https://github.com/edgelesssys/edgelessrt

Edgeless RT is an SDK and a runtime for Intel SGX. It combines top-notch Go support with simplicity, robustness and a small TCB. Developing confidential microservices has never been easier! C++17 and Rust (experimental) are also supported.
https://github.com/edgelesssys/edgelessrt

confidential-computing confidential-microservices enclave golang intel-sgx rust sgx trusted-execution-environment

Last synced: about 2 months ago
JSON representation

Edgeless RT is an SDK and a runtime for Intel SGX. It combines top-notch Go support with simplicity, robustness and a small TCB. Developing confidential microservices has never been easier! C++17 and Rust (experimental) are also supported.

• Host: GitHub
• URL: https://github.com/edgelesssys/edgelessrt
• Owner: edgelesssys
• License: mit
• Created: 2020-05-26T13:09:17.000Z (over 4 years ago)
• Default Branch: master
• Last Pushed: 2024-06-20T13:01:27.000Z (3 months ago)
• Last Synced: 2024-06-21T05:08:09.808Z (3 months ago)
• Topics: confidential-computing, confidential-microservices, enclave, golang, intel-sgx, rust, sgx, trusted-execution-environment
• Language: C++
• Homepage: https://edgeless.systems
• Size: 94.5 MB
• Stars: 132
• Watchers: 7
• Forks: 20
• Open Issues: 5
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

• Awesome-SGX-Open-Source - https://github.com/edgelesssys/edgelessrt
• awesome-sgx - edgelesssys/edgelessrt - Edgeless RT is an SDK for Trusted Execution Environments (TEE) built on top of Open Enclave. (SDK)

README

        
# Edgeless RT

![ERT logo](docs/ert_logo.svg)

[![Unit Tests][unit-tests-badge]][unit-tests]

[![GitHub license][license-badge]](LICENSE)

[![Discord Chat][discord-badge]][discord]

[Edgeless RT](https://edgeless.systems) is an SDK for Trusted Execution Environments (TEE) built on top of [Open Enclave](https://github.com/openenclave/openenclave). It adds support for modern programming languages (in particular Go) and facilitates the porting of existing applications.

Currently, hardware-wise, Edgeless RT focuses on [Intel SGX](https://software.intel.com/en-us/sgx). Support for other TEEs will follow as it becomes available in Open Enclave.

Key features of Edgeless RT are:

* Comprehensive support for Go, most existing code runs without changes

  * Preferably use [EGo](https://github.com/edgelesssys/ego) to build confidential Go apps.

  * Use Edgeless RT if you need more control, e.g., you may want to link some Go code to your C++ app.

* Extended C/C++ support

  * More libc and POSIX functions

  * More C++17 STL

  * pthread and std::thread

  * libstdc++ for better compatibility with existing code

* Seamless integration with [MarbleRun](https://github.com/edgelesssys/marblerun) to create distributed confidential applications

* Experimental support for Rust

## Quick Start

If you're on Ubuntu 20.04 or 22.04 and don't want to build the SDK yourself, you can install the binary release:

```bash

sudo mkdir -p /etc/apt/keyrings

wget -qO- https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo tee /etc/apt/keyrings/intel-sgx-keyring.asc > /dev/null

echo "deb [signed-by=/etc/apt/keyrings/intel-sgx-keyring.asc arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/intel-sgx.list

sudo apt update

ERT_DEB=edgelessrt_0.4.4_amd64_ubuntu-$(lsb_release -rs).deb

wget https://github.com/edgelesssys/edgelessrt/releases/download/v0.4.4/$ERT_DEB

sudo apt install ./$ERT_DEB build-essential cmake libssl-dev

```

Then proceed with [Use](#use).

## Build

On Ubuntu 20.04 or 22.04, build with:

```bash

sudo apt install build-essential clang-11 cmake gdb libssl-dev ninja-build

mkdir build

cd build

cmake -GNinja ..

ninja

```

To set a custom installation path (default: `/opt/edgelessrt`), add, e.g., `-DCMAKE_INSTALL_PREFIX=~/edgelessrt-install`.

## SGX packages

To run your applications in SGX mode, install these packages:

```bash

sudo mkdir -p /etc/apt/keyrings

wget -qO- https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo tee /etc/apt/keyrings/intel-sgx-keyring.asc > /dev/null

echo "deb [signed-by=/etc/apt/keyrings/intel-sgx-keyring.asc arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/intel-sgx.list

sudo apt update

sudo apt install libsgx-dcap-ql libsgx-enclave-common libsgx-launch

```

## Test

After building, run the following command in the build directory to confirm everything works as expected:

```bash

ctest

```

In simulation mode run this command instead:

```bash

OE_SIMULATION=1 ctest

```

## Install

From the build directory run:

```bash

ninja install

```

Or if you do not have write permissions for the installation path:

```bash

sudo ninja install

```

## Use

To use the SDK you need to source the `openenclaverc` file to setup environment variables:

```bash

. /opt/edgelessrt/share/openenclave/openenclaverc

```

Now you are ready to build applications with Edgeless RT! To start, check out the [samples](samples).

Also see the [C API documentation](https://edgelesssys.github.io/edgelessrt) and/or the [Go API documentation](https://pkg.go.dev/github.com/edgelesssys/ego).

## Debug

### Logging

Set the environment variable `OE_LOG_LEVEL` to `NONE`, `FATAL`, `ERROR` (default), `WARNING`, `INFO`, or `VERBOSE` to increase or decrease the log level. Set `OE_LOG_DETAILED=1` to enrich the log output with timestamps, thread ids, and stacktrace-like error propagations.

### gdb

![debugging with vscode](docs/go_debugging_vscode.gif)

You can use Open Enclave's `oegdb` to debug enclave code built with Edgeless RT. `oegdb` is automatically installed with Edgeless RT. It also supports Go enclaves.

`oegdb` works great with Visual Studio Code (vscode). For example, use the following configuration to debug the in-enclave Go code from our [HashiCorp Vault sample](samples/vault) in vscode:

```json

{

  "version": "0.2.0",

  "configurations": [

    {

      "name": "(oegdb) Launch",

      "miDebuggerPath": "/opt/edgelessrt/bin/oegdb",

      "type": "cppdbg",

      "request": "launch",

      "program": "/opt/edgelessrt/bin/erthost",

      "args": ["enclave.signed","server","-dev"],

      "stopAtEntry": false,

      "cwd": "${workspaceFolder}/samples/vault/build/",

      "environment": [],

      "externalConsole": false,

      "MIMode": "gdb",

      "setupCommands": [

          {

              "description": "Enable pretty-printing for gdb",

              "text": "-enable-pretty-printing",

              "ignoreFailures": true

          },

          {

              "text": "handle SIGILL nostop"

          }

      ]

    }

  ]

}

```

## Contribute

Read [CONTRIBUTING.md](CONTRIBUTING.md) for information on issue reporting, code guidelines, and our PR process.

[unit-tests]: https://github.com/edgelesssys/edgelessrt/actions

[unit-tests-badge]: https://github.com/edgelesssys/edgelessrt/workflows/Unit%20Tests/badge.svg

[license-badge]: https://img.shields.io/github/license/edgelesssys/edgelessrt

[discord]: https://discord.gg/rH8QTH56JN

[discord-badge]: https://img.shields.io/badge/chat-on%20Discord-blue