View on GitHub

Open Enclave SDK

Build Trusted Execution Environment based applications to help protect data in use with an open source SDK that provides consistent API surface across enclave technologies as well as all platforms from cloud to edge.

What is Open Enclave SDK?

Confidential computing is an ongoing effort to protect data throughout its lifecycle at rest, in transit and now in use. With the use of Trust Execution Environments, customers can build applications that protect data from outside access while in use. Open Enclave SDK is an open source SDK targeted at creating a single unified enclaving abstraction for developer to build Trusted Execution Environment (TEEs) based applications. As TEE technology matures and as different implementations arise, the Open Enclave SDK is committed to supporting an API set that allows developers to build once and deploy on multiple technology platforms, different environments from cloud to hybrid to edge, and for both Linux and Windows.

Trusted Execution Environment(TEE) Based Application Development

An enclave application partitions itself into two components (1) an untrusted component (called the host) and (2) a trusted component (called the enclave). The host component runs unmodified on the untrusted operating system, while the trusted component runs within the enclave, the protected container provided by a TEE implementation. These protections allow enclaves to perform secure computations with assurances that secrets will not be compromised.

Core Tenets

Universal

Generalize enclave application model to minimize hardware/software specific concepts

Pluggable

Componentization to support desired runtimes and crypto libraries

Standardized

Remove hardware vendor specific signing and verification requirements

Multi-platform

Design with multiple software platforms, Windows and Linux, in mind

Compatible

Easier enablement of redistributable applications

Open

Open source and a standard for secure enclave-based application development


Supported SDK Functionality

✔Enclave creation and management

Function calls to manage the lifecycle of an enclave within your application

✔Enclave measurement and identity

Expressions of enclave measurement and identity

✔Communication

Mechanisms for defining call-ins and call-outs and the data marshalling associated with them

✔System primitives

System primitives exposed by enclave runtime, such as thread and memory management

✔Sealing

Functions to support persistence of secrets

✔Attestation

Functions to support verification of identity

✔Runtime and cryptographic libraries

Pluggable libraries to provide the necessary language and cryptographic support within an enclave

Getting Started

Install the Linux SDK Package on Ubuntu 20.04

Install the Open Enclave SDK package on Ubuntu 20.04

Install the Windows SDK Package

Install the Open Enclave SDK package on Windows Server 2019

Clone the Repo

Clone the Open Enclave SDK repo