Inclavare - Max Fang's Notes

# Inclavare *A novel container runtime, aka confidential container, for cloud-native confidential computing and enclave runtime ecosystem.* *An open source enclave container runtime and security architecture for confidential computing scenarios.* https://inclavare-containers.io/ Links: [[Alibaba]], [[SGX]] - Built on [[Occlum]] (which is itself built on [[SGX]]) - By [[Alibaba]] - [Github](https://github.com/inclavare-containers/inclavare-containers) (active) - [Website](https://inclavare-containers.io/en/) ## [Website](https://inclavare-containers.io/en/) ![[Pasted image 20220321234210.png]] Inclavare Containers, developed by Alibaba Cloud and Ant Group and cooperated with Intel, is the industry's first open source container runtime for confidential computing. Inclavare Containers significantly reduces the user's threshold for use. A variety of different enclave forms are available, providing more choices and flexibility between safety and cost for end users. ### Origin and History ![[Screen Shot 2022-03-21 at 11.42.35 PM.png]] ## [Listing on Cloud Native Computing Foundation](https://www.cncf.io/projects/inclavare-containers/) Links: [[Cloud Native Computing Foundation]] "Inclavare Containers was accepted to CNCF on September 14, 2021 and is at the **Sandbox project** maturity level." ## [Github](https://github.com/inclavare-containers/inclavare-containers) Inclavare Containers has the following salient features: - Confidential computing oriented. Inclavare Containers provides a general design for the protection of tenant’s workload. - Create the hardware-enforced isolation between tenant’s workload and privileged software controlled by CSP. - Remove CSP from the Trusted Computing Base (TCB) of tenant in untrusted cloud. - Construct the general attestation infrastructure to convince users to trust the workloads running inside TEE based on hardware assisted enclave technology. - OCI-compliant. The component `rune` is [fully compliant](https://github.com/opencontainers/runtime-spec/blob/master/implementations.md#runtime-container) with OCI Runtime specification. - Cloud platform agnostic. It can be deployed in any public cloud Kubernetes platform. Inclavare Containers is a [sandbox project](https://www.cncf.io/projects/inclavare-containers/) of the [Cloud Native Computing Foundation (CNCF)](https://www.cncf.io/). If you are an organization that wants to help shape the evolution of technologies that are container-packaged, dynamically-scheduled and microservices-oriented, consider joining the CNCF. ### Architecture Inclavare Containers follows the classic container runtime design. It takes the adaption to [containerd](https://github.com/containerd/containerd) as first class, and uses dedicated [shim-rune](https://github.com/alibaba/inclavare-containers/tree/master/shim) to interface with OCI Runtime [rune](https://github.com/alibaba/inclavare-containers/tree/master/rune). In the downstrem, [init-runelet](https://github.com/inclavare-containers/inclavare-containers/blob/master/docs/design/terminology.md#init-runelet) employs a novel approach of launching [enclave runtime](https://github.com/inclavare-containers/inclavare-containers/blob/master/docs/design/terminology.md#enclave-runtime) and trusted application in hardware-enforced enclave. ![[Pasted image 20220321234613.png]] The major components of Inclavare Containers are: - rune rune is a CLI tool for spawning and running enclaves in containers according to the OCI specification. rune is already written into [OCI Runtime implementation list](https://github.com/opencontainers/runtime-spec/blob/master/implementations.md#runtime-container). Links: [[Open Container Initiative]] - shim-rune shim-rune resides in between containerd and `rune`, conducting enclave signing and management beyond the normal `shim` basis. In particular shim-rune and `rune` can compose a basic enclave containerization stack for confidential computing, providing low barrier to the use of confidential computing and the same experience as ordinary container. Please refer to [this doc](https://github.com/inclavare-containers/inclavare-containers/blob/master/shim/README.md) for the details. - enclave runtime The backend of `rune` is a component called enclave runtime, which is responsible for loading and running trusted and protected applications inside enclaves. The interface between `rune` and enclave runtime is [Enclave Runtime PAL API](https://github.com/inclavare-containers/inclavare-containers/blob/master/rune/libenclave/internal/runtime/pal/spec.md), which allows invoking enclave runtime through well-defined functions. The softwares for confidential computing may benefit from this interface to interact with cloud-native ecosystem. One typical class of enclave runtime implementations is based on Library OSes. Currently, the recommended enclave runtime interacting with `rune` is [Occlum](https://github.com/occlum/occlum), a memory-safe, multi-process Library OS for Intel SGX. And another typical class of enclave runtime is [WebAssembly Micro Runtime (WAMR)](https://github.com/bytecodealliance/wasm-micro-runtime) with Intel SGX, a standalone WebAssembly (WASM) runtime with a small footprint, including a VM core, an application framework and a dynamic management for WASM applications. In addition, you can write your own enclave runtime with any programming language and SDK (e.g, [Intel SGX SDK](https://github.com/intel/linux-sgx)) you prefer as long as it implements Enclave Runtime PAL API. ### Attestation Inclavare Containers implements Enclave Attestation Architecture (EAA), a universal and cross-platform remote attestation infrastructure. EAA can prove that sensitive workloads are running on a genuine and trusted hardware TEE based on confidential computing technology. The formal design of EAA will be published for RFC. ![[Pasted image 20220321234712.png]] The major components of EAA are: - [Rats-TLS](https://github.com/alibaba/inclavare-containers/tree/master/rats-tls) `Rats-TLS` enhances the standard TLS to support the trusted communications between heterogeneous hardware TEEs based on confidential computing technology, which is evolved from the [ra-tls (deprecated)](https://github.com/alibaba/inclavare-containers/tree/master/ra-tls). Even a non-hardware TEE platforms using `Rats-TLS` can communicate with a hardware TEE, e.g, SGX Enclave, through the attested and secured channel to transmit the sensitive information. In other words, the boundary of TCB is extended from execution environment to network transmission with `Rats-TLS`. In addition, `Rats-TLS` has an extensible model to support various hardware TEE. Refer to [this design doc](https://github.com/inclavare-containers/inclavare-containers/blob/master/rats-tls/docs/design/design.md) for more details. - Confidential Container Confidential container in the form of the enclave runtime `Occlum` responds to the request from `Inclavared`, and then sends back the attestation evidence of confidential container to `Inclavared`. Confidential container plays the role of the attester. - [Inclavared](https://github.com/alibaba/inclavare-containers/tree/master/inclavared) `Inclavared` is responsible for forwarding the traffic between the confidential container and `Shelter`. The communication process is protected by the attested `Enclave-TLS` channel. - [Shelter](https://github.com/alibaba/inclavare-containers/tree/master/shelter) `Shelter`, as the role of the verifier deployed in the off-cloud, records the launch measurements of enclave runtime, and afterward establishes the attested `Enclave-TLS` channel to communicate with `Inclavared`. Eventually, it retrieves the evidence about enclave runtimes for verification. ### Non-core components - sgx-tools sgx-tools is a CLI tool, used to interact Intel SGX AESM service to retrieve various materials such as launch token, quoting enclave's target information, enclave quote and remote attestation report from IAS. Refer to [this tutorial](https://github.com/inclavare-containers/inclavare-containers/blob/master/sgx-tools/README.md) for the details about its usage. - epm epm is a service that is used to manage the cache pools to optimize the startup time of enclave. Refer to [this tutorial](https://github.com/inclavare-containers/inclavare-containers/blob/master/epm/README.md) for the details about its usage.