The Linux Foundation Projects
Skip to main content
All Posts By

Confidential Computing Consortium

Welcoming Sal Kimmich to the Confidential Computing Consortium

By Announcement, Blog, In The News No Comments

The Linux Foundation’s Confidential Computing Consortium (CCC) is proud to announce Sal Kimmich joining as the Technical Community Architect. Sal’s career started by sharing Python scripts with other computational neuroscientists in the wild world of supercomputing. A decade later, they are still paying attention to the algorithmic side of open source tech.  

Before joining CCC, Sal worked as a scalable SecDevOps Machine Learning engineer and brought those contributions to the Cloud Native Computing Foundation (CNCF) and the Open Source Security Foundation (OpenSSF). They have focused on practical automation around security best practices that make the maintainer’s lives easier, like Security Slams.  

At CCC,  we are building the landscape for Trusted Execution Environments (TEEs) at the Linux Foundation as it becomes as Confidential Computing becomes foundational to cross-industry security practicesConfidentiality of data in use is also a cornerstone of digital progress: having hardware level trust in compute is critical to the wave of critical technologies in both edge and cloud. 

Sal’s vision for CCC is clear – to make maintainers’ work enjoyable and rewarding, to create tech demos that dazzle, and to showcase the world-class Open Source Projects enabling secure computation. 2024 marks the start of an incredible year of compute, collaboration and community expansion ahead, as runtime security takes the spotlight in emerging tech. 

Unifying Remote Attestation Protocol Implementations

By Blog, Featured Article No Comments

Shanwei Cen (@shnwc), Dan Middleton (@dcmiddle)

We’re excited to announce some recent attestation news. One of the hallmarks of confidential computing is the ability to build trusted communication with an application running in a hardware-based trusted execution environment. To make attestation easily accessible it can be incorporated into common protocols. That way developers don’t need to figure out all the details to build a secure protocol themselves. One of these protocols is called Remote Attestation TLS (RA-TLS), which builds on the ubiquitously used Transport Layer Security protocol underlying most secure internet communication. It turns out several projects independently implemented RA-TLS with tiny but incompatible differences. In the CCC Attestation SIG, we’ve agreed on and, in some cases, already implemented changes to make them all be able to interoperate.

The CCC Attestation SIG is chartered to develop attestation-related software aimed at improving interoperability, and to achieve harmonization and de-fragmentation between multiple projects. One approach is to identify and review projects in SIG meetings, propose improvements for interoperability and standardization, and work with these projects for implementation and tests. Interoperable RA-TLS is a great example showcasing how the SIG delivers on its charter.

RA-TLS (Remote Attestation TLS) architecture is defined in the white paper Integrating Remote Attestation with Transport Layer Security, to enable Intel® Software Guard Extensions (Intel® SGX) remote attestation during the establishment of a standard Transport Layer Security (TLS) connection. In a TLS server / client scenario, the TLS server runs inside an SGX enclave. It generates a public-private keypair, creates an SGX report with a hash of the public key in its user-data field, and gets an SGX quote for this report. It then creates an X.509 certificate with a custom extension containing this SGX quote. This customized certificate is sent to a TLS client in the TLS handshake protocol. The client gets the SGX quote from the certificate and performs remote attestation to verify that the connected server runs inside an authentic Intel® SGX enclave.

There are a few aspects of RA-TLS architecture that were not covered in this white paper. Some of the gaps include the specific X.509 extension OID value for the SGX quote, the supported types of SGX quote, and how the public key is hashed. Additionally, since the white paper was published, new TEEs like Intel® Trust Domain Extensions (Intel® TDX) and new quote formats have become available. The level of specificity in the RA-TLS paper left room for incompatibility between different implementations and prevented their interoperability.

RA-TLS has been supported in multiple open-source projects, including Gramine, RATS-TLS, Open Enclave Attested TLS, and SGX SDK Attested TLS. The CCC Attestation SIG invited these projects to its meetings for review, and recommended further investigation to look into harmonization between them for interoperability. Following up on this recommendation, we conducted an in-depth investigation and identified areas of incompatibility. We documented our findings, created a draft proposal for an interoperable RA-TLS architecture, and presented our work back to the SIG.

Based on the interoperable RA-TLS draft proposal, we refined the design, and aligned it with the upcoming DICE Attestation Architecture v1.1 draft standard on X.509 extension OID value and evidence format definition (as a tagged CBOR byte string). We created an CCC Attestation SIG github project interoperable-ra-tls to host the design documents and interoperability tests. This project also facilitates discussion among members of the RA-TLS projects and the CCC Attestation SIG community in general. In addition, we registered the needed CBOR tags with the IANA registration service. In the process, we provided feedback to the DICE Attestation Architecture workgroup for refinement of their draft standard specification.

Great progress has been made to implement this proposed interoperable RA-TLS scheme in the RA-TLS projects. We’ve worked with all the projects to create issues and pull requests for their implementations. Especially, as discussed in some of the interoperable-ra-tls project issues, Gramine and RATS-TLS have completed their implementation, and have been active in interoperability tests.

In summary, the interoperable RA-TLS work demonstrated the value of the CCC Attestation SIG in providing a constructive forum to collaborate on attestation technology. We invite you to try out the new unified implementations in Gramine and RATS-TLS. If you are interested in getting more involved, please join us at the CCC Attestation SIG or any other facet of our Confidential Computing Consortium open source community. All are welcome here.

CCC Newsletter – February 2023

By Newsletter No Comments

Welcome to the February 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium. This newsletter is also available on our website.

Recent Events

FOSDEM

The Confidential Computing Consortium participated at the Confidential Computing devroom at FOSDEM on the 4th and 5th of February. The event was organized by Jo Van Bulck and Fritz Alder, from the University of Leuven, Belgium, and Fabiano Fidencio, from Intel. This was the fourth edition of this devroom at FOSDEM. The event was very successful. The devroom, with a capacity for 80 attendees, was mostly full throughout the day. Half of the people in the devroom have heard of Confidential Computing and many of the speakers were members of the CCC. Jo and Fritz highlighted the importance of bringing developers and academia together around Confidential Computing. There was also a social event organized by Richard Searle, Chair of the EUAC.

State of Open Con

The Confidential Computing Consortium participated at the State of Open Con in London on the 7th and 8th of February. This was the first conference of its kind being organized by OpenUK and it was located at the Queen Elizabeth II Centre, in the heart of London. Amanda Brock, the Executive Director of OpenUK, kicked off the event with a keynote. Other keynote speakers included Jimmy Wales, Founder of Wikipedia, Camille Gloster, Deputy National Cyber Director from the White House, and Eric Brewer, VP Infrastructure & Google Fellow. The CCC had a booth where Nick Vidal, the CCC Outreach Chair, was joined by Liz Moy (Evervault). There was good engagement at the booth, with the presentation of demo use cases that resonated with attendees. Stephen Walli, the CCC Chair, was also present and gave a talk entitled “What do we mean by Open Governance?” Mike Bursell, co-founder of the Enarx project, gave an entertaining talk on ConfidentialComputing.

CCC Webinar: Confidential Computing in Financial Services

The last CCC webinar that happened this month of February is already available online. Featured speakers include Bessie Chu (Cape Privacy), Gavin Uhma (Cape Privacy), Mark F. Novak (JP Morgan Chase), and Richard Searle (Fortanix).

Upcoming Events

OC3

The Confidential Computing Consortium is a sponsor of the Open Confidential Computing Conference (OC3). The online conference will take place on the 15th of March. Registration is free. Stephen Walli, Chair of the CCC, will give one of the keynotes. The main keynote “Industry Perspectives: the impact and future of confidential computing” features Ian Buck, VP of Hyperscale and HPC at NVIDIA, Mark Papermaster, CTO & EVP at AMD, Mark Russinovich, CTO at Microsoft Azure, and Greg Lavender, CTO of Intel.

Confidential Computing Summit

The Confidential Computing Consortium is a co-organizer of the Confidential Computing Summit. The event will take place in San Francisco on the 29th of June. The Confidential Computing Summit brings together experts, innovators, cloud providers, software and hardware providers, and user organizations from all industries to accelerate key initiatives in confidential computing. Call for Speakers are open.

White Papers & Reports

The National Cybersecurity Center of Excellence (NCCoE) has released a draft report, NIST Interagency Report (NISTIR) 8320D, Hardware Enabled Security: Hardware-Based Confidential Computing, for public comment. The public comment period for this draft is open through April 10, 2023. Abstract from the report: In today’s cloud data centers and edge computing, attack surfaces have shifted and, in some cases, significantly increased. At the same time, hacking has become industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computing security strategy should be securing the platform on which data and workloads will be executed and accessed. The physical platform represents the first layer for any layered security approach and provides the initial protections to help ensure that higher-layer security controls can be trusted. This report explains hardware-enabled security techniques and technologies that can improve platform security and data protection for cloud data centers and edge computing.

Technical Advisory Committee

As part of 2023 goals, the TAC is looking to increase the impact of the CCC in the ecosystem:

  • Cross-project Integration event for discussion.
  • Portfolio growth and maturity, hosting projects that are adopted by the community. Look into new projects from member companies and academic research.
  • Cross-org and Cross-SIG coordination.
  • Outbound education and DCI revisit.

– Dan Middleton, TAC Chair (2023)

Outreach Committee

The CCC Outreach Committee has brought in Jake Orlowitz (WikiBlueprint) as the Wikipedia consultant with the goal of facilitating the creation of a top-quality Wikipedia article on Confidential Computing on English Wikipedia using an efficient participatory approach. As a result of this collaborative participation, Mike Ferron-Jones (Intel) has shared a Wikipedia article draft.

The CCC Outreach Committee has also brought Noah Lehman (Linux Foundation) as a social media consultant with the goal of facilitating the creation of top-quality posts on Twitter and LinkedIn. In collaboration with CCC members, he’ll create up to 8 on-demand social posts per month (this includes social posts promoting ad-hoc announcements, events, news and initiatives) and up to 4 on-demand social posts per month shared on Linux Foundation social media. Noah has shared the Social Media plan with the CCC.

Kate George (Intel) has volunteered to help with the CCC Event Strategy. She highlighted 5 event objectives: 1. Raise awareness of Confidential Computing & Open-source projects under the foundation, and participating companies; 2. Accelerate the adoption of Confidential Computing; 3. Present panels, talks, and demo cases to targeted audiences – security, health care, financial services, and government. (Consider compliance piece too); 4. Recruit new members or projects; and 5. Foster collaboration and open-source. Kate and Nick Vidal have shared the Event Strategy slides and List of Events.

– Nick Vidal, Outreach Chair (2023)

ProjectsEnarxThe Enarx project is looking for a custodian, as Profian had to close its doors. Both Profian and Red Hat have invested heavily on the development of Enarx, which has reached a good stable release with a number of key components to establish the foundations for a comprehensive Confidential Computing solution. The Linux Foundation is providing full support to the project.
GramineGramine version 1.4 has been released, with important new features, including support for EDMM (Enclave Dynamic Memory Management), and performance improvements. Key milestones for 2023 include support communication with hardware accelerators (GPUs), support dynamic thread creation/destruction, support additional runtimes and workloads, integration with confidential container deployments (Kata containers, enclave-CC), interoperate with RA-TLS (standardization), support additional TEE backends (Intel TDX), and explore coarse-grained partitioning for certain I/O bound applications (DPDK).
KeystoneKeystone aims to enable TEE on (almost) all RISC-V processors. It’s very popular in academia, gaining 133 yearly citations (+28% YoY), however in the past year four students from UCB working on Keystone have graduated and left the project. Key milestones for 2023 include better application support (dynamic library), parity with industry standards, increase dev board accessibility, and work closely with the RISC-V AP-TEE working group. 

Thanks,

The Confidential Computing Consortium

CCC Newsletter – January 2023

By Newsletter No Comments

Welcome to the January 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium. This newsletter is also available on our website.

Introduction

The start of the new year is the perfect opportunity to reflect about the year that has passed and what we have accomplished collectively in 2022. It has been a pivotal year for the CCC in many regards. Please check the updates from the Technical Advisory Committee, the Outreach Committee, the CCC projects, and the Special Interest Groups.

New Members

Cape Privacy and Canonical joined the Confidential Computing Consortium.

Cape Privacy is a confidential computing platform to easily run serverless functions on encrypted data. Cape empowers developers to build secure applications which protect the underlying data and code from the cloud.

Canonical is committed to enabling Ubuntu users to leverage the strong run-time confidentiality and integrity guarantees that confidential computing provides. The mission of the Confidential Computing Consortium of driving cross-industry open source software, standards and tools greatly resonates with us and we are really excited to have joined its members.

Upcoming Events

FOSDEM

The Confidential Computing Consortium will be participating at the Confidential Computing devroom at FOSDEM. A social event is being sponsored by the CCC on the 4th of February.

State of Open Con

The Confidential Computing Consortium will have a table at the State of Open Con, a conference being organized by OpenUK in London on the 7-8th of February.

CCC Webinar: Confidential Computing in Financial Services

The next CCC webinar will happen on February 16 at 8:00 am PT. Featured speakers include Bessie Chu (Cape Privacy), Gavin Uhma (Cape Privacy), Mark F. Novak (JP Morgan Chase), and Richard Searle (Fortanix).

White Papers & Reports

The Confidential Computing Consortium has published the Common Terminology for Confidential Computing. As more companies and open source projects begin to use similar terms to describe similar paradigms that build upon hardware-based, attested Trusted Execution Environments (TEEs), it will be increasingly important that vendors use consistent terminology that describes the ways in which these new capabilities are applied within different functional domains.

Technical Advisory Committee

It was a busy year for the Technical Advisory Council (TAC). We had a number of goals for the year across the spectrum of maturing our projects to collaborating with other open organizations to acting on our diversity & inclusion plans. Attestation was a pronounced theme for the year. We revised the definition of Confidential Computing to include attestation as an essential element. The TAC approved the Veraison project which focuses on building blocks for attestation verification. We created the Attestation SIG last year and throughout 2022, it found its legs and created a good deal of content. You can browse our meeting recordings and presentations for a series of talks on Secure Channels and Attestation Formats. An outcome of this sharing led to two additional initiatives. CCC projects Gramine, Occlum, and Open Enclave SDK all rely on separate implementations of “Remote Attestation TLS.” The independent implementations were not interoperable. The Attestation SIG helped uncover and resolve variations arriving at a proposal to harmonize the implementations of those projects. Contributors to the SIG are also creating an Attested TLS proof of concept based on a similar design. We look forward to attestation of TEEs becoming a fundamental part of communications as Confidential Computing becomes pervasive.

Harmonization was not unique to the Attestation SIG. The TAC also engaged with a variety of organizations looking for opportunities for collaboration and coordination. We hosted speakers from RISC-V, MPC Alliance, IETF, TCG, CDCC, TrustedComputing.org, HomomorphicEncryption.org, PCI SIG WG, and the OCP Security SIG. In fact, most of our TAC meetings host a Tech Talk and our meetings have become a place for learning a variety of security related technical topics. As an open collaborative community, everyone is welcome to join our meetings or view the recordings. We hope to see you in one in 2023.

The TAC also had direct collateral outputs. In addition to revising our primary whitepaper, we also generated a new whitepaper which is going through the final layout. That paper focuses on terminology to give greater clarity to the different ways Confidential Computing artifacts can be packaged and what that should imply to a consumer. We were also able to collectively form a response to the OSTP’s request for comments on Privacy Enhancing Technologies (PETs).

This government interaction suggested a broader need for similar discourse. The TAC subsequently approved the creation of a Governance, Risk, and Compliance SIG. This newly chartered SIG already has representation from representatives from Meta, Microsoft, Intel, NVidia, Arm, CSA, JPMorgan Chase, Anjuna and others.

Of course, as an open source organization, our main focus is on open source projects. This year the TAC provided projects with additional resources. Our focus on diversity and inclusion took a few forms. Each of the projects were introduced to D&I training specifically for open source provided by the Linux Foundation. We made Outreachy internships available and Veracruz and Enarx piloted this membership program for the rest of the CCC. As the year progressed we created other resources for projects – increasing funding for CI, creating conference travel funding for projects, and making additional security tooling available.

All in all it has been a very productive year for the Technical Advisory Council, our SIGs, and our projects. We have a number of ambitious goals coming together for 2023 and will communicate those in a future blog.

– Dan Middleton, TAC Chair (2023)

Outreach Committee

2022 was a year of two halves. While the effects of COVID restrictions were still being felt in the first half of the year, things really turned around in the summer, and by the end of the year life was back to pre-COVID levels in most regions of the world. The outreach committee had to be nimble and adapt to the changing circumstances. In some ways, some of the impetus was to lay the foundation to hit the ground running again in 2023.

The committee implemented multiple important initiatives during this time including:

  • For the second year in a row, CCC sponsored the OC3 Summit, a virtual Open Confidential Computing Conference held in early 2022.
  • Building brand awareness and visibility in industry events like RSA. We were able to negotiate a co-marketing arrangement at no cost, whereby RSA promoted the CCC on their website, and in promotions, and CCC did the same for RSA. We’ll have a similar arrangement with RSA in 2023 as well.
  • Expanding our presence to Latin America, participating at Roadsec 2022 in Sao Paulo, the biggest hacker festival in Latin America. 
  • After a hiatus due to COVID, CCC had a presence at Black Hat USA, in Las Vegas. This included a meeting room where we received visitors wanting to learn and/or get engaged with CCC. In addition we also got exposure in some of the member booths at the show, by way of presentations, CCC handouts etc.
  • We were also able to get brand visibility at the Crypto & Privacy Village at DEF CON 2022.
  • Rekindled industry analyst interactions including recent briefing with ABI Research, and communications with Gartner, Forrester, IDC, 451 Research, OMDIA, Nemertes and other Tier 2/3 analyst firms
  • Secured a speaking spot for the consortium in the Keynote segment of the upcoming OC3 event in March 2023
  • Signed up a consultant to greatly increase our social media activities starting Jan 2023
  • Shortlisted a consultant to help guide the committee to get Confidential Computing on Wikipedia
  • Made good progress on content refresh of our website, with the updates scheduled to be rolled out in March 2023

The committee is very excited about the foundation that has been laid, and we are looking forward to a highly successful 2023!

– Ravi Sharma, Outreach Chair (2022)

ProjectsPlease find updates from the CCC projects below:

Special Interest Groups
Please find updates from the SIGs below:

Thanks,

The Confidential Computing Consortium

CCC at Black Hat and DEF CON 2022

By Blog, CCC Events No Comments

The Confidential Computing Consortium (CCC) was present at the 25th edition of Black Hat USA and the 30th edition of DEF CON.

At Intel’s booth for Black Hat, there was a big effort towards bringing awareness to Confidential Computing, including the distribution of outreach material from the Confidential Computing Consortium, as well as sessions from Anjuna (“Confidential Computing 101”) and Fortanix (“Confidential Computing AI & Intel SGX: accelerating the use of AI/ML”).

One of the highlights of Black Hat was the responsible disclosure of the ÆPIC Leak by researchers Pietro Borrello (Sapienza University of Rome) and Andreas Kogler (Graz University of Technology) and their collaboration with Intel to mitigate the vulnerability. After their session at Black Hat, the researchers and their colleagues met with the Confidential Computing Consortium representatives and shared how they worked closely together with Intel to follow responsible vulnerability disclosure practices. Intel has provided a microcode update for processors with Intel SGX to enable support to clear buffers and mitigate potential exposure of sensitive stale data when exiting Intel SGX enclaves.

At DEF CON, the Confidential Computing Consortium was mostly present at the Crypto and Privacy Village, which provides a forum for the hacker community to share knowledge and discuss cryptography and privacy.

Community members of the Enarx project gave two talks at the Crypto and Privacy Village: “Owned or pwned? No peekin’ or tweakin’!” and “Cryptle: a secure multi-party Wordle clone with Enarx”. The talks were presented by Richard Zak, Tom Dohrman, and Nick Vidal, with assistance from Ben Fischer from Red Hat.

We would like to thank attendees and organizers of Black Hat, DEF CON, the Crypto and Privacy Village, as well as staff and members of the Confidential Computing Consortium, including representatives from Anjuna, Fortanix, Intel, Profian, and Red Hat/IBM.

Response by the CCC to the Office of Science and Technology Policy’s RFI on Advancing Privacy-Enhancing Technologies

By Blog No Comments

July 7, 2022

To Whom It May Concern:

Please consider the following submission to the Request for Information on Advancing Privacy-Enhancing Technologies from the Confidential Computing Consortium. The Confidential Computing Consortium (https://confidentialcomputing.io) is a Linux Foundation project “to accelerate the adoption of Trusted Execution Environment (TEE) technologies and standards” and has a diverse membership of hardware and software vendors and cloud service providers (https://confidentialcomputing.io/members/). This response was prepared by the group’s Technical Advisory Council with participation from across the membership, and ratified by its Governing Board. The Linux Foundation is a non-profit organization registered in the United States as a 501(c)(6).

The Confidential Computing Consortium has a mandate to engage with governments, standards agencies and regulatory agencies to encourage adoption of Confidential Computing, as well as work with the larger ecosystem and engage with existing and potential end-users of the technologies. It also works with open source projects to further development of implementations. The Confidential Computing Consortium is committed to encouraging open source implementations of Confidential Computing technologies to ensure wide-spread adoption, scalable community involvement, transparency of process, increased security and ease of auditing by relevant interested parties and authorities.

The Confidential Computing Consortium welcomes collaboration with governmental and non-governmental organizations and has mechanisms in place to provide appropriate membership, as well as open technical participation without any membership requirement.

Sincerely,
Stephen R. Walli
Confidential Computing Consortium, Governing Board Chair

Read the response here.

Roadsec: LATAM’s largest hacker conference

By Blog No Comments

The Confidential Computing Consortium (CCC) was one of the 10 communities selected to be part of Roadsec, LATAM’s largest hacker conference. Over 5000 participants were present at this in-person conference held in Sao Paulo.

Roadsec started as meetups about cyber-security that were organized across different cities (thus the name Roadsec, as speakers were always on the road). Every year the community gathers in Sao Paulo for the main conference.

Sao Paulo is considered an alpha global city and serves as Latin America’s financial and technological hub. Major banks and cloud service providers have their headquarters and data centers in this city.

Nick Vidal, CCC’s Outreach Committee Co-Chair, was at the conference promoting the CCC and also inviting participants to the Cryptle Hack Challenge, a secure multi-player Wordle clone that demonstrates how Confidential Computing works.

Roadsec organizers were kind enough to provide the CCC a booth to present this emerging technology called Confidential Computing, which protects data in use by performing computation in a hardware-based Trusted Execution Environment. These secure and isolated environments prevent unauthorized access or modification of applications and data while in use, thereby increasing the security assurances for organizations that manage sensitive and regulated data.

Recently, there have been many serious cyber attacks in Brazil, including the leakage of sensitive patient data from DATASUS and sensitive client data from Banco Pan. Confidential Computing could have helped prevent these data leakages.

CCC Project Updates

By Blog No Comments

Check out what the CCC Projects have been up to!

Gramine

Gramine project (formerly known as Graphene) will release a new stable version v1.2 in upcoming weeks.

Gramine is a library OS that enables protecting sensitive workloads with Intel® Software Guard Extensions (Intel® SGX). Gramine runs unmodified Linux applications on Intel® SGX out of the box and provides all functionality required for end-to-end protection of workloads: remote SGX attestation, transparent encryption of security-critical files, secure multi-processing. Gramine follows a “lift-and-shift” paradigm for running unmodified applications: to “graminize” the application, it is enough to write a so-called *manifest* file that reflects a runtime configuration of the protected application. Gramine also supports Docker integration via a tool called Gramine Shielded Containers (GSC) and provides a growing set of curated applications, runtimes and frameworks.

In comparison to the previous release, Gramine v1.2 introduces a major overhaul of the FS subsystem. In particular, the Protected Files (PF) feature was significantly reworked. A new manifest syntax allows to mark whole FS mounts for encryption. The PF feature is now available not only in the SGX mode of Gramine, but also in the direct mode, for ease of debugging. We also added support for renaming PFs, memory mapping them with read-write permissions and encrypting them with different user-supplied encryption keys. As a side effect of this rework, multiple bugs in the FS and PF subsystems were fixed.

Additionally, Gramine v1.2 introduces a final reworked CPU/NUMA topology feature (previously marked as experimental). Now, CPU/NUMA topology is securely forwarded inside a Gramine SGX enclave and enabled by default. Among other improvements in Gramine, we highlight better support for CentOS/Fedora/RHEL Linux distributions and the update of the EPID SGX attestation tools to use IAS API v4. We also added a Rust example (a simple web server that uses hyper and tokio crates), as well as a new Python example for SGX quote retrieval.

Along with this technical work, Gramine was presented in different forums and featured in articles and blog posts:

– Gramine talk at the FOSDEM’22 conference: https://fosdem.org/2022/schedule/event/tee_gramine/

– Gramine talk at a Confidential Computing Consortium (CCC) webinar:  https://confidentialcomputing.io/webinar-gramine/

– Highlighted in several use cases and projects at the Open Confidential Computing Conference (OC3 2022) conference: https://www.oc3.dev/program

– Integration with Open Federated Learning (OpenFL) framework: https://medium.com/openfl/a-path-towards-secure-federated-learning-c2fb16d5e66e

– Integration with IBM/Gematik e-Prescription solution: https://github.com/eRP-FD/vau-base-image

– Reference solutions with Gramine as part of the Confidential Computing Zoo (CCZoo): https://github.com/intel/confidential-computing-zoo

– Whitepaper “Computation offloading to hardware accelerators in Intel SGX and Gramine Library OS”: https://arxiv.org/abs/2203.01813

– Blog post “How Open Source Gramine Accelerates Expanding Confidential Computing Market”: https://www.linkedin.com/pulse/how-open-source-gramine-accelerates-expanding-confidential-mona-vij/?trk=articles_directory

– A series of technical blog posts: https://gramineproject.io/blog/

For more information on the release please check out: https://github.com/gramineproject/gramine/releases/tag/v1.2

We invite you to join the Gramine community and contribute to adoption of confidential computing through open source collaboration. We also look forward to your feedback as you deploy this latest release of Gramine for your solutions.

Enarx

The Enarx project had three releases this quarter:

– Enarx 0.3.0 (Chittorgarh Fort) released in March with TLS support, attestation & validation support (https://blog.enarx.dev/chittorgarh-fort/).

– Enarx 0.4.0 (Fort of Dhat al-Hajj) released in April with SGX2 support, improved TLS support, and much more (https://blog.enarx.dev/enarx-0-4-0-fort-dhat-al-hajj/).

– Enarx 0.5.0 (Elmina Castle) released in May with many new/improved features: New enarx deploy subcommand. SGX with EDMM / SGX2 support (https://blog.enarx.dev/elmina-castle/).

In addition to Linux, Enarx is now available on MacOs, Windows, and Raspberry Pi:

– Enarx can now be compiled on additional platforms in a light development version. From MacOS to Raspberry Pi — Extending the Enarx Development Platforms.  (https://blog.enarx.dev/backend-nil/)

The Enarx project announced the Cryptle Hack Challenge:

– Cryptle is a secure multi-player clone of Wordle. The goal of the Cryptle Hack Challenge is to uncover vulnerabilities in the Enarx project. (https://blog.enarx.dev/cryptle-hack-challenge/).

The Enarx community has achieved a huge milestone: we have collectively published 100 tutorials and articles over at Wasm Builders!

– As part of the Confidential Computing Fellowship program, the Enarx project has received several mentees from Outreachy and LFX Mentorship. Wasm Builders has served as a welcoming environment where Enarx community members can share their learning experiences with others (https://blog.enarx.dev/enarx-community-reachs-100-tutorials/).

The Enarx project has participated in the following events:

– Nathaniel McCallum presented “WASI Networking” at Wasm Day at KubeCon + CloudNativeCon Europe 2022 (https://blog.profian.com/wasm-day-at-kubecon-cloudnativecon-europe-2022/).

– Outreachy intern Shraddha Inamdar presented “Enarx: The Platform Abstraction for Trusted Execution Environments” at FOSSASIA (https://enarx.dev/resources/2022-04-09-fossasia).

– CCC Fireside Chat: Stephen Walli received Mike Bursell to discuss his book “Trust in Computer Systems and the Cloud,” with a particular focus on the impact of Confidential Computing on security, trust and risk (https://blog.profian.com/trust-in-computer-systems-and-the-cloud/).

Veracruz

  • We recently announced our 22.05 release which included first-time contributions from several people including Aryan Godara, Mohamed Abdelfatah, and Sagar Arya.  Many of these contributions focussed on adding new examples to the Veracruz repository.  Mohamed will be joining us as our Outreachy-sponsored intern shortly, working on providing better documentation of the expected behavior of Wasi system calls (https://github.com/veracruz-project/veracruz/releases/tag/veracruz-2205).
  • We’ve worked to simplify Veracruz attestation further, across all of our supported platforms, making the process more uniform and removing platform-specific quirks.
  • We’ve started work, and are progressing quickly, on supporting seL4 as an in-enclave operating system for ultra-low TCB enclaves.
  • We’ve worked to improve Veracruz documentation.
  • Many other smaller bug fixes, performance improvements, and upgrades of dependencies to fix security concerns.