeprivacy%2Ftf-trusted","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcapeprivacy%2Ftf-trusted/lists"}