edgelesssys/edgelessrt
Folders and files
| Name | Name | Last commit date | ||
|---|---|---|---|---|
Latest commitHistory6,667 Commits | ||||
.github | .github | |||
3rdparty | 3rdparty | |||
dockerfiles | dockerfiles | |||
docs | docs | |||
samples | samples | |||
scripts | scripts | |||
src | src | |||
.clang-format | .clang-format | |||
.cmake-format.json | .cmake-format.json | |||
.gitattributes | .gitattributes | |||
.gitignore | .gitignore | |||
.gitmodules | .gitmodules | |||
CMakeLists.txt | CMakeLists.txt | |||
CODE_OF_CONDUCT.md | CODE_OF_CONDUCT.md | |||
CONTRIBUTING.md | CONTRIBUTING.md | |||
LICENSE | LICENSE | |||
README.md | README.md | |||
VERSION | VERSION | |||
Repository files navigation
Edgeless RT is an SDK for Trusted Execution Environments (TEE) built on top of Open Enclave. It adds support for modern programming languages (in particular Go) and facilitates the porting of existing applications. Currently, hardware-wise, Edgeless RT focuses on Intel SGX. Support for other TEEs will follow as it becomes available in Open Enclave.
Key features of Edgeless RT are:
- Comprehensive support for Go, most existing code runs without changes
- Preferably use EGo to build confidential Go apps.
- Use Edgeless RT if you need more control, e.g., you may want to link some Go code to your C++ app.
- Extended C/C++ support
- More libc and POSIX functions
- More C++17 STL
- pthread and std::thread
- libstdc++ for better compatibility with existing code
- Seamless integration with MarbleRun to create distributed confidential applications
- Experimental support for Rust
Quick Start
If you're on Ubuntu 20.04 or 22.04 and don't want to build the SDK yourself, you can install the binary release:
sudo mkdir -p /etc/apt/keyrings
wget -qO- https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo tee /etc/apt/keyrings/intel-sgx-keyring.asc > /dev/null
echo "deb [signed-by=/etc/apt/keyrings/intel-sgx-keyring.asc arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/intel-sgx.list
sudo apt update
ERT_DEB=edgelessrt_0.4.6_amd64_ubuntu-$(lsb_release -rs).deb
wget https://github.com/edgelesssys/edgelessrt/releases/download/v0.4.6/$ERT_DEB
sudo apt install ./$ERT_DEB build-essential cmake libssl-devThen proceed with Use.
Build
On Ubuntu 20.04 or 22.04, build with:
sudo apt install build-essential clang-11 cmake gdb libssl-dev ninja-build
mkdir build
cd build
cmake -GNinja ..
ninjaTo set a custom installation path (default: /opt/edgelessrt), add, e.g., -DCMAKE_INSTALL_PREFIX=~/edgelessrt-install.
SGX packages
To run your applications in SGX mode, install these packages:
sudo mkdir -p /etc/apt/keyrings
wget -qO- https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo tee /etc/apt/keyrings/intel-sgx-keyring.asc > /dev/null
echo "deb [signed-by=/etc/apt/keyrings/intel-sgx-keyring.asc arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/intel-sgx.list
sudo apt update
sudo apt install libsgx-dcap-ql libsgx-enclave-common libsgx-launchTest
After building, run the following command in the build directory to confirm everything works as expected:
ctestIn simulation mode run this command instead:
OE_SIMULATION=1 ctestInstall
From the build directory run:
ninja installOr if you do not have write permissions for the installation path:
sudo ninja installUse
To use the SDK you need to source the openenclaverc file to setup environment variables:
. /opt/edgelessrt/share/openenclave/openenclavercNow you are ready to build applications with Edgeless RT! To start, check out the samples.
Also see the C API documentation and/or the Go API documentation.
Debug
Logging
Set the environment variable OE_LOG_LEVEL to NONE, FATAL, ERROR (default), WARNING, INFO, or VERBOSE to increase or decrease the log level. Set OE_LOG_DETAILED=1 to enrich the log output with timestamps, thread ids, and stacktrace-like error propagations.
gdb
You can use Open Enclave's oegdb to debug enclave code built with Edgeless RT. oegdb is automatically installed with Edgeless RT. It also supports Go enclaves.
oegdb works great with Visual Studio Code (vscode). For example, use the following configuration to debug the in-enclave Go code from our HashiCorp Vault sample in vscode:
{
"version": "0.2.0",
"configurations": [
{
"name": "(oegdb) Launch",
"miDebuggerPath": "/opt/edgelessrt/bin/oegdb",
"type": "cppdbg",
"request": "launch",
"program": "/opt/edgelessrt/bin/erthost",
"args": ["enclave.signed","server","-dev"],
"stopAtEntry": false,
"cwd": "${workspaceFolder}/samples/vault/build/",
"environment": [],
"externalConsole": false,
"MIMode": "gdb",
"setupCommands": [
{
"description": "Enable pretty-printing for gdb",
"text": "-enable-pretty-printing",
"ignoreFailures": true
},
{
"text": "handle SIGILL nostop"
}
]
}
]
}Contribute
Read CONTRIBUTING.md for information on issue reporting, code guidelines, and our PR process.