Skip to main content
All Posts By

confidentialcomputingconsortium

The CCC welcomes 5 new General Members and Gramine project during final quarter of 2021

By Announcement

The Confidential Computing Consortium is thrilled to welcome five new General Members and the Gramine project. The community continues to grow with a total of 36 corporate members, 4 nonprofits, and 6 projects.

New General Members include:

Baidu USA

Canary Bit

HUB Security

Opaque Systems Inc

Technology Innovation Institute

The Gramine project will be hosting a webinar on February 3, 2022 at 9am PST. You can register here.

More on Gramine project:

Following the first production-ready release “v1.0”, The Gramine Project is releasing “v1.1” in upcoming weeks. One highlight of this release is stability improvements for Golang and Rust workloads. Another prominent feature of the release is support for the musl C standard library – now Gramine allows users to choose between glibc and musl, depending on users’ requirements on the binary size (TCB), as musl is more light-weight than glibc. Also, AddressSanitizer was integrated in Gramine, and it runs in the CI on each change, for detecting any security issues ahead of code merge. This version adds several other features as well as multiple bug fixes (thanks to our ever-increasing user base for reporting issues!).

While there are several use cases under development, we would like to highlight the production release of the OpenVino Security Add-on (OVSA) for Model IP protection (consider using it for your protected ML workloads). Please reach out to the Gramine team if you are experimenting with Gramine and would like to be added to the list of “Users of Gramine

 

CCC Project Updates

By Blog

Check out what the CCC Projects have been up to!

Gramine

Following the first production-ready release “v1.0”, The Gramine Project is releasing “v1.1” in upcoming weeks. One highlight of this release is stability improvements for Golang and Rust workloads. Another prominent feature of the release is support for the musl C standard library – now Gramine allows users to choose between glibc and musl, depending on users’ requirements on the binary size (TCB), as musl is more light-weight than glibc. Also, AddressSanitizer was integrated in Gramine, and it runs in the CI on each change, for detecting any security issues ahead of code merge. This version adds several other features as well as multiple bug fixes (thanks to our ever-increasing user base for reporting issues!).

While there are several use cases under development, we would like to highlight the production release of the OpenVino Security Add-on (OVSA) for Model IP protection (consider using it for your protected ML workloads). Please reach out to the Gramine team if you are experimenting with Gramine and would like to be added to the list of “Users of Gramine

Enarx

In Enarx’s first release “version .0.1.0” (codenamed Alamo) we provided WebAssembly as a runtime. For our upcoming release “version 0.2.0” this coming quarter we are looking forward to providing support for attestation, including Intel’s SGX and AMD’s SEV.

Other areas where we are working on are support for filesystem and networking, which depend on upstream collaboration with the WebAssembly community.

Enarx is under high development and is not production ready yet, but our hope is that these initial releases will allow developers to experiment with Enarx and see its progress.

If you are interested in learning more about the Enarx project, please access our website, star us on GitHub, and join our chat.

Confidential Computing Consortium at the RISC-V Summit December 6-8, 2021

By Announcement

RISC-V Summit brings the community together to show the power open collaboration can have on the processor industry. The audience spans across industries, organizations, workloads, and geographies to learn about the technology advancements in the RISC-V ecosystem and visibility of RISC-V successes.

The Confidential Computing Consortium will be on site staffing a booth. Come say hello!

To learn more, please visit: https://events.linuxfoundation.org/riscv-summit/

Confidential Computing Market Could Reach US$54 Billion in 2026

By Announcement

Today, the Confidential Computing Consortium released findings from Everest Group’s market study revealing that the Confidential Computing market is projected to grow at a CAGR of 90%-95% to reach US$54 billion in 2026.

Read the press release: https://www.prnewswire.com/news-releases/confidential-computing-market-could-reach-us54-billion-in-2026-301407273.html

Read the report: https://confidentialcomputing.io/white-papers-reports/

CCC media contact: pr@confidentialcomputing.io

Gramine 1.0 release

By Blog

Announcing Gramine production ready release!

Having recently joined the Confidential Computing Consortium in the Linux Foundation, The Gramine Project (formerly known as Graphene) is proud to announce the first production-ready version to enable protecting sensitive workloads with Intel® Software Guard Extensions (Intel® SGX).

The project started as a research prototype at Stony Brook University in 2011, and the first open-source version was published in 2014, followed by the Intel® SGX port in 2017 in collaboration with Intel Labs. In December 2018, Golem and ITL joined the project, forming the core of the open source community around the project, including a first release.  The Gramine community has subsequently grown into a diverse group of contributors, from universities, small and large companies, as well as individuals.

Gramine not only runs Linux applications on Intel® SGX out of the box, but also provides several tools and infrastructure components for a push-button lift-and-shift paradigm for running unmodified applications on confidential computing platforms based on  Intel® SGX. Gramine supports both local and remote Intel® SGX attestation, and with both EPID and DCAP schemes. With the protected files feature, security-critical files are automatically encrypted and decrypted inside the enclave. Gramine supports several performance optimizations for Intel® SGX applications including asynchronous system calls. Gramine is one of the few frameworks that supports multi-process applications by providing a complete and secure fork implementation. Gramine supports Docker integration via a tool called Gramine Shielded Containers (GSC) that automatically converts Docker images to Gramine images.  Containers built with GSC can be deployed via Kubernetes for confidential containers and microservices.  Gramine also supports cloud deployment with Azure Confidential VMs and integrates with Azure Kubernetes Services in Azure cloud.

Since our last release, there have been major changes in the code with 1272 files changed, 100637 insertions, 112144 deletions, 1648 commits from 49 authors. This includes a major rewrite of the code that handles features including memory management, thread handling, process handling, filesystem and signal handling. You can find the detailed changelog at our github.  In future, we plan to continue Gramine development with additional features, code cleanup, tooling, and documentation. We also plan to add generic support for I/O device communication as well as add additional Platform Adaptation Layers (PAL) for other TEEs like Intel® TDX.

Gramine has a growing set of well-tested applications including machine learning frameworks, databases, web servers, and programming language runtimes and there are several projects that are already experimenting with Gramine for developing their solutions to protect data in use. We expect that Gramine 1.0 will bring many of those solutions to production. We look forward to your feedback as you deploy this latest version of Gramine for your confidential computing solutions with lift-and-shift capability.

For more information on the release please check out: https://github.com/gramineproject/gramine/releases/tag/v1.0

We invite you to join the Gramine community and contribute to adoption of  confidential computing through open source collaboration.

Confidential Computing microconference at Linux Plumbers Conference September 20-24th, 2021

By Announcement

The Confidential Computing microconference focuses on solutions to the development of using the state of the art encyption technologies for live encryption of data, and how to utilize the technologies from AMD (SEV), Intel (TDX),  s390 and ARM Secure Virtualization for secure computation of VMs, containers and more. To learn more, please visit: https://www.linuxplumbersconf.org/event/11/page/104-accepted-microconferences#cont-cf

Suggested Topics:

For more references, see:

MC lead:

  • Joerg Roedel <joro@8bytes.org>

Gramine (formerly known as Graphene) Joins the Linux Foundation Confidential Computing Consortium

By Announcement

Gramine is the newest project at the Confidential Computing Consortium!

Gramine (formerly known as Graphene) is a lightweight library OS, designed to run applications in an isolated environment with benefits comparable to running a complete OS in a virtual machine — including guest customization, ease of porting to different OSes, and process migration.

In untrusted cloud and edge deployments, there is a strong desire to shield the whole application from the rest of the infrastructure. Gramine supports this “lift and shift” paradigm for bringing unmodified applications into Confidential Computing with Intel® SGX. Gramine can protect applications from a malicious system stack with minimal porting effort.

Today, the Gramine project, with the direction determined by a diverse group of contributors, from universities, small and large companies, as well as individuals, is proud to join the Linux Foundation as an official Confidential Computing Consortium project. The Confidential Computing Consortium focuses on open source licensed projects securing data in use and accelerating the adoption of confidential computing through open collaboration aligns perfectly with the goals of the Gramine project.

The Confidential Computing Consortium brings together hardware vendors, cloud providers, and software developers to accelerate the adoption of Trusted Execution Environment (TEE) technologies and standards. The consortium supports open source projects that advance the use of hardware-based TEEs. For more information, please visit: https://confidentialcomputing.io