📃
Confidential Computing 101
HomeTechnologyTry CC!
  • Welcome
  • Confidential Computing
    • What is Confidential Computing
    • What problems Confidential Computing solves
      • Bare Metal
      • Docker
      • Kubernetes
      • Knative
    • Why Confidential Computing
    • How Confidential Computing works
      • Memory Encryption
      • Workload Attestation
      • Confidential Boot
      • Sealing / Binding
      • Secret Provisioning
    • Technology Overview
    • Cloud Service Providers
  • Technology in depth
    • Intel SGX
      • Getting Started
        • Bare Metal Server Installation
        • Enclave Development Environment
        • Intel SGX SDK Setup
      • Technology
        • 🎭Features
        • 💂Threat Model
        • 🆚Versions
        • 🟦Concepts
          • 🏦Memory Encryption
          • 👮Local and Remote Attestation
          • 🖼️DCAP-Attestation Framework
          • 🔑Secret Key Provisioning
      • enclaive Development Kit
        • 🏢Architecture
        • 🌪️Workflow
        • 🌍Tutorials
          • Azure DCdsv3, DCsv2, or DCsv3 Setup
          • Redis in cK8s
          • MongoDB in cK8s
          • K8s + HashiCorp Vault on Azure DCsv3
      • Vault Remote Attestation Plug-In
        • 🏃‍♂️Initialization
        • 👮Attestation
        • ⚙️Configuration
    • Intel TDX
      • Getting Started
        • Azure
        • AWS
        • GCP
      • Technology
        • History
          • VT
          • TME/MKTME
          • SGX
        • Features
        • Threat Model
        • Concepts
          • Architecture
            • TDX Module
          • Memory Encryption
            • Confidentiality and Integrity
            • Keys and Key Management
          • TD Partitioning
          • DCAP-Attestation
            • Overview
            • Platform Registration
            • Attestation Report
    • AMD SEV
      • Getting Started
        • Azure
        • AWS
        • GCP
      • Technology
        • History
        • Threat Model
        • SME Concepts
          • Use Models
        • SEV-SNP Concepts
          • Features
            • Integrity Threats
            • Reverse Map Table
            • Page Validation
            • Page States
            • Virtual Machine Privilege Levels
            • Interrupt/Exception Protection
            • Trusted Platform Information
            • TCB Versioning
            • VM Launch & Attestation
            • VM Migration
            • Side Channels
          • Use Cases
          • Architecture
            • Encrypted Memory
            • Key Management
          • Software Implications
    • ARM CC
      • Technology
        • Introduction
        • Threat Model
        • Design
        • Comparison
    • Attestation Methods
      • Raw Attestation
      • Raw Attestation with Secure-Boot
      • Raw Attestation with a vTPM
        • AMD Secure VM Service Module and vTPMs
      • Raw Attestation with paravirtualized TPM
  • Resources
    • Youtube
    • Github
    • Products
Powered by GitBook
On this page

Was this helpful?

  1. Technology in depth
  2. Intel SGX
  3. enclaive Development Kit

Architecture

Last updated 1 year ago

Was this helpful?

Enclaive's solution utilizes a libOS-based approach to provision applications within its containers. The libOS is built upon the project, an actively maintained project by Intel, which itself is a fork of the graphene research project originating from Stoney Brook University in 2011. Graphene, in turn, incorporates Intel's SGX SDK, providing drivers, Quoting Enclave (QE), and Provision Certificate Enclave (PCE), along with the Data Center Attestation Primitive (DCAP) framework and system libraries implementing RA-TLS, which bridges the gap and integrates Remote Attestation into the establishment of the standard secure channel protocol TLS.

The execution of the libOS takes place within a pico-process, which encompasses an unmodified application binary and its supporting libraries, running on a dedicated libOS instance. This libOS is designed to abstract host kernel functionality through a generic Application Binary Interface (ABI). This ABI facilitates the implementation of various fundamental abstractions, such as virtual memory, threads, synchronization, byte streams (similar to pipes), a file system, and networking, which can be easily supported on different host operating systems. While Linux serves as the reference host kernel, other platforms can be supported by implementing the corresponding Platform Adaptation Layer (PAL). From a technical perspective, the libOS consists of modified libraries for the Executable and Linkable Format (ELF) linker and (dynamic) loader, libc, and libthread, enabling the issuance of system calls as functions to its own Linux library. The Linux library, in turn, implements these system calls using a variant of the unikernel Drawbridge ABI, provided by the PAL, and relies on calls to the underlying kernel.

Enclaive's confidential containers architecture with Intel SGX

The architecture diagram above illustrates the structure of a Confidential Container and outlines enclaive's framework for enclaving an application. Several key components play vital roles:

Intel's Architectural Enclave Service Manager (AESM)

Serves as the system services management agent for SGX-enabled applications. It encompasses various SGX system components, including remote attestation quote signing for QE, and report certification for PCE.

Gramine

Linked with Intel-provided or customized DCAP and Quote Provider libraries, interfaces with the AESM daemon to generate quotes. It launches the libOS Enclave and provides the host communication layer to access resources. The transparent Compatibility Layer within the enclave performs actions within the enclave memory or verifies host communication, employing measures such as authenticated encryption for persistent modifiable data or integrity hashes loaded during startup as part of the measurement.

Enclaive's Premain

Executes prior to the actual application and establishes an RA-TLS channel to the vault. This facilitates the pre-loading of secrets, including decryption keys for unfolding encrypted persistent files and TLS credentials for cluster authentication. The Attestation Shim seamlessly enclaves binaries and offers provisioned or ephemeral secrets.

With these enhancements, client workloads can now benefit from transparent data storage encryption using provisioned certificates, which can be configured in a file as before. In essence, while the vault and containers continue to operate as they did previously, they can now leverage the advantages provided by SGX.

🏢
gramine