{"id":13628672,"url":"https://github.com/deislabs/mystikos","last_synced_at":"2025-04-13T07:47:39.870Z","repository":{"id":37051684,"uuid":"329405026","full_name":"deislabs/mystikos","owner":"deislabs","description":"Tools and runtime for launching unmodified container images in Trusted Execution Environments","archived":false,"fork":false,"pushed_at":"2025-03-01T00:26:13.000Z","size":119931,"stargazers_count":146,"open_issues_count":116,"forks_count":49,"subscribers_count":18,"default_branch":"main","last_synced_at":"2025-04-13T07:47:21.861Z","etag":null,"topics":["alpha","docker","intel","microkernel","sgx","tee"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/deislabs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-01-13T19:02:56.000Z","updated_at":"2025-03-26T09:03:27.000Z","dependencies_parsed_at":"2022-07-09T19:16:24.164Z","dependency_job_id":"70aa8c41-8b63-4f38-8ee7-e8208f6e0429","html_url":"https://github.com/deislabs/mystikos","commit_stats":null,"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deislabs%2Fmystikos","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deislabs%2Fmystikos/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deislabs%2Fmystikos/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deislabs%2Fmystikos/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deislabs","download_url":"https://codeload.github.com/deislabs/mystikos/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248681494,"owners_count":21144700,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["alpha","docker","intel","microkernel","sgx","tee"],"created_at":"2024-08-01T22:00:55.407Z","updated_at":"2025-04-13T07:47:37.559Z","avatar_url":"https://github.com/deislabs.png","language":"C","funding_links":[],"categories":["C","Runtime Framework","Container","Code Repositories"],"sub_categories":["Library OSes and SDKs","C"],"readme":"![Mystikos](./art/light/logo-horizontal/logo-horizontal.png)\n\n## What is Mystikos?\n**Mystikos** is a runtime and a set of tools for running Linux applications\nin a hardware trusted\nexecution environment (TEE). The current release supports **Intel \u0026reg; SGX**\nwhile other TEEs may be supported in future releases.\n\n## Goals\n\n- Enable protection of application code and data while in memory through the\n  use of hardware TEEs. This should be combined with proper key management,\n  attestation and hardware roots of trust, and encryption of data at rest and\n  in transit to protect against other threats which are out of scope for this\n  project.\n- Streamline the process of lift-n-shift applications, either native or\n  containerized, into TEEs, with little or no modification.\n- Allow users and application developers control over the makeup of the trusted\n  computing base (TCB), ensuring that all components of the execution environment\n  running inside the TEE are open sourced with permissive licenses.\n- Simplify re-targeting to other TEE architectures through a plugin\n  architecture.\n\n## Architecture\n\n**Mystikos** consists of the following components:\n- a C-runtime based on [musl libc](https://musl.libc.org), but is glibc compatible\n- a \"lib-os like\" kernel\n- the kernel-target interface (TCALL)\n- a command-line interface\n- some related utilities\n\nToday, two target implementations are provided:\n- The **SGX** target (based on the [Open Enclave\n  SDK](https://github.com/openenclave/openenclave))\n- The **Linux** target (for verification on non-SGX platforms)\n\nThe minimalist kernel of Mystikos manages essential computing resources\ninside the TEE, such as CPU/threads, memory, files, networks, etc. It handles\nmost of the syscalls that a normal operating system would handle (with\n[limits](doc/syscall-limitations.md)).  Many syscalls are handled directly by the\nkernel while others are delegated to the target specified while launching\nMystikos.\n\n![](./arch.png)\n\n\n# Installation Guide for Ubuntu\n\nMystikos may be built and installed Ubuntu 20.04.\n\n## Install from Released Package\n\nTo install Mystikos using one of the released packages, please follow the appropriate guide to install on [Ubuntu 20.04](doc/user-install-ubuntu-2004.md).\n\n## Install From Source\n\nYou may also [build Mystikos from source](BUILDING.md). The build process\nwill install the SGX driver and SGX-related packages for you.\n\n# Quick Start Docs\n\nEager to get started with Mystikos? We've prepared a few guides, starting from\na simple \"hello world\" C program and increasing in complexity, including\ndemonstrations of DotNet and Python/NumPy.\n\nGive it a try and let us know what you think!\n\n## Simple Applications\n\n- A Simple \"Hello World\" in C: [click here](doc/user-getting-started-c.md)\n- A Simple \"Hello World\" in Rust: [click here](doc/user-getting-started-rust.md)\n- Dockerizing your \"Hello World\" app: [click\n  here](doc/user-getting-started-docker-c++.md)\n- Introducing Enclave Configuration with a DotNet program: [click\n  here](doc/user-getting-started-docker-dotnet.md)\n- Running Python \u0026 NumPy for complex calculations: [click\n  here](doc/user-getting-started-docker-python.md)\n\n## Samples\nMystikos [samples](/samples) provides a number of samples in various programming\nlanguages and serves as a good place for developers to start.\n\n## Enclave Aware Applications\n\nSometimes, you want to take advantage of specific properties of the Trusted\nExecution Environment, such as attestation. The following example shows how to\nwrite a C program which changes its behaviour when it detects that it has been\nsecurely launched inside an SGX enclave.\n\n- Getting started with a TEE-aware program: [click\n  here](doc/user-getting-started-tee-aware.md)\n\n## More Docs!\n\nWe've got plans for a lot more documentation as the project grows, and we'd\nlove your feedback and contributions, too.\n\n- Key features of Mystikos: [click here](doc/key-features.md)\n- General concepts of Mystikos: [click here](doc/user-getting-started.md)\n- Deep dive into Mystikos architecture: [coming soon]\n- How to implement support for a new TEE: [coming soon]\n- Kernel limitations: [click here](doc/kernel-limitations.md)\n- Multi-processing and multi-threading in Mystikos and limitations: [coming\n  soon]\n\n\n# Developer Docs\n\nLooking for information to help you with your first PR? You've found the right\nsection.\n\n- Developer's jump start guide: [click here](doc/dev-jumpstart.md)\n- Signing and packaging applications with Mystikos: [click\n  here](doc/sign-package.md)\n- Release management: [click here](doc/releasing.md)\n- Notable unsupported kernel features and syscalls: [coming soon]\n\nFor more information, see the [Contributing Guide](CONTRIBUTING.md).\n\n# Licensing\n\nThis project is released under the [MIT License](LICENSE).\n\n# Reporting a Vulnerability\n\n**Please DO NOT open vulnerability reports directly on GitHub.**\n\nSecurity issues and bugs should be reported privately via email to the\n[Microsoft Security Response Center](https://www.microsoft.com/en-us/msrc)\n(MSRC) at secure@microsoft.com. You should receive a response within 24 hours.\nIf for some reason you do not, please follow up via email to ensure we received\nyour original message.\n\n\n# Code of Conduct\n\nThis project has adopted the\n[Microsoft Code of Conduct](https://opensource.microsoft.com/codeofconduct/).\nAll participants are expected to abide by these basic tenets to ensure that the\ncommunity is a welcoming place for everyone.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeislabs%2Fmystikos","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdeislabs%2Fmystikos","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeislabs%2Fmystikos/lists"}