Open Enclave - Max Fang's Notes

# Open Enclave *Build Trusted Execution Environment based applications to help protect data in use with an open source SDK that provides consistent API surface across enclave technologies as well as all platforms from cloud to edge.* https://openenclave.io/sdk/ Links: [[Microsoft]] - [Main repo](https://github.com/openenclave/openenclave) - [API docs v0.17.0](https://openenclave.io/apidocs/v0.17/) - Only works for [[C]] and [[C++]] ### Github Readme The Open Enclave SDK is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. Open Enclave (OE) is an SDK for building enclave applications in C and C++. An enclave application partitions itself into two components: - An untrusted component (called the host) and - A trusted component (called the enclave). ## [Website](https://openenclave.io/sdk/) ### What is Open Enclave SDK? Confidential computing is an ongoing effort to protect data throughout its lifecycle at rest, in transit and now in use. With the use of Trust Execution Environments, customers can build applications that protect data from outside access while in use. Open Enclave SDK is an open source SDK targeted at creating a single unified enclaving abstraction for developer to build Trusted Execution Environment (TEEs) based applications. As TEE technology matures and as different implementations arise, the Open Enclave SDK is committed to supporting an API set that allows developers to build once and deploy on multiple technology platforms, different environments from cloud to hybrid to edge, and for both Linux and Windows. ### Trusted Execution Environment(TEE) Based Application Development ![[Pasted image 20220215010658.png]] An enclave application partitions itself into two components (1) an untrusted component (called the host) and (2) a trusted component (called the enclave). The host component runs unmodified on the untrusted operating system, while the trusted component runs within the enclave, the protected container provided by a TEE implementation. These protections allow enclaves to perform secure computations with assurances that secrets will not be compromised. ### Core Tenets #### Universal Generalize enclave application model to minimize hardware/software specific concepts #### Pluggable Componentization to support desired runtimes and crypto libraries #### Standardized Remove hardware vendor specific signing and verification requirements #### Multi-platform Design with multiple software platforms, Windows and Linux, in mind #### Compatible Easier enablement of redistributable applications #### Open Open source and a standard for secure enclave-based application development ### Supported SDK Functionality #### ✔Enclave creation and management Function calls to manage the lifecycle of an enclave within your application #### ✔Enclave measurement and identity Expressions of enclave measurement and identity #### ✔Communication Mechanisms for defining call-ins and call-outs and the data marshalling associated with them #### ✔System primitives System primitives exposed by enclave runtime, such as thread and memory management #### ✔Sealing Functions to support persistence of secrets #### ✔Attestation Functions to support verification of identity #### ✔Runtime and cryptographic libraries Pluggable libraries to provide the necessary language and cryptographic support within an enclave ### Getting Started #### [Install the Linux SDK Package on Ubuntu 20.04](https://github.com/openenclave/openenclave/blob/master/docs/GettingStartedDocs/install_oe_sdk-Ubuntu_20.04.md) Install the Open Enclave SDK package on Ubuntu 20.04 #### [Install the Linux SDK Package on Ubuntu 18.04](https://github.com/openenclave/openenclave/blob/master/docs/GettingStartedDocs/install_oe_sdk-Ubuntu_18.04.md) Install the Open Enclave SDK package on Ubuntu 18.04 #### [Install the Windows SDK Package](https://github.com/openenclave/openenclave/blob/master/docs/GettingStartedDocs/install_oe_sdk-Windows.md) Install the Open Enclave SDK package on Windows Server 2019 #### [Clone the Repo](https://github.com/openenclave/openenclave) Clone the Open Enclave SDK repo